• A Process Orientated Approach to Building Capability

    Building Capability

    The first Capability Maturity Model was developed by the Software Engineering Institute of the Carnegie Mellon University. The aim is to assist organisations improve their processes by following an evolutionary path.

    The maturity level of an organisation provides a way to predict the future performance of an organisation within a given discipline or set of disciplines. Experience has shown that organisations do their best when they focus their process-improvement efforts on a manageable number of process areas that require increasingly sophisticated effort as the organisation improves. A maturity level is a defined evolutionary plateau of process improvement. Each maturity level stabilizes an important part of the organisation's processes.

    The maturity levels are measured by the achievement of the specific and generic goals that apply to each predefined set of process areas. There are five maturity levels, each a layer in the foundation for ongoing process improvement, designated by the numbers 1 through 5.

    The first step in improving a process is to understand the boundaries of the process you are trying to improve. The process could be any process and it will be a combination of people, tools, technologies, and methods employed to accomplish a task.

    Once the operational entity is defined, a clear understanding of the operational entity's purpose and objectives guides improvement efforts. Many times, the purpose and objectives are stated in strategic planning documents. A clear understanding of the purpose and objectives will keep improvement efforts aligned with strategic needs and will avoid expending critical resources on improvement efforts that don't contribute to those needs.

    Along with understanding the operational entity's objectives, it's important to understand how to know if you achieve its objectives. It sounds good to say you intend to make your operation "world class", but how would you know when you're there? The objectives of an operational entity are stated first so that you can perform some level of verification to confirm that your improvement efforts move you closer to those objectives.

    Once the operational entity requiring improvement is identified and its purpose is clearly understood, constraints and risks are more easily identified and addressed. The current state of the operational entity could be assessed against its objectives to identify current and potential barriers to meeting those objectives. Improvement plans would then be developed and implemented to address these barriers.

    Operational process improvement using the COBIT framework enables an organised approach to identifying and addressing the constraints and risks, and helping the operational entity more effectively achieve its purpose.

  • Accredited Training

    cobit trainingThe IT Governance Network (ITGN) is a leading provider of corporate governance, technology and information governance, IT management, service management, service orientated architecture, risk management, information security, BCP management, internal control, King IV, POPI, information governance, compliance governance, ISO 9001, ISO 14001, ISO 19600, ISO 20000 ISO 21500, ISO 22301, ISO 27001, ISO 30301, ISO 31000, ISO 38500, ISO 45001, CISA, CISM, CGEIT and IT process training. These information and related technology courses have been presented to a wide audience across the globe for over twenty years. The ITGN has also developed and presented fundamental, advanced and specialised COBIT training since 1997 covering topics such as LEAN IT, a sustainable approach to information security management and service orientated governance.

    King IV Technology and Information Governance 

    King IV is the latest corporate governance guidance for South Africa.  The King IV Principle 4.2 recommends 19 practices for the governance of technology and information that align with governance principles and governance outcomes.

    "Technology and Information Governance" provide further guidance for governing bodies.

    Read more about King IV TI Governance course

    King IV Compliance Governance 

    King IV is the latest corporate governance guidance for South Africa.

    "Compliance Governance" provide further guidance for governing bodies.

    Read about King IV Compliance Governance courses

    Protection of Personal Information: Complying with the Act 

    The Protection of Personal Information Act is South Africa's most technical and complex legislation. This general course is available for executives, management and staff interested in obtaining an understanding of the requirements.

    A separate certification exam is available - Certified Personal Information officer.

    Read more about POPI - Complying with the Act

    Protection of Personal Information: Impact on HR

    The Protection of Personal Information Act has a significant impact on the human resources function. This specialist training is available for human resources personnel, management and executives. This course highlights specific HR issues.

    A separate certification exam is available - Certified Personal Information officer.

    Read more about POPI Impact on HR

    COBIT 5 Foundation 

    The official COBIT 5 Foundation course is an entry level course developed by APMG (a training/examination company). This course covers the most basic elements of the COBIT 5 framework. It introduces some of the COBIT 5 framework concepts and provides delegates with an understanding of the terminology and the basic components for governance, management and IT operations. COBIT 5 is appropriate for enterprises of all sizes, commercial, not-for-profit and public sector. However its implementation will vary across organisations.

    This course is best suited for IT and COBIT novices. ITGN will supplement the official course material with practical examples to demonstrate the full potential of COBIT 5. A certification exam is available.

    Read more about the Foundation course

    COBIT 5 Implementation

    The official COBIT 5 Implementation course is a basic level course developed by APMG to introduce the ISACA approach for "change enablement" using a programme described in the ISACA "COBIT 5 Implementation Guide". This course is best suited for people who wish to better understand the steps required to manage a GRC implementation and maintenance programme. Attendees of this course will learn about the Programme Management life-cycle, how it enables change and continuous improvement, and how to analyse the enterprise drivers, prioritise business requirements and identify opportunities for GRC improvements to add value to the business.

    A pre-requisite for this course is success in passing the COBIT 5  Foundation exam. A certification exam for the COBIT 5 Implementation course is available.

    Read more about the Implementation course

    COBIT 5 Assessor

    The official COBIT 5 Assessor course is a basic level course developed by APMG to introduce the ISACA approach to conducting capability assessments. This approach is loosely based on the ISO 15504 process assessment standard. In the official course attendees will learn about the basic steps an assessor should perform when conducting an assessment. At the end of this course attendees can take the certification exam on this content. To complement the official APMG course, ITGN will provide course attendees with a more detailed understanding of how to apply ISO 15504 to define a COBIT 5 process and plan improvements in the current level of capability. (Note that this additional content not part of the official course.)

    A pre-requisite for this course is success in passing the COBIT 5  Foundation exam. A certification exam for the COBIT 5 Assessor course is available.

    Read more about the Assessor course

    COBIT 5 for Information Security

    COBIT 5 provides an excellent foundation for the effective and efficient management of information security. This intermediate-level ITGN course provides attendees with an understanding of how to manage information security in accordance with the ISO 27001 specification for information security management systems.

    Almost every IT and business process has an aspect that impacts information security or is impacted by information security measures. Consequently, effective information security requires an integrated approach to management and an understanding of how the information security strategy and its implementation are aligned with the business' needs and its strategic objectives. 

    Central to good security is clarity about the responsibilities of managers for their respective areas of accountability. COBIT clarifies this.

    Read more about COBIT and Information Security

    ISO 27001 Lead Implementer

    ISO/IEC 27001:2013 is an international information security management system standard for a formal approach to designing and implementing information security measures in accordance with an organisation's need for information security. This intermediate-level ITGN course provides attendees with an understanding of the integrated approach specified in the ISO 27001 model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security in accordance with an organisation's business needs and strategic objectives. 

    Read more about ISO 27001 Lead Implementer

    ISO 27001 Lead Auditor

    The formal evaluation of an organisation's information security management system is performed using the ISO 19011 auditing standard which outlines the audit process to be followed when evaluating the implementation of an information security management against the ISO/IEC 27001:2013 specification. This intermediate-level ITGN course covers the approach to be followed in conducting an audit of an information security management system. It provides auditors of the ISMS with a road map to follow when performing an audit of an ISO 27001 ISMS implementation.

    Read more about ISO 27001 Lead Auditor

    ISO 31000 Risk Management

    This ISO 31000 Risk Management course provides delegates with an understanding of the ISO 31000 approach and specification for risk management. Attendees will gain an understanding of the nature of risk management activities, the scope and the integrated processes required to effectively and efficiently manage risk and measure performance of the Risk Management function.

    Read more about ISO 31000

    ISO 38500 - Governance for ICT

    The ISO 38500 Corporate Governance for ICT course provides attendees with an understanding of IT governance and its implementation based on the six principles and governance model. Included in this course is the design and implementation of an IT governance framework, the development of an IT governance policy, and IT governance charter and the key processes. 

    Read more about ISO 38500 


King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.


COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.


POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.


Go to top