. Instead of guessing where the bottlenecks are, leadership can see exactly which processes (like Managed Security or Managed Data) are underperforming. This clarity transforms IT governance from a "check-the-box" exercise into a strategic driver of value, ensuring that technology reliably supports the enterprise's mission.
ISACA continues refining its toolkit—recent enhancements have included new Excel-based RACI matrices and expanded implementation resources. Organizations should monitor the ISACA website for updated toolkit versions and guidance materials. Cobit 2019 Maturity Assessment Tool Xls
14 Management Objectives covering strategy, architecture, innovation, and risk. Before assessing processes, use the tool to define
Before assessing processes, use the tool to define your enterprise context. Input data regarding your IT strategy, threat landscape, and risk profile. This establishes the target maturity for each process (e.g., a high-risk company needs a higher maturity level in APO12 - Managed Risk and APO13 - Managed Security ). Phase 2: As-Is Assessment (Capability Scoring) Before assessing processes
Organizations often want to jump from Level 1 (Performed) to Level 4 (Predictable). The XLS logic does not allow this. You cannot achieve Level 3 if you haven't mastered Level 2. If your process is not defined (L3), it cannot possibly be measured and optimized (L4). The spreadsheet calculation logic enforces this hierarchy.
Q: Who should use the COBIT 2019 Maturity Assessment Tool XLS? A: The tool is designed for organizations of all sizes and industries, and can be used by IT professionals, auditors, and business stakeholders.
Step-by-Step Guide: How to Conduct an Assessment Using the XLS Tool