The COBIT 5 Assessor for Security course provides a basis for assessing an enterprise’s process capabilities against the COBIT 5 Process Assessment Model (PAM). Evidence-based to enable a reliable, consistent, and repeatable way to assess IT process capabilities, this model helps IT leaders gain C-level and board member buy-in for change and improvement initiatives.

Assessment results provide a determination of process capability. They can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting, and organizational compliance.

The COBIT 5 Assessor for Security course is designed as an advanced assessor guide to COBIT 5 and enables you to understand how an integrated business framework for the governance and management of enterprise IT can be utilized to achieve IT business integration, cost reductions, and increased productivity. The syllabus areas that this course is designed to cover are:

•  How to perform a process capability assessment using the Assessor Guide: using COBIT 5
•  How to apply the Process Assessment Model (The PAM) in performing a process capability assessment
• Specifically: To use the Process Reference Model, in particular, to be able to use the 37 processes outlined in the PRM; To apply and analyze the measurement model in assessing process capability levels; and, To apply and analyze the capability dimension using generic criteria outlined in the PAM
• How to identify and assess the roles and responsibilities in the process capability assessment process
• How to perform and assess the 7 steps outlined in the Assessor Guide
• Specifically: Initiate a process assessment; Scope an assessment, using the tools provided and the PAM for the selection of the appropriate processes; Plan and brief the teams; Collect and validate the data; Do a process attribute rating; and, Report the findings of the assessment

Lesson 1: Foundation Review

• Process Capability Assessment
• COBIT Assessment Program
• Process Capability Program
• Advantages of the ISO/IEC15504 Approach
• Key Definitions
• Process Reference Model
• Assessing Process Capability
• COBIT Process Assessment Attributes
• Consequences of Capability Gaps

Lesson 2: Roles and Responsibilities

• Assessment Team
• Role – Sponsor
• Role – Lead Assessor
• Role – Assessor
• Role – Co-ordinator
• Competencies for Assessors
• Key Issues for an Assessment

Lesson 3: Assessment Initiation and Scoping

• Recommend Steps
• Pre-Assessment Questionnaire
• Scoping Process
• Selection of Processes
• Initial Mapping of the Processes
• Setting Target Capability Levels
• Assessment Class Selection
• Self-Assessment

Lesson 4: Planning the Assessment and Briefing the Teams

• Planning Overview
• Recommendation Planning Steps
• Assessment Plan
• Briefing Overview
• Recommended Briefing Steps
• Issues – Management Support
• Issues – Training

Lesson 5: Data Collection, Validation and Attribute Rating

• Data Collection Overview
• Data Collection Recommended Steps
• Process Purpose & Outcomes, Base Products and Work Products
• Data Collection Strategy
• Instances of Process Performance
• Evidence Requirements
• Capability Levels of Evidence
• Recording
• Data Validation Recommended Steps
• Review of Data Collected
• Dealing with Deficiencies

Lesson 6: Process Rating

• Attribute Rating Recommended Steps
• Attribute Rating Scales
• Process Capability Levels
• Attribute Ratings and Capability Levels
• Decision Making Process

Lesson 7: Assessment Reporting

• Assessment Reporting Recommended Steps
• Reporting
• Minimum Report Content
• Implication of Results
• Presentation to Participants

Lesson 8: Self-Assessment

• The Self-Assessment Process
• Deciding on a Process to Assess
• Determine Level 1 Capability
• Determine Capability Levels 2 to 5
• Record and Summarize Results

Lesson 9: Exam Preparation

• Exam Structure
• Exam Question Types

Although there is no mandatory requirement, ideally candidates should have at least two year’s professional experience working in an IT Services environment. Candidates wishing to attend this course must have attained the COBIT 5 Foundation course prior to attending the course.

The COBIT 5 Assessor course would suit candidates working in the following IT professions or areas:

• Internal and external auditors
• IT auditors and consultants
• IT Managers
• IT Quality professionals
• IT Leadership
• Process practitioners

The above list is a suggestion only; individuals may wish to attend based on their own career aspirations, personal goals, or objectives. Delegates may take as few or as many Intermediate qualifications as they require, and to suit their needs.

Candidates must have successfully achieved the COBIT 5 Foundation examination and should have successfully completed a COBIT 5 Assessor Course. Although it is not a mandatory requirement, it is recommended that candidates should also have a good understanding of enterprise governance concepts and IT organizational management.