•Relationships of COBIT 5 PAM model elements—These elements were listed in the definition of the taxonomy of the evidence management described previously. This article emphasizes the following relationships among GEIT work products and: - Outcomesof each COBIT 5 process - Resultsof attributes at each capability level of the COBIT 5 processes - Generic work productsof each COBIT 5 process The first two items give support to evidence-based assessments using the COBIT 5 PAM as illustrated in figure 2. The third item supports the evaluation, also with evidence, of the state of the generic work products of each COBIT 5 process. Figure 2—Link Between the Evidence Model and PAM The process attributes provide the measurable characteristicsof process capability. GEIT Artifacts Records Evidence per Each Result Results per Each Attribute Evidence per Each Outcome Process’s Outcomes
Volume 3, July 2013 Page 14 •Umbrella-type relationships—Other frameworks/standards correspond based on the governance and management practices in COBIT 5 that are defined for alignment of the frameworks: - To and from elements derived from the application of frameworks aligned like ITIL V3, ISO 27001 and others - To and from elements derived from the application of frameworks oriented to verification and monitoring - To and from elements derived from the application of regulations specific to the organization and its environment Several benefits can be realized from this mapping, such as: - A gap analysis between the implemented GEIT framework and the COBIT 5 framework guidance - A quality assessment of the implemented artifacts - A statement of applicability for each governance and managementpractice,with due justification for its inclusion or exclusion - A gap analysis of the implemented governance and management practices and those that are rigorously necessary - Road maps at the governance and management practices and processes levels of COBIT 5 for the short, medium and long term •Other relationships for assessment purposes—Relationships among the following fall into this category: - Inputs and outputs defined by the continual improvement life cycle approach for each of its phases7- Enablers defined in COBIT 5- Enterprise goals and their metrics - IT-related goals and their metrics - Goals of COBIT 5 processes and their metrics - All other metrics proposed by COBIT 5 and adopted by the organization Therefore, this GEIT artifacts baseline supports the record of all work products related to the COBIT 5 PAM and the management among them of relationships that are required by its assessment processes. Method for Qualifying the Level/Degree of Evidence The method for qualifying the level/degree of evidence is based on figure 2, which includes figure 4 of the COBIT 5 PAM and the fragment of the evidence model’s entity relationship diagram with which it is paired.
- One '14