Using COBIT 5 and Process Capability in Assurance (Moving from CMM to ISO15504)

BCS IRMA Group Event.

Tuesday 12 February 2013
18.00 - Registration & buffet
18.30 - Presentation
19.30 - Networking Session

BCS, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA | Maps

Dr Derek Oliver

Event Details

Many auditors, including tonight’s speaker, used Capability Maturity Modelling (CMM) in IS Audits to establish on a scale how mature was the audit entity against where on that scale the auditee believed they should be. CMM helped establish the gap between the two, enabling the auditor to focus on recommendations to close that gap. Every version of COBIT up to 4.1 included detailed CMM targets and recommended this approach.

But CMM was usually based on a consensus of auditee opinion rather than hard, Audit Evidence and did not establish the actual capability of a process to achieve its objectives with a great deal of granularity.

COBIT 5, from the very start of its two-year development, aimed to introduce ISO/IEC 15504 Information technology - Process assessment in order to provide a greater, more detailed assessment of every Process requiring evidence supporting conclusions. Tonight’s presentation will show how the COBIT 5 Process Assessment Model can be used to assist Auditors in establishing more detailed findings providing more meaningful recommendations.

Speaker Profile

Derek Oliver has over 30 years experience working in Information Audit, Security and Governance. Director & CEO of Essex-based Ravenswood Consultants Ltd, Derek co-chaired the COBIT 5 Task Force for ISACA and previously chaired the committee that developed their Business Model for Information Security (BMIS) and the CISM exam development committee.

Continuing Professional Development
This event counts for one hour towards your (CPD) more information available at

The presentation and video for this event can be found in the Members Area (requires a BCS Login).


Please tell us what you think about BCS IRMA services: our website, events topics, videos, etc. We welcome all of your comments and suggestions.

Contact us