cobit5 assessment questionnaire bai07 manage change … · 2016-04-20 · cobit5 assessment...

COBIT5

Assessment Questionnaire

BAI07 Manage Change Acceptance & Testing

COBIT5 Assessment Questionnaire


2

Document History

Drafted Reviewed Approved

V. Modification Date Who Date Who Date Who

1.00 Initial

Document Information

Author: Daniel Frutschi

Manager: Martin Andenmatten

Document Name: GLF_COBIT5_eng_T11_Questionnaire_BAI07_r2_v2.0.doc

Title: Assessment Questionnaire

Subject: BAI07 Manage Change Acceptance & Testing

Category: Assessment Questionnaire

Comment: Questionnaire for the COBIT5 process assessment.



3

Summary

1. Individual Data ........................................................................................................ 4 2. BAI07 Manage Change Acceptance & Testing .................................................... 5 2.1. Base Practices .......................................................................................................... 7 2.2. Process Work Products .......................................................................................... 15 2.3. Process Maturity Level 1 Assessment .................................................................... 17 2.4. Process Maturity Level 2 Assessment .................................................................... 18 2.5. Work Products for Level 2 ...................................................................................... 22 2.6. Process Maturity Level 2 Assessment .................................................................... 23 2.7. Work Products for Level 3 ...................................................................................... 29 2.8. Process Maturity Level 4 Assessment .................................................................... 30 2.9. Work Products for Level 4 ...................................................................................... 34 2.10. Process Maturity Level 5 Assessment .................................................................... 35 2.11. Work Products for Level 5 ...................................................................................... 38



4

1. Individual Data

Name Current Position Seniority in the Organization

and History of Positions

Daily Tasks Description % of Time Spent on This

Process Location Specific Skills

Degree of Involvement During Interview Comments



5

2. BAI07 Manage Change Acceptance & Testing

Process ID BAI07

Process Name Manage Change Acceptance & Testing

Process

Description

Formally accept and make operational new solutions, including implementation planning, system and data conversion, acceptance testing,

communication, release preparation, promotion to production of new or changed business processes and IT services, early production support, and a post-implementation review.

Process

Purpose

Statement

Implement solutions safely and in line with the agreed-on expectations and outcomes.

Management

Practice

BAI07.01 Establish an implementation plan.

Establish an implementation plan that covers system and data conversion, acceptance testing criteria, communication, training, release preparation, promotion to production, early production support, a fallback/backout plan, and a post-implementation review. Obtain approval from relevant parties.

BAI07.02 Plan business process, system and data conversion.

Prepare for business process, IT service data and infrastructure migration as part of the enterprise’s development methods, including audit trails and a recovery plan should the migration fail.

BAI07.03 Plan acceptance tests.

Establish a test plan based on enterprisewide standards that define roles, responsibilities, and entry and exit criteria. Ensure that the plan is approved by relevant parties.

BAI07.04 Establish a test environment.

Define and establish a secure test environment representative of the planned business process and IT operations environment, performance and capacity, security, internal controls, operational practices, data quality and privacy requirements, and workloads.

BAI07.05 Perform acceptance tests.

Test changes independently in accordance with the defined test plan prior to migration to the live operational environment.

BAI07.06 Promote to production and manage releases.

Promote the accepted solution to the business and operations. Where appropriate, run the solution as a pilot implementation or in parallel with the old solution for a defined period and compare behaviour and results. If significant problems occur, revert back to the original environment based on the fallback/backout plan. Manage releases of solution components.



6

BAI07.07 Provide early production support.

Provide early support to the users and IT operations for an agreed-on period of time to deal with issues and help stabilise the new solution.

BAI07.08 Perform a post-implementation review.

Conduct a post-implementation review to confirm outcome and results, identify lessons learned, and develop an action plan. Evaluate and check the actual performance and outcomes of the new or changed service against the predicted performance and outcomes (i.e., the service expected by the user or customer).



7

2.1. Base Practices

BAI07.BP1 BAI07.01 Establish an implementation plan

Establish an implementation plan that covers system and data conversion, acceptance testing criteria, communication, training, release preparation, promotion to production, early production support, a fallback/backout plan, and a post-implementation review. Obtain approval from relevant parties.

N/P/L/F/N.A.

Are the following activities planned, done, checked and improved?

1. Create an implementation plan that reflects the broad implementation strategy, the sequence of implementation steps, resource requirements, inter-dependencies, criteria for management acceptance of the production implementation, installation verification requirements, transition strategy for production support, and update of BCPs.

2. Confirm that all implementation plans are approved by technical and business stakeholders and reviewed by internal audit, as appropriate.

3. Obtain commitment from external solution providers to their involvement in each step of the implementation.

4. Identify and document the fallback and recovery process.

5. Formally review the technical and business risk associated with implementation and ensure that the key risk is considered and addressed in the planning process.



8

BAI07.BP2 BAI07.02 Plan business process, system and data conversion.

Prepare for business process, IT service data and infrastructure migration as part of the enterprise’s development methods, including audit trails and a recovery plan should the migration fail.

N/P/L/F/N.A.


1. Define a business process, IT: service data and infrastructure migration plan. Consider, for example, hardware, networks, operating systems, software, transaction data, master files, backups and archives, interfaces with other systems (both internal and external), possible compliance requirements, business procedures, and system documentation, in the development of the plan.

2. Consider all necessary adjustments to procedures, including revised roles and responsibilities and control procedures, in the business process conversion plan.

3. Incorporate in the data conversion plan methods for collecting, converting and verifying data to be converted, and identifying and resolving any errors found during conversion. Include comparing the original and converted data for completeness and integrity.

4. Confirm that the data conversion plan does not require changes in data values unless absolutely necessary for business reasons. Document changes made to data values, and secure approval from the business process data owner.

5. Rehearse and test the conversion before attempting a live conversion.

6. Consider the risk of conversion problems, business continuity planning, and fallback procedures in the business process, data and infrastructure migration plan where there are risk management, business needs or regulatory/compliance requirements.

7. Co-ordinate and verify the timing and completeness of the conversion cutover so there is a smooth, continuous transition with no loss of transaction data. Where necessary, in the absence of any other alternative, freeze live operations.

8. Plan to back up all systems and data taken at the point prior to conversion. Maintain audit trails to enable the conversion to be retraced and ensure that there is a recovery plan covering rollback of migration and fallback to previous processing should the migration fail.

9. Plan retention of backup and archived data to conform to business needs and regulatory or compliance requirements.



9

BAI07.BP3 BAI07.03 Plan acceptance tests. Establish a test plan based on enterprisewide standards that define roles, responsibilities, and entry and exit criteria. Ensure that the plan is approved by relevant parties.

N/P/L/F/N.A.


1. Develop and document the test plan, which aligns to the programme and project quality plan and relevant organisational standards. Communicate and consult with appropriate business process owners and IT stakeholders.

2. Ensure that the test plan reflects an assessment of risk from the project and that all functional and technical requirements are tested. Based on assessment of the risk of system failure and faults on implementation, the plan should include requirements for performance, stress, usability, pilot and security testing.

3. Ensure that the test plan addresses the potential need for internal or external accreditation of outcomes of the test process (e.g., financial regulatory requirements).

4. Ensure that the test plan identifies necessary resources to execute testing and evaluate the results. Examples of resources include construction of test environments and use of staff time for the test group, including potential temporary replacement of test staff in the production or development environments. Ensure that stakeholders are consulted on the resource implications of the test plan.

5. Ensure that the test plan identifies testing phases appropriate to the operational requirements and environment. Examples of such testing phases include unit test, system test, integration test, user acceptance test, performance test, stress test, data conversion test, security test, operational readiness test, and backup and recovery tests.

6. Confirm that the test plan considers test preparation (including site preparation), training requirements, installation or an update of a defined test environment, planning/performing/documenting/retaining test cases, error and problem handling, correction and escalation, and formal approval.

7. Ensure that the test plan establishes clear criteria for measuring the success of undertaking each testing phase. Consult the business process owners and IT stakeholders in defining the success criteria. Determine that the plan establishes remediation procedures when the success criteria are not met (e.g., in a case of significant failures in a testing phase, the plan provides guidance on whether to proceed to the next phase, stop testing or postpone implementation).

8. Confirm that all test plans are approved by stakeholders, including business process owners and IT, as appropriate. Examples of such stakeholders are application development managers, project managers and business process end users.



10

BAI07.BP4 BAI07.04 Establish a test environment. Define and establish a secure test environment representative of the planned business process and IT operations environment, performance and capacity, security, internal controls, operational practices, data quality and privacy requirements, and workloads.

N/P/L/F/N.A.


1. Create a database of test data that are representative of the production

environment. Sanitise data used in the test environment from the production environment according to business needs and organisational standards (e.g., consider whether compliance or regulatory requirements oblige the use of sanitised data).

2. Protect sensitive test data and results against disclosure, including access, retention, storage and destruction. Consider the effect of interaction of organisational systems with those of third parties.

3. Put in place a process to enable proper retention or disposal of test results, media and other associated documentation to enable adequate review and subsequent analysis as required by the test plan. Consider the effect of regulatory or compliance requirements.

4. Ensure that the test environment is representative of the future business and operational landscape, including business process procedures and roles, likely workload stress, operating systems, necessary application software, database management systems, and network and computing infrastructure found in the production environment.

5. Ensure that the test environment is secure and incapable of interacting with production systems.



11

BAI07.BP5 BAI07.05 Perform acceptance tests.

Test changes independently in accordance with the defined test plan prior to migration to the live operational environment.

N/P/L/F/N.A.


1. Review the categorised log of errors found in the testing process by the development team, verifying that all errors have been remediated or formally accepted.

2. Evaluate the final acceptance against the success criteria and interpret the final acceptance testing results. Present them in a form that is understandable to business process owners and IT so an informed review and evaluation can take place.

3. Approve the acceptance with formal sign-off by the business process owners, third parties (as appropriate) and IT stakeholders prior to promotion to production.

4. Ensure that testing of changes is undertaken in accordance with the testing plan. Ensure that the testing is designed and conducted by a test group independent from the development team. Consider the extent to which business process owners and end users are involved in the test group. Ensure that testing is conducted only within the test environment.

5. Ensure that the tests and anticipated outcomes are in accordance with the defined success criteria set out in the testing plan.

6. Consider using clearly defined test instructions (scripts) to implement the tests. Ensure that the independent test group assesses and approves each test script to confirm that it adequately addresses test success criteria set out in the test plan. Consider using scripts to verify the extent to which the system meets security requirements.

7. Consider the appropriate balance between automated scripted tests and interactive user testing.

8. Undertake tests of security in accordance with the test plan. Measure the extent of security weaknesses or loopholes. Consider the effect of security incidents since construction of the test plan. Consider the effect on access and boundary controls.

9. Undertake tests of system and application performance in accordance with the test plan. Consider a range of performance metrics (e.g., end-user response times and database management system update performance).

10. When undertaking testing, ensure that the fallback and rollback elements of the test plan have been addressed.

11. Identify, log and classify (e.g., minor, significant, mission-critical) errors during testing. Ensure that an audit trail of test results is available. Communicate results of testing to stakeholders in accordance with the test plan to facilitate bug fixing and further quality enhancement.



12

BAI07.BP6 BAI07.06 Promote to production and manage releases.

Promote the accepted solution to the business and operations. Where appropriate, run the solution as a pilot implementation or in parallel with the old solution for a defined period and compare behaviour and results. If significant problems occur, revert back to the original environment based on the fallback/backout plan. Manage releases of solution components.

N/P/L/F/N.A.


1. Prepare for transfer of business procedures and supporting services,

applications and infrastructure from testing to the production environment in accordance with organisational change management standards.

2. Determine the extent of pilot implementation or parallel processing of the old and new systems in line with the implementation plan.

3. Promptly update relevant business process and system documentation, configuration information and contingency plan documents, as appropriate.

4. Ensure that all media libraries are updated promptly with the version of the solution component being transferred from testing to the production environment. Archive the existing version and its supporting documentation. Ensure that promotion to production of systems, application software and infrastructure is under configuration control.

5. Where distribution of solution components is conducted electronically, control automated distribution to ensure that users are notified and distribution occurs only to authorised and correctly identified destinations. Include in the release process backout procedures to enable the distribution of changes to be reviewed in the event of a malfunction or error.

6. Where distribution takes physical form, keep a formal log of what items have been distributed, to whom, where they have been implemented, and when each has been updated.



13

BAI07.BP7 BAI07.07 Provide early production support.

Provide early support to the users and IT operations for an agreed-on period of time to deal with issues and help stabilise the new solution.

N/P/L/F/N.A.


1. Provide additional resources, as required, to end users and support personnel until the release has stabilised.

2. Provide additional IT systems resources, as required, until the release is in a stable operational environment.



14

BAI07.BP8 BAI07.08 Perform a post-implementation review.

Conduct a post-implementation review to confirm outcome and results, identify lessons learned, and develop an action plan. Evaluate and check the actual performance and outcomes of the new or changed service against the predicted performance and outcomes (i.e., the service expected by the user or customer).

N/P/L/F/N.A.


1. Establish procedures to ensure that post-implementation reviews identify, assess and report on the extent to which:

Enterprise requirements have been met.

Expected benefits have been realised.

The system is considered usable.

Internal and external stakeholder expectations are met.

Unexpected impacts on the enterprise have occurred.

Key risk is mitigated.

The change management, installation and accreditation processes were performed effectively and efficiently.

2. Consult business process owners and IT technical management in the choice of metrics for measurement of success and achievement of requirements and benefits.

3. Conduct the post-implementation review in accordance with the organisational change management process. Engage business process owners and third parties, as appropriate.

4. Consider requirements for post-implementation review arising from outside business and IT (e.g., internal audit, ERM, compliance).

5. Agree on and implement an action plan to address issues identified in the post-implementation review. Engage business process owners and IT technical management in the development of the action plan.



15

2.2. Process Work Products

Process Input Work Products

ID Name Used (X)

Name in the Organization

Location

BAI07.01 Establish an implementation plan

BAI01.09 Quality management plan

BAI06.01 • Change plan and schedule • Approved requests for change



BAI01.09 Requirements for independent verification of deliverables

BAI03.07 • Test procedures • Test plan

BAI03.08 • Test result communications • Test result logs and audit trails





APO11.03 Review results of quality of service, including customer feedback

BAI05.05 Success measures and results


APO11.04 Results of quality reviews

and audits

APO11.05 Root causes of quality

delivery failures

Results of solution and

service delivery quality monitoring

BAI05.05 Success measures and results



16

Process Output Work Products

ID Name Used (X)


Location

BAI07.01 Establish an implementation plan

Internal Approved implementation plan

Internal Implementation fallback and recovery process


DSS06.02 Migration plan


BAI01.04 BAI01.08

Approved acceptance test plan


Internal Test data


Internal Test results log

BAI01.06 Evaluation of acceptance results

BAI01.04 Approved acceptance and release for production


BAI10.01 Release plan

Internal Release log


APO08.04 APO08.05 DSS02.04

Supplemental support plan


BAI01.13 BAI01.14

Post-implementation review report

BAI01.13 BAI01.14

Remedial action plan



17

2.3. Process Maturity Level 1 Assessment

Level 1 Performed Process

The implemented process achieves its Process Purpose.

PA 1.1 Process Performance Attribute

The Process Performance attribute is a measure of the extent to which the Process Purpose is achieved. As a result of full achievement of this attribute, the process achieves its defined Expected Results.

GP 111 Achieve the Process Expected Results

Did this process reach its objectives, its Expected Results, and show some tangible evidence of process activities (e.g. information or document)?

What could be improved?



18


Level 2 Managed Process

The Performed Process is now implemented in a managed fashion (planned, monitored, and adjusted) and its Work Products are appropriately established, controlled, and maintained.

PA 2.1 Performance Management Attribute

The Performance Management attribute is a measure of the extent to which the performance of the process is managed.

GP 211 Identify the Objectives for the Performance of the Process

Are the objectives of the process defined?

Are there deadlines, constraints, or target values to reach?

Who defines those objectives?

GP 212 Plan and Monitor the Performance of the Process to Fulfill the Identified Objectives

Is there a plan of actions to execute the process? What type of plan is it?

Is there any monitoring of process activities against that plan?

Are activities appropriately and regularly monitored?

Is the time to perform the process estimated and tracked?



19

GP 213 Adjust the Performance of the Process

Is someone tracking the process activities? Does someone notice and react if they are not performed?

Are there corrective actions when process results don’t meet objectives? (More resources, new planning)?

GP 214 Define Responsibilities and Authorities for Performing the Process

What are the roles and responsibilities that have been identified for this process?

Are they clearly defined (even not formally at this stage)? Are they communicated to everyone?

Who is responsible for that?

GP 215 Identify and Make Available Resources to Perform the Process according to Plan

Do you think that existing HR are well trained and efficient? Are they numerous enough and available? Are other resources available when needed (monitoring, tracking, and reporting tools)?



20

GP 216 Manage the Interfaces Between Involved Parties

Who are involved parties in the process? Who uses the outputs from this process (reporting, documents or information)?

What type of communication is there between the different stakeholders?

How is the coordination between the organizational functions involved in the process managed?

PA 2.2 Work Product Management Attribute

The Work Product Management attribute is a measure of the extent to which the Work Products produced by the process are appropriately managed.

GP 221 Define the Requirements for the Work Products

What are the documents/information used or resulting from the process?

Do you have defined requirements and quality criteria for these documents (and information)?

Do you know what they should contain?

Are the input and output of the process based on templates (at your level)?

GP 222 Define the Requirements for Documentation and Control of the Work Products

Do you have specific rules to manage the process inputs and outputs?

Are there rules for versioning? Document naming?

Are there access rules for documents, information, databases?



21

GP 223 Identify, Document, and Control the Work Products

Are these rules applied in the field?

Overall, do you have trouble handling documents?

Does it happen that people do not have access to the information when they should? …that you cannot find the latest version of a document?

GP 224 Review and Adjust Work Products to Meet the Defined Requirements

Are there reviews of the documents and other outputs produced by the process? Do you compare the actual documents to their requirements and quality criteria?

Is there a frequency for reviewing the documents and other outputs produced by the process?

If any problem is detected, are corrective actions taken? How?



22

2.5. Work Products for Level 2

Work Products

ID Name Used (X)


Location

PA 2.1 Performance Management Attribute

3-00 Plan

5-00 Record

6-00 Report

PA 2.2 Work Product Management Attribute

1-00 Object

3-00 Plan

5-00 Record

8-00 Specification



23


Level 3 Established Process

The Managed Process is now implemented using a standard process definition capable of achieving its process Expected Results.

PA 3.1 Process Definition Attribute

The Process Definition attribute is a measure of the extent to which a standard process is defined and maintained to support the deployment of the Process.

GP 311 Define the Standard Process that will support the Deployment of the Process

Is this process described formally?

Are all the process activities described in a reference guide, a Quality or Service Management System (SMS or QMS), or in procedures?

Do you have templates supporting the process?

GP 312 Determine the Sequence and Interaction between Processes so that they work as an Integrated System of Processes

Are the connections between the process activities and other processes clearly identified and defined? Where?

Do you have a diagram describing the relationships?



24

GP 313 Identify the Roles and Competencies for Performing the Standard Process

Is there a clear description of required competencies for those activities?

Are the various roles defined in job descriptions, competence profiles?

GP 314 Identify the Required Infrastructure and Work Environment for Performing the Standard Process

Is the required work environment appropriately identified and described?

Are the tools required for supporting the process performance specified?

GP 315 Determine Suitable Methods to Monitor the Effectiveness and Suitability of the Standard Process

Is a mechanism defined to monitor the efficiency and suitability of the process across the organization?

Have you identified the need for internal audits or management reviews? Are these internal audits or management reviews planned?

Do you have defined the way to identify the weaknesses (and strengths) of your process? And how to benefit from them?



25

[ITIL 2011: Service Reporting]

GP 316 Define and Agree upon the Content of Service Management Reports

Have you identified the different audiences for the service management reports?

Have you defined the layout, contents, and frequency of Service Management reports (according to the audience)?

Was it agreed with the business?

PA 3.2 Process Deployment Attribute

The Process Deployment attribute is a measure of the extent to which the standard process is effectively deployed to achieve its process Expected Results.

GP 321 Deploy a Standard Process that satisfies the context-specific Requirements from the Standard Process Definition

Does the process implemented correspond to the one that is described formally?

How do you organize the deployment of the process across the organization?



26

GP 322 Assign and Communicate Roles, Responsibilities, and Authorities for Performing the Standard Process

Are all the defined roles for this process assigned to someone?

Are all the responsibilities identified and communicated? With appropriate authority lead?

GP 323 Ensure necessary Competencies for Performing the Standard Process

Do you think that people working on this process have the right level of knowledge or training?

How do you ensure that the competence level is adequate?

Do you look at particular skills when hiring people?

Is there a training plan for the actors of this process? Are there training sessions organized to improve the competence level?



27

GP 324 Provide Resources and Information to Support the Performance of the Standard Process

Are resources and required information available to implement the process?

Do you have enough financial and human resources? Do you miss any other resource?

GP 325 Provide Adequate Process Infrastructure to Support the Performance of the Standard Process

Does the work environment correspond to what has been defined formally for implementing this process?

Do you have enough technical (HW, SW) resources?

Do you have the appropriate tools?

GP 326 Collect and Analyze Data about the Performance of the Process to Demonstrate its Suitability and Effectiveness

Do you collect information on the performed activities?

Do you collect and analyze data on the process implementation?

What for? (to ensure that the process activities meet the requirements defined in the standard guide, or to check that it is suitable and effective)

How do you analyze this data? Can it help determine process efficiency?



28

[ITIL 2011: Service Reporting]

GP 327 Produce and Publish Service Management Reports

Do you produce Service Management reports according to service reporting policies and rules? What is the frequency?

Do you communicate Service Management reports to interested parties? How?



29


Work Products

ID Name Used (X)


Location

PA 3.1 Process Definition Attribute

2-00 Description

3-00 Plan

4-00 Procedure

5-00 Record

8-00 Specification

PA 3.2 Process Deployment Attribute

2-00 Description

3-00 Plan

5-00 Record

6-00 Report

8-00 Specification



30


Level 4 Predictable Process

The Established Process now operates within defined limits to achieve its process Expected Results.

PA 4.1 Process Measurement Attribute

The Process Measurement attribute is a measure of the extent to which measurement results are used to ensure that the performance of the process supports the achievement of the relevant process performance objectives in support of defined business goals.

GP 411 Identify Process Information Needs, in Relation with Business Goals

Are business goals known?

What process information is necessary to determine whether business goals are met?

GP 412 Derive Process Measurement Objectives from Process Information Needs

What needs to be measured in this process?

Are the reports produced compatible with process objectives and business goals?



31

GP 413 Establish Quantitative Objectives for the Performance of the Standard Process, according to the Alignment of the Process with the Business Goals

Can you give examples of process quantitative objectives that you follow?

GP 414 Identify Product and Process Measures that support the Achievement of the Quantitative Objectives for Process Performance

What metrics are measured and what is the frequency of those measurements?

With these measures can you determine whether the process reaches its quantitative objectives?

GP 415 Collect Product and Process Measurement Results through performing the Standard Process

How are those measures collected? Who is responsible for collecting, and reporting measures?

Are they measured automatically? How hard is it? How long does it take to get those measures?



32

GP 416 Use the Results of the Defined Measurement to Monitor and Verify the Achievement of the Process Performance Objectives

Who analysis the measures?

Are measurement results used to verify the achievement of the process?

Is there, somewhere, a summary of the evolution of the process indicators?

PA 4.2 Process Control Attribute

The Process Control attribute is a measure of the extent to which the process is quantitatively managed to produce a process that is stable, capable, and predictable within defined limits.

GP 421 Determine Analysis and Control Techniques, appropriate to control the Process Performance

Are there regular statistical analyses of the process performance?

Have you defined techniques to control the process performance?

GP 422 Define Parameters suitable to Control the Process Performance

Are some performance limits defined for the process?

Where do those limits come from? How have they been defined?



33

GP 423 Analyze Process and Product Measurement Results to Identify Variations in Process Performance

Does the analysis of measurement data enable the identification of problems encountered in the implementation of the process itself?

Do you compare the process performance to the defined limits?

Do you identify root causes of process performance variations?

GP 424 Identify and Implement Corrective Actions to Address Assignable Causes

How are special causes of variations treated? How are corrective action implemented?

GP 425 Re-Establish Control Limits following Corrective Actions

After the implementation of corrective actions, are new limits defined for process performance?



34


Work Products

ID Name Used (X)


Location

PA 4.1 Process Measurement Attribute

2-00 Description

3-00 Plan

5-00 Record

6-00 Report

8-00 Specification

PA 4.2 Process Control Attribute

2-00 Description

3-00 Plan

5-00 Record

6-00 Report



35


Level 5 Optimizing Process

The Predictable Process is continuously improved to meet relevant, current, and projected business goals.

PA 5.1 Process Innovation Attribute

The Process Innovation attribute is a measure of the extent to which changes to the process are identified from analysis of common causes of variation in performance and from investigations of innovative approaches to the definition and deployment of the process.

GP 511 Define the Process Improvement Objectives for the Process that Support the Relevant Business Goals

Do you define improvement objectives for the process based on your business goals?

GP 512 Analyze Measurement Data of the Process to Identify Real and Potential Variations in the Process Performance

Is the process reviewed to identify potential sources of variation? Do you identify improvement opportunities based on the analysis of these variations?



36

GP 513 Identify Improvement Opportunities of the Process Based on Innovation and Best Practices

Do you watch innovation and the evolution of best practices in the process domain to identify improvement opportunities?

GP 514 Derive Improvement Opportunities of the Process from New Technologies and Process Concepts

Are there reviews of new technologies? Do you define improvement opportunities for the process based on new technologies?

GP 515 Define an Implementation Strategy based on long-term Improvement Vision and Objectives

Is there a defined improvement strategy for the process?



37

PA 5.2 Process Optimization Attribute

The Process Optimization attribute is a measure of the extent to which changes to the definition, management, and performance of the process result in an effective impact that achieves the relevant process improvement objectives.

GP 521 Assess the Impact of Each Proposed Change against the Objectives of the Defined Standard Process

How do you assess the proposed improvements of the standard process?

GP 522 Manage the Implementation of agreed changes to select areas of the Defined Standard Process according to the Implementation Strategy

How are the process improvements implemented? What are the steps?

Who implements the process improvement changes? Who will follow and check the positive or negative effect?

GP 523 Evaluate the Effectiveness of Process Change on the basis of actual Performance against Process Performance and Capability Objectives and Business Goals

When improvement changes are implemented, is the implementation effectiveness assessed? Who is in charge? (top management, process owner?)



38


Work Products

ID Name Used (X)


Location

PA 5.1 Process Innovation Attribute

2-00 Description

3-00 Plan

4-00 Procedure

5-00 Record

6-00 Report

8-00 Specification

PA 5.2 Process Optimization Attribute

2-00 Description

3-00 Plan

5-00 Record

6-00 Report

8-00 Specification

cobit5 assessment questionnaire bai07 manage change … · 2016-04-20 · cobit5 assessment...

Documents