Pass Isaca COBIT 2019 Exam in First Attempt Guaranteed!

All Isaca COBIT 2019 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the COBIT 2019 COBIT 2019 Foundation practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Performance Management

1. Performance Management

Welcome to the performance management section. As the title suggests, you are going to learn how great your company is at doing COBIT. As we went through various COBIT objectives, managed changes, managed requests, and managed incidents, These are objectives that you already accomplish or fulfill. will show you how to find out how great you are at it.

On a scale of one to five, where one is pretty poor and five is excellent, You can also set targets for various objective areas based on how good you want to be, and Cop It will tell you what to do to reach your targets. For example, in your Nike, it has difficulty managing its objective changes. There are a lot of unauthorised changes and other troubles. You've appointed an auditor to perform an audit. The auditor discovered, using Cobit, that at night, Bai Sixmanage's change process had reached level 1, indicating that many activities and documents were missing or completed irregularly. You decide that you'd like to improve the process to reach level three. On this level, Nike will be pretty safe.

When performing changes, Cobit prescribes exactly what you need to implement to reach level three. Recall our previous lecture on "Governance and Management Objectives: Detailed Guidance," where we mentioned that each process activity has a capability level. For example, activities within evaluate, prioritize, and authorise a change request are required to reach levels two and three. In the Governance and Management Objectives book, you can find a full list of what activities must be done to reach your target level 3. You can see now what performance management does for you. It helps you map your situation and helps you improve. It supports various types of assessments, whether formal or informal, and you can use it to conduct your own self-assessment. Some of you may be familiar with the CMMI assessment framework. Cobit is based on CMMI. Cobit evaluates the performance of processes only.

You can assess the performance of other components too, but Cobit gives you only very generic guidance for that. So we will concentrate on process component details, and for other components such as organisational structures, information, and others, we will only provide generic guidance at these levels one through five, which we refer to as "process capability levels." If you'd like to assess a focus area or the whole organization, we use the term "maturity level." So again, capability levels one to five are assigned to all process activities. If the activities of a level are successfully performed, the process reaches that capability level.

This is just a summary picture showing that the old version of COBIT, which was COBIT 5, was based on the ISO standard, and now COBIT is based on CMI 20. If you're not familiar with the terms ISO or CMI, you may want to Google them if you're interested. But they're not in the scope of this course. And here are the capability levels one through five once more. Let's explore them in more detail. I mentioned at the beginning that the lower the level, the worse the process; zero means that the process is most likely not performed at all. Level one suggests that the process is meeting its purpose, but the activities are incomplete, intuitive, and not very well organized.

Level two is not so bad; the process is working, but at a very basic level, whereas on level three the process is quite organized, more effective, and already well on this level. On level 4, the process is working well, it's well defined and even measured, and its performance is under control. On level five, the process is not only measured but continuously improved as well. And now the question is: do you have to perform every single activity that the governance and management objective successor has prescribed to reach a certain capability level? The answer is no. You don't see the description here. If you are performing 85% or more of the prescribed activities, you are granted the level.

You reach the level largely if you perform at 50% to 85%. If you are between 15% and 50%, you are partially capable; if you are less than 15%, you are not capable. As we said before, if you would like to assess focus areas, we explained earlier in the course that we also use levels one to five, but they have different descriptions. Level zero suggests that the work and activities within the focus area may not even be done. As a result, governance and management do not serve their intended purpose. Level one indicates that the goal of the focus area is not met. The goal is met on level 2, but not in a standardised way, so it may not be defined, described, or executed in a structured way. On level three, the goal is met and the practises and activities are executed consistently in a standardized, defined way.

At level four, the focus error is measured, and on level five, continuous improvement is applied as well. COBIT did not publish any additional detailed guidance for assessing focus areas at the time this course was created. So, this was the instruction on how to assess the process capability. But what about the other six components? As we mentioned before, Cobit is not as detailed about the other components. So here we will just give a few hints and tips. How to assess the capability of organisational structures, information items, and culture and behavior For organisational structures, which are various departments and roles, you can assess responsibilities and accountabilities. Operating principles are the rules that each department follows, such as regular meetings and the composition of the positions that comprise the department's span of control.

What are the competencies of the departmental level of authority? Decision rights are what the people in the department can decide, whether they have any rights to delegate or deescalate procedures. Let's see how the information flow and item components are assessed. I will remind you that we had some examples of the component information flow and items in previous lectures. These were process inputs and outputs, such as the managed service agreement process's change schedule output. SLA In the first paragraph, Cobit suggests that you can refer to the inputs and outputs of a process as "process work products." There is no standardised method for evaluating these process inputs and outputs. There are some suggestions in the previous version of COBIT 5, which were captured in the book called Enabling Information. In this method, called Cobit 5, there are three main quality criteria and 15 sub criteria. Let's have a look at these in the following slides.

First out of the three quality criteria is that the information must be intrinsic, which means accurate, correct, reliable, objective, unbiased, unprejudiced, and believable. In terms of its source and content, it is considered true, credible, and reputable. The second of these three main criteria is that the information must be contextual. That means I'm going from the top: relevant, complete, and current. The volume must be appropriate, compact, represented in the same format everywhere you show it, in an appropriate language, easily comprehended, and easy to use. The third of those three quality criteria is security, privacy, and accessibility. This criteria means that the information should be available when required and restricted appropriately to authorised parties only. As we mentioned before, we don't have any kind of official assessment on how to formally assess information, but you can use those mentioned criteria informally. See all these criteria for information that I haven't personally seen being used much in the real world. In this form, it's still a very high-level concept. If companies use COBIT for performance management and capability rating, they use only the process part, as far as I know.

Nevertheless, I had to include this part as well, as it is required for your exam. And last, the information within this lecture is just a comment on the Culture and Behavior component. Basically, there's almost nothing in Cobit regarding culture except a small note within each objective in the Governance and Management Objectives book.

So you could possibly use that when evaluating the performance of culture and behavior, but it's not really sufficient for any serious culture or component. Basically, You've successfully completed the Performance Management section again. For practical use, I recommend you open the "Governance and Management Objectives" book, select an objective, and check the capability levels for process activities. Consider how you would evaluate your company's chosen process. You would go one by one through each process, practice, and activity within them and mark whether you're performing it.

You reach a level if you complete at least 85% of all stated activities for that level. You can use that information to compare yourself with another department or company or to set a target to implement those activities that you are missing.

And one more quick comment: Isaca offers a COBIT toolkit for download at this web address: isaca.org/resources/cobit. When you go to the section on more implementation resources at the website and download the zip file there, there is an Excel sheet called COBA 2019 Governance Management Objectives Practice Activities. This Excel document contains all the objectives, practises, and activities in a useful Excel format. It is quite useful since you need to write down the results of your assessments, and the Governance Management Objective Book is a PDF file, so this is something that can help.

2. Performance Management Practical Walkthrough – OPTIONAL

In the previous lecture, I suggested you try to perform the capability assessment for your company for a selected process. If you've tried it and you're comfortable and clear on the topic, you can skip this lecture. But if you'd like to see an easy example of how to perform such an assessment, we can call it self-assessment. Stay with me during this lecture. So what we will do is choose a process, open the Governance and Management Objective Book, and check whether the process activities are executed as prescribed in the book. Then we will evaluate which level we have reached. Let's take the Nike APN managed service agreement process. Nike really struggled with this process, as we saw in the previous section, the lecture on Governance and Management Objectives. Practical workthrough. We did show the Nike managers what to do, and they really successfully implemented it. Originally, it was on level one. So let's perform the process capability assessment to see at what level the APO Nine process is. Now we will list all activities and indicate whether or not they have been completed. And then we'll continue with the assessment.

Isaca, the owner of COBIT, gave us all the objectives and activities and an Excel sheet table, so we don't have to extract it all from the PDF Governance and Management Objective Books. See, until now we were using this book, Governance and Management Objectives, to see all the objectives and their details. So now that we need to write things down, we can use an Excel sheet. The previous lecture covered the file download instruction. The Excel sheet So it's the governance and management objectives, practices, and activities. Excel file.

There are several sheets. When you open the file, you see copyright objectives and objective practices, but we're going to use the activities sheet. That's why we have all the information we need for the assessment. As you can see, there's an objective ID. So all 40 objectives are here. Then there is the objective name and practises within each objective, and we go up to the detailed activities within these objectives. We stated that we would evaluate APO 9 objectively. So what I'm going to do here is look at APO Zero Nine and filter out only those practises and activities that are relevant to APO Nine. As a result, you can identify the It services as well as the catalogue of It enabled services. We only have APO 9-related activities and practices. The thing that I had to do manually—fill in a capability level for each activity—we don't have in this Excel sheet. So I will show you what I'm talking about.

I'm going back to our previous PDF file, the Governance and Management Objective Book, with all the activities. We went through them in previous lectures, and you see that next to each activity there is a capability level. Capability level. We have two, three, and four here, so this data is not in our Excel sheet. So what I did was rewrite them here. So I have the capability level here now. And on top of that, I've counted for each activity or for each capability level how many there are for the whole APO—nine. So how many levels or how many activities? There were seven in total for level 2, eight in total for level 3, and six in total for level 4. We're going to need this when we calculate what percentage of your level was fulfilled. So it means, for example, that if we calculate that you fulfil only three or four of your capability levels, you are around 50% fulfilled, right? If you reach capability level four and the requirements for level four are not met, you are in a so that's what I had to do manually to create accounts now.

So I'm ready for the assessment. So let's prepare another column, fulfilled or not. So for each activity, we have to write down whether it's being done or not. Whether it's fulfilled or not I can simply write one or zero. So now I'm taking each activity, looking at it, and filling in whether it's done or not. I was talking about the services and service levels in previous lectures because this was a process we were already going through together. So services and service levels are the, let's say, means that are provided by it to support the business and the customers. So, as an example, we provide email and video conferencing services, as well as logistics services, and they are provided at different levels, implying different availability and response times when something breaks. So how fast do we collect these services? There are certain capacity levels or security levels. So this first activity is telling us that we need to assess them. So let us examine what we are currently providing and at what levels, and compare it to what is required. So identifying gaps between existing services and the business activities they support will help us see what we are not providing and where we can improve. I'm still in activity night; Ike had it.

There was a meeting with the business, and we know what we are covering, and they told us what they need. As a result, this activity has been completed. analyse, study, and estimate future demand. When we were meeting with our customers as an IC, we asked them what they needed in the future. We're trying to discuss their future plans, right? Whether the current capacity will be enough and what they're going to need So it's executed well. We also try to get into what business processes are. So business processes—what business is doing to identify the needs for New Orleans—we did that as well, right? So we jumped a bit into the business topics and discussed how to compare and identify requirements for existing service components in the portfolio. So again, this is a comparison of what the customer needs to what we have in our portfolio, which is the complete set of services, even those being prepared, if possible, to package existing services or components. Right? This is like service packages like gold, silver, and bronze, so we might want to offer them various levels for different departments.

We did that as well. Brilliant. Regularly review the portfolio of IT services with portfolio management and business relationship management personnel to identify obsolete services. This is something that we know about Nike. It's not yet done. We still have some services that are no longer needed or used. So, unfortunately, this is not met. Unfortunately, I will now complete the rest of the table offline myself, and we'll go back once it's done, and we'll go together to process the table and do the next steps. OK, so I have completed the table, so we have all the numbers. Let me emphasise this a bit. So, which activities were completed and which were not, and what else did I do? I've also completed this other table on the right side, where I found out that for level 2, all seven activities are fulfilled, which is great. It's pretty good for level 3 because seven out of eight requirements are met. Level four is not so good because only one out of six was fulfilled. I have calculated the percentage. So, as you can see, if we completed seven out of seven, we achieved 100%. Seven out of 888 percent and one out of six percent equals 17%.

Now, let's recall this slide from the previous lecture. The final paragraph explains how we can determine whether the process is completed entirely, partially, largely, or completely. And you can see the percentage—the percentage that we need to achieve that level. Or alternatively, you can just evaluate parts of failure, like "fulfilled" or "not fulfilled." Based on the slide, I have completed the table. We can either use this scalelike approach fully, largely, partially, or not at all. We can basically say "completed" or "not completed." I mean "achieved" or "not achieved." Great. So we can draw the conclusion that the APO-9 Managed Service Agreements process has reached capability level 3. And in this case, it's only out of four possible levels because, as you noticed, we only had marked activities at levels two, three, and four. So four was the limit.

If you did not reach level 2, your process would be considered level 1. So we can put a mark on our original picture. We had our APO Zero-Nine process at Level 1 at Nike, but the managers did an excellent job of moving it up to Level 3, which is a well-defined process that achieves its goals. If Nike would like to improve the process further, they know exactly what to do. We can say that they have a gap analysis ready. That means that they can set the target, for example, for next year to reach level four of this process, and they already have the gaps that need to be filled to reach level four. So you can see the gaps in our table that we filled. You see the zeros. In the full filter, you see zeros. So these are exactly the activities that we need to complete to get to, well, let's say, level 300% and to complete level 4. So these zero activities—here's another one. They are the gaps that must be filled in order to advance to the next level. And here is the niggle for next year: Can you think of any other applications for these maturity assessment levels? We have now used it to identify gaps and set targets for improvement.

But you can use it, for example, for comparisons between departments or company branches or even with competitors, if you are able to get the data, of course. So I hope this step-by-step workshop helped. Please don't hesitate to send me a message if anything didn't make sense, is not clear, or you would like further assistance with these assessments. There is one challenge you may face, especially if you are inexperienced or have no background in it. If you are reading about those activities and you don't understand how they are talking about these details and activities, you don't know what the terminology means. Some terms, such as service level agreements, or SLAs, have been explained, but you may come across others that you are unfamiliar with. If this is the case, I recommend you use the related guidance section, which is under each management practice and process practise area in the recommended standards or framework. I especially recommend choosing this one. Now, it's version four. So use ITIL, which explains most IT terminology in great detail and with great visuals.

Designing a Tailored Governance System

1. Designing a Tailored Governance System

Welcome to the performance management section. As the title suggests, you are going to learn how great your company is at doing COBIT. As we went through various COBIT objectives, managed changes, managed requests, and managed incidents, These are objectives that you already accomplish or fulfill. will show you how to find out how great you are at it. On a scale of one to five, where one is pretty poor and five is excellent, You can also set targets for various objective areas based on how good you want to be, and Cop It will tell you what to do to reach your targets.

For example, in your Nike, it has difficulty managing its objective changes. There are a lot of unauthorised changes and other troubles. You've appointed an auditor to perform an audit. The auditor discovered, using Cobit, that at night, Bai Sixmanage's change process had reached level 1, indicating that many activities and documents were missing or completed irregularly. You decide that you'd like to improve the process to reach level three. On this level, Nike will be pretty safe.

When performing changes, Cobit prescribes exactly what you need to implement to reach level three. Recall our previous lecture on "Governance and Management Objectives: Detailed Guidance," where we mentioned that each process activity has a capability level. For example, activities within evaluate, prioritize, and authorise a change request are required to reach levels two and three. In the Governance and Management Objectives book, you can find a full list of what activities must be done to reach your target level 3. You can see now what performance management does for you. It helps you map your situation and helps you improve. It supports various types of assessments, whether formal or informal, and you can use it to conduct your own self-assessment. Some of you may be familiar with the CMMI assessment framework.

Cobit is based on CMMI. Cobit evaluates the performance of processes only. You can assess the performance of other components too, but Cobit gives you only very generic guidance for that. So we will concentrate on process component details, and for other components such as organisational structures, information, and others, we will only provide generic guidance at these levels one through five, which we refer to as "process capability levels." If you'd like to assess a focus area or the whole organization, we use the term "maturity level." So again, capability levels one to five are assigned to all process activities. If the activities of a level are successfully performed, the process reaches that capability level. This is just a summary picture showing that the old version of COBIT, which was COBIT 5, was based on the ISO standard, and now COBIT is based on CMI 20.

If you're not familiar with the terms ISO or CMI, you may want to Google them if you're interested. But they're not in the scope of this course. And here are the capability levels one through five once more. Let's explore them in more detail. I mentioned at the beginning that the lower the level, the worse the process; zero means that the process is most likely not performed at all. Level one suggests that the process is meeting its purpose, but the activities are incomplete, intuitive, and not very well organized. Level two is not so bad; the process is working, but at a very basic level, whereas on level three the process is quite organized, more effective, and already well on this level. On level 4, the process is working well, it's well defined and even measured, and its performance is under control.

On level five, the process is not only measured but continuously improved as well. And now the question is: do you have to perform every single activity that the governance and management objective successor has prescribed to reach a certain capability level? The answer is no. You don't see the description here. If you are performing 85% or more of the prescribed activities, you are granted the level. You reach the level largely if you perform at 50% to 85%. If you are between 15% and 50%, you are partially capable; if you are less than 15%, you are not capable. As we said before, if you would like to assess focus areas, we explained earlier in the course that we also use levels one to five, but they have different descriptions. Level zero suggests that the work and activities within the focus area may not even be done. As a result, governance and management do not serve their intended purpose. Level one indicates that the goal of the focus area is not met.

The goal is met on level 2, but not in a standardised way, so it may not be defined, described, or executed in a structured way. On level three, the goal is met and the practises and activities are executed consistently in a standardized, defined way. At level four, the focus error is measured, and on level five, continuous improvement is applied as well. COBIT did not publish any additional detailed guidance for assessing focus areas at the time this course was created. So, this was the instruction on how to assess the process capability. But what about the other six components? As we mentioned before, Cobit is not as detailed about the other components. So here we will just give a few hints and tips. How to assess the capability of organisational structures, information items, and culture and behavior For organisational structures, which are various departments and roles, you can assess responsibilities and accountabilities. Operating principles are the rules that each department follows, such as regular meetings and the composition of the positions that comprise the department's span of control. What are the competencies of the departmental level of authority? Decision rights are what the people in the department can decide, whether they have any rights to delegate or deescalate procedures.

Let's see how the information flow and item components are assessed. I will remind you that we had some examples of the component information flow and items in previous lectures. These were process inputs and outputs, such as the managed service agreement process's change schedule output. SLA In the first paragraph, Cobit suggests that you can refer to the inputs and outputs of a process as "process work products." There is no standardised method for evaluating these process inputs and outputs. There are some suggestions in the previous version of COBIT 5, which were captured in the book called Enabling Information. In this method, called Cobit Five, there are three main quality criteria and 15 sub criterias. Let's have a look at these in the following slides.

First out of the three quality criteria is that the information must be intrinsic, which means accurate, correct, reliable, objective, unbiased, unprejudiced, and believable. In terms of its source and content, it is considered true, credible, and reputable. The second of these three main criteria is that the information must be contextual. That means I'm going from the top: relevant, complete, and current. The volume must be appropriate, compact, represented in the same format everywhere you show it, in an appropriate language, easily comprehended, and easy to use. The third of those three quality criteria is security, privacy, and accessibility. This criteria means that the information should be available when required and restricted appropriately to authorised parties only. As we mentioned before, we don't have any kind of official assessment on how to formally assess information, but you can use those mentioned criteria informally.

See all these criteria for information that I haven't personally seen being used much in the real world. In this form, it's still a very high-level concept. If companies use COBIT for performance management and capability rating, they use only the process part, as far as I know. Nevertheless, I had to include this part as well, as it is required for your exam. And last, the information within this lecture is just a comment on the Culture and Behavior component. Basically, there's almost nothing in Cobit regarding culture except a small note within each objective in the Governance and Management Objectives book. So you could possibly use that when evaluating the performance of culture and behavior, but it's not really sufficient for any serious culture or component. Basically, thYou've successfully completed the Performance Management section again.

For practical use, I recommend you open the "Governance and Management Objectives" book, select an objective, and check the capability levels for process activities. Consider how you would evaluate your company's chosen process. You would go one by one through each process, practice, and activity within them and mark whether you're performing it. You reach a level if you complete at least 85% of all stated activities for that level. You can use that information to compare yourself with another department or company or to set a target to implement those activities that you are missing.

And one more quick comment: Isaca offers a COBIT toolkit for download at this web address: isaca.org/resources/cobit. When you go to the section on more implementation resources at the website and download the zip file there, there is an Excel sheet called COBIT 2019 Governance Management Objectives Practice Activities. This Excel document contains all the objectives, practises, and activities in a useful Excel format. It is quite useful since you need to write down the results of your assessments, and the Governance Management Objective Book is a PDF file, so this is something that can help.

2. Designing a Tailored Governance System Practical Walkthrough

In the previous lecture, I suggested you try to perform the capability assessment for your company for a selected process. If you've tried it and you're comfortable and clear on the topic, you can skip this lecture. But if you'd like to see an easy example of how to perform such an assessment, we can call it self-assessment. Stay with me during this lecture. So what we will do is choose a process, open the Governance and Management Objective Book, and check whether the process activities are executed as prescribed in the book. Then we will evaluate which level we have reached.

Let's take the Nike APN managed service agreement process. Nike really struggled with this process, as we saw in the previous section, the lecture on Governance and Management Objectives. Practical workthrough.

We did show the Nike managers what to do, and they really successfully implemented it. Originally, it was on level one. So let's perform the process capability assessment to see at what level the APO Nine process is. Now we will list all activities and indicate whether or not they have been completed. And then we'll continue with the assessment. Isaca, the owner of COBIT gave us all the objectives and activities and an Excel sheet table, so we don't have to extract it all from the PDF Governance and Management Objective Books. See, until now we were using this book, Governance and Management Objectives, to see all the objectives and their details. So now that we need to write things down, we can use an Excel sheet. The previous lecture covered the file download instruction. The Excel sheet So it's the governance and management objectives, practices, and activities.

Excel file. There are several sheets. When you open the file, you see copyright objectives and objective practices, but we're going to use the activities sheet. That's why we have all the information we need for the assessment. As you can see, there's an objective ID. So all 40 objectives are here. Then there is the objective name and practises within each objective, and we go up to the detailed activities within these objectives. We stated that we would evaluate APO 9 objectively.

So what I'm going to do here is look at APO Zero Nine and filter out only those practises and activities that are relevant to APO Nine. As a result, you can identify the It services as well as the catalogue of It enabled services. We only have APO 9-related activities and practices. The thing that I had to do manually—fill in a capability level for each activity—we don't have in this Excel sheet. So I will show you what I'm talking about. I'm going back to our previous PDF file, the Governance and Management Objective Book, with all the activities. We went through them in previous lectures, and you see that next to each activity there is a capability level.

Capability level. We have two, three, and four here, so this data is not in our Excel sheet. So what I did was rewrite them here. So I have the capability level here now. And on top of that, I've counted for each activity or for each capability level how many there are for the whole APO—nine. So how many levels or how many activities?

There were seven in total for level 2, eight in total for level 3, and six in total for level 4. We're going to need this when we calculate what percentage of your level was fulfilled. So it means, for example, that if we calculate that you fulfil only three or four of your capability levels, you are around 50% fulfilled, right? If you reach capability level four and the requirements for level four are not met, you are in a so that's what I had to do manually to create accounts now. So I'm ready for the assessment. So let's prepare another column, fulfilled or not.

So for each activity, we have to write down whether it's being done or not. Whether it's fulfilled or not I can simply write one or zero. So now I'm taking each activity, looking at it, and filling in whether it's done or not. I was talking about the services and service levels in previous lectures because this was a process we were already going through together. So services and service levels are the, let's say, means that are provided by it to support the business and the customers.

So, as an example, we provide email and video conferencing services, as well as logistics services, and they are provided at different levels, implying different availability and response times when something breaks. So how fast do we collect these services? There are certain capacity levels or security levels. So this first activity is telling us that we need to assess them. So let us examine what we are currently providing and at what levels, and compare it to what is required. So identifying gaps between existing services and the business activities they support will help us see what we are not providing and where we can improve. I'm still in activity night; Ike had it.

There was a meeting with the business, and we know what we are covering, and they told us what they need. As a result, this activity has been completed. analyse, study, and estimate future demand. When we were meeting with our customers as an IC, we asked them what they needed in the future. We're trying to discuss their future plans, right?

Whether the current capacity will be enough and what they're going to need So it's executed well. We also try to get into what business processes are. So business processes—what business is doing to identify the needs for New Orleans—we did that as well, right? So we jumped a bit into the business topics and discussed how to compare and identify requirements for existing service components in the portfolio. So again, this is a comparison of what the customer needs to what we have in our portfolio, which is the complete set of services, even those being prepared, if possible, to package existing services or components.

Right? This is like service packages like gold, silver, and bronze, so we might want to offer them various levels for different departments. We did that as well. Brilliant. Regularly review the portfolio of IT services with portfolio management and business relationship management personnel to identify obsolete services. This is something that we know about Nike. It's not yet done. We still have some services that are no longer needed or used. So, unfortunately, this is not met. Unfortunately, I will now complete the rest of the table offline myself, and we'll go back once it's done, and we'll go together to process the table and do the next steps.

OK, so I have completed the table, so we have all the numbers. Let me emphasise this a bit. So, which activities were completed and which were not, and what else did I do? I've also completed this other table on the right side, where I found out that for level 2, all seven activities are fulfilled, which is great. It's pretty good for level 3 because seven out of eight requirements are met. Level four is not so good because only one out of six was fulfilled. I have calculated the percentage. So, as you can see, if we completed seven out of seven, we achieved 100%.

Seven out of 888 percent and one out of six percent equals 17%. Now, let's recall this slide from the previous lecture. The final paragraph explains how we can determine whether the process is completed entirely, partially, largely, or completely. And you can see the percentage—the percentage that we need to achieve that level. Or alternatively, you can just evaluate parts of failure, like "fulfilled" or "not fulfilled." Based on the slide, I have completed the table.

We can either use this scalelike approach fully, largely, partially, or not at all. We can basically say "completed" or "not completed." I mean "achieved" or "not achieved." Great. So we can draw the conclusion that the APO-9 Managed Service Agreements process has reached capability level 3. And in this case, it's only out of four possible levels because, as you noticed, we only had marked activities at levels two, three, and four. So four was the limit. If you did not reach level 2, your process would be considered level 1. So we can put a mark on our original picture. We had our APO Zero-Nine process at Level 1 at Nike, but the managers did an excellent job of moving it up to Level 3, which is a well-defined process that achieves its goals. If Nike would like to improve the process further, they know exactly what to do. We can say that they have a gap analysis ready. That means that they can set the target, for example, for next year to reach level four of this process, and they already have the gaps that need to be filled to reach level four.

So you can see the gaps in our table that we filled. You see the zeros. In the full filter, you see zeros. So these are exactly the activities that we need to complete to get to, well, let's say, level 300% and to complete level 4. So these zero activities—here's another one. They are the gaps that must be filled in order to advance to the next level.

And here is the niggle for next year: Can you think of any other applications for these maturity assessment levels? We have now used it to identify gaps and set targets for improvement. But you can use it, for example, for comparisons between departments or company branches or even with competitors, if you are able to get the data, of course.

So I hope this Step by Step workshop was beneficial. Please don't hesitate to send me a message if anything didn't make sense, is not clear, or you would like further assistance with these assessments. There is one challenge you may face, especially if you are inexperienced or have no background in it.

If you are reading about those activities and you don't understand how they are talking about these details and activities, you don't know what the terminology means. Some terms, such as service level agreements, or SLAs, have been explained, but you may come across others that you are unfamiliar with.

If this is the case, I recommend you use the related guidance section, which is under each management practice and process practise area in the recommended standards or framework. I especially recommend choosing this one. Now, it's version four. So use ITIL, which explains most IT terminology in great detail and with great visuals.

Isaca COBIT 2019 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass COBIT 2019 COBIT 2019 Foundation certification exam dumps & practice test questions and answers are to help students.