This gap becomes your Implementation Plan. You stop random "improvement projects" and start specific capability upgrades. You stop buying tools to fix culture problems, and you start writing procedures to fix Level 2 deficiencies.
Whether you are preparing for a formal audit or simply want to improve your department's efficiency, a structured maturity assessment is the first step toward world-class IT governance.
Ensure that multiple assessors use identical criteria for what constitutes a "Largely Achieved" (L) vs. "Fully Achieved" (F) process to maintain evaluation consistency across different IT departments. Conclusion Cobit 2019 Maturity Assessment Tool Xls
Below is a proper, structured review of the typical as found in various online repositories (GitHub, templates marketplaces, consultant-made versions), since ISACA itself does not provide a single, publicly downloadable “Maturity Assessment Tool.xls” for COBIT 2019 in the same way it did for COBIT 4.1/5.
Look for patterns. Are your "DSS" (Support) processes strong, but your "APO" (Planning) processes weak? This gap becomes your Implementation Plan
For each score (e.g., level 3), collect evidence (documents, logs, screenshots) that proves the process is indeed "Established" or "Predictable." 4. Analyze Results
: The process achieves its purpose through an incomplete set of activities. Level 2 (Managed) : The process is planned, monitored, and adjusted. Level 3 (Defined) : The process is well-defined and established. Level 4 (Quantitatively Managed) Whether you are preparing for a formal audit
COBIT 2019 rates individual process activities on a scale from 0 to 5:
Management objectives focusing on operational delivery, security, support, and data controls.