The primary verified tool for assessing maturity in COBIT 2019 is the COBIT 2019 Design Guide Tool Kit
, which is a comprehensive Excel-based resource provided directly by
Unlike COBIT 5, which used a Process Assessment Model (PAM) based on ISO/IEC 15504, COBIT 2019 utilizes a Performance Management (CPM) model based on the CMMI Performance Management Scheme . Maturity is measured on a scale from 0 to 5. Verified Tools & Resources ISACA COBIT 2019 Tool Kit
: The official spreadsheet tool available to ISACA members (and often as a free download for some tiers). It includes RACI matrices
and a design workbook to calculate target capability levels based on enterprise-specific design factors. COBIT 2019 Governance System Design Workbook
: A specific "Canvas" tab within the official toolkit used to refine the scope and determine suggested maturity levels. Process Assessment Templates
: Educational and research-oriented templates are often shared by academic and industry sites like IT-Slideshare for specific domains like EDM, APO, and BAI. Industry News 2020 COBIT Tool Kit Enhancements - ISACA
The COBIT 2019 Design Toolkit is the official Excel-based tool provided by ISACA to help organizations design a tailored governance system and assess maturity levels. Official & Verified Resources
COBIT 2019 Design Guide Tool Kit (Excel): This verified spreadsheet facilitates the governance system design workflow. It includes tabs for evaluating 11 design factors that influence your target maturity and capability levels. You can access it via the ISACA COBIT Resources page under "More Implementation Resources". cobit 2019 maturity assessment tool xls verified
Performance Management Scheme: Unlike COBIT 5, the 2019 version uses a CMMI-based performance management scheme (CPM) with a scale from 0 to 5 (Incomplete to Optimizing) to measure the capability of 40 governance and management objectives. Key Articles on Maturity Assessment
Effective Capability and Maturity Assessment Using COBIT 2019: This ISACA Industry News article explains how stakeholder needs and enterprise objectives are evaluated to set direction and monitor compliance.
Building a Maturity Model for COBIT 2019 Based on CMMI: Since there is no longer a standalone "Process Assessment Model" (PAM) like in COBIT 5, this ISACA Journal article provides a roadmap for using CMMI levels to measure organizational maturity.
Defining Target Capability Levels in COBIT 2019: This article proposes a refinement procedure for defining process target capability levels more robustly by assigning ratings (N, P, L, or F) to specific activities. Third-Party Assessment Templates (Unverified)
While not "official," various academic and practitioner tools have been developed for specific domains (EDM, APO, BAI, DSS, MEA) and are often shared on educational platforms like IT-Slideshare for research purposes.
Effective Capability and Maturity Assessment Using COBIT 2019
The COBIT 2019 Design Guide Tool Kit is the primary "verified" Excel-based resource provided by ISACA to help organizations assess and design their governance systems. Unlike COBIT 5, which used a Process Assessment Model (PAM), COBIT 2019 shifts toward a CMMI-based performance management scheme, scoring processes from 0 to 5. Accessing the Official Tool Kit
The official COBIT Tool Kit is available directly from the ISACA website. The primary verified tool for assessing maturity in
Location: Scroll to the "More Implementation Resources" section on the COBIT overview page. Format: A multi-tab Excel spreadsheet (.xlsx).
Key Contents: Includes the Governance Design Toolkit and an Excel-based RACI matrix to identify critical roles and responsibilities. Key Features for Maturity Assessment
CMMI Alignment: Assessment results are based on Capability Maturity Model Integration (CMMI) standards rather than the older ISO/IEC 33000 scale.
40 Governance and Management Objectives: The toolkit covers the full core model, including domains like EDM (Evaluate, Direct, and Monitor) and DSS (Deliver, Service, and Support).
Granular Activity Scoring: Assessments can be performed at a high level (maturity) or down to the 1,202 specific activities (capability).
Design Factors: The spreadsheet allows you to input 11 "Design Factors" (e.g., enterprise strategy, risk profile) to prioritize which processes need higher maturity. Third-Party & Supplemental Templates
While the ISACA toolkit is the gold standard, other verified or highly-rated templates exist for specific needs:
Industry News 2020 COBIT 2019 and COBIT 5 Comparison - ISACA Practical recommendations for use
Q: Is “maturity” the same as “capability” in COBIT 2019?
A: In common language, yes. But technically, COBIT 2019 uses capability levels (0-5) as defined by ISO 15504. The tool we describe uses these correctly.
Q: Can I use the tool for partial assessments?
A: Absolutely. The Scope sheet lets you uncheck processes not in scope. This is ideal for DevOps teams focusing on BAI – Build, Acquire, Implement only.
Q: Does a verified XLS work on Mac Excel?
A: Most will, but avoid tools that rely on ActiveX controls (Windows-only). Ask the provider for “Mac-compatible” verification.
Q: How often should we reassess?
A: High-risk processes (e.g., Security, Continuity) – quarterly. Medium-risk – bi-annually. Low-risk – annually.
Q: What if my tool shows a circular reference error?
A: Then it’s not verified. Circular references often mean the tool was poorly built. Move to another provider.
Let’s walk through a case study. A regional bank (fictitious: “Atlantic Union”) needed to comply with FFIEC guidelines and wanted to use a COBIT 2019 maturity assessment tool xls verified.
Once scores are entered, the heatmap worksheet will automatically highlight:
Sites like Template.net or Smartsheet (for import) offer premium templates, but check user reviews specifically for “2019” and “verified.”