IT governance gap assessment of a healthcare technology company (1,200 employees, $200M revenue, 3 acquisitions in 2 years). 19 COBIT 2019 governance and management objectives assessed using maturity models. Findings mapped to COSO Internal Control principles. Prioritized recommendations for SOX readiness and enterprise risk management maturity.
Four-week engagement using COBIT 2019 maturity models and COSO 2013 internal control mapping.
Define assessment scope, identify stakeholders, conduct executive interviews, review existing IT governance documentation and committee structures. Establish target maturity profiles aligned with business strategy and regulatory requirements.
Assess 19 COBIT 2019 governance and management objectives against the 0-5 CMMI-based maturity scale. Evaluate EDM, APO, BAI, DSS, and MEA domains. Identify gaps between current and target maturity states across all objectives with supporting evidence.
Map all findings to COSO 2013 internal control principles across the five components (Control Environment, Risk Assessment, Control Activities, Information & Communication, Monitoring). Develop prioritized recommendations with cost-benefit analysis and ownership assignment.
Board-ready executive summary with maturity scores by domain, detailed gap analysis, and a 12-month governance improvement roadmap. Includes risk heat maps, control deficiency register, and resource requirements for achieving target maturity.
Current vs. target maturity across COBIT 2019 domains and severity distribution of identified control gaps.
Current maturity (2.1 avg) vs. target (3.5) across 5 COBIT 2019 governance domains
13 control gaps identified: 3 Critical, 5 High, 3 Medium, 2 Low
Detailed engagement charter with scope boundaries, stakeholder register, and assessment schedule
Current vs. target maturity scores for each COBIT 2019 objective with supporting evidence
Findings register with severity ratings, root cause analysis, and control deficiency details
Ranked remediation actions with cost-benefit analysis, owners, and target completion dates
Complete mapping of COBIT 2019 findings to COSO 2013 internal control principles
Board-ready report with maturity scores, gap analysis, risk heat maps, and 12-month roadmap
Governance framework established to support SOX compliance journey with clear maturity targets and gap remediation roadmap
IT governance harmonization roadmap for 3 recently acquired entities with standardized process frameworks
IT steering committee charter and escalation framework designed for enterprise risk management maturity
All assessment artifacts, maturity models, COSO mappings, and the executive report are available in the project repository.