Image via Wikipedia
0 Non-existent—Complete lack of any recognizable processes. The enterprise has not even recognized that there is an issue to be addressed.
1 Initial/Ad Hoc—There is evidence that the enterprise has recognized that the issues exist and need to be addressed. There are, however, no
standardized processes; instead, there are ad hoc approaches that tend to be applied on an individual or case-by-case basis. The overall approach to
management is disorganized.
2 Repeatable but Intuitive—Processes have developed to the stage where similar procedures are followed by different people undertaking the same
task. There is no formal training or communication of standard procedures, and responsibility is left to the individual. There is a high degree of reliance on
the knowledge of individuals and, therefore, errors are likely.
3 Defined Process—Procedures have been standardized and documented, and communicated through training. It is mandated that these processes
should be followed; however, it is unlikely that deviations will be detected. The procedures themselves are not sophisticated
but are the formalization of existing practices.
4 Managed and Measurable—Management monitors and measures compliance with procedures and takes action where processes appear not to be
working effectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way.
5 Optimized—Processes have been refined to a level of good practice, based on the results of continuous improvement and maturity modelling with other
enterprises. IT is used in an integrated way to automate the workflow, providing tools to improve quality and effectiveness, making the enterprise quick to
Excerpted From: COBIT V 4.1