COBIT Quickstart provides two tests to assess an enterprise’s suitability

for implementing control over IT, based on the Quickstart set of controls.

Blue Zone

Watch the Heat

The first test (Stay in the Blue Zone) helps the organisation determine whether it is considered appropriate for Quickstart
implementation to manage its IT risks or whether it should consider using the full C OBIT guidance.
The second test of the suitability tool (Watch the Heat) can help assess specific exception situations that create the need
possibly to go beyond Quickstart. Click on "Front Page" in lower right of each test screen to return here.

© 2007 IT Governance Institute. All rights reserved.

COBIT Quickstart
Simple Command Structure (SCS)
1. CS is informal and verbal, only short-term and tactical.
2. CS is primarily informal and verbal, somewhat short-ter

Suitability Assessment (1)

3. CS is primarily formal and documented, begins looking
4. CS is strictly formal and documented, covers short-, me
« Stay in the Blue Zone »
● 1 2 3
Segregation (SEG)
1. Those who monitor have at least two other
functions (build, operate or influence).
2. Those who monitor have, at most, building
or operating as other functions.Those who
influence can also have building and operating
functions.
SCS
3. Monitoring is totally segregated, but building SCS 4 2 1 1
and operating can be executed by the same 4
person. Those who influence have, at most, SCP SEG 4 2 SCP 3 3
operating or building as other functions. SOC 4 3 2 2
4. At most, influencing and monitoring are 2
executed by one person. ITS 4 2 4 4
ITI 4 1 3 3
0
ITE 4 2 1 1
ITE SOC
SEG 4 3 2 2

ITI ITS
1 ● 2 3 4
IT Expenditure (ITE) IT’s Strategic Importance (ITI)
1. IT expenditure is not more than profits and not much 1. Reliable IT is not critical to the functioning of the enterprise and is not likely to bec
different from peers. strategically important.
2. IT expenditure is different from peers and only marginally 2. Reliable IT support is critical to the enterprise's current operation, but the applicati
increasing every year. development portfolio is not fundamental to the enterprise's ability to compete.
3. IT expenditure is more than profits or significantly 3. Uninterrupted functioning of IT is not absolutely critical to achieving current object
different from peers and is showing an annual increasing applications and technology under development will be critical to future competitive s
trend. 4. Reliable IT support is critical to the enterprise's current operation, and applications
4. IT expenditure is significantly more than the entity’s technology under development are critical to future competitive success.
profits.

● 1 2 3 4 1 2 ● 3 4
No more than 2 responses should be in the purple zone (outside the blue) and none by mor
in order for COBIT Quickstart to be reasonably applicable to your control and IT env
nd Structure (SCS)
l and verbal, only short-term and tactical.
y informal and verbal, somewhat short-term but largely medium-term oriented, and still primarily tactical.
y formal and documented, begins looking at the long-term but is more medium-term oriented, somewhat tactical with strategic views emerging.
ormal and documented, covers short-, medium- and long-term and is strategy-oriented.

3 4

Short Communications Path (SCP)

1. HE (Head of the entity) knows everyone’s IT-related responsibilities.
2. HE knows most people’s IT-related responsibilities.
3. HE knows IT-related responsibilities only for key personnel.
4. HE does not know all IT-related responsibilities of key personnel.

1 2 ● 3 4

Span of Control (SOC)

1. HE directs and monitors everyone’s IT-related responsibilities.
2. HE directs and monitors most people’s IT-related responsibilities.
OC 3. HE directs and monitors only key personnel's IT-related responsibilities.
4. HE does not direct and monitor all IT-related responsibilities of key personnel.

1 ● 2 3 4

g of the enterprise and is not likely to become
prise's current operation, but the application
o the enterprise's ability to compete.
solutely critical to achieving current objectives but
ment will be critical to future competitive success.
prise's current operation, and applications and
to future competitive success.
IT Sophistication (ITS)
1. Laggard, well behind in technology adoption, with a simple IT infrastructure
2. Follower, adopting technology after peers, using more but still standard components
3. Leader, adopting technology before peers, customising and integrating solutions
4. Pioneer, early adopter of new emerging technology well ahead of the industry, highly complex
IT environment

1 2 3 ● 4 Front Page

one (outside the blue) and none by more than one point
y applicable to your control and IT environment.
ews emerging.

ructure
ard components
ng solutions
e industry, highly complex

Front Page
COBIT Quickstart

is
ree
Suitability Assessment (2)

rd
ree

ag
no
ag

dis
ree
dis
« Watch the Heat »

at
ag
ly

wh
e

er
nit

me

ith

m
fi

So
De

Ne

So
1
The IT infrastructure is an open as opposed to closed system
0
(interconnections with customers, suppliers, etc).

There are IT1related regulations or contractual requirements

applying to 0
the enterprise.

There is a need to provide outside assurance about IT.

0

Enterprise management is aware of IT issues and wonders

whether a minimum baseline is sufficient.
0

Enterprise management has identified the need for significant

0 relative to IT.
formal training

Some IT practices and procedures have been defined,

0 and documented in a sustainable manner.
standardised

Enterprise management knows that common tools would

make some IT processes more effective and efficient.
0

The IT 'expert(s)' of the enterprise are needed for

0
developing/improving 0
business 0
processes. 0 0 0
 De
fi n
i te
ly
So d is
me ag
wh ree
Ne at
ith dis
er ag
ag ree
ree
no
So rd
me isa
wh gr
at ee
ag
Fu r ee
lly d
ag
ree
d

Front Page