Introduction

There are three basic components in any business process, like those involved in everyday life. They occur in this order: objective, risk, and control. Simply stated, the objective is what is trying to be accomplished. The next component of our foundation is risk. Risk is simply the barrier that will stop or slow down the achievement of the objective. The third component is control. Control is the policy, procedure, and action that will diminish or eliminate the barrier of risk.

From a business perspective, the Assessment process is a method to evaluate the adequacy of their risk and control management and help organizations improve their ability to meet objectives.

Maturity Model

Maturity models establish a systematic basis of measurement for describing the “as is” state of a process. A process's maturity can then be compared to management’s expectations or contrasted with the maturity of other similar processes for benchmarking purposes. Insights also can be derived from the model for determining improvement options that help a process to satisfy its intended objectives over time.

Organizations may use a maturity model to describe their developmental state or their processes in relation to established expectations of control and management. The classification mechanisms within a maturity model can help organizations simplify the determination of when control and process management is acceptable, or alternatively to identify the actions necessary to improve the maturity of the organization or process.

The assessment approach

We have utilized our experience, strong knowledge and guidance established by well-known organization like ISO, COSO, COBIT and others best practice published by most recognized associations to build a three matrixes to assess the ability of organization achieving the intended objectives also to assess the adequacy of their internal control system in contain the risks and increase the processes effectiveness and efficiency.
The component matrix
The control objective matrix
The risk matrix
All matrixes measured on five levels for each process and each level has specific criteria for rating

• Criteria for Rating Initial Stage of Maturity
• Criteria for Rating Repeatable Stage of Maturity
• Criteria for Rating Defined Stage of Maturity
• Criteria for Rating Managed Stage of Maturity
• Criteria for Rating Optimizing Stage of Maturity

The components, control objectives and risks will vary based on the assessment objective

The criteria

The criteria for each level of maturity created by using our experience, strong knowledge and guidance established by well-known organization like ISO, COSO, COBIT and others best practice published by most recognized associations

Also we can work together to design your own criteria and matrix for each level so it will provide:

• A framework for envisioning the future, the desired state, and the development of improvement plans.
• Benchmarks for the organization to compare its processes internally or externally.
• A mechanism to provide insight into the improvement path from an immature to a mature process.
• A disciplined method that comparatively is easy to understand and implement.

Building your own model involves these steps:

1. Determine the purpose of the model and its components.
2. Determine the scale.
3. Develop the expectations for each component level.
4. Set targets for each component.
5. Assess the level of maturity by component.
6. Report conclusions.
7. Revisit the model regularly.