Level 1: Initial (Performed) Process

COBIT 2019 Foundation: Level 1 Initial (Performed) Process - Complete Guide

The COBIT 2019 Framework Capability Levels are essential for organizations aiming to assess and improve their IT governance and management capabilities. The Level 1 (Performed) Initial Process represents the foundational stage of this maturity model, and understanding this level is crucial for both practical implementation and exam success.

What is Level 1: Initial (Performed) Process?

Level 1 is the first step in the COBIT 2019 five-level capability maturity scale. At this level, processes exist and are executed, but they are characterized by being:

Undocumented or Poorly Documented: The process activities and procedures may not be formally documented. They exist primarily in the minds of key individuals or through informal practices.

Reactive Rather Than Proactive: Organizations at Level 1 typically respond to issues and problems after they occur, rather than preventing them through planned initiatives.

Inconsistently Applied: Process execution varies from one instance to another. Different teams, departments, or individuals may perform the same process differently, depending on their interpretation or experience.

Dependent on Individual Knowledge: The success of processes relies heavily on the knowledge, skills, and dedication of specific individuals within the organization. When these key people leave, institutional knowledge often departs with them.

Ad Hoc and Informal: While basic process outcomes may be achieved, there is no systematic approach, standardization, or consistent methodology.

Limited Measurability: Organizations lack metrics and clear measurement mechanisms to evaluate process performance and effectiveness.

Why is Level 1 Important?

Recognition of Current State: Level 1 provides a baseline for organizations to understand where they currently stand. Many organizations, especially smaller ones or those new to IT governance, operate at this level initially.

Foundation for Improvement: Understanding Level 1 helps organizations recognize the gaps between their current state and desired maturity levels. This recognition is the first step toward improvement and progression up the capability maturity scale.

Risk Awareness: Level 1 processes highlight significant risks and challenges in IT governance. Organizations can identify areas where inconsistencies and lack of documentation create vulnerabilities.

Benchmarking: Level 1 serves as a reference point for benchmarking against industry standards and peer organizations. It helps leaders understand the cost of operating at lower maturity levels.

Strategic Planning: By clearly defining Level 1 characteristics, organizations can develop targeted strategies to progress to higher levels, ensuring structured improvement initiatives.

How Level 1 Works in Practice

Process Existence: The organization has identified that certain processes are necessary and has initiated them. However, these processes are not formally governed or consistently executed. For example, a company might perform security incident response, but there is no documented incident response procedure.

Execution Variability: When a problem arises, different teams might handle it differently. One department might escalate immediately, while another might attempt to resolve it internally first. This inconsistency can lead to unpredictable outcomes.

Limited Documentation: While some documentation might exist (email trails, informal notes, or individual checklists), there is no standardized, comprehensive process documentation. Knowledge transfer becomes difficult when personnel change.

Outcome-Focused but Means-Unclear: Organizations may achieve desired outcomes sporadically, but the means to achieve them are unclear and not standardized. Success is often attributed to individual effort rather than systematic processes.

Reactive Management: Management typically becomes aware of process issues only when problems occur. There is limited proactive monitoring or prevention.

Example of Level 1 in Action:

Consider an organization's IT Change Management process at Level 1:

- Changes are made to production systems, but there is no formal change request procedure.

- When someone wants to make a change, they might send an email to a manager or directly contact the system administrator.

- Different system administrators might implement changes differently, with varying levels of testing and documentation.

- If a change causes a problem, the response depends on who is available and how they interpret the situation.

- Post-change reviews are rare and inconsistent; lessons learned are not systematically captured.

Contrasting with higher levels, at Level 2 (Managed), the same process would include documented change procedures, formal approval workflows, consistent testing protocols, and systematic record-keeping.

How to Answer Exam Questions on Level 1: Initial (Performed) Process

Understand the Key Characteristics: Ensure you can quickly identify and articulate the defining features of Level 1. Remember the core descriptors: undocumented, reactive, inconsistent, ad hoc, dependent on individuals, and lacking in formal measurement.

Scenario-Based Questions: Exam questions often present organizational scenarios and ask you to identify the capability level. For Level 1 scenarios, look for indicators such as:

- No formal policies or procedures

- Processes that vary by department or individual

- Reactions to problems after they occur

- Lack of process metrics or measurement

- High dependence on key personnel

- Informal communication and decision-making

Distinguishing Level 1 from Level 0: Note that Level 0 (Incomplete) indicates that processes may not be implemented at all, or they achieve none of their purposes. Level 1 processes, by contrast, do achieve their intended outcomes, but inconsistently and informally. When a question asks about a process that is not performed at all, the answer is Level 0, not Level 1.

Comparing Levels: Exam questions frequently compare different maturity levels. When asked about progression from Level 1 to Level 2, expect the focus to shift to documentation, standardization, planning, and measurement. Level 2 introduces formality and consistency where Level 1 lacks them.

Identifying Improvement Priorities: Questions may ask what an organization at Level 1 should focus on to improve. The answer typically involves:

- Documenting current processes

- Establishing standards and procedures

- Creating process ownership and accountability

- Introducing basic metrics and monitoring

- Formalizing communication and approval workflows

Real-World Context: COBIT questions often include real-world business contexts. For a Level 1 question in a financial services context, you might see a scenario about loan approval processes lacking formal documentation and varying by loan officer. The correct answer would identify this as Level 1 and suggest documentation and standardization as next steps.

Exam Tips: Answering Questions on Level 1: Initial (Performed) Process

1. Focus on Consistency and Documentation

The most reliable way to identify Level 1 in exam questions is the absence of consistency and formal documentation. When you see phrases like inconsistently applied, ad hoc, informal, or dependent on individuals, you are likely dealing with Level 1. Conversely, when you see standardized, documented, or consistently applied, move up the maturity levels.

2. Use the Process Lifecycle Framework

COBIT 2019 emphasizes a process-based approach. At Level 1, processes exist but lack governance structure. At Level 2, they become managed. At Level 3, they are established with defined roles and accountabilities. Use this progression as a mental checklist when analyzing scenarios.

3. Look for Key Personnel Dependency

A strong indicator of Level 1 is when process success depends heavily on specific individuals. If an exam question mentions that a particular manager knows how things are done or processes depend on the experience of certain staff members, this points to Level 1. Higher levels reduce this dependency through documentation and formalization.

4. Distinguish Reactive from Proactive

Level 1 processes are reactive: organizations respond to issues after they occur. Level 2 and above introduce planning and proactivity. When a question describes an organization reacting to problems without preventive measures, consider Level 1.

5. Recognize Partial or Variable Success

Level 1 processes achieve their intended results, but not consistently. If an exam question states that sometimes the process works well, and sometimes it doesn't, or outcomes vary depending on who handles the process, this is classic Level 1 language. Level 0 would suggest the process doesn't work at all or isn't performed.

6. Watch for Measurement Absence

Level 1 processes typically lack metrics and measurement. Questions highlighting the absence of KPIs, performance indicators, or process metrics often describe Level 1. Higher levels introduce measurement frameworks.

7. Understand the Improvement Path from Level 1

Exam questions frequently ask about the next steps for organizations at Level 1. The progression to Level 2 focuses on:

- Creating and enforcing documented procedures

- Establishing process ownership

- Implementing basic monitoring and control activities

- Defining and measuring process objectives

- Training personnel on standardized processes

Understanding this progression helps you answer questions about improvement strategies.

8. Avoid Confusing Level 1 with Other Levels

Level 1 vs. Level 0: Level 0 = process not implemented or achieving no outcomes. Level 1 = process exists and achieves outcomes but inconsistently.

Level 1 vs. Level 2: Level 1 = undocumented and inconsistent. Level 2 = documented, managed, and consistently applied within defined boundaries.

Level 1 vs. Level 3: Level 1 = informal and ad hoc. Level 3 = standardized, formally documented, and established with defined roles and responsibilities.

9. Practice with Scenario-Based Questions

Exam questions often provide detailed scenarios. Practice identifying Level 1 indicators within these narratives. Create mental checklists of Level 1 characteristics and quickly scan scenarios for matches. This improves your speed and accuracy during the actual exam.

10. Apply COBIT's Context and Terminology

COBIT uses specific terminology. Familiarize yourself with terms like capabilities, process performance, enablers, and maturity. When exam questions use COBIT terminology, matching your language and understanding to the framework's terminology demonstrates mastery and helps you identify correct answers more confidently.

11. Consider the Risk Perspective

Level 1 processes present elevated risks due to inconsistency and lack of oversight. Exam questions may ask about the risks associated with Level 1 processes. Be prepared to discuss risks such as:

- Lack of accountability and traceability

- Inconsistent compliance with organizational standards

- Difficulty in knowledge transfer and process continuity

- Inability to detect and respond to control failures

- High dependency on individual competencies

12. Understand the Stakeholder Perspective

Exam questions sometimes frame issues from different stakeholder viewpoints—management, customers, auditors, or regulators. At Level 1, these stakeholders would express concern about consistency, documentation, and accountability. Understanding these perspectives helps you identify what level an organization is operating at.

13. Review Real COBIT 2019 Process Reference Material

COBIT 2019 provides detailed process reference material. Review how specific processes (like governance processes, management processes, or domain-specific processes) are described at Level 1. This concrete knowledge helps you recognize Level 1 characteristics in exam questions.

14. Study the Capability Dimension Framework

COBIT 2019 uses a capability dimension framework with multiple practice categories. At Level 1, practices may be informally defined. Higher levels introduce more formal definitions, governance, and measurement across these categories. Understanding how practices evolve across levels strengthens your ability to answer level-related questions.

15. Time Management During the Exam

When facing a question about Level 1, quickly scan for the telltale signs: lack of documentation, inconsistency, individual dependency, and reactive management. If you identify these signs, you can confidently select the Level 1 answer and move on, saving time for more complex questions.

Summary

Level 1: Initial (Performed) Process in COBIT 2019 represents a foundational state where processes exist and achieve their intended outcomes, but they are undocumented, inconsistently applied, reactive, and heavily dependent on individual knowledge and skills. Understanding Level 1 is crucial for recognizing where organizations currently stand and identifying the pathways for improvement toward higher maturity levels.

In exams, successfully answering Level 1 questions requires quick recognition of characteristic indicators: lack of formal documentation, process variability, individual dependency, reactive management, and absence of metrics. By familiarizing yourself with these indicators, practicing scenario analysis, and understanding the progression to higher levels, you can confidently and accurately answer any exam question regarding Level 1: Initial (Performed) Process. Remember that Level 1 is not a failure—it's a recognition point that enables organizations to embark on structured improvement journeys toward governance excellence.