COBIT 2019 capability levels (0–5), explained

April 14, 2026

COBIT 2019 rates each objective on a 0–5 capability scale. Knowing what each level means turns a governance assessment into a roadmap.

The 0–5 scale

COBIT 2019 uses a CMMI-based Process Capability Model. Each of the 40 governance and management objectives is rated from 0 to 5 based on how well the process is performed and managed.

What each level means

• 0 — Incomplete: the process is not implemented or fails to achieve its purpose.
• 1 — Performed: the process achieves its purpose, but informally.
• 2 — Managed: the process is planned, monitored, and adjusted.
• 3 — Established: a defined, standard process is used across the organization.
• 4 — Predictable: the process operates within defined quantitative limits.
• 5 — Optimizing: the process is continuously improved to meet business goals.

How to use the ratings

Rate where each objective is today, then set a target level appropriate to its importance — not everything needs to reach 5. A payment-critical objective might target 4; a low-risk administrative one might be fine at 2. The gap between current and target capability is your improvement backlog.

Rolling it up

Aggregate capability by domain (EDM, APO, BAI, DSS, MEA) to get a governance maturity picture for leadership. SentinelPanda rates each of the 40 objectives on the 0–5 scale and rolls them up per domain into a governance maturity report you can take to the board.