A capability maturity model (CMM) is the most suitable tool for this purpose. It provides a structured framework and a standardized scale (e.g., levels 0-5) to assess the current state ("as-is") of IT processes. This allows for a direct comparison against industry best practices and benchmarks, which are often mapped to these maturity levels. By identifying the gap between the current and desired maturity levels, the CIO can effectively pinpoint weaknesses and strategically prioritize improvement initiatives to enhance process consistency and performance. This approach offers a holistic and comparative view that is essential for strategic planning.

B. Evaluating the current balanced scorecard is incorrect because a BSC primarily measures performance against an organization's internal strategic objectives, not external industry process benchmarks.

C. Reviewing key performance measures is insufficient as KPMs/KPIs are specific metrics that may lack the comprehensive, structured framework needed for a holistic process capability assessment against industry standards.

D. Reviewing IT process audit results is incorrect because audits focus on compliance with policies and the effectiveness of controls, rather than benchmarking process maturity for strategic improvement.

1. ISACA

COBIT 2019 Framework: Introduction and Methodology

2018. Chapter 6

"COBIT Performance Management (CPM)

" details the process capability levels based on CMMI

which are used to "support process improvement by identifying strengths and weaknesses and the implications thereof." This model is explicitly designed for benchmarking.

2. ISACA

CGEIT Review Manual

8th Edition

2020. Domain 4: IT Resource Optimization

Task 4.4

"Monitor and report on IT resource performance

" discusses the use of maturity and capability models to assess processes and identify opportunities for improvement against established benchmarks.

3. De Haes

S.

& Van Grembergen

W. (2009). An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management

26(2)

123-137. This academic paper discusses the use of COBIT's maturity models as a key tool for organizations to assess their IT governance processes and benchmark them

forming a basis for improvement initiatives (p. 126). DOI: https://doi.org/10.1080/10580530902794786