Professional Documents
Culture Documents
Using COBIT 5
Disclaimer
ISACA has designed and created the Major Manufacturing Caselet: Using COBIT 5 (the Work)
primarily as an educational resource for educational professionals. ISACA makes no claim that use
of any of the Work will assure a successful outcome. The Work should not be considered inclusive
of all proper information, procedures and tests or exclusive of other information, procedures and
tests that are reasonably directed to obtaining the same results. In determining the propriety of
any specific information, procedure or test, security governance and assurance professionals
should apply their own professional judgment to the specific circumstances presented by the
particular systems or information technology environment.
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545
Fax: +1.847.253.1443
Email: info@isaca.org
Web site: www.isaca.org
Reservation of Rights
2014 ISACA. All rights reserved. No part of this publication may be used, copied,
reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in
any form by any means (electronic, mechanical, photocopying, recording or otherwise)
without the prior written authorisation of ISACA. Reproduction and use of all or portions of
this publication are permitted solely for academic, internal and non-commercial use and
for consulting/advisory engagements, and must include full attribution of the materials
source. No other right or permission is granted with respect to this work.
Provide Feedback: www.isaca.org/basic-concepts-caselets
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Acknowledgements
Author
Krishna Seeburn, Ph.D., CFE, CIA, CISSP, FBCS, LLM, PMP, Riesling Consulting Group,
Mauritius
Board of Directors
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government,
Australia, International President
Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK,
Vice President
Juan Luis Carselle, CISA, CGEIT, CRISC, RadioShack Mexico, Mexico, Vice President
Ramses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, Dell, Spain,
Vice President
Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, US House of
Representatives, USA, Vice President
Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, Kumar & Raj, India, Vice President
Jeff Spivey, CRISC, CPP, PSP, Security Risk Management Inc., USA, Vice President
Marc Vael, Ph.D., CISA, CISM, CGEIT, CRISC, CISSP, Valuendo, Belgium, Vice President
Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Past International President
Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, Past International
President
Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Director
Krysten McCabe, CISA, The Home Depot, USA, Director
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, BRM Holdich, Australia, Director
Credentialing and Career Management Board
Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK,
Chairman
Bernard Battistin, CISA, CMA, Office of the Auditor General of Canada, Canada
Richard Brisebois, CISA, CGA, Canada
Terry Chrisman, CGEIT, CRISC, GE Money, USA
Erik Friebolin, CISA, CISM, CRISC, CISSP, PCI-QSA, ITIL, USA
Frank Nielsen, CISA, CGEIT, CCSA, CIA, Nordea, Denmark
Hitoshi Ota, CISA, CISM, CGEIT, CRISC, CIA, Mizuho Corporate Bank, Japan
Carmen Ozores Fernandes, CISA, CRISC, Brazil
Steven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission,
USA
Student Book
This caselet was developed to support the
Basic Foundational Concepts Student Book: Using COBIT 5,
www.isaca.org/basic-concepts-student-book
How does it
benefit an
enterprise?
How does it
benefit an IS
auditor?
What is testing
and
independence? Having the right skills to carry out a review is also important. It
How does it
benefit an
enterprise?
How does it
benefit an IS
auditor?
What is testing
and
independence?
How does it
benefit an
enterprise?
How does it
benefit an IS
auditor?
Agenda
Company Profile Major Manufacturing
Background Information
The Problems
Your Role
Your Tasks
Figures
Questions
9
Headquartered in Berlin,
Germany with branch
offices in London, UK;
Barcelona, Spain;
Singapore; Hong Kong;
and St. Louis, Missouri,
USA
Background What We Do
What We Do
Financials
Org. Structure
Operational
Industry
Marketing
11
Background Financials
What We Do
Financials
Org. Structure
Operational
Industry
Marketing
12
CIO
What We Do
Applications
Financials
Plant Engineering
Org. Structure
Industry
Business
Resumption
CEO
Operational
Business
Operations
COO
Accounting
CFO
Audit
Marketing
VP, Research
Public Relations
HR
Compliance
Legal
13
Org. Structure
Operational
Industry
Marketing
The CEO:
Is also the chairman of the board of directors
Rules with an iron hand
Appoints people to the board on the basis of their
willingness to give approval for initiatives with little
delay
14
Background Operational
What We Do
Financials
Org. Structure
Operational
Industry
Marketing
15
Background Industry
What We Do
Financials
Org. Structure
Operational
Industry
Marketing
16
Background Marketing
What We Do
Financials
Org. Structure
Operational
Industry
Marketing
17
Background Marketing
What We Do
Financials
Org. Structure
Operational
Industry
Marketing
18
The Problem
The board has been having key issues with the operations of the company. They want a clear
insight of the status of the enterprise and its major IT systems.
There has been whistle-blowing about close irregular transactions between key C-suite level
executives.
You have family ties with the CIO; the CIO is your cousin, and your wifes brother is the CFO of
the company.
The CFO is the cousin of the CEO, and they have been working closely for a while.
19
20
21
22
23
Your Role
Your title: Senior IT Auditor at
Touching Audit
Your assignment: The Touching Audit
firm was appointed to carry out the
audit review of Major Manufacturing,
and you have been placed as the
senior auditor IT for the project
because of your inside knowledge of
Major Manufacturing.
Tenure: You have had three successful
years on the job with Touching Audit.
24
25
Discussion Questions
1.
2.
3.
4.
26