COBIT Recognition and Case Studies 


These testimonials are excerpted from case studies of COBIT 5. They demonstrate its benefits, common applications and uses. To submit a COBIT 5 case study, email

ISACA wishes to recognize the COBIT 5 Task Force

  • John W. Lainhart, IV, CISA, CISM, CGEIT
  • Derek J. Oliver, CISA, CISM, CFE, FBCS
  • Pippa G. Andrews, CISA, ACA, CIA
  • Vernon Richard Poole, CISM, CGEIT
  • Abdul Rafeq, CISA, CGEIT, FCA, CIA
  • Robert D. Johnson, CISA, CISM, CGEIT
  • Elisabeth Judit Antonsson, CISM, Bsc, BA
  • Jimmy Heschl, CISA, CISM, CGEIT
  • Steven De Haes, Ph.D.
  • Erik H.J.M. Pols, CISA, CISM
  • Peter Harrison, CGEIT, FCPA
  • Steven Andrew Babb, CGEIT

View All Acknowledgements


COBIT Global Regulatory and Legislative Recognition

This document illustrates several examples of the recognition achieved by COBIT from the public sector throughout the world.

Learn More



Authoritative COBIT 5 articles and case studies written by leading practitioners.

View COBIT Focus


COBIT 5 Case Studies

View COBIT 4.1 Case Studies >>

Ecopetrol S.A.

Ecopetrol S.A.
July 2014

As part of an updated strategy, Ecopetrol S.A., a vertically integrated energy company, began a corporate transformation with the goals of growth and strengthening its internal control system. It knew it needed a clear approach for governance and management of IT services as well as best global reference standards and a framework, so it used the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and COBIT frameworks, which helped consolidate strong IT governance practices that were totally aligned with the corporative internal control initiatives.
View Case Study >>


April 2014

Over time, business has increasingly advanced the application of IT to meet ever-changing business needs and regulatory requirements. A systematic and continuous improvement program helps an organization focus on “doing things right” and continually improving its effectiveness and efficiency. To successfully meet this need, DuPont recognized that it must leverage a robust, dependable process assessment framework. The COBIT 5 process assessment model (PAM) is evidence-based and enables a reliable, consistent and repeatable assessment in the area of governance and management of enterprise IT (GEIT) to support continuous process improvement.
View Case Study >>


January 2014

As an early adopter of COBIT 4.1, HDFC Bank’s IT governance journey started almost six years ago, when COBIT 4.1 was just introduced. Almost all of the 34 IT processes defined in COBIT 4.1 were adopted by the bank.

Following COBIT 5’s introduction in April 2012, HDFC Bank took some time to consider a migration. Because the bank has successfully implemented COBIT 4.1 to great benefit, it will not immediately migrate to COBIT 5. However, the seven enablers introduced by COBIT 5 were intuitively adopted by HDFC Bank even before these were popularised in COBIT 5.
View Case Study >>


Anonymous, Middle East Bank
January 2014

As a result of its initiative to improve information security with the help of COBIT, a Middle East bank realized several benefits, including:

  • Improved integration of information security within the organization
  • Informed risk decisions and risk awareness
  • Improved prevention, detection and recovery
  • Reduced (impact of) information security incidents
  • Enhanced support for innovation and competitiveness
  • Improved management of costs related to the information security function
  • Better understanding of information security
View Case Study >>

Yount, Hyde & Barbour

Yount, Hyde & Barbour
October 2013

With the introduction of COBIT 5, the framework is moving toward a more global application to the enterprise. But, can a smaller organization still take advantage of COBIT 5 to help direct its IT function? This is an account of one organization’s beginning steps toward implementing COBIT 5.

Yount, Hyde & Barbour is a mid-sized regional accounting firm with 21 shareholders and 140 employees. The firm has six locations, with at least 20 people working remotely or at a client’s location at any given time. Thus, there is a complexity to the IT function that is greater than the size of the organization would suggest.
View Case Study >>


The ICT Study of Public Health Institutions in Mexico
October 2013

Health services are a crucial activity worldwide and reflect the level of awareness and social development of a country. The ICT Study of Public Health Institutions in Mexico was conducted under the sponsorship of Strategic Consulting Information Technology (ConSETI) and Brio Software Mexico (Brio). ConSETI and Brio are using this study to help evolve health services in Mexico. The study includes a gap/risk analysis of the current ICT situation, proposing recommendations that will lead to the improvement and implementation of better ICT objectives in the public health institutions. For this purpose, the sponsors became convinced of the importance of using COBIT 5, recognizing it as the best practice framework for the governance and management of enterprise IT (GEIT), and utilized it for the ICT assessment of public health institutions in Mexico.
View Case Study >>



In 2009, ISACA developed a strategy focused on becoming the global leader in products and services that support trust in, and value from, information systems. By 2011, having accomplished many of the 2009 goals, ISACA began work on an extension of the 2009 strategy. In recognition of the strategy’s 10-year horizon for completion, it is referred to as Strategy 2022, or S22, for short.
View Case Study >>

Maitland Logo


Maitland utilized COBIT to create a shared understanding of information and communication technology (ICT) and its purpose and impact on the enterprise and to increase business oversight and accountability for ICT. Maitland is increasingly using the COBIT framework as a guide to structure and position the enterprise’s thinking in many ICT subject areas. Also, Maitland has found that the governance principles in COBIT are universally applicable—not exclusive to the ICT domain—and is in the process of applying them enterprise wide.
View Case Study >>


Anonymous or FamilyGrocer (name changed)

As a regional US grocery chain based in a major metropolitan area, FamilyGrocer (name changed) had experienced rapid growth through new store openings and acquisitions. In light of the risk associated with its consolidated operation, the IT organization received a mandate from the board of directors to formally manage IT-related risk. The mandate specifically called for an initial high-level assessment of IT organizational risk, drawing largely from internal expertise. The board also requested that the IT organization demonstrate an ongoing program to manage risk. As a result, the IT organization conducted a COBIT-based operations workshop to assess its risk management.
View Case Study >>


If you would like to submit a COBIT 5 case study, send an email to