COBIT Case Studies Archive 

 

Enterprise Date

How Used?

Why COBIT?

How Leveraged?

Consulting/IT
A. Rafeq & Assoc., India
October 1998
COBIT helped map scope and terms of reference for all IS audit proposals. It was used as a standard for plans, executing audits and post-audit benchmarking.
  • Provided focus on overall business objectives
  • Comprehensive approach for all audit assignments
  • Clients specifically requested COBIT
  • Benefited business managers and process owners
  • Common language between auditee and user management
Coopers & Lybrand, Netherlands Implemented COBIT for several clients; for example, to measure effectiveness of an airline's IT department.
  • Better assess the system management process
  • Based on highly respected global standards
  • Successfully used in many different business situations
  • Significantly improved client IT department procedures
First Data Resources Ltd, UK
March 1998
COBIT helped IT goals tie better with overall business goals.
  • Offered business-focused, senior-level guidance and hands-on control objectives
  • Will be a long-term partner in corporate IT and goals
G&D Software BV, Holland
May 1999
COBIT helped standardize service and audit IT processes.
  • Employees must use the same language and procedures.
  • COBIT aided internal communications and strengthens client relationships
  • Helped stay focused on important areas of information criteria
  • Elevated value to IT management level at clients
Security Audit and Control Solutions, South Africa
September 1999
Used COBIT as a basis for control and risk assessment.
  • Showed clients the benefits of being empowered
  • Based on successful implementation, able to help use of customized version for 12 countries
Datasec, Uruguay
March 2003
Datasec, a consulting firm, developed COBIT-based software used by many organizations, including BROU (the country's most important financial institution).
  • Great value because it improved the IT management structure
  • Mapped roles and responsibilities for boards, senior managers and professionals
Education
University of Iowa, USA
October 1998
Audited a change management process and found control weaknesses. To better communicate issues, created a process flowchart using COBIT principles.
  • Offers a standard to apply to audit universe
  • Tremendously helped adoption process
  • Helped align technology with strategic business objectives
  • Tied control objectives to business objectives

Curtin University of Technology, Western Australia

July 2002

As the university's Information Management Services (IMS) expressed concern about IT governance, the internal audit team learned about COBIT, was impressed with its content and proposed its implementation. COBIT soon was adopted as a university standard.
  • Substantially increase acceptance
  • Helped use results of audits as an opportunity to plan improvements
Financial Services/Insurance
Blue Cross Blue Shield of Michigan (BCBSM), USA
October 1998
COBIT recommended controls needed to achieve a strong internal control structure. Because COBIT helped associate IT weaknesses with underlying business functions, senior executives better understood department's value.
  • COBIT helped management learn how control recommendations affect business functions
  • Immensely useful tool to bridge communications gap among executive management, IT and audit
  • Management improved ability to make control decisions based on definitive good control practices
  • Organization received a favorable SAS70 audit report
Cedel Group, Luxembourg
March 1998
Successful use of the COBIT framework for audits led to the IT department to use COBIT for its new Group Policy Statements.
  • Presented control objectives in a logical manner
  • Highly flexible and credible approach to improving a controlled environment
  • COBIT helped senior management become more risk and control conscious
  • Lessened conflict between meeting business objectives and managing control requirements
Fidelity Investments, USA
April 1998
Managers quickly recognized COBIT provides a generally applicable and accepted standard for IT control. They mapped COBIT to the types of audits performed. Many positive changes resulted.
  • Improved the control environment and provide value-added services
  • Provided authoritative baseline of IT controls
  • COBIT is now incorporated into mission statement
  • Engagement memos explain COBIT framework
Old Mutual (South African Life Assurance Company), South Africa
March 1998
Used COBIT to determine IT audit scope and objectives. For CIO, also developed IT policies, standards and procedures manual based on COBIT.
  • Flexible enough to provide senior level counsel
  • Technical guidelines as technology and business evolve
  • Easy to implement and understand
  • A valuable resource that addresses new IT issues
  • CIO impressed with the value it added to business
Santa Barbara Bank and Trust, USA
March 1998
Audit became a cooperative effort that benefits the whole bank.
  • Business objectives with effective IT governance
  • Easily understood and supported by business managers
  • Keeps business objectives on track to ensure a controlled IS environment
  • Cooperation between business managers and IS auditors increased
SWIFT (Society for Worldwide Interbank Financial Telecommunication), Belgium
March 1998
Used COBIT to audit customer support centers located in several countries.
  • Impressed management
  • Logical set-up and sequence of interviews makes process efficient
  • Focused on management of control issues
  • Reversed initial negative attitude and became well-accepted
  • Audit Committee ratified COBIT as the IT audit reference
Swiss Life/ Rentenanstalt, Switzerland
July 2001

The most significant advantage of COBIT is implementing it depending on the size of the business unit and on a step-by-step basis.

  • COBIT became the standard because it provides best practices.
  • Is important for implementing IT security management
  • Positive experiences from COBIT have resulted in cooperation between IT and audit as well as between IT and users.

Allstate, USA

June 2004

After Sarbanes-Oxley, Allstate began using COBIT to evaluate IT governance
  • Provided the board of directors with a high level of assurance
  • Helped ensure alignment between business strategies and technology investments

Charles Schwab & Co., Inc., USA

September 2002

With increased regulatory exposure, senior management recognized the need for an improved IT governance and control framework.

The four focal points for the infrastructure universe element were:

  • Structure and strategy
  • Methodologies and procedures
  • Measurement and reporting
  • Tools and technology
Government
Australian Governmental Organisation, Canberra
July 1999
After a consultant could not propose an appropriate audit program, COBIT enabled the development of control objectives, audit objectives and testing strategies.
  • COBIT is extremely comprehensive
  • Helped develop customised plans for each organization
  • The plan based on COBIT was approved by management and helped successfully complete the project
Department of Defense, USA
March 1998
The Office of the Inspector General (OIG) of the US Dept. of Defense uses COBIT as a standard to define the IT auditable area. COBIT also was used for IT strategic planning.
  • Written so the IT community can understand and adhere to it
  • Presented manageable and definable structure
  • Skills assessment implemented to ensure effective audit coverage
  • Assessed control objectives based on COBIT's domains
State Auditor of Massachusetts, USA
March 1998
COBIT identifieed high risk IT processes and assesses the IT environment. Helped teams focus on what to include in the audit scope or management advisory work.
  • COBIT helped strengthen the process and understand control objectives for IT
  • Helped evaluate and strengthen internal controls
  • Achieved consistency of discussions regarding IT domains, control objectives and controls

Province of Mendoza, Argentina

November 2004

To enhance IT governance and assure residents that the management of public funds was well-monitored, recommended COBIT because it is an internationally accepted standard for good IT governance.
  • Allowed for the standardization of criteria regarding controls over IT
  • Provided senior management with executive guidance on identifying risks and implementing corrective measures.

U.S. House of Representatives, USA

July 2002

COBIT became a key tool for running the operations of the House and for audits of the House.
  • An IT governance framework that enabled management to establish clear roles and responsibilities.
Healthcare
Afrox Limited, South Africa
November 1998
Ideal for business managment. Improved communications and relations with IT management
  • Management's decision on controls was based on a credible source (COBIT)
  • IT operations manager impressed with COBIT's ability
  • COBIT helped improve communications
New South Wales Health, Australia
March 1999
Piloted COBIT on a new large system implementation project that was to undergo six audits over two and a half years.
  • It offered an effective manner to mitigate risks
  • Provided consistency and improves quality
  • Project risk management identified early in the project life cycle
Manufacturing/Transportation
Bowater Inc., USA
October 1998
COBIT was used as a guide for control self-assessment to establish a framework of controls to evaluate practices.
  • COBIT is a valuable resource for IT
  • Enabled the organization to establish a framework to mitigate the risks inherent in IS operations
Royal Philips Electronics, Netherlands
December 1999
Implemented COBIT in support of the IT governance process and to improve IT-related controls. Essential to two executive level programs with exposure to board.
  • Flexible and customizable
  • Open standard that was clear and understandable
  • Worldwide process survey tool based on COBIT
  • Reviewed IT processes and identified improvements
South African Breweries, Ltd., South Africa
February 2001
Developed a COBIT-based questionnaire to assess IT management team's perception of IT process effectiveness, risk and priority.
  • Helped assign accountability
  • Assembled a critical mass in strong support of the IT management team
  • Helped assign accountability for process
  • Improveed IT governance
Yellow Corporation International, USA
October 1998
COBIT helped compose the scope and develop a complete, effective audit program.
  • Contributed to the value the department brings to the enterprise
  • Helped reach audit and control goals
Utilities
Boston Gas Company, USA
April 2001
The IS department adopted COBIT as a benchmark and set of control objectives to measure IS functions and projects.
  • A benchmark for control best practices
  • Developed IT-related policies and procedures
  • COBIT added value by focusing on the overall business objectives
  • Strengthened IT controls
Nashville Electric Service, USA
February 2001
Realized more effective risk assessment and audit planning. Also assessed and managed risk to develop IS audit programs.
  • Credible benchmarking tool
  • Consistent basis for developing tests
  • Integrated IT with business strategies
  • Developed internal control questions and tests