COBIT Recognition and Case Studies 


These testimonials are excerpted from case studies of COBIT 5. They demonstrate its benefits, common applications and uses. To submit a COBIT 5 case study, email

ISACA wishes to recognize the COBIT 5 Task Force

  • John W. Lainhart, IV, CISA, CISM, CGEIT
  • Derek J. Oliver, CISA, CISM, CFE, FBCS
  • Pippa G. Andrews, CISA, ACA, CIA
  • Vernon Richard Poole, CISM, CGEIT
  • Abdul Rafeq, CISA, CGEIT, FCA, CIA
  • Robert D. Johnson, CISA, CISM, CGEIT
  • Elisabeth Judit Antonsson, CISM, Bsc, BA
  • Jimmy Heschl, CISA, CISM, CGEIT
  • Steven De Haes, Ph.D.
  • Erik H.J.M. Pols, CISA, CISM
  • Peter Harrison, CGEIT, FCPA
  • Steven Andrew Babb, CGEIT

View All Acknowledgements


COBIT Global Regulatory and Legislative Recognition

This document illustrates several examples of the recognition achieved by COBIT from the public sector throughout the world.

Learn More



Authoritative COBIT 5 articles and case studies written by leading practitioners.

View COBIT Focus


COBIT 5 Case Studies

View COBIT 4.1 Case Studies >>


E-Commerce Website
16 March 2015

A company based in Lagos, Nigeria, is in the business of sales and distribution of its brand of shoes through physical outlets in the Lagos area. In a bid to expand its operations to areas outside of its physical outlets and to also have a better competitive showing in the Nigerian marketplace, the enterprise’s decision makers decided to use the Internet as the platform of choice to achieve this need.

To be able to manage challenges (risk factors) effectively while optimizing costs and still creating value for all stakeholders, the enterprise, with the assistance of a consultancy, chose to seek guidance from the COBIT 5 framework. The enterprise’s needs revolved around realizing benefits from managing the e-commerce web site using optimal resources and making sure all risk associated with hosting the site on the Internet are managed.
View Case Study >>

Yount, Hyde & Barbour, Part 2
23 February 2015

A mid-sized regional accounting firm with 18 shareholders and 140 employees, the enterprise has 6 locations—1 recently relocated and a 7th location planned for inclusion in first quarter 2015. The staff is to be very mobile with at least 20 people working remotely or at a client’s location at any given time. Given these conditions, there is a complexity to the IT function that is greater than the size of the organization would suggest.

The firm looked to use COBIT to organize the IT function using a framework to create efficiency and meet the needs and expectations of stakeholders. Using the 7 phases outlined in ISACA’s COBIT 5 Implementation, the firm began by identifying the drivers. The 3 major drivers identified were:

  • A general disconnect existed between IT and the needs of the professionals.
  • IT spending, while within budget, did not align with firm needs.
  • IT expectations and demands among the firm’s shareholders varied.
View Case Study >>


New York State Government Agency
19 January 2015

Imagine being on the ground floor of a new government agency in the US, first conceived in 1994 and implemented in 2012, with the initial responsibility of developing an information system that would eventually process well over US $1 billion in payments monthly, produce enterprisewide reporting, and be implemented as Software as a Service (SaaS) to more than 85,000 users in 72 external agencies and by more than 100,000 vendors. Further, imagine that your responsibility included ensuring that the fledgling enterprise accomplished this mission while following its documented processes and procedures.

Where to begin? How would one know whether existing processes were sufficient? COBIT was selected to be implemented as a holistic framework to manage and govern the software. Until 2012, the enterprise used COBIT 4.1 on a limited basis only. In September 2012, the decision was made by executive management to expand the application of COBIT in a more holistic manner and to adopt COBIT 5 and all 37 processes across the enterprise.
View Case Study >>

Tokio Marine & Nichido Systems

Tokio Marine & Nichido Systems
24 November 2014

Tokio Marine & Nichido Systems (TMN Systems) recently implemented a governance, risk and compliance (GRC) system based on COBIT 5, which enables the organization to create significant value for its stakeholders as well as optimize risk and resources for value creation. The COBIT evolution to the concept of “governance and management of enterprise IT (GEIT)” made TMN Systems move toward COBIT 5 for guidance.
View Case Study >>


20 October 2014

This managed service provider offered outsourced IT services for the small to mid-sized market nationally. The data center was a multitenant environment that provided outsourced email, infrastructure, applications, development, project management and service desk functions. The structure was typical to this type of organization in the private sector, with administration, finance, sales and marketing, operations, and IT functions. Security, risk and compliance efforts were largely delegated to IT and were typically discussed only when issues arose. There were several frameworks and standards in use, although their adoption was fragmented. The organization was suffering from what stakeholders called “framework exhaustion,” and, thus, COBIT adoption was expected to be a hard sell but surprisingly was not.
View Case Study >>

The Independent Electricity System Operator (IESO)

The Independent Electricity System Operator (IESO)
22 September 2014

Changing IT service providers is never a simple undertaking. It is even more challenging when the organization making the change is responsible for processing meter reads and supporting the billing of more than four million customers on time-of-use rates. The IESO used COBIT 5 for the procurement of IT services, helping to accelerate the procurement process and improve the contract and how it is managed.
View Case Study >>

Ecopetrol S.A.

Ecopetrol S.A.
July 2014

As part of an updated strategy, Ecopetrol S.A., a vertically integrated energy company, began a corporate transformation with the goals of growth and strengthening its internal control system. It knew it needed a clear approach for governance and management of IT services as well as best global reference standards and a framework, so it used the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and COBIT frameworks, which helped consolidate strong IT governance practices that were totally aligned with the corporative internal control initiatives.
View Case Study >>


April 2014

Over time, business has increasingly advanced the application of IT to meet ever-changing business needs and regulatory requirements. A systematic and continuous improvement program helps an organization focus on “doing things right” and continually improving its effectiveness and efficiency. To successfully meet this need, DuPont recognized that it must leverage a robust, dependable process assessment framework. The COBIT 5 process assessment model (PAM) is evidence-based and enables a reliable, consistent and repeatable assessment in the area of governance and management of enterprise IT (GEIT) to support continuous process improvement.
View Case Study >>


January 2014

As an early adopter of COBIT 4.1, HDFC Bank’s IT governance journey started almost six years ago, when COBIT 4.1 was just introduced. Almost all of the 34 IT processes defined in COBIT 4.1 were adopted by the bank.

Following COBIT 5’s introduction in April 2012, HDFC Bank took some time to consider a migration. Because the bank has successfully implemented COBIT 4.1 to great benefit, it will not immediately migrate to COBIT 5. However, the seven enablers introduced by COBIT 5 were intuitively adopted by HDFC Bank even before these were popularised in COBIT 5.
View Case Study >>


Anonymous, Middle East Bank
January 2014

As a result of its initiative to improve information security with the help of COBIT, a Middle East bank realized several benefits, including:

  • Improved integration of information security within the organization
  • Informed risk decisions and risk awareness
  • Improved prevention, detection and recovery
  • Reduced (impact of) information security incidents
  • Enhanced support for innovation and competitiveness
  • Improved management of costs related to the information security function
  • Better understanding of information security
View Case Study >>

Yount, Hyde & Barbour

Yount, Hyde & Barbour
October 2013

With the introduction of COBIT 5, the framework is moving toward a more global application to the enterprise. But, can a smaller organization still take advantage of COBIT 5 to help direct its IT function? This is an account of one organization’s beginning steps toward implementing COBIT 5.

Yount, Hyde & Barbour is a mid-sized regional accounting firm with 21 shareholders and 140 employees. The firm has six locations, with at least 20 people working remotely or at a client’s location at any given time. Thus, there is a complexity to the IT function that is greater than the size of the organization would suggest.
View Case Study >>


The ICT Study of Public Health Institutions in Mexico
October 2013

Health services are a crucial activity worldwide and reflect the level of awareness and social development of a country. The ICT Study of Public Health Institutions in Mexico was conducted under the sponsorship of Strategic Consulting Information Technology (ConSETI) and Brio Software Mexico (Brio). ConSETI and Brio are using this study to help evolve health services in Mexico. The study includes a gap/risk analysis of the current ICT situation, proposing recommendations that will lead to the improvement and implementation of better ICT objectives in the public health institutions. For this purpose, the sponsors became convinced of the importance of using COBIT 5, recognizing it as the best practice framework for the governance and management of enterprise IT (GEIT), and utilized it for the ICT assessment of public health institutions in Mexico.
View Case Study >>



In 2009, ISACA developed a strategy focused on becoming the global leader in products and services that support trust in, and value from, information systems. By 2011, having accomplished many of the 2009 goals, ISACA began work on an extension of the 2009 strategy. In recognition of the strategy’s 10-year horizon for completion, it is referred to as Strategy 2022, or S22, for short.
View Case Study >>

Maitland Logo


Maitland utilized COBIT to create a shared understanding of information and communication technology (ICT) and its purpose and impact on the enterprise and to increase business oversight and accountability for ICT. Maitland is increasingly using the COBIT framework as a guide to structure and position the enterprise’s thinking in many ICT subject areas. Also, Maitland has found that the governance principles in COBIT are universally applicable—not exclusive to the ICT domain—and is in the process of applying them enterprise wide.
View Case Study >>


Anonymous or FamilyGrocer (name changed)

As a regional US grocery chain based in a major metropolitan area, FamilyGrocer (name changed) had experienced rapid growth through new store openings and acquisitions. In light of the risk associated with its consolidated operation, the IT organization received a mandate from the board of directors to formally manage IT-related risk. The mandate specifically called for an initial high-level assessment of IT organizational risk, drawing largely from internal expertise. The board also requested that the IT organization demonstrate an ongoing program to manage risk. As a result, the IT organization conducted a COBIT-based operations workshop to assess its risk management.
View Case Study >>


If you would like to submit a COBIT 5 case study, send an email to