Scribd
Upload
63 views18 pages

All World Airways (Awa) : It Audit and Assurance Based On Cobit 5

Isaca

Uploaded by

Wenny Hu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
63 views18 pages

All World Airways (Awa) : It Audit and Assurance Based On Cobit 5

Isaca

Uploaded by

Wenny Hu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

ALL WORLD AIRWAYS (AWA)

IT AUDIT AND ASSURANCE BASED ON COBIT 5


Authors:
Steven De Haes, Ph.D., University of Antwerp – Antwerp Management School, Belgium
Anant Joshi, Ph.D., University of Antwerp – Maastricht School of Business and Economics, Belgium-Netherlands
DISCLAIMER
ISACA has designed and created the All World Airways Caselet (the ‘Work’) primarily as an
educational resource for educational professionals. ISACA makes no claim that use of any of the
Work will assure a successful outcome. The Work should not be considered inclusive of all proper
information, procedures and tests or exclusive of other information, procedures and tests that are
reasonably directed to obtaining the same results. In determining the propriety of any specific
information, procedure or test, security governance and assurance professionals should apply their
own professional judgement to the specific circumstances presented by the particular systems or
information technology environment.

ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545
Fax: +1.847.253.1443
Email: info@isaca.org
Web site: www.isaca.org
RESERVATION OF RIGHTS
© 2015 ISACA. All rights reserved. No part of this publication may be used, copied,
reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in
any form by any means (electronic, mechanical, photocopying, recording or otherwise)
without the prior written authorisation of ISACA. Reproduction and use of all or portions of
this publication are permitted solely for academic, internal and non-commercial use and
for consulting/advisory engagements, and must include full attribution of the material’s
source. No other right or permission is granted with respect to this work.

Provide Feedback: www.isaca.org/cobit-5-IT-assurance


Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
ACKNOWLEDGMENTS
Lead Developers
Steven De Haes, Ph.D., University of Antwerp, Belgium
Anant Joshi, Ph.D., Maastricht University, Belgium

Board of Directors
Robert E Stroud, CGEIT, CRISC, CA, USA, International President
Steven A. Babb, CGEIT, CRISC, ITIL, Vodafone, UK, Vice President
Garry J. Barnes, CISA, CISM, CGEIT, CRISC, BAE Systems Detica, Australia, Vice President
Robert A. Clyde, CISM, Adaptive Computing, USA, Vice President
Ramses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, Dell, Spain, Vice President
Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, US House of Representatives, USA, Vice President
Vittal R. Raj, CISA, CISM, CGEIT, CRISC, CFE, CIA, CISSP, FCA, Kumar & Raj, India, Vice President
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia, Past International President
Gregory T. Grocholski, CISA, SABIC, Saudi Arabia, Past International President
Debbie A. Lew, CISA, CRISC, Ernst & Young LLP, USA, Director
Frank K.M. Yam, CISA, CIA, FHKCS, FHKIoD, Focus Strategic Group Inc., Hong Kong, Director
Alexander Zapata Lenis, CISA, CGEIT, CRISC, ITIL, PMP, Grupo Cynthus S.A. de C.V., Mexico, Director

Knowledge Board
Steven A. Babb, CGEIT, CRISC, ITIL, Vodafone, UK, Chairman
Rosemary M. Amato, CISA, CMA, CPA, Deloitte Touche Tohmatsu Ltd., The Netherlands
Neil Patrick Barlow, CISA, CISM, CRISC, CISSP, IntercontinentalExchange, Inc. NYSE, UK
Charlie Blanchard, CISA, CISM, CRISC, ACA, CIPP/E, CIPP/US, CISSP, FBCS, Amgen Inc., USA
Sushil Chatterji, CGEIT, Edutech Enterprises, Singapore
Phil J. Lageschulte, CGEIT, CPA, KPMG LLP, USA
Anthony P. Noble, CISA, Viacom, USA
Jamie Pasfield, CGEIT, ITIL V3, MSP, PRINCE2, Pfizer, UK
Ivan Sanchez Lopez, CISA, CISM, CISSP, ISO 27001 LA, DHL Global Forwarding & Freight, Germany

Academic Program Subcommittee


Matthew Liotine, Ph.D., CBCP, CHS-III, CSSBB, MBCI, University of Illinois at Chicago, USA, Chairman
Daniel Canoniero, Universidad de Montevideo, Uruguay
Tracey Choulat, CISM, CGEIT, CRISC, University of Florida, USA
Umesh Rao Hodeghatta, Xavier Institute of Management, India
Nabil Messabia, CPA, CGA, Université du Québec en Outaouais, Canada
Mark Lee Salamasick, CISA, CSP, CIA, CRMA, University of Texas, USA
Ype van Wijk, Ph.D., RE, RA, Rijksuniversiteit Groningen, The Netherlands
S. Vanderloot, CISA, CISM, CRISC, Ph.D., AST, CCNA, CCNA Security, CCSA, CEH, ECSA, ISO 27001 LA, NCSA, PCIP, UK
Nancy C. Wells, CISA, CRISC, USA
STUDENT BOOK

This caselet was developed to support IT Audit and Assurance Based


on COBIT 5, www.isaca.org/cobit-5-IT-assurance
AGENDA

1. Company Background
2. Key Organizational People
3. AWA IT Landscape
4. IT Outsourcing
5. CIO’s Notes
6. Your Role
7. Your Task
COMPANY BACKGROUND

• All World Airways (AWA) is an international airline with


reservation centres in Detroit, Michigan, United States and
Wiesbaden, Germany. AWA has posted losses for the past
six quarters.
• Overall, the airline industry has been significantly affected
by the economic downturn, petroleum prices, labour
disputes and the competition. As a result, many of the large
airlines have spun off their reservations and technical
information systems to self-supporting companies and have
entered into outsourcing agreements with their former
support functions.
COMPANY BACKGROUND

• Selection of the outsourcing strategy has helped many


players in the market to remove investments and assets
from the balance sheets and allowed them to focus on their
primary business of transportation. Moreover, this act has
permitted the newly independent IT functions to sell their
services to other airlines because competition with the
software owner is no longer a conflict of interest.
KEY ORGANISATIONAL PEOPLE

The top management people:


• Don Geekbine, chief information officer (CIO)
• Chief financial officer (CFO)
• Chief executive officer (CEO)
AWA’S IT LANDSCAPE

The company has built data centres in both of their locations,


using IBM mainframes running the z/OS operating system and
the Airline Control System (ALCS), a high-volume, high-speed
transaction processor for the reservation industry. AWA also
runs maintenance, scheduling, airfare sensitivity analysis and
freight systems. Over the years, all IT activities have been
managed and staffed internally.
IT OUTSOURCING

• The CFO and CEO have been reviewing IT costs and return
on investment (ROI). Based on their analysis, they have
determined that the cost of internal development and IT
operations has become too expensive to justify continued
support.
• Management has noted that other airlines have outsourced
operations to industry-leading IT providers, including
Galileo, Sabre®, Amadeus and Travelspan. AWA has decided
that IT is not a core business and wants to outsource the IT
function.
YOUR TASK

Using the three-phase model of IT assurance initiative


provided in the student book:
1. Develop the scope of the risk assurance initiative.
2. State relevant enablers and suitable risk assessment
criteria to perform the assessment (i.e., relevant
governance and/or management processes).
3. Report the results of your assessment including your
findings and recommendations.
CIO’S NOTES

The CIO, Don Geekbine, was informed of the decision and was
asked to perform a risk assessment of the outsourcing
process. As part of his initial analysis, he prepared the
following notes, in no particular order, which were
incorporated into his briefing points:
• All applications were developed internally; reservations are
fairly standard and could be easily outsourced; sensitivity
analysis, flight and crew scheduling have some specific
requirements that are only available with internally
developed solutions.
• All systems were written in COBOL; many programmers are
retiring, and those available command higher salaries.
CIO’S NOTES (CONT.)

• US programmers and operations are located in an


economically depressed area; workers with eliminated
positions will have problems finding new jobs.
• European work rules have long lead times for the
elimination of jobs.
• There is a need to discuss transferring programming to low-
cost locations such as India.
• The CFO indicated concern regarding compliance with the
US Sarbanes-Oxley Act of 2002; Payment Card Industry Data
Security Standard (PCI DSS) compliance is also a concern.
• Equipment and data centre facilities are currently leased.
What will be the course of action for the leases?
CIO’S NOTES (CONT.)

• Operational processes will require governance to ensure


satisfactory performance of key project deliverables, key
processes and system availability.
• Don has not performed risk assessments before and is
unfamiliar with the issues that should be considered.
YOUR TASK

The CFO has requested that the CIO perform the risk
assessment of outsourcing initiative addressing mainly IT
risk.

In this view…
YOUR ROLE

The CIO has agreed to the assessment, but indicated that he


would want to use COBIT 5 as his analysis framework. You are
well aware of COBIT 5 framework. Acknowledging the CIO’s
note, you have identified that assessment is mainly focusing
on providing IT risk assurance.
HINT

B. Understand Enablers, Set


A. Scope of the Assurance C. Communicate the Results of
Suitable Assessment Criteria and
Initiative the Assessment
Perform the Assessment

• Identify key stakeholders.


• What is the main objective • Based on key enablers
• Report your findings in
of this assurance initiative? identified , which key
details, and not just
• Mention key enablers in management practices are
material weakness or
scope. required to perform the
strength.
assessment?

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy