Professional Documents
Culture Documents
Exercises COBIT 2019 Foundation Course
Exercises COBIT 2019 Foundation Course
MODULE 2
Exercise 1: Group Discussion:
The COBIT framework makes a clear distinction between governance and management. These two
disciplines encompass different activities, require different organizational structures and serve
different purposes.
Question: What would you describe as the difference between governance and management?
• What are specific requirements for IT Governance in your organisations today and for the
near future?
• How is EGIT implemented at your organization today?
• What are the differences between Benefits realization, Risk optimization and Resource
optimization? Which one is receiving more attention?
• What other industry frameworks or standards are being used? How are they being used
together with COBIT – if at all?
• Does the difference between IT Governance and IT Management exist today in your
organisations?
1
COBIT 2019 Foundation Course April 2021
MODULE 4
Nameco Case
NAMECO is an IT Managed Service Provider in North America. They are an aggressive, for profit
organization that strives to aggressively grow revenues while providing a stable client base. NAMECO
is considered one of the top five MSPs in the industry and operates in a high threat environment
with multiple competitors who are constantly attempting to challenge their position in the market.
With over 400 tenet clients and 15,000 end users, each one has a very unique set of compliance
requirements: 1) 30% of their clients are publicly traded entities, 2) 7% are heath care related, 3)
87% process credit cards, and 4) 6% have private information regarding EU citizens.
The enterprise risk management group has identified multiple risk scenarios that have the potential
of inhibiting the aggressive growth goals identified by the governing body. These include: 1)
recruiting and maintaining qualified and skilled staff, 2) the threat of competitors, 3) complex
compliance requirements from multiple requirements (NAMECO has private information from users
across the globe, including EU citizens), and 4) the unknown risks of vendors who provide critical
services to NAMECO.
The IT organization also supports the company’s staff of 300 FTEs and is currently considered a
“necessity” which has caused some issues. Due to the nature of its business, NAMECO cannot
continue with its strategy unless IT is seen as a key success factor. Most of the services provided by
IT are a mix of insourced, cloud, and outsourced services and IT generally adopts new technologies
once they have been proven in the market. Although the organization is primarily a waterfall model
for delivery, there are two full time agile teams that support the core applications of the business.
This model has worked up to this point, but there are pressures from the business to deploy services
faster.
With the aggressive growth of the company, the IT organization has experienced multiple issues that
have resulted in unsatisfactory client reviews. The key concerns include: 1) failure to meet Service
Level Agreements (many of these failures are due to suppliers), 2) multiple audit findings of non-
compliance of data privacy, and 3) Insufficient IT resources/knowledge required to support the goals
of the enterprise.
Other key observations include: 1) there are no documented or well-understood decision matrices in
the organization, 2) policies exist, but have not been updated in the last 3 years, 3) the leadership of
the organization endorse a ‘risk taking’ culture, but do not support risky decisions that fail, 4) no
skills matrix exists that identifies the skills and competencies required to support IT services, 5) an IT
service catalog exists, but is not acknowledged or followed, 6) there is no formal recognition of IT
processes, they are ad hoc and not well documented, and 7) there is no real understanding of the
data/information architectures or flows and there is an absence of information classification.
• discuss which COBIT Design Factors would be relevant for the governance system of NAMECO,
and
• identify which values you would assign to the relevant design factors.
2
COBIT 2019 Foundation Course April 2021
MODULE 5
Question: For each Enterprise Goal, circle the appropriate Balanced Scorecard dimension
Optimization of business
Financial Customer Internal Growth
process costs
Managed digital
Financial Customer Internal Growth
transformation programs
Customer-oriented service
Financial Customer Internal Growth
culture
Question: For each Alignment Goal, circle the appropriate Governance or Management Objective
that has a PRIMARY relationship
3
COBIT 2019 Foundation Course April 2021
Question: Match each purpose statement with the appropriate Governance or Management
objective
BAI07
MEA04 APO10
Implement solutions safely and in line with the Managed IT Change
Managed Managed
agreed expectations and outcomes. Acceptance and
Assurance Vendors
Transitioning
Question Match each description with the appropriate Governance Component as it applies to
Governance and Management Objectives.
Third-party services,
types of infrastructure
and categories of
applications that can Culture Services,
Organizational People, Skills,
be applied to support Process Information Policies and Infrastructure
Structures Competencies
the achievement of a Ethics and Applications
governance or
management
objective.
4
COBIT 2019 Foundation Course April 2021
Question: Using information from the NAMECO scenario (see above – same scenario), use the goals
cascade to determine the most appropriate Governance or Management Objectives.
NAMECO has determined that the most critical enterprise goals for the upcoming year includes the
following:
MODULE 8
ACME Corporation Case
The example scenario is Acme Corporation, a large multinational enterprise with a mixture of
traditional, well-established business units as well as new Internet-based businesses adopting the
very latest technologies. Many of the business units have been acquired and exist in various
countries with different local political, cultural and economic environments.
The central group’s executive management team has been influenced by the latest enterprise
governance guidance, including COBIT, which they have used centrally for some time.
They want to make sure that rapid expansion and adoption of advanced IT will deliver the value
expected; they also intend to manage significant new risk.
They have, therefore, mandated enterprise wide adoption of a uniform EGIT approach. This
approach includes involvement by the audit and risk functions and internal annual reporting by
business unit management of the adequacy of controls in all entities
Questions: Using information from the ACME case and the NAMECO scenario (see earlier), complete
a business case section.