Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

It assurance guide using cobit

22/11/2021 Client: muhammad11 Deadline: 2 Day

Management Informations Systems And Human Computer Interaction -

Use of COBIT

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .2

ISACA®

With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA offers the Business Model for Information Security™ (BMIS™) and the IT Assurance Framework™ (ITAF™). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfil their IT governance responsibilities and deliver value to the business.

Disclaimer ISACA has designed and created IT Governance Using COBIT® and Val ITTM: Caselets, 3rd Edition (the ‘Work’) primarily as an educational resource for those seeking to understand COBIT and Val IT. ISACA makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, enterprise leaders and governance of IT, management and assurance professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or information technology environment. The example companies, organisations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious. No association with any real company, organisation, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred.

Reservation of Rights © 2010 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written authorisation of ISACA. Reproduction and use of all or portions of this publication are permitted solely for academic, internal and non-commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work.

ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443 E-mail: info@isaca.org Web site: www.isaca.org

IT Governance Using COBIT® and Val ITTM: Caselets, 3rd Edition

CRISC is a trademark/service mark of ISACA. The mark has been applied for or registered in countries throughout the world.

3© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

acknowledGeMenTs

Acknowledgements ISACA wishes to recognise:

Researcher Norm Kelson, CISA, CGEIT, CPA, The Kelson Group, USA

Expert Reviewers Carmen R. Cintron-Ferrer, Universidad Sagrado Corazon, Puerto Rico Olayinka David-West, CISA, CGEIT, Lagos Business School, Nigeria Andrea Ko, Ph.D., Corvinus University of Budapest, Hungary Munir Majdalawieh, Ph.D., American University of Sharjah, UAE Chris O. Odionu, Ph.D., CGEIT, Alabama A&M University, USA Juan Pardo, Ph.D., University CEU Cardenal Herrera, Spain Joerg Puchan, Ph.D., University of Applied Sciences Munich, Germany Mario Spremic, Ph.D., CGEIT, University of Zagreb, Croatia Wim Van Grembergen, Ph.D., University of Antwerp Management School, Belgium Diane L. Wright, University of Delaware, USA Dmitry Zhdanov, Ph.D., CISSP, University of Connecticut, USA

ISACA Board of Directors Emil D’Angelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd., USA, International President Christos K. Dimitriadis, Ph.D., CISA, CISM, INTRALOT S.A., Greece, Vice President Ria Lucas, CISA, CGEIT, Telstra Corp. Ltd., Australia, Vice President Hitoshi Ota, CISA, CISM, CGEIT, CIA, Mizuho Corporate Bank Ltd., Japan, Vice President Jose Angel Pena Ibarra, CGEIT, Alintec S.A., Mexico, Vice President Robert E. Stroud, CGEIT, CA Technologies, USA, Vice President Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, Vice President Rolf M. von Roessing, CISA, CISM, CGEIT, KPMG Germany, Germany, Vice President Lynn C. Lawton, CISA, FBCS CITP, FCA, FIIA, KPMG Ltd., Russian Federation, Past International President Everett C. Johnson Jr., CPA, Deloitte & Touche LLP (retired), USA, Past International President Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Director Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia, Director Howard Nicholson, CISA, CGEIT, CRISC, City of Salisbury, Australia, Director Jeff Spivey, CPP, PSP, Security Risk Management, USA, ITGI Trustee

Knowledge Board Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Chair Michael Berardi Jr., CISA, CGEIT, Nestle USA, USA John Ho Chi, CISA, CISM, CBCP, CFE, Ernst & Young LLP, Singapore Jose Angel Pena Ibarra, CGEIT, Alintec S.A., Mexico Jo Stewart-Rattray, CISA, CISM, CGEIT, CSEPS, RSM Bird Cameron, Australia Jon Singleton, CISA, FCA, Auditor General of Manitoba (retired), Canada Patrick Stachtchenko, CISA, CGEIT, CA, Stachtchenko & Associates SAS, France Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA

Academic Program Subcommittee Henny J. Claessens, CISA, CISM, CGEIT, Maastricht University, The Netherlands, Chair Claudio Cilli, Ph.D., CISA, CISM, CGEIT, University of Rome, Italy Graham Gal, Ph.D., University of Massachusetts, USA Yonosuke Harada, CISA, CISM, CGEIT, CAIS, Institute of Information Security, Japan Sharon Finney, CISM, Adventist Health System, USA Richard M. Moore III, CISM, CISSP, MSIA, KPMG LLP, USA Vincent Orrico, Ph.D., CISA, CGEIT, CBCP, CISSP, PMP, Optimal Vantage Strategies LLC, USA Krishna Seeburn, CFE, CISSP, PMP, University of Technology, Mauritius, Mauritius Lolita E. Vargas-DeLeon, CISA, CIA, CPA, Puerto Rico

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .4

ISACA and IT Governance Institute Affiliates and Sponsors American Institute of Certified Public Accountants ASIS International The Center for Internet Security Commonwealth Association for Corporate Governance Inc. FIDA Inform Information Security Forum Information Systems Security Association Institut de la Gouvernance des Systèmes d’Information Institute of Management Accountants Inc. ISACA chapters ITGI Japan Norwich University Solvay Brussels School of Economics and Management University of Antwerp Management School Analytix Holdings Pty. Ltd. BWise B.V. Hewlett-Packard IBM Project Rx Inc. SOAProjects Inc. Symantec Corp. TruArx Inc.

Acknowledgements (cont.)

5© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

Table of conTenTs

tAble of contents Purpose of This Document .................................................................................................................................... 6

1. Caselet: DentDel Inc. ...................................................................................................................................... 7 Learning Objective ................................................................................................................................. 7 Background ............................................................................................................................................. 7 Issue ........................................................................................................................................................ 7 Questions ................................................................................................................................................. 8

2. Caselet: Your Neighborhood Grocers ............................................................................................................ 9 Learning Objective ................................................................................................................................. 9 Background ............................................................................................................................................. 9 Issue ........................................................................................................................................................ 9 Questions ............................................................................................................................................... 10

3. Caselet: All World Airways ......................................................................................................................... 11 Learning Objective ............................................................................................................................... 11 Background ........................................................................................................................................... 11 Issue ...................................................................................................................................................... 11 Questions ............................................................................................................................................... 12 Exhibit ................................................................................................................................................... 12

4. Caselet: ClaimProof Insurance ..................................................................................................................... 14 Learning Objective ............................................................................................................................... 14 Background ........................................................................................................................................... 14 Issue ...................................................................................................................................................... 14 Questions ............................................................................................................................................... 15

5. Caselet: Software Programs Inc. .................................................................................................................. 16 Learning Objective ............................................................................................................................... 16 Background ........................................................................................................................................... 16 Issue ...................................................................................................................................................... 16 Questions ............................................................................................................................................... 17

ISACA Professional Guidance Publications ....................................................................................................... 18

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .6

PurPose of this document Caselets, 3rd Edition is a product of ISACA (www.isaca.org) and is part of the IT Governance Using COBIT® and Val ITTM series. This publication supplements and complements the existing Caselets, 2nd Edition and should be used with the Student Book, 2nd Edition.

This publication was developed in collaboration with a group of international academic professionals and practitioners. These caselets provide five additional minicase studies on governance and assurance using COBIT in real-life situations and are designed to be used by graduate and undergraduate classes either in class as a 90-minute student group exercise or as weekly student assignments.

The caselets are based on themes from the Student Book, 2nd Edition. The objectives are to: • Provide a foundation for students to identify risks and control areas in a rich information technology environment • Provide a means for students to relate risks and controls to particular COBIT control objectives • Help students learn how to use the COBIT assurance guidelines to identify appropriate procedures when developing methodologies for

providing assurance over controls • Help students learn how to apply COBIT to the governance of IT

Each caselet includes a learning objective, background on the organisation including IT processes and infrastructure, and specific problem areas that students are required to solve using the information in the Student Book, 2nd Edition or, as appropriate, the supplementary information outlined for each caselet.

Note that extra background information, guidance and teaching notes are outlined in a separate publication that is available for professors only.

The components that make up IT Governance Using COBIT and Val IT are the: • Student Book, 2nd Edition • Caselets, 2nd Edition and Teaching Notes • TIBO Case Study, 2nd Edition and Teaching Notes (Spanish translation also available) • Presentation, 2nd Edition (35-slide PowerPoint presentation on COBIT) • Caselets, 3rd Edition and Teaching Notes • City Medical Partners Case Study, 3rd Edition and Teaching Notes

7© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

1. cAselet: dentdel inc.

Learning Objective This case focuses on IT strategic alignment with business objectives and strategies.

Introduction Dan O’Reilly is the chief executive officer (CEO) of DentDel Inc. He is facing a critical decision on whether to terminate or continue development on a systems development project that affects the future of DentDel. The further he investigates the issue, the more uncertain he becomes about the viability of the project and the more concern he has over the lack of alignment between IT and business objectives.

backgrOund

Company DentDel began operations as a regional provider of dental supplies to dental providers. The initial marketing plan was to employ sales staff, travel to dentist offices and take orders. Because this business is extremely competitive, timely ordering and delivery of the products was the key differentiator between DentDel and its competitors.

Industry DentDel is a wholesale distributor; it purchases and resells dental equipment. The wholesale distribution business has been undergoing significant change as companies move from a direct sales approach to a consumer-driven order process through the Internet.

Key Players The key players are: • Dan O’Reilly, CEO • Cedric James, Chief Information Officer (CIO) • Chuck Hernandez, Director of Systems Development • Sarah Stein, Vice President of Sales • Rafael Colon, Chief Financial Officer (CFO) • Alicia David, Audit Committee Chair

issue The sales staff would take orders on paper and, nightly, bring the orders to the office for processing. This proved to be too costly and time consuming, and in response, the sales people were provided with portable fax machines to send the orders after each visit. This, too, was inefficient because the orders had to be transcribed from the faxes, which were often illegible.

The IT department, led by Cedric James, decided that wireless technology had become reliable and secure enough to begin equipping the sales team with hand-held devices. Since Cedric had a Pear P-Phone, he decided that this would be the platform on which to build a new order entry system. Cedric brought his idea to Chuck Hernandez, who began developing a business case.

Chuck spoke with Sarah Stein and Rafael Colon to get some initial feedback on the current sales system. He also met with several members of the field sales force to determine which technologies would make their sales efforts more efficient. Chuck completed the business case and conceptual design. He presented it to Cedric, who forwarded it to Sarah and Rafael with a recommendation that they approve it.

Cedric, Sarah and Rafael held a 10-minute meeting in which the project was discussed. Cedric presented his representation of the operational benefits and financial savings, using his assumptions and cost estimates. After limited discussion, based on Cedric’s representations of the savings and benefits, Rafael approved the US $20 million project, which included systems development and acquisition of the equipment. Because of the desire to implement the project development quickly, the project was not presented to the executive committee, comprised of the CEO, CFO, chief operating officer (COO) and general counsel.

1. caseleT: denTdel Inc.

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .8

It was decided that Sarah, Cedric and Chuck would oversee the project as an ad hoc committee. Rafael would sit in on meetings affecting financial issues. No chairperson was established. In preparation for the later rollout, Cedric decided to replace the sales team’s mobile phones with the P-Phone to save the expense of replacing the phones later.

At the last status meeting, involving Rafael, Sarah, Chuck and Cedric, the following issues were raised: • The project team has spent US $8 million, but reports that only 25 percent of the project plan has been completed. The original plan was

to spend US $3.5 million by this point in the project. • The project team was having internal difficulties: – The business subject matter experts were only available in the late afternoon, after they had finished their routine responsibilities. – The IT project team feels that the business is not providing enough resources or attention. – The project team reports that the sales team has been complaining about phone service at the locations they visit. The IT project team

suggests that the signal is good enough and that the sales team members can always find a place with an adequate signal. – The project team has not reported any issues to the executive committee. • Sarah reported that the dentists have less time to visit with the sales team members and would prefer to have their administrative

assistants place the orders directly via the web. She questioned whether it would be best to convert this project to a web-only order entry system and abandon the sales visits. Cedric was angered because Sarah questioned the viability of his technology strategy.

• Rafael indicated that he was concerned that the write-off of this project could be unsettling to the shareholders.

After this meeting, Rafael was quite concerned about the whole tenor of the project and foresaw a write-off of US $8 million, which would be considered financially material and require a US Securities and Exchange Commission (SEC) disclosure. He decided to bring this issue to Dan O’Reilly. Dan was extremely concerned and requested an internal audit of the process to determine how to stop the haemorrhaging. Since the situation also involved a material financial impact, he was obliged to notify the Audit Committee Chair, Alicia David. Alicia shared all of the concerns identified by Dan, but felt that the internal audit assessment should have a wider scope.

Decision to Be Made Alicia David requested that the Internal Audit Department prepare a discussion document to provide the Audit Committee and CEO with an understanding of what happened and what actions should be taken.

QuestiOns As the internal audit team lead for IT Audit, you have been asked to utilise COBIT as a framework to: 1. Identify which processes were ineffective and allowed this situation to occur, using COBIT to justify your responses. 2. Suggest the steps management should take to assess the situation, and create an action plan. 3. Identify which governance processes should be initiated to prevent reoccurrence of a project failure such as this one.

9© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

2. caseleT: YoUr neIGhborhood Grocers

2. cAselet: Your neighborhood grocers

Learning Objective This case focuses on strategic planning and the implementation of a control framework.

Introduction Larry Bacon is the newly appointed chief information officer (CIO) of Your Neighborhood Grocers (YNG). Management has requested that he focus on streamlining operations, removing unnecessary processes and management layers, reducing the budget, and developing a strategy for process improvement and accountability. He seeks a control framework and structure.

backgrOund

Company YNG is a grocery chain that operates in 10 distinct markets. The company grew through acquisition, keeping the acquired brand in each of the markets.

Industry The supermarket industry is a highly competitive environment. Senior management is typically comprised of supermarket personnel who have grown within the company through various levels of management. The applications are complex—processes include standard accounting functions, retail-specific applications, and those applications customised to the supermarket industry. Many supermarket companies have retained legacy systems because their strategic focus has been marketing, thus delegating IT infrastructure to a lower priority.

Key Players The key players are: • Larry Bacon, CIO • Del Salmon, Chief Executive Officer (CEO)

issue As the companies were acquired, the IT function within each company was integrated into the YNG data center. With each acquisition, the IT function would evaluate the software applications operating at the acquired company to determine whether the acquired company had better applications than the parent. In some cases, the acquired company was permitted to retain its application, but in most cases, the acquired company converted to the YNG applications.

The YNG applications were developed over time and were independent of one another. As a result, they utilise various database management systems, including Oracle® E-Business Suite; Microsoft® SQL-Server®; and IBM® DB2®, IMS and Informix®. The applications run on various platforms including an IBM mainframe; older IBM AS/400s, which are reaching the end of their supported life; IBM servers running AIX® and Linux; and Sun Servers running Solaris.

The main applications include the following: • Warehouse Distribution—Purchased from RetailGen, which is no longer in business. All maintenance is performed in house. This

application processes receiving and storage at the distribution centres, and picking and delivery to the stores. • In-Store Delivery—A modern system, acquired from ISD-Associates. This application processes products delivered directly to the store

(bread, soda, chips, etc.) to record purchases and returns. • Perishable Food Management—Purchased from Retail Systems. This application monitors waste. • GoToMarket—A combination of purchased systems and systems developed in house. These applications establish the pricing strategies,

product selection, vendor negotiations and management, and store planning. • FrontOfStore—Purchased from a now-defunct company. YNG has contracted with a group of retired programmers from the original

company to maintain the point-of-sale equipment at the front of the store. This application requires immediate replacement. • Accounts Payable—An old batch system that receives interfaces with GoToMarket, In-Store Delivery, Warehouse Distribution and a

non-resale purchasing system. All interfaces were written internally. • General Ledger—An old batch system that interfaces with all subsystems. The heritage is too old to trace.

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .10

• Payroll—Purchased package from U-Pay, Inc. YNG operates separate instances and versions at each of the operating companies. The newest version is quite modern and would fit the needs of the company, but has not been implemented. The versions in use range from two to five generations old.

• Food Product R&D—Known as FPRD. This application was initially supplied by an applications service provider, but has been significantly patched by the research and development (R&D) staff. No programming standards were used.

Software and hardware solutions were acquired in a piecemeal fashion. Initially, IT led the selection and acquisition process. The resulting implementation did not achieve business objectives. Many systems were technically efficient, but operationally cumbersome. Subsequently, business management demanded that hardware and software solutions be selected by the business, without IT involvement. This resulted in the proliferation of disparate hardware and software permutations, as noted previously.

The success rate for systems developed in house has been poor; most of them have not realised their benefits, incurring large budget overruns. The business-acquired applications were more successful in meeting business needs; however, several attempts at software selection and implementation have resulted in substantial write-offs.

The proliferation of disparate architectures has made access control difficult. During the last financial audit, the external auditors indicated that the current access control approach was a significant weakness and would be considered a material weakness during the next audit cycle.

Decision to Be Made

Del Salmon, CEO, realised that IT requires a significant overhaul. He hired Larry Bacon as CIO to streamline operations; remove unnecessary fat from the budget; and develop a strategy for process improvement and accountability, including a framework and structure. Having used COBIT at a previous organisation, Larry would like to implement COBIT as his framework for providing governance over IT.

QuestiOns Larry has requested your assistance to perform a three-phase analysis of the IT organisation: 1. Phase I: Identify the key issues that are the root cause of the new CIO’s problems. 2. Phase II: For each of the key issues identified in phase I, how would you apply specific COBIT control objectives within PO1 through

PO3 and ME4 to address these issues? Larry needs specifics and requested that you cite the control objective and how it would remediate the situation.

3. Phase III: Larry is concerned that once he has developed the framework, he will face roadblocks in implementing it. Address these issues in a talking-points outline.

11© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

3. caseleT: all world aIrwaYs

3. cAselet: All world AirwAYs

Learning Objective This case focuses on risk assessment.

Introduction Don Geekbine, Chief Information Officer (CIO) of All World Airways, must perform a risk assessment of a proposal to outsource the IT operating environment.

backgrOund

Company All World Airways (AWA) is an international airline with reservation centres in the US in Detroit, Michigan, and in Germany in Wiesbaden. AWA has posted losses for the past six quarters.

Industry The airline industry has been significantly affected by the economic downturn, petroleum prices, labour disputes and the competition. Where IT was a core function, many of the large airlines have spun off their reservations and technical information systems to self-supporting companies and have entered into outsourcing agreements with their former support functions. This has removed investments and assets from the balance sheets, allowed the airlines to focus on their primary business of transportation, and permitted the newly independent IT functions to sell their services to other airlines because competition with the software owner is no longer a conflict of interest.

Key Players The key players are: • Don Geekbine, CIO • Chief Financial Officer (CFO) • Chief Executive Officer (CEO)

issue The company has built data centres in both locations, using IBM mainframes running the z/OS operating system and the Airline Control System (ALCS), a high-volume, high-speed transaction processor for the reservation industry. AWA also runs maintenance, scheduling, airfare sensitivity analysis and freight systems. Over the years, all IT activities have been managed and staffed internally.

The CFO and CEO have been reviewing IT costs and return on investment (ROI). Based on their analysis, they have determined that the cost of internal development and IT operations has become too expensive to justify continued support. In their review, they noted that other airlines have outsourced operations to industry-leading IT providers, including Galileo, Sabre®, Amadeus and Travelspan. AWA has decided that IT is not a core business and wants to outsource the IT function.

The CIO, Don Geekbine, was informed of the decision and was asked to perform a risk assessment of the outsourcing process. As part of his initial analysis, he prepared the following notes, in no particular order, which were incorporated into his briefing points: • All applications were developed internally; reservations are fairly standard and could be easily outsourced; sensitivity analysis, flight

and crew scheduling have some specific requirements that are only available with internally developed solutions. • All systems were written in COBOL; many programmers are retiring, and those available command higher salaries. • US programmers and operations are located in an economically depressed area; workers with eliminated positions will have problems

finding new jobs. • European work rules have long lead times for the elimination of jobs. • There is a need to discuss transferring programming to low-cost locations such as India. • The CFO indicated concern regarding compliance with the US Sarbanes-Oxley Act of 2002; Payment Card Industry Data Security

Standard (PCI DSS) compliance is also a concern. • Equipment and data centre facilities are currently leased. What becomes of the leases? • Operational processes will require governance to ensure satisfactory performance of key project deliverables, key processes and

system availability. • Don has not performed risk assessments before and is unfamiliar with the issues that should be considered.

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .12

The CFO has requested that the risk assessment address the following: • IT risks • Financial risks • Human resources risks • Competitive risks • Reputational risks

Decision to Be Made Don has agreed to the assessment, but indicated that he would want to use COBIT as his analysis framework. He has decided that the following COBIT IT processes would be the basis for his risk assessment: PO9, DS1 and DS2. (See the exhibit after the questions for relevant COBIT control objectives.)

QuestiOns 1. You have been requested to compile a list of risks for each of the five areas identified by the CFO for the risk assessment. Group your

thoughts by section, using the details that Don has provided, your understanding of the COBIT risk management issues and your understanding of IT issues.

2. Using COBIT PO9, how would you perform a risk assessment of the risks identified in question 1 to provide an objective and subjective assessment for management’s consideration?

3. Using COBIT DS1 and DS2, identify what role the retained organisation should have in its interactions with the vendor for the outsourced IT function.

exhibit

Supporting Documentation—Relevant COBIT Control Objectives • PO9.1 IT risk management framework—Establish an IT risk management framework that is aligned to the organisation’s (enterprise’s)

risk management framework. • PO9.2 Establishment of risk context—Establish the context in which the risk assessment framework is applied to ensure appropriate

outcomes. This should include determining the internal and external context of each risk assessment, the goal of the assessment, and the criteria against which risks are evaluated.

• PO9.3 Event identification—Identify events (an important realistic threat that exploits a significant applicable vulnerability) with a potential negative impact on the goals or operations of the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. Determine the nature of the impact and maintain this information. Record and maintain relevant risks in a risk registry.

• PO9.4 Risk assessment—Assess on a recurrent basis the likelihood and impact of all identified risks, using qualitative and quantitative methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis.

• PO9.5 Risk response—Develop and maintain a risk response process designed to ensure that cost-effective controls mitigate exposure to risks on a continuing basis. The risk response process should identify risk strategies such as avoidance, reduction, sharing or acceptance; determine associated responsibilities; and consider risk tolerance levels.

• PO9.6 Maintenance and monitoring of a risk action plan—Prioritise and plan the control activities at all levels to implement the risk responses identified as necessary, including identification of costs, benefits and responsibility for execution. Obtain approval for recommended actions and acceptance of any residual risks, and ensure that committed actions are owned by the affected process owner(s). Monitor execution of the plans, and report on any deviations to senior management.

• DS1.1 Service level management framework—Define a framework that provides a formalised service level management process between the customer and service provider. The framework should maintain continuous alignment with business requirements and priorities and facilitate common understanding between the customer and provider(s). The framework should include processes for creating service requirements, service definitions, service level agreements (SLAs), operational level agreements (OLAs) and funding sources. These attributes should be organised in a service catalogue. The framework should define the organisational structure for service level management, covering the roles, tasks and responsibilities of internal and external service providers and customers.

• DS1.2 Definition of services—Base definitions of IT services on service characteristics and business requirements. Ensure that they are organised and stored centrally via the implementation of a service catalogue portfolio approach.

13© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

• DS1.3 Service level agreements—Define and agree to SLAs for all critical IT services based on customer requirements and IT capabilities. This should cover customer commitments; service support requirements; quantitative and qualitative metrics for measuring the service signed off on by the stakeholders; funding and commercial arrangements, if applicable; and roles and responsibilities, including oversight of the SLA. Consider items such as availability, reliability, performance, capacity for growth, levels of support, continuity planning, security and demand constraints.

• DS1.4 Operating level agreements—Define OLAs that explain how the services will be technically delivered to support the SLAs in an optimal manner. The OLAs should specify the technical processes in terms meaningful to the provider and may support several SLAs.

• DS1.5 Monitoring and reporting of service level achievements—Continuously monitor specified service level performance criteria. Reports on achievement of service levels should be provided in a format that is meaningful to the stakeholders. The monitoring statistics should be analysed and acted upon to identify negative and positive trends for individual services as well as for services overall.

• DS1.6 Review of service level agreements and contracts—Regularly review SLAs and underpinning contracts (UCs) with internal and external service providers to ensure that they are effective and up to date and that changes in requirements have been taken into account.

• DS2.1 Identification of all supplier relationships—Identify all supplier services, and categorise them according to supplier type, significance and criticality. Maintain formal documentation of technical and organisational relationships covering the roles and responsibilities, goals, expected deliverables, and credentials of representatives of these suppliers.

• DS2.2 Supplier relationship management—Formalise the supplier relationship management process for each supplier. The relationship owners should liaise on customer and supplier issues and ensure the quality of the relationship based on trust and transparency (e.g., through SLAs).

• DS2.3 Supplier risk management—Identify and mitigate risks relating to suppliers’ ability to continue effective service delivery in a secure and efficient manner on a continual basis. Ensure that contracts conform to universal business standards in accordance with legal and regulatory requirements. Risk management should further consider nondisclosure agreements (NDAs), escrow contracts, continued supplier viability, conformance with security requirements, alternative suppliers, penalties and rewards, etc.

• DS2.4 Supplier performance monitoring—Establish a process to monitor service delivery to ensure that the supplier is meeting current business requirements and continuing to adhere to the contract agreements and SLAs, and that performance is competitive with alternative suppliers and market conditions.

3. caseleT: all world aIrwaYs

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .14

4. cAselet: clAimProof insurAnce

Learning Objective This case focuses on the IT audit assurance process.

Introduction The external auditors from Unqualified Opinions Ltd. have determined that the claim process is a high-risk area requiring audit focus. Their interim work has identified programme change control as a potential audit problem that may preclude placing reliance on the controls within the claim process system.

backgrOund

Company ClaimProof Insurance is an international property and casualty insurance company. Its motto is: One Claim Is Enough! It operates in the Americas, European Union countries and the commonwealth countries of Asia.

Industry The property and casualty insurance industry is competitive. Companies review their claims history frequently and, upon renewal date, determine whether it is in the company’s interests to retain the insured. Some companies will retain the insured, adjusting the premiums based on the claim history. ClaimProof is one of the low-premium leaders that is unwilling to retain customers if there is any claim history.

Key Player The key player is Unqualified Opinions Ltd., an external accounting firm.

issue The claim process uses an automated adjudication system that evaluates the claim details, frequency of customer claim history, probabilities and other complex factors in approving claim payments, suspending the payments with referral to a specialist or denial of claims. This process is material in the evaluation of the financial statements. Unqualified Opinions Ltd. has determined that the most efficient audit methodology is to use a previous detailed audit of the process as a benchmark and focus on only the changes to the system. Since the basis for identifying changes to the system is the programme change control process, the internal audit department has been asked to perform an audit of the controls affecting the programme change control system (PCCS).

The PCCS controls the production source and executable program code, operating system configuration parameters, and any batch control processes (.BAT, .CMD and .JCL). The test libraries that contain source and executable code are open to all programmers throughout the installation. Once a programmer has completed the testing of a program, the program source is submitted to the programme change administrator. The administrator recompiles the program and moves the source and executable code into a production library that is accessible only to the production control team.

In a cost-cutting initiative, the production control team is only available during regular business hours. After hours, if a program change is required, one-time-use passwords are available. The programmer who makes the change must create a change ticket, obtain the one-time password from a file cabinet, and indicate in the password log the change ticket number and the date and time of the change. The programmer can then make the appropriate changes, move the program into production, and note on the move ticket the time and date of the completion of the move. Each morning, the programme change administrator reviews the sign-out log and verifies that the appropriate paperwork has been completed.

During an initial interview, the administrator was asked whether further examination of off-hours changes was performed; the response was no. An incident reporting system records all processing disruptions, but there is no reconciliation between the system and the PCCS.

15© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

Decision to Be Made The external auditors have expressed concern regarding the synchronisation of the production source and executable code and whether any unauthorised changes to production logic have occurred.

QuestiOns You have been hired to respond to these concerns and answer the following questions: 1. What are the five steps required for the IT assurance of a specific area? 2. Based on the results of question 1 and your understanding of the control environment, identify the high-risk areas requiring

audit attention. 3. How would you assess the control design? 4. How would you test the control effectiveness?

4. caseleT: claIMProof InsUrance

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .16

5. cAselet: softwAre ProgrAms inc.

Learning Objective Software Programs Inc. was selected to focus on IT audit’s approach to the audit of the financial statement.

Introduction Hy Fenation is Director of IT Audit for Software Programs. He has been working with AuditGen PC, the external auditor, to prepare for the annual audit. Software Programs recently became a public company and is now required to include an integrated audit of the financial statements as well as the internal controls that support the financial statements. Hy has met with the engagement partner, Dalton Walton, to discuss internal audit’s participation in the audit of IT control and must now document a plan.

backgrOund

Company Software Programs is a provider of office productivity software, including word processing, spreadsheet and presentation applications. During 2009, Software Programs initiated an initial public offering (IPO) and was required to satisfy the internal control provisions of the US Sarbanes-Oxley Act of 2002.

Industry Software Programs is in the software development and sales business. This process includes the development, sales, distribution and maintenance of business software. Software Program’s primary competition includes Microsoft® with its Office applications and also includes OpenDocuments.org, a freeware provider of software.

Key Players The key players are: • Hy Fenation, Director of IT Audit, Software Programs • Dalton Walton, Audit Partner, AuditGen PC • Mikhail Dobrasky, Chief Financial Officer (CFO), Software Programs • Francois Vert, Chief Information Officer (CIO), Software Programs

issue Dalton Walton has met with internal audit management to discuss the annual external audit of Software Programs. Software Programs operates distinct networks that are protected by firewalls: • Administrative systems—This network includes the financial systems: general ledger, receivables, payables, sales, inventory

and payroll. • Research and development (R&D)—All applications development and testing are performed on the R&D network. Once applications

have been tested, they are transferred to a production library for distribution. • Web operations—This network includes the sales and support web site, which also includes the call centre operations.

Mikhail Dobrasky, CFO, provided an overview of critical operations. The highlights of this presentation are: • Software is developed and tested, after which a release to manufacturing (RTM) version is produced. This version is sent to Digital

Stream for production. Two versions of software are created—media and download. – Digital Stream maintains the download version on its web site. Customers may buy a copy and download it. As these are credit card

transactions, Digital Stream will process the payments, obtain the remittance from the credit card processor, and remit sales figures and payments to Software Programs on a monthly basis. Download sales revenue represents 10 percent of sales.

– Media versions are sent to the Software Programs distribution centre where they are placed into the finished goods inventory. • Software Programs performs all sales and distribution of media from inventory and either invoices the customers directly or accepts

credit card payments. Media sales revenue represents 15 percent of sales.

17© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

• Software Programs sells site licences to its customers using in-house, direct-sales staff. R&D has developed a complex licencing mechanism to ensure that site licence customers do not exceed their licences. Site licence revenue represents 40 percent of sales.

• Software Programs provides support either as a fee per incident or via support contracts. Support contracts can be for one, two or three years and include future upgrades. Per-incident support is infrequent and not material. Support contract revenue represents 35 percent of sales.

Francois Vert, CIO, provided an overview of the IT architecture: • The accounting system is a purchased application from PearTree Software Inc. It operates on a dedicated Linux computer with the

MySQL® database. PearTree uses an online entry process for receivables, payables, payroll entry, internal sales (media, licence and support sales) and inventory. Batch processes are initiated through an automated scheduler, nightly, to process invoices, process materials receiving and generate checks. Digital Stream provides a data file containing download sales, which are updated through a batch process monthly.

• Site licences and the licence management system operate on a separate Windows server on the administrative systems network. This application feeds the accounting system with site licence sales. All adjustments to site licence sales are also processed on this system.

• Support contract sales operate on the same physical equipment as site licence sales, but are processed by a separate application. • Since the Software Programs software operates on Macintosh, Windows and Linux platforms, the R&D organisation maintains test

environments for each platform. Software development utilises a baseline C code, with platform-dependent extensions developed for each platform.

Hy Fenation, Direcctor of IT Audit, has indicated that the internal audit department has adopted the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework as its control framework and COBIT as its framework for governing and controlling IT.

Decision to Be Made Hy Fenation has asked you to assist him in preparing the planning document for the audit.

QuestiOns Hy has requested you prepare the following: 1. Provide a brief description of the audit process required to satisfy the auditing of IT controls over financial reporting. Hy indicated that

he believed there were six processes. 2. Based on the presentations by the Software Programs executives, perform a risk assessment of the infrastructure and applications to

identify the processes that need to be included in the audit. 3. Explain to Hy the process of evaluating control design and operating effectiveness. 4. Identify the processes you believe should be included in the evaluation of control design and operating effectiveness.

5. caseleT: sofTware ProGraMs Inc.

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .18

isAcA ProfessionAl guidAnce PublicAtions Many ISACA publications contain detailed assessment questionnaires and work programs. Please visit www.isaca.org/bookstore or e-mail bookstore@isaca.org for more information.

FramewOrks and mOdeLs • The Business Model for Information Security, 2010 • COBIT® 4.1, 2007 • Enterprise Value: Governance of IT Investments, The Val ITTM Framework 2.0, 2008 • ITAFTM: A Professional Practices Framework for IT Assurance, 2008 • The Risk IT Framework, 2009

BMIS-related Publication • An Introduction to the Business Model for Information Security, 2009

COBIT-related Publications • Aligning COBIT® 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit, 2008 • Building the Business Case for COBIT® and Val ITTM: Executive Briefing, 2009 • COBIT® and Application Controls, 2009 • COBIT® Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2nd Edition, 2007 • COBIT® Mapping: Mapping of CMMI® for Development V1.2 With COBIT® 4.0, 2007 • COBIT® Mapping: Mapping of FFIEC With COBIT® 4.1, 2007 • COBIT® Mapping: Mapping of ISO/IEC 17799:2000 With COBIT®, 2nd Edition, 2006 • COBIT® Mapping: Mapping of ISO/IEC 17799:2005 With COBIT® 4.0, 2006 • COBIT® Mapping: Mapping of ITIL V3 With COBIT® 4.1, 2008 • COBIT® Mapping: Mapping of ITIL With COBIT® 4.0, 2007 • COBIT® Mapping: Mapping of NIST SP800-53 With COBIT® 4.1, 2007 • COBIT® Mapping: Mapping of PMBOK® With COBIT® 4.0, 2006 • COBIT® Mapping: Mapping of SEI’s CMM® for Software With COBIT® 4.0, 2006 • COBIT® Mapping: Mapping of TOGAF 8.1 With COBIT® 4.0, 2007 • COBIT® Mapping: Overview of International IT Guidance, 2nd Edition, 2006 • COBIT® QuickstartTM, 2nd Edition, 2007 • COBIT® Security BaselineTM, 2nd Edition, 2007 • COBIT® User Guide for Service Managers, 2009 • Implementing and Continually Improving IT Governance, 2009 • IT Assurance Guide: Using COBIT®, 2007 • SharePoint® Deployment and Governance Using COBIT® 4.1: A Practical Approach, 2010

Risk IT-related Publication • The Risk IT Practitioner Guide, 2009

Val IT-related Publications • The Business Case: Using Val ITTM 2.0, 2010 • Enterprise Value: Getting Started With Value Management, 2008 • Value Management Guidance for Assurance Professionals: Using Val ITTM 2.0, 2010

academic guidance • IT Governance Using COBIT and Val IT material: – Student Book, 2nd Edition – Caselets, 2nd Edition and Teaching Notes – TIBO Case Study, 2nd Edition and Teaching Notes (Spanish translation also available) – Presentation, 2nd Edition (35-slide PowerPoint presentation on COBIT) – Caselets, 3rd Edition and Teaching Notes – City Medical Partners Case Study, 3rd Edition and Teaching Notes

19© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .

executive and management guidance • Board Briefing on IT Governance, 2nd Edition, 2003 • Defining Information Security Management Position Requirements: Guidance for Executives and Managers, 2008 • An Executive View of IT Governance, 2008 • Identifying and Aligning Business Goals and IT Goals: Full Research Report, 2008 • Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition, 2006 • Information Security Governance: Guidance for Information Security Managers, 2008 • Information Security Governance—Top Actions for Security Managers, 2005 • IT Governance Domain Practices and Competencies: – Governance of Outsourcing, 2005 – Information Risks: Whose Business Are They?, 2005 – IT Alignment: Who Is in Charge?, 2005 – Measuring and Demonstrating the Value of IT, 2005 – Optimising Value Creation From IT Investments, 2005 • IT Governance and Process Maturity, 2008 • ITGI Enables ISO/IEC 38500:2008 Adoption, 2009 • IT Governance Roundtables: – Defining IT Governance, 2008 – IT Staffing Challenges, 2008 – Unlocking Value, 2009 – Value Delivery, 2008 • Managing Information Integrity: Security, Control and Audit Issues, 2004 • Understanding How Business Goals Drive IT Goals, 2008 • Unlocking Value: An Executive Primer on the Critical Role of IT Governance, 2008

PractitiOner guidance • Audit/Assurance Programs: – Change Management Audit/Assurance Program, 2009 – Generic Application Audit/Assurance Program, 2009 – Identity Management Audit/Assurance Program, 2009 – IT Continuity Planning Audit/Assurance Program, 2009 – Network Perimeter Security Audit/Assurance Program, 2009 – Outsourced IT Environments Audit/Assurance Program, 2009 – Security Incident Management Audit/Assurance Program, 2009 – Systems Development and Project Management Audit/Assurance Program, 2009 – UNIX/LINUX Operating System Security Audit/Assurance Program, 2009 – z/OS Security Audit/Assurance Program, 2009 • Cybercrime: Incident Response and Digital Forensics, 2005 • Enterprise Identity Management: Managing Secure and Controllable Access in the Extended Enterprise Environment, 2004 • Information Security Career Progression Survey Results, 2008 • Information Security Harmonisation—Classification of Global Guidance, 2005 • IT Control Objectives for Basel II, 2007 • IT Control Objectives for Sarbanes-Oxley: The Role of IT in the Design and Implementation of Internal Control Over Financial

Reporting, 2nd Edition, 2006 • OS/390—z/OS: Security, Control and Audit Features, 2003 • Peer-to-peer Networking Security and Control, 2003 • Risks of Customer Relationship Management: A Security, Control and Audit Approach, 2003 • Security Awareness: Best Practices to Serve Your Enterprise, 2005 • Security Critical Issues, 2005 • Security Provisioning: Managing Access in Extended Enterprises, 2002 • Stepping Through the InfoSec Program, 2007 • Stepping Through the IS Audit, 2nd Edition, 2004

Isaca ProfessIonal GUIdance PUblIcaTIons

IT Governance UsInG cobiT® and val ITTM: caseleTs, 3rd edITIon

© 2 0 1 0 I s a c a . a l l r I G h T s r e s e r v e d .20

• Technical and Risk Management Reference Series: – Security, Audit and Control Features Oracle® Database, 3rd Edition, 2009 – Security, Audit and Control Features Oracle® E-Business Suite, 3rd Edition, 2010 – Security, Audit and Control Features PeopleSoft, 2nd Edition, 2006 – Security, Audit and Control Features SAP®ERP, 3rd Edition, 2009 • Top Business/Technology Survey Results, 2008 • White Papers: – Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives, 2009 – New Service Auditor Standard: A User Entity Perspective, 2010 – Securing Mobile Devices, 2010 – Social Media: Business Benefits and Security, Governance and Assurance Perspectives, 2010

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Homework Guru
Top Academic Guru
Calculation Guru
Exam Attempter
Academic Master
Smart Tutor
Writer Writer Name Offer Chat
Homework Guru

ONLINE

Homework Guru

I am an academic and research writer with having an MBA degree in business and finance. I have written many business reports on several topics and am well aware of all academic referencing styles.

$38 Chat With Writer
Top Academic Guru

ONLINE

Top Academic Guru

I am a PhD writer with 10 years of experience. I will be delivering high-quality, plagiarism-free work to you in the minimum amount of time. Waiting for your message.

$26 Chat With Writer
Calculation Guru

ONLINE

Calculation Guru

I have done dissertations, thesis, reports related to these topics, and I cover all the CHAPTERS accordingly and provide proper updates on the project.

$41 Chat With Writer
Exam Attempter

ONLINE

Exam Attempter

I can assist you in plagiarism free writing as I have already done several related projects of writing. I have a master qualification with 5 years’ experience in; Essay Writing, Case Study Writing, Report Writing.

$38 Chat With Writer
Academic Master

ONLINE

Academic Master

As an experienced writer, I have extensive experience in business writing, report writing, business profile writing, writing business reports and business plans for my clients.

$18 Chat With Writer
Smart Tutor

ONLINE

Smart Tutor

I find your project quite stimulating and related to my profession. I can surely contribute you with your project.

$41 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Bed and breakfast business plan pdf - Lesson 13: Percents Unit Test - Option for the poor and vulnerable - Dq commercial look into my uvula - How many pages are 1200 words - Balalaika store buffalo grove il - The global security policy cmgt - Social psychology 9th edition aronson wilson & akert pdf - Social media platforms and your career hum 186 - Characteristics of policy analysis - How to invest 14000 dollars - Powerpoint on spain culture - Http www ushistory org civ 6a asp - For all quoted material the citation must include - Urgent 3 - Solve 3x - 4 ≤ 2 or 2x + 11 ≥ -1. - Standardization vs localization ihrm - 5 phases of disaster recovery - Manual muscle test grading - Commonwealth bank old statements - Bharatanatyam junior exam book - Nsw health positions vacant - Sticks and stones and sports team names - Initiating the Project - Problem Set 3 - Shadow health tina jones neurological - Osha safety pays estimator - A2 b2 c2 obtuse triangle - Linear Development in Learning Approaches - Stitch fix target market - Arimidex side effects steroids - P5 explain the concept of homeostasis - Skill related fitness components - Manly ferries to be phased out - Community Health SLP 2 - Roman rapid x 420 8p instant tent - Risk management of coca cola company - Patho - Site supervisor licence qld - 3 person cheer stunts - New perspectives html5 and css3 7th edition solutions - How alibaba motivate employees - Week 8 Discussion 2 Physiology and Pathophysiology - Dorothea orem nursing theory - Concepts and theories in nursing - Write a peer response - Steady state error example - Class 1 div 2 ethernet connector - G3 fitness stanhope gardens - Snuggle exhilarations spa pink peony and rosewood - Cisco product quick reference guide - Similarities between phenomenological and ethnographic research - 12 major olympian gods - Why not me book - Arabic alphabet with pictures - Creative problem solving typically involves - Real life examples of ethical egoism - Non locomotor skills in basketball - Ready player one theme essay - English assignment front page design - Lab 6 CIS 275 - Progressive can crusher prepworks - The biology of skin color worksheet answers biointeractive - Leadership project week 2 - Correction- work - How to become a member of the house of lords - How is tesco influenced by stakeholders - Experiment vector addition of forces - Simile in julius caesar act 1 - Walking machine tweaked in 1932 - Corporate social responsibility: OD Pactitioner - How do exchange controls impede foreign business - Word document Assignment - Robin williams on tiger woods - Python password input - Ap calculus ab pacing guide - Why read shakespeare by michael mack - Kellys plaice north walsham - Law of the donut worksheet 12.7 answers - Frito lay kathleen ga jobs - How to determine critical path in pert chart - Food chain in wetland ecosystem - Macquarie university orientation 2021 - Powerpoint Presentation - Of mice and men part 2 - Escience lab 14 mendelian genetics answers - Atomic packing factor definition - Shmoop the grapes of wrath - Parker and stone inc is looking - The no show consultant case study - Footpath permit brisbane city council - Ib mathematics data booklet - Zappos com developing a supply chain to deliver wow - Costing methods and techniques - Go ahead waste time on the internet by kenneth goldsmith - Adaptation vs standardization in international marketing ppt - Capstone Research Companion - Dairy farm feasibility report - Palmar grasp intentional teaching - Money banking and financial markets edition solutions - Benedict's solution colour change