All World Airways Case Group 4: Li Wei Denisa Teme Tolulope Oke Jalal Hafidi Mathew Joseph
Background & Issue OVERVIEW • Finding Risks • Risk Assessment • Interactions with Vendors • Questions
Background & Issue • All World Airways(AWA) International airline with reservations in Detroit, Michigan, US & Wiesbaden, Germany • Posted losses for the past six quarters • Industry - Economic downturn, petroleum prices, labor disputes and the competition • Competitors - self-supporting; entered into outsourcing agreements • Two data centers in both locations • Maintenance, scheduling, airfare sensitivity analysis and freight systems • Plans to outsource IT function
Finding Risks Compile a list of risks for each of these five areas:
Reputational Risks • Laying off programmers & operations staff might lead to poor company image • Risk of reputational loss due to non-compliance with SOX, PCIDSS and other standards • Risk of programming transfer not meeting organizational standards
Human Resources & Competitive Risks Human Resources Risks: • Litigation risk due to European work lead rules • Sabotage risk Competitive Risk: • Internally developed solutions
Financial Risks • Liquidity risk • Risk of financial loss in the event of outsourced company going bankrupt • Risk of unforeseen high cost • Regulatory risk – cost of non-compliance
IT Risks • Risk that organization specific modules of the internally developed application might be lost in the event of outsourcing • Risk of inadequate IT specialist to manage the application once outsourced • Risk of non-compliance with required standards such as US SOX act of 2002, PCIDSS • Risk of revenue loss as the current equipment and data centers are leased • Risk of the risk assessment not meeting business needs due to inexperienced risk assessment specialist
Risk Assessment • Using COBIT PO9, how would you perform a risk assessment of the risks identified in question 1 to provide an objective and subjective assessment for management’s consideration?
Interactions with Vendors • Using COBIT DS1 and DS2, identify what role the retained organization should have in its interactions with the vendor for the outsourced IT function.
Questions? Thank you