CASE ANALYSIS (10 points: 2 items x 5 points) Direction: Read the case and answer the given questions. An information system (IS) auditor was asked to review the alignment between information technology (IT) and business goals for Cachero, a small but rapidly growing financial institution. The IS auditor requested information including business and IT goals and objectives; however, these were limited to a short, bulleted list for business goals and PowerPoint slides used in reporting meetings for IT goals. It was also found in the documentation provided that over the past two (2) years, the risk management committee (composed of senior management} met on only three (3) occasions, and no minutes of what was discussed were kept for these meetings. When the IT budget for the upcoming year was compared to the strategic plans for IT, it was noted that several of the initiatives mentioned in the plans for the upcoming year were not included in the budget for that year. The IS auditor also discovered that Cachero does not have a full-time chief information officer (CID). The organizational chart of the entity denotes an IS manager reporting to the chief financial officer (CFO), who, in turn, reports to the board of directors. The board plays a major role in monitoring IT initiatives in the entity, and the CFO frequently communicates the progress of IT initiatives. When the IS auditor reviewed the segregation of duties (SoD) matrix. it was apparent that application programmers are only required to obtain approval from the database administrator (DBA) to directiy access the production data. It was also noted that the application programmers must provide the developed program code to the librarian, who then migrates it to production. IS audits are carried out by the internal audit department, which reports to the CFO at the end of every month, as part of the business performance review process; the financial results of the entity are reviewed in detail and signed off by the business managers for the correctness of data contained therein. Questions: 1. In no more than five (5) sentences, discuss what should an IS auditor suggest regarding the governance structure of Cachero. In my opinion, it is good to know as an IS auditor that the board plays a significant role in overseeing IT initiatives. In the case of the CFO playing the CIO's additional role, a sub-committee just like the IT steering committee and IT strategy committee should be provided with corresponding reporting guidelines or at least report to a specific board member, which has IT expertise. On the other hand, a formal reporting and monitoring should be put in place by such a committeefboard member, which discusses and agrees with the CFO reporting measures and periodicity. These should be strictly adhered to by the CFO and the CommitteefMember of the Board should ensure that the process set out is observed and differences should be properly addressed. The Board should also monitor closely the progress of the major IT tasks, challenges, deiays and management advice on the corrective measures to be taken or the implementation of alternative strategies. Through this, an independent audit could be carried out for the entire governance structure and its activities