Problem/Issue
Statement
-
(In the early 2000s) Harley Davidson had only
rudimentary IT internal controls
o
Difficult for end users and created potential
opportunities for hackers
o
No defined change management process to capture
information about who made changes to IT infrastructure components or why
o
Seemingly trivial changes could unexpectedly
cause chain reactions and affect several other components
o
Backup and recovery processes were not fully
tested and are unreliable
o
Not meeting the requirements of Sarbanes-Oxley,
HIPAA, and Gramm-Leach-Bliley
-
Managers were not well versed in implementing
and managing internal controls
Situation
Assessments
-
Goal: to improve internal controls and mitigate
the risk of noncompliance to federal mandates
-
Criteria:
o
Avoid hurting product quality
o
Avoid slowing down production
o
Cost
o
Effectiveness with working with the corporation
o
How unproblematic it is to implement
List of Plausible
Alternative Courses of Action
-
Converting to the COBIT control framework
o
Since it is already has internationally accepted
standard for IT governance and control practices, it may be reliable to go with
COBIT control framework
-
Keep using the rudimentary IT internal controls
o
This will not solve the problem of closing the
gaps that H-D have, but they are the IT internal controls that they are most
familiar with
-
Look for other internal control frameworks that
may improve H-D’s system better than COBIT
o
COBIT may be internationally accepted, but that does
not guarantee that it would be the best fit for H-D. Looking for other
frameworks might close the gaps that H-D might have, but at the same time, it
is easier to implement its current IT internal controls
-
Outsourcing
o
Rather than forming a new IT compliance
department within the company, maybe H-D can outsource the problem to a more
experienced company that can handle the problem better
Evaluation of
Alternatives
-
H-D must find an alternative that works best
with the criteria that H-D is concerned while also allowing for H-D to
accomplish its goals. Since the alternatives are laid out, H-D must do their
research to see which of the alternatives fits them best.
Recommendation
-
Quality Recommendation:
o
H-D may rely on COBIT control framework since it
is proven to work and is an acceptable standard for IT governance and control
practices.
-
Logical Recommendation:
o
H-D should look for other alternatives and
compare them with COBIT control framework to see which fits them the best and
works well with H-D’s given criteria.