Tuesday, May 22, 2012

Harley Davidson


Problem/Issue Statement
  • What is the problem?
           The problem in the Harley Davidson case stems from the complexity of the IT internal controls in place which are regulated by the federally mandated regulations such as SOX, Health Insurance Portability, and HIPAA, and Gramm-Leach Bliley. The simple controls they have led to poor management and when analyzed by an IT compliance team it was discovered that many gaps existed in their control procedures.

  • What is the distinction between the problems and the symptoms?
          The symptoms in this case analysis helps us identify the problem. The symptom was recognized at Harley Davidson when assessing the federally mandated regulations. They had come to find that there were very basic IT internal controls in place. Once they realize that there is a symptom, they will try to do anything they can to see if they can fix the problem. 

  • What is the scope of the problem?
          The scope of the problem included many gaps in the existing controls that showed no standardized user process to access data and IT applications. This created many problems for users which opened up potential for security risk. The tracking of revisions to IT information was non-existant so you could not see who made changes to any procedures, nor was there a reason. 

Situation Assessment
  • What is the context of the problem?
          The context of the problem was that the IT compliance department was in need of an improvement to their internal controls in order to mitigate the risk of noncompliance to federal mandates.     

  • What are the decision criteria?
          The decision criteria was initially to implement some general vendor's computer control model. This was very vague, plus a key member had suggested a different framework know as the COBIT control framework. That was the decision they chose to go with.           

List of Plausible Alternative Courses of Action
  • What are the alterative courses of action?
          The alternative courses of action to solve the problem was to successfully introduce more effective  controls that were recommended by the COBIT framework . This would ensure that managers understood why internal controls were necessary and play a major role in successful companies. The other course of action was to hire an IS strategic consulting firm to share their expertise with the Senior leadership on Harley. 

  • How does each of these address the key problem?
              Both of the courses of action address the key problem by helping managers understand that the most important factor that separates the big boys with the little guys is the level of leadership by business and senior managers. This helped them realize that their current processes were in dire need to be upgraded. 

Evaluation of Alternatives
  • Through what theoretical concepts should one evaluation of the alternatives?
       In this particular case, I would say that the VRINE model would be an appropriate theoretical concept to use in order to evaluate the alternatives because we are an existing successful company which needs to re-evaluate our current position to assess where we are. Our main concern is to be above competitors. 

  • How does the evaluation relate to the decision criteria developed?
        The evaluation relates to the decision criteria because they attacked the problem by choosing the right decision. 

  • How imaginative can/should the evaluation be?
         The evaluation should have some imagination but should also concentrate on factual points which will help address the key problem. 

Recommendation
  • What is a quality recommendation?
         A quality recommendation would be one that would result in good outcome with the best resources in use. In the Harley case, I think the recommendation by the CIO to hire a strategic consulting team was a quality recommendation while the other one was a logical recommendation. 

  • What is a logical recommendation?
        A logical recommendation would just be the most obvious recommendation to a certain problem. In the case of Harley, I think suggesting to implement better internal control seems like the logical one. 

Presentation
  • If I were presenting, how would I sum up the case?
         If I were presenting this case, I would sum up the case by saying:

               Harley Davidson has identified the symptoms to their problem. After implementing a control framework as a guide, they found the underlying issues and in the end came up with the solutions to fix them. 

  • What key visual aids would I present?
        Using Powerpoint i would present a framework of the previous problematic controls and show a framework for the new one. 

  • How would I “sell” the recommendation?
     My main selling point for the recommendation would be to show the success of other companies using the new framework and the success it brings. 

  • What other delivery considerations should I keep in mind?
    I would also consider using any information I could find about the methods used to implement the new framework and try to go in detail on the benefits of using it. In addition I would show some facts on the consulting team I would hire. 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)