The issue in the Harley case is that there are gaps between the internal controls that Harley currently uses and internal controls that regulations require that they use. They need to implement a process to bring their systems up to speed. The current systems creates a difficult process for end users, there is no change management, no impact analysis on changes, and a poor back up and recovery process. In short something needs to be done to bring the organization up to speed on regulations and internal controls.
Harley has a couple of options on how they can move forward to rectify the situation. They can continue to implement a vendor's general computer controls model, implement the COBIT control framework, or do further research toward an even more strict framework. Since they want this to have the least amount of impact on daily operations with the greatest amount of progress they should focus on the implementation of the COBIT control framework.
By focusing on the COBIT framework they are implementing a generally accepted framework that complies to all necessary regulations. Since a lot of organizations use this framework there is an expected level of ease with the implementation since it has been practiced often. Once there has been a successful adaptation of this framework the Harley IT team can continue to expand on the controls to create an even stronger framework for what they need.
No comments:
Post a Comment