Dr. A.Q.

Khan Institute of Computer Science and Information Technology

Kahuta Distt. Rawalpindi
(End Semester Exam Spring 2015)

Programme Name: BsIT Teacher’s Name: Zubaria Inayat

Course Code: ___IT-305_____ Course Title: system integration and architecture
Registration No:_______________ Student Name:______________________
Semester/ Class:_6th____ Credit Hours:___3___
Date:___________ Day:_ __ Time:_____
Duration: 3 hours Total Marks:___60_
________________________________________________________________________________________________

Note: Attempt all questions.

Q # 1: (5)

Explain the significance of enterprise process model in comparison to normal process models? Write in detail
what features makes and enterprise model?
Q # 2: (5)

What are the best practices for enterprise management

Q #3: (5+5=10)

a. Discuss the five typical questions that pop up while fact finding( enterprise architecture) while following
zachmans framework?

b. discuss the strengths and weaknesses of Zachman's framework in general?

Q #4: (10)

Discuss the core competencies for effective IT governance?

Q # 5: (10)

Discuss How is PESTEL analysis conducted for strategy based organizations?

Q # 6: (20)

The business goal of Harley-Davidson Motor Company is to produce and sell high-quality motorcycles. Until
the early 2000s, this goal was the sole focus, and limited attention was given to internal audit and controls.
Because of increased scrutiny and regulations worldwide, it was important for the company to continue its
successful business model and also incorporate new thinking regarding the importance of controls. The
challenge was in getting management, information technology (IT) and audit speaking the same language and
working toward increased control, while still respecting the company’s unique culture. A new department
focused on control and risk mitigation needed a framework that focused on key value areas important to the
business. This all had to be accomplished by building consensus among varied departments and without
affecting quality or slowing production.

Harley-Davidson Motor Company was founded in 1903 in Milwaukee, Wisconsin, USA. It is the oldest
producer of motorcycles in the US and has enjoyed 20 consecutive years of record revenue. For the year ended
31 December 2005, Harley-Davidson shipped 329,000 motorcycles (a 3.7 percent increase), had revenue of US
$5.3 billion and experienced worldwide growth of 6.2 percent. In 2003, Harley-Davidson had limited IT
controls in place and staff had limited control knowledge. There were no standardized user access process, no
defined and documented change management process, and no rigor on backup and recovery processes, and
there were minimal organizational standards.Although complying with Sarbanes-Oxley was going to be a
challenge, the company took strong action, utilized COBIT (Control Objectives for Information and related
Technology) and passed Sarbanes-Oxley year one compliance.In addition, it had been difficult finding other
manufacturers for benchmarking, and COBIT helped show Harley-Davidson management where the company
was positioned regarding controls and what should be done to improve. To jumpstart IT governance and
Sarbanes-Oxley activities, Harley-Davidson created an IS compliance department and began implementing a
vendor’s general computer controls model. After attending a COBIT User Convention, a Harley-Davidson risk
specialist recommended COBIT to management and then converted the control framework to COBIT, published
by the IT Governance Institute. Concurrently, the internal audit department was driving IT to move beyond pure
compliance. The company realized it needed a broad control framework, which helped eliminate the constantly
changing “bar” used as a benchmark. Reasons behind Harley-Davidson’s selection of COBIT include:

 It is an internationally accepted standard for IT governance and control practices.

 It can be used by management, end users, and IT audit and security professionals, and it provides a common
language.
 It provides a means for benchmarking controls compliance.
 Use of the COBIT framework, including tools and templates, is available essentially free as a download from
 Other leading standards, including ISO 17799, ITIL and NIST, harmonize and map to COBIT.
 The company was able to gain agreement with the external auditor on the same framework and control
objectives.

Key to introducing COBIT was ensuring that all of IT and management understood why they needed to care
about effective, value-focused controls. Getting them to realize that there are many important business reasons
for this was the first key hurdle to be successfully addressed. COBIT’s business-focused language allowed
management, IT and internal audit to ensure they were on the same road. Harley-Davidson’s COBIT migration
process needed to go beyond questions such as “Do you have a systems development life cycle process
(SDLC)?” to stimulate internal conversations on what an SDLC really is and which skills were required. The
team started by mapping implemented controls to COBIT and compared the results to a previously accepted Big
4 accounting firm’s COBIT mapping. Gaps were identified and plans were developed to close these gaps. One of
the major benefits of using COBIT as its overall internal control and compliance model was getting everyone—
especially nontechnical motorcycle experts—revved up about control activities and why controls are important.
Harley-Davidson is subject to many regulations, including HIPAA and Gramm-Leach-Bliley, and COBIT serves
as an umbrella framework that helps the company zero in on appropriate control and compliance activities. For
example, it is a constant challenge to ensure that control owners truly understand effective control. Sometimes
they assume “more is better.” With COBIT, the risk team could clearly show them that one or two good controls
can be better than having seven controls, of which several are ineffective. Once control owners understood the
value of expending fewer resources and less time for an equal or better control, they jumped on board. Tracking
and reporting are important components of ongoing IT governance activities. Team members must be able to
learn about carry over and repeat findings, and follow up with management action plan owners to ensure
forward momentum continues to address the issues. Harley-Davidson developed an MS Access issues-tracking
database to have joint IT and internal audit visibility of known control weaknesses. Driving internal change was
also a key goal of this highly competitive company, and COBIT benchmarking was an invaluable tool for
independent comparison. It put the information in the right perspective for management and to obtain overall
buy-in. The framework shows peer comparison in an unbiased format and is used as part of every IT audit. Best
of all, it invites discussion about where the company would like to be.

Answer the following questions.

Q1: Write the conclusions you have drawn from the above case study's process based on COBIT
framework?

Q2: Discuss merits and demerits of using COBIT as reference framework?

ALL THE BEST