KS Solutions Caselet: Using COBIT® 5 · ISACA has designed and created the KS Solutions Caselet...

KS Solutions Caselet: Using COBIT® 5

© 2014 ISACA. All rights reserved.

ISACA has designed and created the KS Solutions Caselet : Using COBIT® 5 (the ‘Work’) primarily as an educational resource for educational professionals. ISACA makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, security governance and assurance professionals should apply their own professional judgment to the specific circumstances presented by the particular systems or information technology environment.

ISACA

3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545

Fax: +1.847.253.1443

Email: [email protected]

Web site: www.isaca.org

2

Disclaimer


© 2014 ISACA. All rights reserved. No part of this publication may be used, copied,

reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in

any form by any means (electronic, mechanical, photocopying, recording or otherwise)

without the prior written authorisation of ISACA. Reproduction and use of all or portions of

this publication are permitted solely for academic, internal and non-commercial use and

for consulting/advisory engagements, and must include full attribution of the material’s

source. No other right or permission is granted with respect to this work.

Provide Feedback: www.isaca.org/basic-concepts-caselets

Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center

Follow ISACA on Twitter: https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial

Like ISACA on Facebook: www.facebook.com/ISACAHQ

3

Reservation of Rights


http://www.isaca.org/information_security_student_book


















Author Krishna Seeburn, Ph.D., CFE, CIA, CISSP, FBCS, LLM, PMP, Riesling Consulting Group,

Mauritius Board of Directors Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government,

Australia, International President Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK,

Vice President Juan Luis Carselle, CISA, CGEIT, CRISC, RadioShack Mexico, Mexico, Vice President Ramses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, Dell, Spain,

Vice President Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, US House of

Representatives, USA, Vice President Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, Kumar & Raj, India, Vice President Jeff Spivey, CRISC, CPP, PSP, Security Risk Management Inc., USA, Vice President Marc Vael, Ph.D., CISA, CISM, CGEIT, CRISC, CISSP, Valuendo, Belgium, Vice President Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Past International President Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, Past International

President Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Director Krysten McCabe, CISA, The Home Depot, USA, Director Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, BRM Holdich, Australia, Director Credentialing and Career Management Board Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK,

Chairman Bernard Battistin, CISA, CMA, Office of the Auditor General of Canada, Canada Richard Brisebois, CISA, CGA, Canada Terry Chrisman, CGEIT, CRISC, GE Money, USA Erik Friebolin, CISA, CISM, CRISC, CISSP, PCI-QSA, ITIL, USA Frank Nielsen, CISA, CGEIT, CCSA, CIA, Nordea, Denmark Hitoshi Ota, CISA, CISM, CGEIT, CRISC, CIA, Mizuho Corporate Bank, Japan Carmen Ozores Fernandes, CISA, CRISC, Brazil Steven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission,

USA

4

Acknowledgements


Professional Standards and Career Management Committee

Steven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission, USA, Chairman

Christopher Nigel Cooper, CISM, CITP, FBCS, M.Inst.ISP, HP Enterprises Security Services, UK

Ronald E. Franke, CISA, CRISC, CFE, CIA, CICA, Myers and Stauffer LLC, USA

Alisdair McKenzie, CISA, CISSP, ITCP, I S Assurance Services, New Zealand

Kameswara Rao Namuduri, Ph.D., CISA, CISM, CISSP, University of North Texas, USA

Katsumi Sakagawa, CISA, CRISC, PMP, JIEC Co. Ltd., Japan

Ian Sanderson, CISA, CRISC, FCA, NATO, Belgium

Timothy Smith, CISA, CISSP, CPA, LPL Financial, USA

Todd Weinman, CPS, The Weinman Group, USA

Academic Program Subcommittee

Kameswara Rao Namuduri, Ph.D., CISA, CISM, CISSP, University of North Texas, USA, Chairman

Umesh R. Hodeghatta, Xavier Institute of Management, India

Matthew Liotine, Ph.D., CBCP, CSSBB, MBCI, University of Illinois at Chicago, USA

Joshua Onome Imoniana, Ph.D., CGEIT, Universidade Presbiteriana Mackenzie, Brazil

Nebil Messabia, Canada

Kumar Srikanteswaran, CISA, CMA, PMP, India

Sadir Vanderloot, CISA, CISM, CCNA, CCSA, NCSA, Sheffield Hallam University, Sweden

Ype van Wijk, Ph.D., RE, RA, Rijksuniversiteit Groningen, The Netherlands

Hiroshi Yoshida, Ph.D., CGEIT, CRISC, Nagoya Bunri University, Japan

This caselet was developed to support the

Basic Foundational Concepts Student Book: Using COBIT® 5,

www.isaca.org/basic-concepts-student-book

5

Student Book


6

How do they benefit a CIO?

How do they benefit an enterprise?

What are frameworks and policies?

A framework defines the way you can create and use something. It can consist of industry standard policies, guidelines, good practices, procedures and processes. Frameworks and policies are important because they provide enterprises with a definition of how they need to conduct business and how to run the enterprise in a more functional way. Frameworks and policies provide industry standard good practices and a blueprint of ways to work.


7

How do they benefit a CIO?



Enterprises become more functional, effective and profitable through the use of frameworks and policies because these provide effective ways to control expenses, streamline repeat processes, implement enterprise infrastructure, develop software, manage assets, etc.


8

How do they benefit employees?



As an employee, frameworks and policies provide you with a baseline to do your job; they help you to formalise a structure within an enterprise and help you work in a more focused and organised way. They are less prone to uncertainty, ensure a better working environment, and help both you and the enterprise succeed.


9

Agenda

• KS Solutions – Profile

• Background Information

• The Problems

• Your Role

• Your Tasks

• Discussion Questions


10

KS Solutions – Profile

Founded in 2000, the mission of KS Solutions is to provide robust, elegant and cost-effective software systems.

Worldwide, more than 1,000 higher education institutions in 60 countries run on its administrative systems.

Hundreds of other non-profits, community service and health care organisations, and other businesses rely on Campus Management to manage their most mission-critical transactions; dynamic relationships; and the complexities of learning, finance, research and regulation.


11

Background – What We Do

• We are primarily a software development company with

focus on higher education administrative systems, non-

profit, community service and health care organisations.

• We provide key administrative software solutions and

services with a focus on management of mission-critical

transactions; dynamic relationships; and the complexities

of learning, finance, research and regulation.

• Our operational offices are located in the UK, USA, India

and Brazil.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


12

Background – Vision/Values

Vision on Education

• We foresaw the converging needs of institutions serving

traditional and non-traditional students in a global and

increasingly Internet-driven society.

• Our vision is to ensure that clients achieve rapid delivery

of highly integrated administrative and academic systems

that are easier to maintain over the long term.

• We serve organisations across the higher education

landscape—ranging from career colleges to public and

private institutions, offering non-credit programmes;

professional degrees and certifications; and traditional 2-

year, 4-year, graduate and post-doctoral programmes.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


13


Values

• Customer Focus. Innovation. Performance. Integrity.

Teamwork. These qualities embody our high

standards, culture of innovation, strength in diversity

and ongoing commitment to clients.

• Each quarter, employees recommend and nominate

colleagues who best represent these values through the KS

STARS Awards Programme, which rewards the winners with

substantial cash prizes, inscribed plaques and companywide

recognition.

• We are quite successful externally, but internally we are very

dysfunctional.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


14


• Customer focus—Customers, both external and internal, are at the center of our activities and drive all that we do.

• Innovation—We constantly challenge conventional wisdom to bring about changes that create a new dimension of performance.

• Performance—We strive for excellence in everything we undertake.

• Integrity—We act with a profound sense of integrity and fairness.

• Teamwork—We create a feeling of oneness and team spirit within a work group.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


15

Background – Investments

Investing in research and development (R&D) and strategic relationships:

• We are well known for our significant, continuous investment in

research and development.

• To advance our products and introduce new solutions, we

maintain a focus on the gathering of market requirements and

working with clients, advisory boards and industry thought

leaders, to determine our product road map and anticipate the

complexities and challenges facing the industries we serve.

• We also pursue acquisitions and key partnerships that can

provide clients with distinctive operational and technological

advantages. Most recently, this has included the acquisition and

integration of two top-rated, best-in-class solutions: KS

Constituent Relationship Management (CRM) suite and KS

Fundraising software.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


16

Background – Financials

• Company Type: Private

• Revenue: US $26 Million

• Total Assets: US $62 million

• Employees: 1200 Permanent

• Number of IT personnel: 500-800

• Founded in 2000

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


17

Background – Org. Structure

The board:

• Gregorio Zantaz, Chairman and Chief Executive Officer

(CEO)

• Robert Lazaro, Board Member and Chair of Audit

Committee

• John Bernstein, Board Member and Chair of Finance

Committee

• Vivian Carlile, Member

• John Mcdermot, Member

• Plus eight other board members who also act as the non-

executive members of the board


What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments

18


The executive management team:

• Gregorio Zantaz, Chairman and CEO

• Nigel Limpkin, Senior Vice President (VP) and Chief Information Officer (CIO)

• Vicky Lane, Senior VP and Chief Financial Officer (CFO)

• Andrew Right, Senior VP

• Leonard Nimoi, Senior VP and General Field Operations

• Raj Aryan, Senior VP and Managing Director, RA Corporation Pvt. Ltd.

What We do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


19


Chairman and CEO + Board

Senior Vice President and Chief Information Officer

VP Development

VP Infrastructure /IT Director

VP Quality Assurance Senior Vice President and

Chief Financial Officer

Senior Vice President

Senior Vice President and General Field Operations

VP Consulting and Business Development Services

VP Implementation and Support Services

Senior VP and Managing Director, RA Corporation

Pvt. Ltd.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments

20


The board of directors:

• Consists of people with multiple expertise

• Run by the chairman, who is also the CEO

• The board, nevertheless, has an oversight committee in the audit committee that oversees all operational and control aspects.

Management:

• Consists of two levels: one more strategic management consisting of the top senior vice presidents and C-level suite and a more operational management consisting of the vice presidents and all other operational staff under their lead.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments

21


Senior vice president and chief information officer:

• Overall responsibility of the development of software solutions and design, and also looks at quality assurance in-house and the Software as a Service (SaaS) solution for hosted services for clients

Senior vice president and general field operations:

• Overall responsibility of business development, client support and also consulting services (looks at implementation, training etc.)

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


22

Background – Marketing

• We spend quite a varied but large proportion of our budget on marketing and business development activities.

• Our work on the corporate social responsibility front places us on the forefront of our non-profit clients or potential clients.

• Much of our other marketing comes from our work achieved with universities and case studies on the Internet to show what we can do and deliver.

• Free demos are given without much problem, because most solutions have been ported to the cloud/hosting services of KS Solutions itself.

• A diversified approach on the apps developed and delivery methods bring them to the edge of high-level added value to enterprises.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


23

Background – Industry

• Software and services delivery company

• The ability to innovate viable products and related services

• Obtaining competitors’ products and services ideas and proposals is a huge advantage.

• Being first to provide interesting solutions driven to client needs in all aspects of the industry gives the upper edge to the competitor.

• A volatile market, because many companies exist in the market from the bigger ones such as SAP, Oracle, etc.

• The solutions need to meet the required standards and ensure that high-level administrative procedures and processes are present.

• It is a challenging market to integrate in, because most universities and non-profits have different operational aspects.

What We Do

Org. Structure

Marketing

Industry

Financials

Vision/Values

Investments


• Major compliance issues with former executive management team (replaced by new executive management team focused on transformation and re-invigorating growth)

• Lack of formalised IT policies, practices and disciplines

• Poor IT governance, reporting and inadequate business intelligence – requires a cultural change

24

The Problems


• Poor IT customer satisfaction and unmet business needs caused business units to ramp up their own systems development functions.

• Inadequate and inappropriate IT skills, competencies and leadership

• Challenge—Drive business process to transform the business for growth and greater profitability using IT

• Self-fund (through cost-reduction programmes) IT budget growth for new initiatives and keeping the lights on

• Lack of business intelligence (multiple sources of inaccurate business information)

25

The Problems


Position: SVP and CIO

Tenure: You have been on this job for only six months and are still trying to accommodate yourself in the environment.

Your Manager: CEO

Your team: You have three VPs who report to you.

26

Your Role

Experience: • 10 years of experience an IT director (four as a

CIO) • Four years of experience in the software

development industry Education: • Undergraduate degree in computer science • Several professional courses in a variety of IT,

management and business-related areas Other: • Good understanding of governance of enterprise

IT and some experience in risk • Good overview of the Capability Maturity Model

Integration (CMMI) model from the Software Engineering Institute (SEI) and a recent introduction to COBIT 5

• Passed CISA exam recently


• New executive management team hired a new CIO who brought in a new senior leadership team in IT.

• New CIO reports to CEO and is part of the senior executive management team.

• Business processes are fragmented.

• The new CIO and reconstituted business/IT executive steering group are to develop a strategy and priorities focused on business growth, creating a performance-based culture that rewards achievement of goals, accountability and innovation, and building strong customer partnerships.

• Further, he worked on developing a transformation plan, which should be approved by the executive management team.

• IT is to be reorganised with some of the following functions: IT strategy and governance (includes PMO, PR/marketing and personnel development), application development, IT operations and infrastructure and enterprise architecture.

27

The Approach


• Work towards the development of a blueprint for an IT governance framework and process. This should help the company move towards a two-year realistic strategic plan (from a three-year plan) linked to an annual operating plan.

• With new IT management team in place for only six months, many initiatives are in process and key results will not be clearly visible or measurable. (They are definitely going in the right direction, but the jury is still out.)

28

The New Leadership Tasks


1. Identify the key problems and processes that need to be reviewed.

2. Identify the application level risk areas.

3. Identify a management-oriented framework for continuous and proactive control self-assessment.

4. Identify the key metrics for enabling assessments of IT performance in business terms.

5. Identify the need for guidelines and map the system development life cycle (SDLC) for the problem identified.

6. Define factors influencing an SDLC risk.

7. Define the potential results for alignment, IT service management and delivery, programme and project management, and performance management.

8. Identify potential critical success factors.

9. Identify potential lessons learned.

29

Your Tasks


1. From the problems identified, what do you find as key issues in this enterprise and why? • Hint: The problems cannot be easily be resolved without key analysis and willingness for

change. Many problems are related to process, guidelines or even not following key standards.

2. Software development is never an easy game these days, but some major companies have been able to counter those problems. They have been able to find solutions to the problems and make software development a real, profitable business on its own. Your challenge is to propose a working strategy that would eventually bring the value to your role and grow profitability. • Hint: Identify the key areas and processes that you think would be a fit for the problems

identified.

3. Develop an approach based on frameworks and guidelines that can help put the company back on track. (You are not limited by what can be done, but you need to bear in mind businesses do not usually have unlimited budgets.) • Hint: Look at COBIT 5 to proceed. (There is no right or wrong approach, everything that is

carried out within an enterprise is dependent on time and urgency and, of course, budget.)

30

Discussions


31

Exhibit 1 – Current Systems Development Life Cycle (SDLC) at KS Solutions

Systems Analysis

Systems Selection and Design

Systems Implementation (Responsibility of VP Implementation

and Support Services)

Preliminary Feasibility

Systems Analysis Report and Project Proposal

Feasibility Study Systems Selection Report

Implementation Review Acceptance


KS Solutions Caselet: Using COBIT® 5 · ISACA has designed and created the KS Solutions Caselet...

Documents

Transcript of KS Solutions Caselet: Using COBIT® 5 · ISACA has designed and created the KS Solutions Caselet...