Vamsee Krishna Kosuru

50167174
Case let: Your Neighborhood Grocers
Phase 1: Identify the key issues that are root cause of the new
CIOs problems.

Senior management have only grown within in various levels of management, thus
have lack of industry experience at senior management level.
Company has their strategic focus only on marketing, delegating IT infrastructure to a
lower priority.
With each acquisition, applications were integrated into the company by looking at
only parameter of better functionality, and issues such as compatibility, vulnerabilities
and security were not taking in consideration.
Applications such as DBMS were run independent to each other, which increases cost
of maintenance by allocations separate technical resource for each of them, get more
difficult to implement a common control to all of them.
Applications on platform such as IBM mainframes are running on old and outdated
operating systems for which support is going to end soon.
Support for warehouse distribution application is no longer available, it is a clear
vulnerability as in incase of any issues we have to resolve with in ourselves.
Front of Store requires immediate replacement as we dont have vendor to provide
support for Point of sale systems. Also the retired programmers who were hired
temporarily arent part of our company giving system access to them would pose a
serious risk.
Account Payables interfaces with Go to Market, In-Store Delivery, Warehouse
Distribution and a non-resale purchasing system which are already having issues of
their own in terms of maintenance which could pose a greater risk to this system.
General Ledger is very old system and is difficult to trace it.
Payroll system is running on different versions at each of its operating companies,
versions which are current used are two to five generations old.
Food Product R&D application has been customized significantly by the research and
development staff as no programming standards were put in place.
No co-ordination existed between IT and Business teams where each of their teams
procured their products by themselves, where products bought by IT were technically
efficient but operationally cumbersome.
On the other hand, products from business team resulted in further increase in distinct
hardware and software systems and resulted in lack of technical knowledge resulted in
substantial write-offs.
Systems developed in house werent successful and in turn incurred overrun of the
budget.

Phase II: For each of the key issues identified in phase I, how
would you apply specific COBIT control objectives within PO1
through PO3 and ME4 to address these issues? Larry needs

specifics and requested that you cite the control objective and
how it would remediate the situation.
PO1.2 Business-IT Alignment
Establish processes of bi-directional education and reciprocal involvement in strategic
planning to achieve business and IT alignment and integration. Mediate between business and
IT imperatives so priorities can be mutually agreed.
This control will be able to address the issue of lack of coordination between IT and Business
which where hardware and software products were brought without consensus of either of
teams involvement where they have failed to meet business objectives and reported loss to
the company.
PO1.4 IT Strategic Plan
Create a strategic plan that defines, in co-operation with relevant stakeholders, how IT goals
will contribute to the enterprises strategic objectives and related costs and risks.
This control helps in budgeting based on the priority and risk involved in
the applications, some applications like POS needed replacement which
needs immediate attention than which are going get outdated or loose
support in some time. It also takes care of the acquisition where issues
including functionality, compatibility, security are addressed through
acquisition strategy.
PO1.6 IT Portfolio Management
This control helps in portfolio of IT enabled investments by identifying, defining, evaluating,
prioritizing, selecting, initiating, managing and controlling applications to achieve strategic
business objectives. This ensures, application objectives support achievement of the outcome,
assign clear accountability with measures, allocating resources, delegating authority and
deciding on required output at program launch.
PO2.1 Enterprise Information Architecture Model
Establish and maintain an enterprise information model to enable applications development
and decision-supporting activities, consistent with IT plans as described in PO1.
This control address issue with accounts payable interface where its functionality depends on
the information received from interface of different systems, so that it remains cost
effective, secure and resilient to failure.
PO3.1 Technological Direction Planning
Analyze existing and emerging technologies, and plan which technological direction is
appropriate to realize the IT strategy and the business systems architecture. Various Database
management systems run independent to each other, this control provides proper
technological direction. Also when an acquisition happen we have plan for migration strategy,
contingency aspects of infrastructure components.
PO3.2 Technology Infrastructure Plan
Create and maintain a technology infrastructure plan that is in accordance with the IT
strategic and tactical plans.
Senior management didnt consider IT as priority which resulted in many issues such as IBM
systems were old and outdated, POS systems no longer has support from company, Database
systems run independent to each other, general ledger is too old to trace, payroll systems are

two to five generations old. This control address all the above issues where it provides proper
technological direction for information systems staffing and investments.
PO3.3 Monitor Future Trends and Regulations
Establish a process to monitor the business sector, industry, technology, infrastructure, legal
and regulatory environment trends. Monitoring future trends helps in planning the changes
well advanced so that they could be incorporated in our IT strategic plan. Had this control in
place, it would address the issues where many applications went outdate and applications that
do not have support from the market.
PO3.4 Technology Standards
To provide consistent, effective and secure technological solutions enterprise wide, establish
a technology forum to provide technology guidelines, advice on infrastructure products and
guidance on the selection of technology, and measure compliance with these standards and
guidelines.
Food Production R&D team made changes to code, which doesnt follow proper
programming standard, this control provides proper standard needed for R&D team so that
changes made meets standards and guidelines.
PO3.5 IT Architecture Board
Establish an IT architecture board to provide architecture guidelines and advice on their
application, and to verify compliance.
We have many applications running together, there is a need for common architecture
guidelines such that they meet business objective and meet the compliance requirements.
ME4 Provide IT Governance
Members at senior management do not have proper senior level industry experience, also we
need to setup IT governance team for the company which could establish framework which
aligns with the enterprise strategy and objectives also ensuring the compliance with the
regulations. They also would be able to take care of some key functions to provide value
delivery, resource management to align with current and future strategic objectives and
performance measurement to enable senior management to review progress towards
identified goals.

Phase III: Larry is concerned that once he has developed the

framework, he will face roadblocks in implementing it. Address
these issues in a talking-points outline.
Larry Bacon as CIO to streamline operations, want to remove unnecessary
fat from the budget; and develop a strategy for process improvement and
accountability, including a framework and structure. He would like to
implement COBIT framework for providing governance over IT, but the
roadblock he would face were:
COBIT framework implements strategic IT planning and IT governance which
requires establishment of defined processes, roles and responsibilities. Moving people
and making resources following standards and policies takes lot of time.

Implementation requires replacing unsupported applications or hiring suitable

technology resources adhering to policies and regulations.

Implementation requires making changes to application versions so that version

control Is appropriate, latest version is maintained and consistent across all the
business modules.

Migrating applications on new operating systems requires lot of effort, engaging

resources and budget constraints.

Replacing and merging applications requires migration activity, which may need
additional support and involves risks.

Keeping controls at all interface systems, particularly at interfaces involving acquired

applications which are at risk. This may involve imposing additional responsibilities
and roles.

He could face disagreements with current senior management as they have no

experience of outside industry, additional efforts may go into educating them and
other personnel with required processes, standards and guidelines.