Professional Documents
Culture Documents
INFORMATION TECHNOLOGY
DEPLOYMENT RISKS
(Week 5)
Lecture Outline
Developing Strategic Plans
Managing Development Projects
Acquiring Software Applications
Developing Software Applications
Changing Software Applications
Implementing Software Applications
Developing Strategic Plans
Serves as primary guideline for allocating
resources throughout the firm.
Keeps the organization headed in a
profitable direction.
Strategic planning begins with a vision
following clearly defined path of
visionmissionobjectivesstrategypolicies
Mission Objectives Strategy Policies
Information
Technology Plans
Must Complement &
Support Company
Plans
1. Planning Policies
a. Responsibility (who is involved with
planning?)
b. Timing (when does planning take place?)
c. Process (how should planning be conducted?)
d. Deliverables (what planning documents are
produced?)
e. Priorities (what are the most to least critical
planning issues?)
Important Policy Areas for IT Functions
2. Organizational Policies
a. Structure (what is the organizational form of the IT
function?)
b. Information Architecture (is the infrastructure
aligned with the firm’s mission?)
c. Communication (are the IT strategy and policies
known by all affected parties?)
d. Compliance (are all external regulations and laws
being addressed?)
e. Risk assessment (are IT risks identified, measured
and controlled?)
Important Policy Areas for IT Functions
3. Human Resource Policies
a. Training (what kind of training is provided and to
whom?)
b. Travel (what are the travel guidelines and priorities?)
c. Hiring (who determines needs and who screens
applicants?)
d. Promotion (what are the guidelines and how does the
process work?)
e. Termination (what are voluntary and involuntary
termination guidelines?)
Important Policy Areas for IT Functions
4. Software Policies
a. Acquisition (how is software acquired from outside
vendors?)
b. Standards (what are the software compatibility
standards?)
c. Outside contractors (should contractors be used for
software development?)
d. Changes (how to control and monitor the software
change process?)
e. Implementation (how to handle conversions,
interfaces, and users?)
Important Policy Areas for IT Functions
5. Hardware Policies
a. Acquisition (how is hardware acquired from outside
vendors?)
b. Standards (what are the hardware compatibility
standards?)
c. Performance (how to test computing capabilities?)
d. Configuration (where to use client-servers, personal
computers, and so on?)
e. Service Providers (should third-party service bureaus
be used?)
Important Policy Areas for IT Functions
6. Network Policies
a. Acquisition (how is network technology acquired from
outside vendors?)
b. Standards (compatibility of local area networks,
intranets, extranets, and so on?)
c. Performance (how much bandwidth is needed and is
the network fast enough?)
d. Configuration (use of servers, firewalls, routers, hubs,
and other technology?)
e. Adaptability (capability to support emerging e-
business models?)
Important Policy Areas for IT Functions
7. Security Policies
a. Testing (how is security tested?)
b. Access (who can have access to what information and
applications?)
c. Monitoring (who monitors security?)
d. Firewalls (are they effectively utilized?)
e. Violations (what happens if an employee violates
security?)
Important Policy Areas for IT Functions
8. Operations Policies
a. Structure (how is the operations function structured?)
b. Responsibilities (who is responsibility for transaction
processing?)
c. Input (how does data enter into the information
system?)
d. Processing (what processing modes are used?)
e. Error Handling (who should correct erroneous
input/processing items?)
Important Policy Areas for IT Functions
9. Contingency Policies
1. Backup (what are the backup procedures?)
2. Recovery (what is the recovery process?)
3. Disasters (who is in charge and what is the plan?)
4. Alternate Sites (what types of sites are available for
off-site processing?)
Important Policy Areas for IT Functions
10. Financial and Accounting Policies
1. Project Management (are IT projects prioritized,
managed, and monitored?)
2. Revenue Generation (should services be sold inside or
outside the organization?)
3. Technology Investments (are the investment returns
being properly evaluated?)
4. Funding Priorities (where to most effectively allocate
resources?)
5. Budgets (are budgets aligned with funding levels and
priorities?)
“Red Flags” for IT Auditors
The following are key planning risks indicators,
should trigger red flags for the IT auditor.
1. A strategic planning process is not used.
2. Information technology risks are not assessed.
3. Investment analyses are not performed.
4. Quality assurance reviews are not conducted.
5. Plans and goals are not communicated.
Key planning risks indicators
6. Information technology personnel are
disgruntled.
7. Software applications do not support
business processes.
8. The technology infrastructure is inadequate.
9. The user community is unhappy with the
level of support.
10.Management’s information needs are not
met.
CobiT Guidelines
Guidelines suggest eleven processes should
be incorporated into IT strategic plans.
Each process is integrated throughout IT
policy areas.
Processes designed to manage the key IT
risks.
11 Processes
1. Develop a strategic IT plan.
2. Articulate the information architecture.
3. Find an optimal fit between IT and the company’s
strategy.
4. Design the IT function to match the company’s needs.
5. Maximize the IT investment.
6. Communicate IT policies to the user community.
7. Manage the IT workforce.
8. Comply with external regulations, laws, and contracts.
9. Conduct IT risk assessments.
10. Maintain a high-quality systems development process.
11. Incorporate sound project management techniques.
Managing Development Projects
Regardless of types of projects, there are project
management techniques that apply to most situations.
Using structured methodology minimizes risk of
failure:
– Late delivery
– Cost overrun
– Lack of functions
– Poor quality
IT auditor should check that project management
techniques are employed.
Project Manager
First step is to assign project to a manager
Needs experience in domain area
Needs skill at managing projects
Must work well with staff on planning and
executing the project.
– Senior management representatives
– IT staff
– Affected users
Generic Project Life Cycle
Planning Scheduling Monitoring Controlling Closing
Boundary
Conditions
Scope
Parameters Parameters Parameters Time
Cost
Activity Activity
Resources 3
Beginning End
Project Life Cycle
Phase1 : Plan the Project
– Set the Time, Cost & Scope
– Identify resources
– Articulate project outcome
– Work with specialists I.e., analysts, programmers, users
– Determine the WBS – Work Breakdown Structure
Phase 4 : Controlling
– Aimed at keeping the project moving
– Adjust to unexpected issues, delays, and problems arised
– Continually adjust the plan
Project Life Cycle
Phase 5 : Closing the Project
– Obtain client acceptance in writing
– Release and evaluate project personnel
– Identify & reassign remaining project assets
– Evaluations of project
– Chronicle project history