Slide 1ObjectivesGovernance ProcessesDemand Management and Project InitiationTechnical ReviewProcurement and Vendor ManagementVendor Management ProcessResource Management and Service ManagementBudgetingChargebackProject Planning and Control in the SDLCProject Planning PhaseProject Planning PhaseProject Planning PhaseProject Planning PhaseA Project Work Plan ExampleE-commerce SecurityInformation Security Management Systems (ISMS)Strategic AspectOrganizational AspectTechnical AspectsFinancial and Legal AspectsAudit InvolvementAudit InvolvementMBAD 7090Chapter 6: IT Planning and ControllingFall, 20081IS Security, Audit, and Control (Dr. Zhao)ObjectivesGovernance ProcessesProject Planning and Control in SDLCE-Commerce Security ManagementFall, 20082IS Security, Audit, and Control (Dr. Zhao)Governance ProcessesFall, 2008IS Security, Audit, and Control (Dr. Zhao)3Goal: effective financial control over IT investment and operating budgetNeeded to ensure the effective use of resources and alignment with business objectives.Demand ManagementProject InitiationTechnical ReviewProcurement and Vendor ManagementStrategic Sourcing and Vendor ManagementResource Management and Service ManagementChargebackDemand Management and Project InitiationFall, 2008IS Security, Audit, and Control (Dr. Zhao)4Demand management: how to devote limited resource?Projects that have a strong business caseProjects that have a senior management approval and sponsorProject initiation: how to start an approved project?Determines the total cost and benefit for a project by defining high-level business requirements and a conceptual solutionBusiness users develop requirements and a business caseSoftware developers develop a solution and cost estimateForm the basis for the project budgetTechnical ReviewFall, 2008IS Security, Audit, and Control (Dr. Zhao)5Ensures compliance with technology standards so that:It is the right solutionIt integrates with other IT componentsIt can be supported with minimal investment in infrastructureIT Steering committeesRepresentatives from major areas in the organizationEvaluate:Technical feasibilityAlternative technologiesArchitectureIn-house skill compatibilityExisting environments/replacementsImplementation, licensing, and cost considerationResearch and analysts viewsVendor company profile and financial feasibilityProcurement and Vendor ManagementFall, 2008IS Security, Audit, and Control (Dr. Zhao)6Right terms and conditions are negotiatedDepending on extent of the service, a formal Request for Proposal (RFP) is prepared to request competitive bidsShould include service levels with contract penalties and tracking metrics/success criteria45% to 60% of an average IT budget is spent with third-party vendorsKey criteria to insource or outsource include strategy, competency, and riskVendor Management ProcessFall, 2008IS Security, Audit, and Control (Dr. Zhao)7Technology RequestReview requirements with customer Identify potential solutions Evaluate potential solutionsRecommend vendor solutionTechnology RequestReview requirements with customer Identify potential solutions Evaluate potential solutionsRecommend vendor solutionNegotiationIT Procurement TeamDefine scope of work Define contract termsNegotiate services and costsNegotiationIT Procurement TeamDefine scope of work Define contract termsNegotiate services and costsTechnology ApprovalTechnical Steering Committee (TSC)Evaluate architectureDetermine impactApprove/disapprove Technology ApprovalTechnical Steering Committee (TSC)Evaluate architectureDetermine impactApprove/disapprove Customer works with Account Manager to document requirements and identify potential solutions.Request for ProposalFinalize requirements and scopeRequest vendor proposalsEvaluate vendor proposalsRequest for ProposalFinalize requirements and scopeRequest vendor proposalsEvaluate vendor proposalsAccount Manager works with IT Procurement Team to evaluate vendor proposals.Vendor ManagementIT Procurement TeamMonitor vendor performanceAdminister contractsBudget for costs Vendor ManagementIT Procurement TeamMonitor vendor performanceAdminister contractsBudget for costs Technology/Contract RefreshIT Procurement TeamTrack contracts and assetsNegotiate technology refreshNegotiate contract renewal/upgradesTechnology/Contract RefreshIT Procurement TeamTrack contracts and assetsNegotiate technology refreshNegotiate contract renewal/upgradesIT Procurement Team notifies customer of contract end date. Account Manager works with TSC members to evaluate solution. Account Manager works with IT Procurement Team to negotiate vendor terms.ExampleofProcessResource Management and Service ManagementFall, 2008IS Security, Audit, and Control (Dr. Zhao)8Effectively manage people by creating an environment for training and development of skillsMatch the right people with the right skills for the right projectsService level agreements states expectations between both partiesIncludes measurable criteria for monitoring on a regular basis“You cannot manage what you don’t measure.” (Gartner)BudgetingFall, 2008IS Security, Audit, and Control (Dr. Zhao)9Carefully control and manage IT spendingBusiness volume growth projectionsNew technology investmentsStaffing plansInfrastructure capacity plansLabor, software, hardware, etc.ChargebackFall, 2008IS Security, Audit, and Control (Dr. Zhao)10Charging for services for what users consumeAdvantages:Holds users accountableProvides visibility into IT costsDisadvantages:Misperception that IT costs are high because infrastructure costs are factored into the chargeback amountExample: delivering a desktop to a userIt might be more expensive than individual buying a PC.Why?Project Planning and Control in the SDLCFall, 2008IS Security, Audit, and Control (Dr. Zhao)11Six generic phases:1. Project Planning2. Analysis3. Design4. Construction5. Test6. RolloutProject Planning PhaseFall, 2008IS Security, Audit, and Control (Dr. Zhao)12High level view of intended
View Full Document