Slide 1ObjectivesGovernance ProcessesDemand Management and Project InitiationTechnical ReviewProcurement and Vendor ManagementVendor Management ProcessResource Management and Service ManagementBudgetingChargebackProject Planning and Control in the SDLCProject Planning PhaseProject Planning PhaseProject Planning PhaseProject Planning PhaseA Project Work Plan ExampleE-commerce SecurityInformation Security Management Systems (ISMS)Strategic AspectOrganizational AspectTechnical AspectsFinancial and Legal AspectsAudit InvolvementAudit InvolvementMBAD 7090Chapter 6: IT Planning and ControllingFall, 20081IS Security, Audit, and Control (Dr. Zhao)ObjectivesGovernance ProcessesProject Planning and Control in SDLCE-Commerce Security ManagementFall, 20082IS Security, Audit, and Control (Dr. Zhao)Governance ProcessesFall, 2008IS Security, Audit, and Control (Dr. Zhao)3Goal: effective financial control over IT investment and operating budgetNeeded to ensure the effective use of resources and alignment with business objectives.Demand ManagementProject InitiationTechnical ReviewProcurement and Vendor ManagementStrategic Sourcing and Vendor ManagementResource Management and Service ManagementChargebackDemand Management and Project InitiationFall, 2008IS Security, Audit, and Control (Dr. Zhao)4Demand management: how to devote limited resource?Projects that have a strong business caseProjects that have a senior management approval and sponsorProject initiation: how to start an approved project?Determines the total cost and benefit for a project by defining high-level business requirements and a conceptual solutionBusiness users develop requirements and a business caseSoftware developers develop a solution and cost estimateForm the basis for the project budgetTechnical ReviewFall, 2008IS Security, Audit, and Control (Dr. Zhao)5Ensures compliance with technology standards so that:It is the right solutionIt integrates with other IT componentsIt can be supported with minimal investment in infrastructureIT Steering committeesRepresentatives from major areas in the organizationEvaluate:Technical feasibilityAlternative technologiesArchitectureIn-house skill compatibilityExisting environments/replacementsImplementation, licensing, and cost considerationResearch and analysts viewsVendor company profile and financial feasibilityProcurement and Vendor ManagementFall, 2008IS Security, Audit, and Control (Dr. Zhao)6Right terms and conditions are negotiatedDepending on extent of the service, a formal Request for Proposal (RFP) is prepared to request competitive bidsShould include service levels with contract penalties and tracking metrics/success criteria45% to 60% of an average IT budget is spent with third-party vendorsKey criteria to insource or outsource include strategy, competency, and riskVendor Management ProcessFall, 2008IS Security, Audit, and Control (Dr. Zhao)7Technology RequestReview requirements with customer Identify potential solutions Evaluate potential solutionsRecommend vendor solutionTechnology RequestReview requirements with customer Identify potential solutions Evaluate potential solutionsRecommend vendor solutionNegotiationIT Procurement TeamDefine scope of work Define contract termsNegotiate services and costsNegotiationIT Procurement TeamDefine scope of work Define contract termsNegotiate services and costsTechnology ApprovalTechnical Steering Committee (TSC)Evaluate architectureDetermine impactApprove/disapprove Technology ApprovalTechnical Steering Committee (TSC)Evaluate architectureDetermine impactApprove/disapprove Customer works with Account Manager to document requirements and identify potential solutions.Request for ProposalFinalize requirements and scopeRequest vendor proposalsEvaluate vendor proposalsRequest for ProposalFinalize requirements and scopeRequest vendor proposalsEvaluate vendor proposalsAccount Manager works with IT Procurement Team to evaluate vendor proposals.Vendor ManagementIT Procurement TeamMonitor vendor performanceAdminister contractsBudget for costs Vendor ManagementIT Procurement TeamMonitor vendor performanceAdminister contractsBudget for costs Technology/Contract RefreshIT Procurement TeamTrack contracts and assetsNegotiate technology refreshNegotiate contract renewal/upgradesTechnology/Contract RefreshIT Procurement TeamTrack contracts and assetsNegotiate technology refreshNegotiate contract renewal/upgradesIT Procurement Team notifies customer of contract end date. Account Manager works with TSC members to evaluate solution. Account Manager works with IT Procurement Team to negotiate vendor terms.ExampleofProcessResource Management and Service ManagementFall, 2008IS Security, Audit, and Control (Dr. Zhao)8Effectively manage people by creating an environment for training and development of skillsMatch the right people with the right skills for the right projectsService level agreements states expectations between both partiesIncludes measurable criteria for monitoring on a regular basis“You cannot manage what you don’t measure.” (Gartner)BudgetingFall, 2008IS Security, Audit, and Control (Dr. Zhao)9Carefully control and manage IT spendingBusiness volume growth projectionsNew technology investmentsStaffing plansInfrastructure capacity plansLabor, software, hardware, etc.ChargebackFall, 2008IS Security, Audit, and Control (Dr. Zhao)10Charging for services for what users consumeAdvantages:Holds users accountableProvides visibility into IT costsDisadvantages:Misperception that IT costs are high because infrastructure costs are factored into the chargeback amountExample: delivering a desktop to a userIt might be more expensive than individual buying a PC.Why?Project Planning and Control in the SDLCFall, 2008IS Security, Audit, and Control (Dr. Zhao)11Six generic phases:1. Project Planning2. Analysis3. Design4. Construction5. Test6. RolloutProject Planning PhaseFall, 2008IS Security, Audit, and Control (Dr. Zhao)12High level view of intended