Task 1: Evaluate appropriate standards such as ISO 3000- risk management, ISO 9000- for

best practice, for the development of management Information System to AT&T Pvt. Ltd.
Answer:
In the development of a management information system (MIS) for AT&T Pvt. Ltd it is
imperative that there is compliance to the requirements of ISO 3000 (ISO 31000:2009), ISO
9000, Project Management Institute (PMI)and National Institute of Standards and Technology
(NIST) for the project to be a success and also to create a good quality MIS. ISO 3000 is an
international standard developed to help manage risk effectively, risk being defined as the
effect of uncertainty on objectives. Touted as a practical document to help organizations
develop their own approach to risk, ISO 31000 provides the principles, framework and generic
process for managing any type of risk in a transparent and systematic manner
(www.earchcompliance.teschtarget.com). ISO 3000 views risk as exposure to the
consequences of uncertainty, either positive or negative through identifying the variations
from what is planned or desired, and managing those risks to maximize opportunities,
minimize losses, and improve decisions and outcomes in developing the MIS. Compliance to
ISO 3000 increases the likelihood of achieving objectives i.e. the development of the MIS,
encourage proactive management, improve the identification of opportunities and threats,
improve financial reporting, improve governance, improve controls, improve stakeholder
confidence and trust, establish a reliable basis for decision making and planning, effectively
allocate and use resources for risk treatment, improve operational effectiveness and
efficiency, enhance health and safety performance, as well as environmental protection,
improve loss prevention and incident management, minimize losses, improve organizational
learning, improve organizational resilience, be aware of the need to identify and treat risk
throughout the organization and comply with relevant legal and regulatory requirements and
international norms.
It is necessary to create a risk management plan during the
development of the MIS so that chances of the project failing or not meeting its goals are as
small as possible (www.broadleaf.com.au). ISO 31000 provides the opportunity to clarify what
is meant by risk and how it should be managed and divided risk management into five
phases:
1. Risk identification
2. Analyzing risks to find out their negative impacts
3. Prioritizing risks for creating a proper risk management plan
4. Risk treatment managing risks
5. Auditing the risk management plan to refine it and offer better methods for minimizing
negative effects and boosting project productivity.
(www.broadleaf.com.au)
ISO 31000 has adopted the following process for managing risks:

www.broadleaf.com.au
ISO 31000s risk management principles can be integrated into the Systems development
lifecycle (SDLC) to manage the risks during the development of the MIS. The development of
a management information system (MIS) follows the systems development life cycle (SDLC)
process for systems development.
The ISO 9000 family addresses various aspects of quality management and contains some of
ISOs best known standards (www.iso.org). The standards provide guidance and tools for
companies and organizations who want to ensure that their products and services consistently
meet customers requirements, and that quality is consistently improved (www.iso.org). The
ISO 9000 standards define, establishes, and maintains an effective quality assurance system
for manufacturing and project management. They specify requirements and recommendations
for the design and assessment of management systems which are necessary for the
development of the MIS (David H 2001). The purpose of the ISO 9000 standards is to assist
organizations to implement and operate effective quality management systems and these
standards provide a vehicle for consolidating and communicating concepts in the field of
quality management that have been approved by an international committee of
representatives from national standards bodies (David H 2001). The primary users of the
standards are intended to be organizations acting as either customers or suppliers. Standards
in the ISO 9000 family include:
1. ISO 9001:2015 - sets out the requirements of a quality management system
2. ISO 9000:2015 - covers the basic concepts and language
3. ISO 9004:2009 - focuses on how to make a quality management system more efficient
and effective
4. ISO 19011:2011 - sets out guidance on internal and external audits of quality
management systems.
(www.iso.org)
Each standard fulfils a different purpose e.g. the purpose of ISO 9000 is to provide an
appreciation of the fundamental principles of quality management systems and an
explanation of the terminology used in the family of standards (David H 2001). The purpose
of ISO 9001 is to provide requirements which if met will enable organizations to demonstrate
they have the capability to consistently provide product that meets customer and applicable
regulatory requirements. ISO 9001 states that the standard can be used to assess the
organizations ability to meet customer, regulatory and the organizations own requirements

(David H 2001). The purpose of ISO 9004 is to provide guidance for improving the efficiency,
effectiveness and overall performance of an organization. ISO 9001 and ISO 9004 have been
developed as a consistent pair of standards that complement each other. They have a
common structure but can be used independently. ISO 9004 is not intended as a guide to ISO
9001. Although ISO 9004 includes the requirements of ISO 9001 it does not contain an
explanation of these requirements or guidance in meeting them (David H 2001).
The ISO 9000:2015 and ISO 9001:2015 standards are based on seven quality management
principles that can be used for organizational improvement:
1. Customer focus
2. Leadership
3. Engagement of people
4. Process approach
5. Improvement
6. Evidence-based decision making
7. Relationship management

Task 3: Evaluate quality assurance practices at all stages of SDLC such as budget,
monitoring, work plan, for the development of MIS related to AT&T Pvt. Ltd.
Answer:
The development for the MIS will follow the System Development Life Cycle (SDLC). SDLC is
described as a conceptual model used in project management that describes the stages
involved in an information system development project, from an initial feasibility study
through
maintenance
of
the
completed
application
(www.searchsoftwarequality.techtarget.com). SDLC follows six phases, namely planning,
requirements analysis, design, build, test and maintenance of which in all these phases there
are quality assurance practices that are followed. The diagrammatic representation of the
SDLC is shown below:

www. airbrake.io
1. Planning
This phase is critical for a good MIS development for AT&T Pvt. Ltd as It identifies whether or
not there is the need for the new MIS to achieve the strategic objectives for AT&T Pvt. Ltd.
Decisions are made on exactly what kind of MIS the business wants and for what purpose they
want the MIS for e.g. what problems in the company trying to solve and why. The scope is
determined following the ISO 9000 guidelines, on the MIS and there is also planning for the
quality assurance requirements and identification of the risks associated with the project, ISO
9000 based objectives are set and these follow the SMART (Specific, Measurable, Assignable
Realistic, Timely) principles. There is great consideration of the input for the potential users
and stockholders of the MIS and what their expectations are from the system. Resources such
as costs, time, benefits and other relevant items are considered at this stage.
2. Requirements Analysis
In this phase there is determination and documentation of the end users requirements and
focussing on their expectations of the system and how it will perform, the businesses works
on the source of their problem or the need for a change using the quality assurance change
management procedures. A feasibility study is made for the project which involves the
determination whether it is organizationally, economically, socially, technologically feasible to
develop the MIS at AT&T Pvt. Ltd. Quality assurance practices such as communication are
very important at this stage with the users and stakeholders to make sure there is a clear
vision of the MIS. Problem solving techniques such as root cause analysis (RCA) are used if
any problems are encountered and analysed accordingly. The systems analysis and the end
user requirements are analysed and there is consideration of the functional requirements of
the MIS development. In the above scenario, the end users can be doubled as customers and
meeting their requirements will constitute customer focus, prescribed by quality assurance
principles. The system analysis determines the businesses requirements, analysing how they
are to be met, the individuals allocated tasks on part of the projects and the timeline they are
expected to complete these assigned tasks using either requirements gathering or structured

analysis.
3. System design
The system design stage comes after the customer (users) requirements have been fully
understood. The system build up is defined in this phase, there is definition of the elements
the MIS, the components of the MIS, the security levels required, modules, architecture, the
MIS interfaces, type of data expected to go through the MIS, processing and procedures for
the MIS to accomplish its objectives. Drawing up of procedures of how to use the system, user
documentation and technical documentation is done in accordance and follows quality
assurance practices, training, and staffing requirement are decided at this stage. The design
of the system can be done on paper, using tools and techniques such as Data flow diagram
(DFD), Flowcharts, etc.
4. System Building
The system building phase focuses on the actual building of the MIS, it is expected that the
experts/competent personnel (the programmer, network engineer and/or database developer)
are brought in to work on the project using procedures and flow charts designed and
developed in the system design phase to ensure that the process of the MIS is organized
properly. Change management, staffing and training can be the focus in this phase in terms of
quality assurance. This phase might take a long time depending on the complexity of the MIS
so time is a resource that is required in order for the MIS development project to be a success.
Change management, training, flow diagrams and procedures signify the quality assurance
practices in this phase. Procedures ensures the smooth understanding of the system design,
change management aids the team on how to manage change, flow diagrams show the team
the process flow and training aids the team to have the know-how and work efficiently.
5. Testing and integration
The testing and integration phase involves systems integration and system testing, of
programs and procedures and this is usually done by experienced quality assurance personnel
in order to find out if the system meets and addresses the desired goals; however, end users
may also be used for the same function. The testing to check for errors, bugs and
interoperability, will be expected to be repetitive until the end users are satisfied with the
outcome of the developed MIS i.e. if it meets their defined operational objectives. The testing
procedures and the testing plan are expected to be part of the technical documentation
developed in the system design phase and these form part of the quality assurance practices
of this phase. Testing assures quality and end user satisfaction and it can also be systematic
and automated. Verification and validation will ensure the programs successful completion.
Users are trained and after the training, there is a shift from the old system to the new MIS
through changeover which follows the change management procedures, pilot runs are carried
out.
https://www.innovativearchitects.com/KnowledgeCenter/basic-IT-systems/systemdevelopment-life-cycle.aspx
https://www.tutorialspoint.com/management_information_system/system_development_life_cy
cle.htm
6. System Maintenance
This phase focusses on the periodic maintenance of the MIS to ensure that the MIS does not
become obsolete through replacing old hardware and system performance evaluation and
updating with the latest updates certain components to ensure that they meet the correct

standards and the current technologies to manage all threats on security. The maintenance is
pre-planned and must follow a set of guidelines which follows quality assurance guidelines.
The maintenance must be planned and scheduled accordingly and there must be records of
the work done for future referencing and continuous improvement.

https://airbrake.io/blog/insight/what-is-system-development-life-cycle
https://www.innovativearchitects.com/KnowledgeCenter/basic-IT-systems/systemdevelopment-life-cycle.aspx
http://oer.nios.ac.in/wiki/index.php/Phases_of_System_Development_Life_Cycle
http://searchsoftwarequality.techtarget.com/definition/systems-development-life-cycle
https://www.tutorialspoint.com/sdlc/sdlc_overview.htm

http://www.allinterview.com/showanswers/28098/what-is-the-role-of-qa-in-all-the-phases-ofsdlc.html
https://kishorsharma69.wordpress.com/2015/09/15/roles-of-qa-in-sdlc/

Task 2
http://eex.gov.au/energy-management/the-business-case-and-beyond/developing-yourbusiness-case-six-strategies/identify-project-risks-and-develop-strategies-to-manage-them/

http://www.systemsplanning.com/6factors.asp
http://2012books.lardbucket.org/books/enterprise-and-individual-risk-management/s05-04types-of-risks-risk-exposures.html
https://www.researchgate.net/publication/220627685_Analysis_of_Systems_Development_Proj
ect_Risks_An_Integrative_Framework
http://groups.engin.umd.umich.edu/CIS/course.des/cis375/projects/risktable/risks.htm
https://www.tutorialspoint.com/management_information_system/mis_development_process.h
tm
https://www.tutorialspoint.com/management_concepts/project_risk_categories.htm

References:
David Hoyle 2001, ISO 9000 Quality Systems Handbook Butterworth-Heinemann Linacre
House, Jordan Hill, Oxford OX2 8DP 225 Wildwood Avenue, Woburn, MA 01801-2041 A division
of Reed Educational and Professional Publishing Ltd
www.praxiom.com
www.brighthubpm.com
www.wikipedia.org
www.nsai.ie
www.searchcompliance.teschtarget.com
www.broadleaf.com.au
www.iso.org