Professional Documents
Culture Documents
INFORMATION TECHNOLOGY
DEPLOYMENT RISKS
Mission
Objective
s
Strategy
Policies
Information
Technology Plans
Must Complement &
Support Company
Plans
Mission
Objective
s
Strategy
Policies
Mission Statement
Guides the establishment of business
objectives
Catalyst for strategic planning within
functional areas of the firms
Question
Write a mission Statement for VT.
VT Mission Statement
http://www.vt.edu/about/about-univers
ity.html
4.
Planning Policies
1. Responsibility (who is involved with
planning?)
2. Timing (when does planning take place?)
3. Process (how should planning be conducted?)
4. Deliverables (what planning documents are
produced?)
5. Priorities (what are the most to least critical
planning issues?)
Organizational Policies
1. Structure (what is the organizational form of the IT
function?)
2. Information Architecture (is the infrastructure
aligned with the firms mission?)
3. Communication (are the IT strategy and policies
known by all affected parties?)
4. Compliance (are all external regulations and laws
being addressed?)
5. Risk assessment (are IT risks identified, measured
and controlled?)
Software Policies
1. Acquisition (how is software acquired from outside
vendors?)
2. Standards (what are the software compatibility
standards?)
3. Outside contractors (should contractors be used for
software development?)
4. Changes (how to control and monitor the software
change process?)
5. Implementation (how to handle conversions, interfaces,
and users?)
Hardware Policies
1. Acquisition (how is hardware acquired from outside
vendors?)
2. Standards (what are the hardware compatibility
standards?)
3. Performance (how to test computing capabilities?)
4. Configuration (where to use client-servers, personal
computers, and so on?)
5. Service Providers (should third-party service bureaus
be used?)
Network Policies
1. Acquisition (how is network technology acquired from
outside vendors?)
2. Standards (compatibility of local area networks,
intranets, extranets, and so on?)
3. Performance (how much bandwidth is needed and is the
network fast enough?)
4. Configuration (use of servers, firewalls, routers, hubs,
and other technology?)
5. Adaptability (capability to support emerging e-business
models?)
Security Policies
1.
2.
3.
4.
5.
Operations Policies
1.
2.
Contingency Policies
1.
2.
3.
4.
Planning Process
CobiT Guidelines
Guidelines suggest eleven processes should
be incorporated into IT strategic plans.
Each process is integrated throughout IT
policy areas.
Processes designed to manage the key IT
risks.
11 Processes
1.
2.
3.
4.
5.
6.
11 Processes
7.
8.
9.
10.
11.
Balanced Scorecard
To achieve our
vision, how
must customers
and
constituents
view our words
and actions?
FINANCIAL
and SOCIAL
COST
Goals
Measures
Targets Initiatives
Measures
Targets
Initiatives
To achieve our
vision, how
will we sustain
our ability to
change and
improve?
To satisfy our
customers and
the public,
what business
processes must
we excel at?
Mission and
Vision
Measures
Targets
Initiatives
Goals
Measures
Targets
Initiatives
Measures
Targets
Initiatives
4 Perspectives of Scorecard
1.
2.
3.
4.
Financial
Non-financial indicators: customer satisfaction
Customer satisfaction
Internal processes
Organizational learning and growth
IT Function Scorecard
Financial Organizational
Performance
=
Contribution
IT Function Scorecard
Customer
Satisfaction
User
Satisfaction
IT Function Scorecard
Internal
Processes
Operational
Performance
IT Function Scorecard
Learning
&
Growth
Adaptability
&
Scalability
IT Function Scorecard
Organizational
Contribution
User
Satisfaction
IT
Function
Strategy
Operational
Performance
Adaptability &
Scalability
Project Management
Sound Techniques apply to most situations
Structure minimizes risk of failure:
Late delivery
Cost overrun
Lack of functions
Poor quality
Question?
What is an outcome measure?
the result of a test do you generate the F/S accurately?
Project Manager
First step is to assign project to a manager
Needs experience in area
Needs skill at managing projects
Must work well with staff on planning and
executing the project.
Schedulin
g
Parameters
Project
Resource
s
Activity
Resources
Beginning
Closing
Boundary
Conditions
Activit
y2
Activity
Resources
Parameters
Deliverable
Activity
Resources
Controlling
Parameters
Deliverable
Activit
y1
Monitoring
Deliverable
Parameters
Scope
Time
Cost
Activit
y4
Project
Outcom
e
Activity
Resources
Deliverable
Activit
y3
En
d
Acquiring Software
IT auditor should determine if the new
application would fit into the company s
strategic plan.
There should be a formal software
application acquisition policy.
Needs must be identified and prioritized.
Determine which applications can be
developed in-house, and which to purchase.
Selection Process
Internal controls
Integration with existing systems
Reporting
Future scalability
Documentation
Performance
Security features
Cost
Price of acquisition
User training
Multiple licenses
Service and support
Future upgrades
Software modifications
Developing Software
Feasibility Study
Recommends to the Steering Committee
Provides preliminary assessment
Feasibility Report
Feasibility group prepares report to make a
recommendation on the project.
Report is submitted to Steering Committee.
Steering Committee assigns project to Project
Leader.
Project Leader assembles Project Team.
Test
Library
Production
Library
No Data
Test Data
Live Data
Development
Source Code
Programmers
Only
Secure
Handof
Test
Object Code
Programmers
& Users
Secure
Handof
Production
Object Code
Users
Only
Implementation Testing
Three Phases of Testing before going live:
1. __________: Tests in isolation for simple tasks
2. ________________: Test related programs that
are joined & handle multiple tasks.
3. System Testing: Test related modules that join
the entire application.
Documentation should:
Be complete for entire project and all programs
Include user manuals
1.
2.
3.
4.
technical feasibility
financial feasibility
cultural feasibility
Changing Software
Change Request
Submitted to IT
Change Requests
IT logs in the requests & assigns tracking
number
Software Change Committee reviews and
prioritizes
Implementation Strategies
Purchased software needs testing.
Strategy must be chosen that best fits the
situation.
Consider risks of business interruption,
costs, time, ability of legacy system to
function.
Implementation Strategies
Parallel Implementation
New and Old system process side by side with
live data
Problems can be identified and corrected
Least risky
Heavy resource use:
Time to input, process, and create reports on two
systems
Time for reconciliation of output
Hardware requirements to run two systems
Implementation Strategies
Big-Bang Implementation
The old system is discontinued and the new
one becomes live the next instant.
Resources are not tied up running the old
system.
Staff is focused on success of new system.
New system failure could interrupt business
processes.
Implementation Strategies
Partial Implementation
Phase-in strategy starts one application of a
system at a time
Problems are resolved before the next
application begins.
Minimizes risk of business interruption.
May take a long time to implement entire new
system.
Implementation Strategies
Focused Implementation
Implements system first with small user groups
(office, departments, divisions, locations, etc.)
Group would use one of the previous strategies.
Problems would be identified & resolved before
larger groups begin.
Could take a long time for full implementation to
be completed
Change Management
Establish an open line of communication
among all affected parties.
Develop thorough training and educational
programs.
Allow all affected parties to provide
instrumental input into the implementation
process as it unfolds.
Final Testing
Move object code from development library
to the test library
Test built-in security and control features
Effectiveness observed, tested and approved
by qualified overseers
Test interface programs
Final Conversion
Application is Live!
Answer questions
Fix Problems
Monitor performance
Performance Tuning
User Acceptance
2.
3.
4.
Parallel
Big-Bang
Partial
Focused