1 / 32

Chapter 7: Project Management

Chapter 7: Project Management. Objectives. What is project management? 10 best practices PMLC vs. SDLC Project management framework Project management tools Audit involvement in the project management process. What is Project Management?.

wyanet
Download Presentation

Chapter 7: Project Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7: Project Management IS Security, Audit, and Control (Dr. Zhao)

  2. Objectives • What is project management? • 10 best practices • PMLC vs. SDLC • Project management framework • Project management tools • Audit involvement in the project management process IS Security, Audit, and Control (Dr. Zhao)

  3. What is Project Management? • Project management (PM) is part art and part science. • PM identifies, establishes, coordinates and monitors activities, tasks, resources for a project to produce the product or services meeting the requirements • IT Project Management is the processes and techniques used in the beginning-to-end development of software or other systems. • Key control that ensures delivery of projects on time, on budget, and with full functionality. • A video IS Security, Audit, and Control (Dr. Zhao)

  4. 10 Best Practices • Projects (other than IT infrastructure projects) are owned by business units • Ideas are given due diligence for approval • Systems exist to manage cross-project priorities • Success criteria is defined and monitored • Sponsor roles and responsibilities are defined and taken seriously IS Security, Audit, and Control (Dr. Zhao)

  5. 10 Best Practices • Project management roles and responsibilities are defined • Personnel assignments are rational and stable • Comprehensive plans, realistic estimates, and viable schedules • Status reports are given • Projects are not completed until fully operational and benefits are realized IS Security, Audit, and Control (Dr. Zhao)

  6. Project Management Life Cycle (PMLC) • Provide process guidelines to project managers • Project management: • Tasks are adequately defined • Resources are available • Quality is maintained • Project is completed on time and budget • Auditors should review the project plan IS Security, Audit, and Control (Dr. Zhao)

  7. PMLC vs. SDLC • SDLC focuses on: • Analysis • Construction • Testing • Developing an application PMLC focuses on : • Project scope • Schedule • Budget • General: whether developing software, upgrading infrastructure, or moving an office IS Security, Audit, and Control (Dr. Zhao)

  8. Project Planning • The objective is to predict the project duration, resources required, and cost by establishing: • Goals • Commitments • Abilities • Activities • Measurements • Verification IS Security, Audit, and Control (Dr. Zhao)

  9. Project Planning Goals • Estimates are documented • Activities and commitments are planned and documented • Impacted groups and individuals agree to their commitments IS Security, Audit, and Control (Dr. Zhao)

  10. Project Planning Commitments • Designated Project Manager that negotiates commitments and creates plan • Policy for managing planning activities are documented and adhered to • Plans and estimates are reviewed by impacted groups and senior management • Changes are made in a controlled and documented manner IS Security, Audit, and Control (Dr. Zhao)

  11. Project Planning Abilities • Adequate resources and funding are provided • Planning tools are provided • Responsible parties for project planning receive training • All results are documented IS Security, Audit, and Control (Dr. Zhao)

  12. Project Planning Activities • Project plan is completed • Work products, size estimates, and risks are identified • Facilities and support tools are identified • Estimates are developed using documented procedures • Software planning data are recorded, managed, and controlled IS Security, Audit, and Control (Dr. Zhao)

  13. Project Planning Measurements • Measurements are devised and used to monitor management of all planning activities IS Security, Audit, and Control (Dr. Zhao)

  14. Project Planning Verification • Management activities are periodically reviewed with project and senior management • Quality Assurance audits management of planning activities and reports the results IS Security, Audit, and Control (Dr. Zhao)

  15. Project Tracking and Oversight • Ensures that a project lives up to its commitments and provides adequate visibility when a project deviates significantly from the plan • During all phases of the project it helps ensure standard processes are followed and controlled • Ensures that the business benefit is realized once it is implemented IS Security, Audit, and Control (Dr. Zhao)

  16. Project Tracking and Oversight Goals • Actual results and performance are tracked against the plans • Corrective actions are taken and managed to closure when actual results and/or performance deviate significantly from the plans • All changes to commitments are agreed to by affected groups or parties • Avoid scope creep IS Security, Audit, and Control (Dr. Zhao)

  17. Project Tracking and Oversight Commitments • Designated project manager • Project follows a documented organizational policy for managing software projects which includes a documented software development plan • Project manager is informed of project status and issues • Senior management reviews all changes to commitments IS Security, Audit, and Control (Dr. Zhao)

  18. Project Tracking and Oversight Abilities • Software development plan is documented and approved • Project manager explicitly assigns responsibilities for work products and activities • Adequate resources and funding are provided for tracking and oversight activities • Managers are trained IS Security, Audit, and Control (Dr. Zhao)

  19. Project Tracking and Oversight Activities • A documented development plan is used for tracking project activities and communicating status • Plan revisions are made using documented procedures • Commitments and changes to commitments, either to individuals or groups, are reviewed with senior management • The size of work products or changes to work products are tracked IS Security, Audit, and Control (Dr. Zhao)

  20. Project Tracking and Oversight Activities • The effort and cost of the project are tracked • Project schedule is tracked • Risks are tracked • Actual measurement and replanning data are recorded • Periodic internal reviews to track technical progress, plans, performance, and issues against the plan are conducted • Formal reviews are conducted at selected project milestones according to a documented procedure IS Security, Audit, and Control (Dr. Zhao)

  21. Project Tracking and Oversight Measurements • Measurements are devised and utilized to monitor management of all tracking and oversight activities IS Security, Audit, and Control (Dr. Zhao)

  22. Project Tracking and Oversight Verification • Management activities reviewed periodically with project and senior management • Quality Assurance audits management of planning activities and reports the results IS Security, Audit, and Control (Dr. Zhao)

  23. Case: A University Accounting System • Please read the case and discuss: • Why did the project fail? • What are the project management lessons we might learn? IS Security, Audit, and Control (Dr. Zhao)

  24. Project Management Tools • Most project management tools like Microsoft Project have the following functions: • Project task planning and tracking • Resource and time tracking • Labor hour tracking • Time capture and billing • Time reporting • Project budgeting • Project communication • Project documentation IS Security, Audit, and Control (Dr. Zhao)

  25. PERT Chart • Analyze the inter-relationships between the tasks IS Security, Audit, and Control (Dr. Zhao)

  26. Gantt Chart IS Security, Audit, and Control (Dr. Zhao)

  27. Project Portfolio Management (PPM) • How to manage a group of current or proposed projects? • Optimizing for payoff • Resource allocation • Pipeline management IS Security, Audit, and Control (Dr. Zhao)

  28. An PPM Example IS Security, Audit, and Control (Dr. Zhao)

  29. Professional Organization and Certification • Project Management Institute (PMI) • Nearly 40 years • With more than 265,000 members in over 170 countries • A shortage of 6 million skilled project professionals is expected by 2013 • Various certifications: • PM professional, PMI scheduling professional, etc. • http://www.pmi.org/CareerDevelopment/Pages/AboutPMIsCredentials.aspx IS Security, Audit, and Control (Dr. Zhao)

  30. Audit’s Role in Project Management Process • Provides an early identification of issues that may hinder a project by: • Gain the support and cooperation of team • Check project management tools • Perform reviews at end of each phase • Assess readiness for implementation • Present findings to management • Maintain independence IS Security, Audit, and Control (Dr. Zhao)

  31. Auditor’s Activities • Project review points as also review points for the auditor to determine the project’s internal control system and the status of the development itself • Independent review of project deliverables • Review the project task list and budget to verify that all project tasks are defined and all milestones have a deliverable • Verify that adequate resources are assigned responsibility for tasks and have the time to complete assignments IS Security, Audit, and Control (Dr. Zhao)

  32. Project vs. Process Risks • Process risks: • Lack of strategic direction • Lack of project management standards • Lack of a formal project management process • Negative organizational climate • Project Risks: • Resource unavailability and budget • Project complexity and magnitude • Inexperienced staff • Lack of end-user involvement • Lack of management commitment IS Security, Audit, and Control (Dr. Zhao)

More Related