Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Pertemuan 11-12 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007

advertisement 
Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 11-12
PLANNING AND CONTROLLING
Bina Nusantara
Demand Management Process
Ø Ensures that Project has a business
justification
Ø Ensures that projects have a business
and IT sponsor
Ø Provides a consistent approach to
approving all projects
Ø Ensures that all major projects identify
all costs to improve decision making
Ø Provides a means to “weed out” nonessential projects
Ø Provides a means to control IT capacity
and spending
Bina Nusantara
Business or IT initiates Project Estimated
Joint Requirement Planning and High Level
Solution Design
Business Case and Return On Investment
Cost and Savings Estimates from all
Functions
Capital Appropriations Committee
Project Funding Approval and Project
Initiation
Technology Approval
Technical Steering Committee
(ITSC) Evaluate Architecture
Determine impact
Approval/disapprove
Customer works with
Account Manager to
document requirements
and Identify potential
solutions
Technology Request
Review requirements with customer
Identify potential solutions
Evaluate potential solutions
Recommend vendor solutions
Account Manager
works with TSC
members to
evaluate solution
Request For Proposal
Finalize requirements and scope
Request vendor proposals
Evaluate vendor proposals
Account Manager works
with IT Procurement
Team to evaluate
vendor proposals
Technology / Contract Refresh
IT Procurement Team
Track contracts and assets
Negotiate technology refresh
Negotiate contract renewal/upgrades
IT Procurement Team
notifies customer of
contracted date
Negotiation
IT Procurement Team
Define scope of work
Negotiate services and costs
Vendor Management
IT Procurement Team
Monitor vendor performance
Administer contracts
Budget for costs
Procurement and Vendor Management
Bina Nusantara
Account Manager works
with IT Procurement
Team to negotiate
vendor terms
Project Planning
Project Definition and Planning
Initiate
Project
And
Organize
Bina Nusantara
Review
Present
Status
Survey
Info
Needs
Identify
Business
Objectives/
Information
Strategy
Identify
Hardware
Software
Info
Structure /
Envir.
Develop
Concept
Design
Assess
Packaged
Systems
Options
Perform
Project
Impact
Analysis
Evaluate
Development
Alternative
Finalize
Project
Work Plan
Mgmt.
Review and
Approval
The Important of Project Planning and Control in SDLC
SDLC flow follow steps:
• A new idea is generated for a system or improvement
• The idea is preliminarily accepted for potential funding by a
sponsor, owner, or user group.
Bina Nusantara
The Important of Project Planning and Control in SDLC
• Problem analysis
– The feasibility of the idea is investigated and data is gathered and analyzed related to
the cost and benefits, along with other alternative courses of action
– Classic problem definition and current state analysis is performed and documented to
understand the primary problem that is to be solved using root cause analysis
techniques
– The constraints of existing and potentially future solutions are identified
– The resultant idea feasibility and options for moving forward are documented and
presented to the sponsor for approval
Bina Nusantara
The Important of Project Planning and Control in SDLC
•
Solution design:
–
–
–
–
Bina Nusantara
If approved for further study, criteria are developed for a successful implementation and are
documented along with the functional requirements for the system to meet the needs of the
sponsor and the proposed idea
Processes are defined by system flowcharts and data flow diagrams to better understand the
possible solutions and project tasks involved with deploying the various solutions
Various solutions are analyzed, buy versus build analysis is performed, software acquisition
strategies are investigated, and in-house versus contract services are reviewed as options
The technical feasibility of the various solutions is examined and reconciled with the
organizations infrastructure, data model, current and planed system architectures,
configurations and so forth
The Important of Project Planning and Control in SDLC
• Solution design:
– The economic feasibility also is examined of the top choices for solutions and
compared to ROIs and the budgeted resources available.
– Risk analysis of the various options, including security and control concerns, are
documented and prepared for the final proposal along with recommendations for risk
mitigation
– Solution proposals are made with recommendations of the systems development
goals, costs, and deliverables expectations for approval by system owner/sponsor
Bina Nusantara
The Important of Project Planning and Control in SDLC
•
System design:
–
–
Bina Nusantara
Based on the approved and agreed upon scope and constraints the system is designed and
developed considering users needs, data requirements, functional and processing requirements,
training, interfaces, inputs, outputs, internal and application controls, audit trails, availability,
data integrity, security requirements, and reports
Requests for Proposals (RFPs) are designed and submitted as appropriate and contracts are
negotiated with various providers and vendors. For contract programmers, a specific contract
language ensures that the adequate controls over deliverables, quality, performance to
standards, and worksmanship, as well as supportability issues exist.
The Important of Project Planning and Control in SDLC
• System design:
– Project plans are built defining the required resources, timeframes, deliverable
milestones, and so forth. This is the point where review criteria is developed and
agreed upon to ensure that design goals are met.
– Mock ups and a cost benefit analysis are presented for approval and final sign off of
development by the departments of management and the affected users.
Bina Nusantara
The Important of Project Planning and Control in SDLC
• System development:
–
–
–
–
Bina Nusantara
Equipment is purchased and installed properly
Systems are developed in the test environments
Programming occurs either through internal or contracts resources
Several iterations of programming and testing are staged and integrated to
achieve the final objectives
The Important of Project Planning and Control in SDLC
• System development:
– The testing staged includes unit testing, integration testing, regression testing,
hardware and component testing, load and stress testing, pilot testing, user
acceptance testing, performance testing, and total system testing. This testing should
have provisions for protecting sensitive data in the testing phases. The testing duties
should be segregated from development tasks as much as possible to ensure the fair
analysis and testing of the resultant system or programming components
Bina Nusantara
The Important of Project Planning and Control in SDLC
• System development:
–
–
–
–
Bina Nusantara
User screens are developed and tested
Initial systems documentation is produced
Test data is processed for the required objectives testing
Facilities planning and implementation is developed with acceptance
procedures defined for all of the environment and support needs
The Important of Project Planning and Control in SDLC
• System implementation:
– Based on approval and sign off, implementation and production deployment is planned
– File conversion is performed to populate the final system
– Systems conversion is planned and executed using pilot, parallel or full system
cutover methodologies
– User and operations manuals are documented and completed
– User and operators are trained
– The final cutover is created, involving close interaction and communication with the
system users
Bina Nusantara
The Important of Project Planning and Control in SDLC
• Maintenance and Modifications:
– The system undergoes routine maintenance and bug fixes with scheduled
improvements prepared over time using mini SDLCs
– An ongoing, operational use and utilization of system occurs.
– The periodic assessment of design and performance based on the needs and
changes in technologies also occurs.
Bina Nusantara
The Important of Project Planning and Control in SDLC
• Cycle repeats:
– A new idea is generated for the improved system to better meet the needs of
the owner/sponsor of the user group
Bina Nusantara
The Important of Project Planning and Control in SDLC
Why control important?
• Discussion of methods, tools, tasks, resources, project schedules and user inputs
are critical review point for the IT auditor
• Project plan are personnel assignments, cost estimates, risks, and organizational
impacts associated with the project, and plans for future phases of development
including the related cost estimates.
Bina Nusantara
Project Planning and Control : E-Commerce Security as a Strategic and Structural Problem
• An effective security management system should be made an integral part of an
organization’s business strategy.
• The development and management of security should support the core business
of the organization.
• Security management consists of guidelines that are based on the security
practices that support the business strategy as a whole.
• In E-commerce businesses, information security should be seen as strategic asset
and not as a cost.
Bina Nusantara
Information Security Management Systems
•
•
•
•
•
•
Bina Nusantara
Policy and procedures
Scope
Risk assessment
Risk areas
Controls
Documentation
The Planning and Control Approach to E-Commerce Security Management
•
Strategic Aspect
–
–
–
•
Organizational Aspect
–
–
–
–
–
–
Bina Nusantara
Planning corporate objectives
Defining budgets
Defining information security policy
Setting up security team of managers and technical personnel
Defining responsibility
Drawing up training program in technology and methods
Documenting information security procedures
Application of security procedures
Compliance with security procedures
The Planning and Control Approach to E-Commerce Security Management
• Technical aspect
• Financial aspect
• Legal Aspect
Bina Nusantara
Conclusion
• Auditor influence is significantly increased when there are formal procedures and
guidelines identifying each phase in the SDLC and the extent of auditor
involvement
• Auditors will be able to review all relevant areas and phases of the SDLC and
report independently to management the adherence to planned objectives and
company procedures
• Auditors can identify selected parts of the system and become involved in the
technical aspects based upon their skills and abilities
Bina Nusantara
Audit Involvement in Planning and Analysis
• The auditor makes a determination of the reasonableness and
merits of the project, potential for satisfying the business need and
consistent agreement with company policy and objectives
• The auditor identifies the existence of the communication of the
organizational goals from top management downward.
• Auditor requirements are introduced in a timely manner.
Bina Nusantara
Related documents
Document14457092 14457092
Document14457092 14457092
Matematika Pertemuan 24 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 24 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 11 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 11 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 13 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 13 Matakuliah : D0024/Matematika Industri II
Pertemuan 19 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007
Pertemuan 19 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007
Global Quality and International Quality Standards
Global Quality and International Quality Standards
Title Goes Here - Binus Repository
Title Goes Here - Binus Repository
Download
advertisement