Project Management Assurance - Information Systems
Project Management Assurance - Information Systems
Project Management Assurance - Information Systems
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Infotec: The Business of Technology – Apply IT<br />
April 14 th , 2010<br />
<strong>Project</strong> <strong>Management</strong> <strong>Assurance</strong><br />
Dr. Deepak Khazanchi<br />
p<br />
Dawn Owens
2<br />
Infotec 2010 – April 14th<br />
Introductions<br />
• Dr. Deepak Khazanchi<br />
▫ Associate Dean for Academic Affairs and Professor of<br />
<strong>Information</strong> <strong>Systems</strong> and Quantitative Analysis in the<br />
College of <strong>Information</strong> Science & Technology at the<br />
University of Nebraska in Omaha.<br />
• Dawn Owens<br />
▫ Assistant Professor at Bellevue University in the College of<br />
<strong>Information</strong> Technology teaching various IT related topics. She is<br />
also a PhD in IT student in the College of <strong>Information</strong> Science<br />
and Technology at the University of Nebraska at Omaha working<br />
under the supervision of Professor Khazanchi.<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
3<br />
Infotec 2010<br />
April 14 th , 2010
4<br />
Infotec 2010 – April 14th<br />
Agenda<br />
• Introduction<br />
• <strong>Project</strong> <strong>Management</strong> <strong>Assurance</strong><br />
▫ Definition<br />
▫ Model of PMA<br />
▫ Risk and Controls<br />
▫ Performing PMA<br />
• Questions<br />
• Feedback<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
© Dr. Deepak Khazanchi and Dawn Owens. May not<br />
be reproduced without permission.<br />
5
6<br />
Infotec 2010 – April 14th<br />
Background<br />
• Two out of three IT projects fail to deliver<br />
planned outcomes resulting in cost overruns,<br />
schedule delays, and unmet requirements.<br />
(Standish 2004)<br />
• <strong>Project</strong> failures cost the US economy at least<br />
$24 billion and possibly as high as $75<br />
billion between years 2000 and 2005.<br />
(Charatte, 2005)<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
7<br />
Infotec 2010 – April 14th<br />
Recommended Effort for Successful<br />
Outcomes (PMI Best Practice)<br />
Initiation, 5%<br />
Closing, 5% Initiation, 5%<br />
l<br />
Planning, 25%<br />
Execution,<br />
50%<br />
Monitoring &<br />
Controlling,<br />
15%<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
8<br />
© Dr. Deepak Khazanchi and Dawn Owens. May<br />
not be reproduced without permission.<br />
Percent of Effort Dedicated to <strong>Project</strong><br />
Activities<br />
• A recent survey says -<br />
▫ Average of 7% of project<br />
management effort is<br />
dedicated to risk<br />
management planning<br />
▫ Average of 6.5% of project<br />
management effort is<br />
dedicated to risk<br />
management assessment.
9<br />
Infotec 2010 – April 14th<br />
PM Maturity by Knowledge Area<br />
4<br />
3.5<br />
3<br />
2.5<br />
2<br />
1.5<br />
1<br />
Lowest Rating<br />
Engineering/Constr.<br />
0.5 Telecommunications<br />
i<br />
0<br />
<strong>Information</strong> <strong>Systems</strong><br />
Source: Ibbs & Kwak, 2000<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
10<br />
Infotec 2010<br />
April 14 th , 2010<br />
“A little risk management saves a lot of fan cleaning.”<br />
Mike Harding Roberts<br />
Successful project managers are especially good risk<br />
managers.<br />
Boehm (1989)<br />
“If you don’t actively attack the risks, they will actively<br />
attack you. ”<br />
Gilb (1989, p. 54)
11<br />
Infotec 2010 – April 14th<br />
Benefits from Software Risk <strong>Management</strong><br />
% of Survey<br />
Respond dents<br />
90%<br />
80%<br />
70%<br />
60%<br />
50%<br />
40%<br />
30%<br />
20%<br />
10%<br />
0%<br />
Source: Kulik and Weber, 2001<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
12<br />
Infotec 2010 – April 14th<br />
CIO<br />
CIOs are<br />
increasingly held<br />
responsible for<br />
generating a<br />
positive return on IT<br />
project investments.<br />
$<br />
IT<br />
<strong>Project</strong>s<br />
Great need for devising ways to<br />
assure successful project<br />
outcomes.<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
Infotec 2010 – April 14th<br />
13<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Characteristics of IT <strong>Project</strong>s<br />
Uncertainty<br />
Inadequate<br />
risk<br />
assessment<br />
Globally<br />
distributed<br />
teams<br />
These characteristics can lead to<br />
failed IT projects and projects that<br />
are difficult to manage.<br />
Complexity<br />
IT<br />
<strong>Project</strong>s<br />
Lack of<br />
processes to<br />
assess project<br />
performance
14<br />
Infotec 2010 – April 14th<br />
<strong>Project</strong> Assessment<br />
• Continual project assessment can<br />
▫ lead to an increased chance of achieving success<br />
• because<br />
▫ potential risks can be identified and addressed<br />
before it is too late.<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
15<br />
Infotec 2010 – April 14th<br />
What is <strong>Assurance</strong>?<br />
Set of<br />
services or<br />
activities<br />
d d to review<br />
reduced<br />
d<br />
internal<br />
risk and<br />
control<br />
improved<br />
mechanisms<br />
quality<br />
conducted<br />
by an<br />
independent<br />
organization<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
Infotec 2010 – April 14th<br />
16<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
<strong>Project</strong> <strong>Management</strong> <strong>Assurance</strong> (PMA) Process<br />
Formal Definition:<br />
A set of assurance activities that are integrated<br />
with the IT (information technology) project<br />
management lifecycle. An internal group,<br />
independent of the project team, performs the<br />
assurance activities, which includes continual<br />
review of control mechanisms to assure<br />
adherence to standards, best practices and<br />
procedures.
17<br />
Infotec 2010 – April 14th<br />
PMA Process<br />
Assures successful<br />
project outcomes<br />
by<br />
Assessing internal<br />
controls<br />
Improving<br />
quality<br />
While<br />
adhering to<br />
the stated<br />
schedule<br />
and budget<br />
constraints<br />
Reducing Risk<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
Infotec 2010 – April 14th<br />
18<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Model of PMA
Infotec 2010 – April 14th<br />
19<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
<strong>Project</strong> <strong>Management</strong> Lifecycle in IT <strong>Project</strong>s<br />
• Considers each of the following eight phases in<br />
an IT project’s lifecycle:<br />
▫ 1) initiation, 2) planning, 3) analysis, 4) design,<br />
5) development, 6) testing, 7) implementation,<br />
and 8) closing<br />
• Each phase requires specific<br />
▫ inputs, outputs, controls, and identification of<br />
risks.
Infotec 2010 – April 14th<br />
20<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Continual PMA Activities<br />
Feedback Loop<br />
Initiation<br />
Inputs<br />
&<br />
Outputs<br />
Planning<br />
Inputs<br />
&<br />
Outputs<br />
Analysis<br />
Inputs<br />
&<br />
Outputs<br />
Design<br />
Inputs<br />
&<br />
Outputs<br />
De evelopment<br />
Inputs<br />
&<br />
Outputs<br />
Testing<br />
Inputs<br />
&<br />
Outputs<br />
lementatio on<br />
Imp<br />
Inputs<br />
&<br />
Outputs<br />
Closing<br />
risks &<br />
risks &<br />
risks &<br />
risks &<br />
risks &<br />
risks &<br />
risks &<br />
risks &<br />
controls controls controls controls controls controls controls controls<br />
<strong>Project</strong> <strong>Management</strong> <strong>Assurance</strong>
Infotec 2010 – April 14th<br />
21<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Risks and Controls<br />
• Identify risks and controls in each phase of the<br />
project lifecycle.<br />
▫ Continuously monitor and control those risks<br />
• To proactively identify and respond to problems<br />
with enough time to avoid crises.
Infotec 2010 – April 14th<br />
22<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Example Risk Factors<br />
Improper feasibility analysis or business case.<br />
Incomplete or inaccurate project cost estimate.<br />
Lack of executive commitment.<br />
Poorly defined scope statement.<br />
Failure to gain user involvement.<br />
Incomplete or misunderstood requirements.<br />
Poor project planning.<br />
Insufficient resources.<br />
Lack of adherence to design standards.<br />
Incomplete test planning.<br />
Lack of a proper test environment.<br />
Poor communication.<br />
Failure to manage user expectations.<br />
Lack of project metrics.<br />
No post project review.<br />
Initiation<br />
Planning<br />
Execution<br />
Monitoring and<br />
Control<br />
Closing<br />
Phases in <strong>Project</strong> Lifecycle
Infotec 2010 – April 14th<br />
23<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Example Controls<br />
<strong>Project</strong> Charter completion<br />
Executive signoff<br />
Stakeholder verification<br />
Validate estimates<br />
Development of Risk <strong>Management</strong> Plan<br />
Verify requirements, ensure testability & feasibility<br />
Adhere to Software Development Plan<br />
Assure adequate testing environment<br />
Assure management and user involvement<br />
Verify that t the Change Control Plan is in place<br />
Assure adequate status reporting<br />
<strong>Project</strong> closing activities, including lessons learned<br />
Initiation<br />
Planning<br />
Execution<br />
Monitoring and<br />
Control<br />
Closing<br />
Phases in <strong>Project</strong> Lifecycle
24<br />
Infotec 2010 – April 14th<br />
Performing PMA<br />
Validate<br />
controls<br />
Define<br />
standards<br />
Random<br />
or<br />
scheduled<br />
audits<br />
Independent<br />
PMA Audit<br />
Team<br />
(External;<br />
Adherence<br />
Objective)<br />
to<br />
standards<br />
Identify<br />
deviations<br />
from<br />
standards<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
25<br />
© Dr. Deepak Khazanchi and Dawn Owens. May<br />
not be reproduced without permission.<br />
When I go out to check on a software development [project]<br />
the answers I get sound like ‘We’re frantically busy<br />
weaving this magic cloth. Just wait a while and it’ll look<br />
terrific.’ But there’s nothing I can see or touch, no numbers<br />
I can relate to, no way to pick up signals that things aren’t<br />
really all that great. And there have been too many people<br />
I know who have come out at the end wearing a bunch of<br />
expensive rags or nothing at all.” (Boehm, B. W., 1973)”<br />
<strong>Project</strong> audits and reviews included in our PMA<br />
framework can provide positive reinforcement<br />
for projects that are on track and early warning<br />
signals for those that are not!
26<br />
Infotec 2010 – April 14th<br />
Summary<br />
• PMA differs from traditional project<br />
management and development methodologies<br />
by focusing on project risks.<br />
• Internal project controls are used to assure<br />
project risks are continuously identified and<br />
assessed throughout the project lifecycle.<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be reproduced without permission.
Infotec 2010 – April 14th<br />
27<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
Feedback<br />
• Please take a few minutes to complete the<br />
• Please take a few minutes to complete the<br />
feedback form.
Infotec 2010 – April 14th<br />
28<br />
© Dr. Deepak Khazanchi and Dawn Owens. May not be<br />
reproduced d without t permission.<br />
i<br />
References<br />
• Charette, R. N. Why Software Fails. IEEE Spectrum 2005; 42.<br />
• Gill, N. S. Factors Affecting Effective Software Quality <strong>Management</strong><br />
Revisited. ACM Sigsoft Software Engineering Notes 2005; 30<br />
(2):1-4.<br />
• Glass, R. L. Challenges of Complex IT <strong>Project</strong>s. Communications of<br />
the ACM 2006; 49(11):15-18.<br />
• Ibbs, C. William and Young Hoon Kwak . Assessing <strong>Project</strong><br />
<strong>Management</strong> Maturity, <strong>Project</strong> <strong>Management</strong> Journal, March 2000.<br />
• Keil, M., Cule, P., E., Lyytinen, K., Schmidt, R. C. A Framework for<br />
Identifying Software <strong>Project</strong> Risks. Communications of the ACM<br />
1998; 41(11):76-83.<br />
• Khazanchi, D. , Sutton, S. <strong>Assurance</strong> Services for Business-to-<br />
Business Electronic Commerce: A Framework in Implications.<br />
Journal of the Association for <strong>Information</strong> <strong>Systems</strong> 2001; 1(11).<br />
• Kulik, P. and Weber, C. Software Risk <strong>Management</strong> Practices –<br />
2001, KLCI Research Group, August 2001.