1 Dallas IIA chapter / ISACA N. Texas chapter Auditing Project Tuesday, October Management Controls 20, 2009. January 7, 2010. Table of Contents Contents Page #. Project Management Office Overview 3. Aligning CobIT standards with PMBOK . 12. Project Management Audit Recommendations . 19. 1. David Dominguez Manager, Grant Thornton, LLP. Manager in the Dallas Business Advisory Services practice of Grant Thornton, LLP. Fifteen years of technology experience, including Management of several global efforts including implementations of corporate financial applications, rollout of large scale development efforts, SOX S404 I/T internal audits, and implementation of several I/T business process and Controls . Before joining Grant Thornton, David served as senior manager for an international telecom software company directly responsible for several I/T.
2 Business services including program Management , internal I/T 404 audit, PeopleSoft application Management , development and support, desktop Management , change Management , business continuity, and solutions delivery. 2. Project Management Overview 3. Project Management initiatives are fraught with risks as evidenced by facts* from surveys of CIO's v 63% of projects have schedule delays v 49% of projects exceed budget Triple Constraint v 45% of projects do not meet business objectives v 23% of all projects FAIL QUALITY. SCOPE. (Business Objectives). *Source: Research by the Standish Group International Inc., as reported in Computerworld, Feb. 17, 2005. 4. What constitutes where a Project is a success or a failure? v Has the Project satisfied the business requirements of the stakeholders? (Executive Management , Leadership Team, End-Users, Internal Audit).
3 V Were the deliverables produced on time and within budget? How do stakeholders know? Tracking, initial baseline, tracking? v Do the business owners perceive' the Project to be successful? Initial expectations? Charter, Requirements? v Has the Project delivered the business value promised at the beginning? ROI, Cost vs. Actual, Cost Tracking, Change Management The successful Project manager is one who focuses on Project risks which in turn arise from uncertainty. Risk & Issue Tracking and Management 5. What is a Project Management Office (PMO)? PMO is the department or group that defines and maintains the standards of process, related to Project Management , within the organization. Additional Project Facts: v 32% fail due to inadequate Project Management implementation v 20% fail due to lack of proper communication v 17% fail due to unfamiliarity and complexity of scope v 69% fail due to lack and/or improper implementation of Project Management methodologies PMO Value Proposition: The PMO is established to manage Project Management standards in order to minimize risk of Project failures.
4 6. The PMO balances schedules, budgets, and performance to achieve program objectives and business requirements. Triple Constraint Coordinate multiple Project Timely and insightful performance dependencies metrics Proactive issue and Effective resource Management risk Management Delivery within budget Reduced Project schedule Maximized consulting investment slippage QUALITY. Accurate Project estimating and planning SCOPE. (Business Objectives). Targeted communication between Project teams and business units Repeatable standards, processes and tools Conduct quality assurance reviews 7. PMI's PMBOK 9 Knowledge Areas and 5 Base Process Groups Framework for successful technology initiatives. Initiating 1. Project Closing Integration Mgmt Planning The PMI PMBOK is a basic 2 3 reference for those Project Project Time interested in or already Scope Mgmt Mgmt working in the Project 4 5 6.
5 Management profession. Project Cost Project Quality Project Human Mgmt Mgmt Resource Mgmt 7 8. Project Project Risk Communication Mgmt Mgmt 9. Controlling Executing Project Procurement Mgmt 8. Project Management Processes to Process Groups and Knowledge Areas 1. Planning Project Plan Development Project Executing Integration Mgmt Project Plan Execution Controlling Integrated Change control 2. Initiating Controlling Initiation Scope Verification Project Planning Scope Change control Scope Mgmt Scope Planning Scope Definition Create WBS. 3 Planning Controlling Activity Definition Schedule control Project Time Activity Sequencing Mgmt Activity Duration Estimating Activity Resource Estimating Schedule Development 9. PMBOK 9 Knowledge Areas and sub-areas Planning Controlling 4. Resource Planning Cost control Project Cost Cost Estimating Mgmt Cost Budgeting 5 Planning Controlling Quality Planning Quality control Project Quality Executing Mgmt Quality Assurance 6.
6 Planning Organizational Planning Project Human Staff Acquisition Resource Mgmt Executing Team Development 10. PMBOK 9 Knowledge Areas and sub-areas Planning Controlling 7. Communications Planning Performance Reporting Project Executing Closing Communication Administrative Closure Information Distribution Mgmt 8 Planning Controlling Risk Management Planning Risk Monitoring and control Project Risk Risk Identification Mgmt Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning 9. Planning Closing Procurement Planning Contract Closure Project Procurement Solicitation Planning Mgmt Executing Request Sellers Response Select Sellers Contract Administration 11. Aligning PMBOK to CobIT Standards 12. CobIT identifies the I/T processes that should exist to ensure that I/T is aligned with and supports the business in an effective manner.
7 CobIT I/T Processes within the Four Domains ME1 Monitor and evaluate IT performance Information ME2 Monitor and evaluate internal control Effectiveness ME3 Ensure regulatory compliance Efficiency PO1 Define a strategic IT plan ME4 Provide IT governance Confidentiality PO2 Define the information architecture Integrity PO3 Determine technological direction Availability PO4 Define the IT processes, organization Compliance Plan and and relationships Monitor & Reliability PO5 Manage the IT investment Evaluate Organize PO6 Communicate mgmt aims and direction PO7 Manage IT human resources PO8 Manage quality IT Resources PO9 Assess and manage IT risks DS1 Define and manage service levels Application PO10 Manage Projects DS2 Manage 3rd party services Information Infrastructure DS3 Manage performance and capacity People DS4 Ensure continuous service DS5 Ensure system security AI1 Define automated solution DS6 Identify and allocate costs AI2 Acquire and maintain application software DS7 Educate and train users Deliver & Acquire & AI3 Acquire and maintain technology infrastructure DS8 Manage service desk and incidents Support Implement AI4 Enable operation and use DS9 Manage the configuration AI5 Procure IT resources DS10 Manage
8 Problems AI6 Manage changes DS11 Manage data AI7 Install and accredit solutions and changes DS12 Manage the physical environment DS13 Manage operations 13. Overlap of CobIT and PMBOK. Overlap of CobIT and PMBOK. CobIT identifies the I/T PMBOK identifies the best Controls Required for IT Projects processes that should exist to practice process for Project ensure that I/T is aligned with Management , together with and supports the business in an the knowledge and effective manner. CobIT and its CobIT PMBOK techniques required for supporting publications identify those processes to be control objectives, techniques effective. and practices commonly required for each processes. Project Management Best Practices 14. Aligning CobIT to PMBOK. CobIT IT Processes PMBOK Alignment (55 Processes). PO1 Define a strategic IT plan PO1 - 1 section of PMBOK.
9 PO2 Define the information architecture Portfolio Mgmt PO3 Determine technological direction PO2 - No control objectives are covered by PMBOK. PO4 Define the IT processes, organization PO3 - No control objectives are covered by PMBOK. Plan and PO4 - 3 PMBOK processes partially mapped and relationships Organize Project Human Resource Management PO5 Manage the IT investment PO5 - 4 PMBOK processes partially mapped PO6 Communicate mgmt aims and direction Project Cost Management PO7 Manage IT human resources Project Procurement Management PO8 Manage quality PO6 - 2 PMBOK processes partially mapped PO9 Assess and manage IT risks Communication Management PO10 Manage Projects Project Risk Management PO7 - 5 PMBOK processes partially mapped Human Resource Management Project Time Management Project Cost Management ). PO8 - 3 PMBOK processes partially mapped Project Quality Management PO9 - 7 PMBOK processes partially mapped Project Risk Management Communication Management PO10 - 31 PMBOK processes are fully mapped Aligned to all 9 PMBOK Knowledge Areas Reference: IT Governance Institute: Mapping of PMBOK with CobIT 15.
10 Aligning CobIT to PMBOK. CobIT IT Processes PMBOK Alignment (28 Processes). AI1 Define automated solution AI1 - 4 PMBOK processes partially mapped AI2 Acquire and maintain application software Project Integration Management AI3 Acquire and maintain technology Project Risk Management (Monitoring and Controls ). infrastructure Project Quality Management Acquire and AI2 - 8 PMBOK processes partially mapped AI4 Enable operation and use Implement Project Integration Management AI5 Procure IT resources Project Risk Management (Monitoring and Controls ). AI6 Manage changes Project Quality Management AI7 Install and accredit solutions and changes Project Scope Management AI3 - 1 PMBOK process partially mapped Project Risk Management (Monitoring and Controls ). AI4 - 1 PMBOK process partially mapped Project Risk Management (Monitoring and Controls ).