Professional Documents
Culture Documents
MODULE 5: IT PROJECT
MANAGEMENT
• Discuss what Program Management is and how it differs from Project
Management
• Understand The Auditor’s Role in the Project Management Process
• Keys to Success and Reasons IT Projects Fail
• Project Selection
• Project Metrics
• Project Software
• Identify and explain some Project
• Management Tools/Project Management Software that can help internal auditors
in performing project management
• Understand the System Development Life Cycle and identify the steps that make
the cycle
Ø Development or Maintenance
Ø Testing
Ø Documentation
Ø Risks Implicated
Ø Typical Controls
• The Importance of Project Planning and Control in the Systems Development Life
Cycle
Learning Objectives
PROGRAM management
Program management is the process of managing programs mapped to business objectives that improve
organizational performance. Program managers oversee and coordinate the various projects and other strategic
initiatives throughout an organization.
Project management (PM) is defined as the framework used to guide your team to success—this
includes your team objectives, tools, and techniques both over the long-term and your day-to-day
work.
PROGRAM management
A portfolio is a set of
projects, programs, and
operations, coordinated
to achieve • Program management entails
managing a program with
multiple, related projects.
• Since programs are linked to
strategic initiatives, they are
often long-running and possibly
permanent.
• Programs continue through
organizational change,
contribute to multiple goals, and
contain many projects that
deliver specific components of
the larger strategic initiative.
program MANAGER VS.
PROJECTMANAGER
•Red - The project has hit a serious roadblock(s), and no clear plan is in place to hit the date.
•Yellow - The project has hit a serious roadblock(s), but a plan is in place to finish on time.
•Green - The project is on track. Risks are understood and mitigation plans are in place.
ESSENTIAL COMPONENTS TO A
SUCCESSFUL IT PROJECT
2 No clear definitions of success “Not being able to define the outcome fully because the
outcome is changing so much, that’s one of largest points for
not being successful.” - Sunil Kanchi, CIO and chief investment
officer with UST, a digital transformation solutions company.
9 Inadequate resourcing
• Internal Rate of Return (IRR): “rate of return that makes the net
present value of all cash flows (both positive and negative) from a
particular investment equal to zero.” This can help determine how
profitable investment into a project can be by comparing the IRR of
projects with the same start-up costs. A project with a higher IRR is
a more profitable venture.
• Payback Period: This is the measure of the time it takes to
be paid back on an initial investment. A project with a
shorter payback period may be preferable to one with a
longer payback period; however, it is also important to
consider the project’s ongoing costs and income potential.
This method is fairly simplistic in its scope, as it focuses only
on cash flow and does not acknowledge any potential risks
involved in the process.
Project selection refers to the process of outlining and choosing the next venture for a
team. Projects typically compete for resources, so we must consider the demands and
goals of each potential project and prioritize them accordingly.
A metric is simply a measurement of something. When managing a project, you can choose to use project
metrics to track progress.
Metrics are selected based on the goals of the project and critical factors for success.
1. Identify Potential Projects: Meet with the decision makers in your organization and make a list of all the
next potential projects.
2. Compare the Projects: Compare your potential projects using your choice of project selection
method. (You can use a cost benefit template to compare the costs and benefits of the list of
projects from the first step. Assign values for each criteria to compare the total scores of each
project.
3. Analyze Your Findings: Compare the scores of each project to determine which is best for your
team. This example uses negative numbers to display a more “costly” score and positive numbers
to display one that is more “beneficial.” A score near zero describes a cost benefit ratio that is
closer to equal.
4. Select a Project: Choose the project that best fits your team. Often, this will be the highest-scoring
project. Sometimes you will also need to consider things that your model may not consider, such as
budget figures and total cost.
project management SOFTWARE
Project management software is used to plan, organize, and allocate resources for managing projects.
It helps teams collaborate and keep track of the project’s progress while clearly defining tasks and
responsibilities. It lets project managers control costs and time and allows smooth collaboration
between stakeholders.
Zoho Projects
SYSTEMS DEVELOPMENT LIFE CYCLE
(SDLC)
• The systems development life cycle (SDLC) is a conceptual model used in project management that
describes the stages involved in an information system development project, from an initial feasibility study
through maintenance of the completed application.
SDLC can apply to technical and non-technical systems. In most use cases, a system is an IT technology
such as hardware and software. Project and program managers typically take part in SDLC, along with
system and software engineers, development teams and end-users.
• This approach to software development is structured and risk averse, designed to manage large projects that
include multiple programmers and systems. It requires a clear, upfront understanding of what the software is
supposed to do and is not amenable to design changes.
• The system development life cycle (SDLC) is a formal way of ensuring that adequate security controls and
requirements are implemented in a new system or application.
• SDLC is a structured approach defining a series of phases or stages a software project goes through from
inception to deployment and often beyond covering hypercare and support. Change management controls
ensure that any changes to existing software systems are properly tested and controlled to minimize risks
(e.g., unauthorized or untested change, etc.).
SDLC
SYSTEMS DEVELOPMENT LIFE CYCLE
1. Preliminary Analysis
A request for a replacement or new system is first reviewed. The review includes questions such as:
What is the problem-to-be-solved? Is creating a solution possible? What alternatives exist? What is
currently being done about it? Is this project a good fit for our organization? This process is referred
to as a needs analysis. After addressing these questions, a feasibility study is launched (this will
be discussed later). This step is important in determining if the project should be initiated.
2. System Analysis
In this phase one or more system analysts work with different stakeholder groups to determine
the specific requirements for the new system. No programming is done in this step. Instead,
procedures are documented, key players/users are interviewed, and data requirements are
developed in order to get an overall impression of exactly what the system is supposed to do.
The result of this phase is a system requirements document and may be done by someone with
a title of Systems Analyst.
SYSTEMS DEVELOPMENT LIFE CYCLE
3. System Design
In this phase, a designer takes the system requirements document created in the previous phase
and develops the specific technical details required for the system. It is in this phase that the
business requirements are translated into specific technical requirements. The design for the user
interface, database, data inputs and outputs, and reporting are developed here. The result of this
phase is a system design document. This document will have everything a programmer needs to
actually create the system and may be done by someone with a title of Systems Analyst,
Developer, or Systems Architect, based on the scale of the project.
4. Programming
The code finally gets written in the programming phase. Using the system design document as a
guide, programmers develop the software. The result of this phase is an initial working program
that meets the requirements specified in the system analysis phase and the design developed in the
system design phase. These tasks are done by persons with titles such as Developer, Software
Engineer, Programmer, or Coder.
SYSTEMS DEVELOPMENT LIFE CYCLE
5. Testing
In the testing phase the software program developed in the programming phase is put through a
series of structured tests. The first is a unit test, which evaluates individual parts of the code for
errors or bugs. This is followed by a system test in which the different components of the system are
tested to ensure that they work together properly. Finally, the user acceptance test allows those that
will be using the software to test the system to ensure that it meets their standards. Any bugs,
errors, or problems found during testing are resolved and then the software is tested again. These
tasks are done by persons with titles such as Tester, Testing Analyst, or Quality Assurance.
6. Implementation
Once the new system is developed and tested, it has to be implemented in the organization. This
phase includes training the users, providing documentation, and data conversion from the previous
system to the new system. Implementation can take many forms, depending on the type of system,
the number and type of users, and how urgent it is that the system becomes operational. These
different forms of implementation are covered later in the chapter.
SYSTEMS DEVELOPMENT LIFE CYCLE
7. Maintenance
This final phase takes place once the implementation phase is complete. In the maintenance
phase the system has a structured support process in place. Reported bugs are fixed and
requests for new features are evaluated and implemented. Also, system updates and backups
of the software are made for each new version of the program. Since maintenance is
normally an Operating Expense (OPEX) while much of development is a Capital Expense
(CAPEX), funds normally come out of different budgets or cost centers.
SUMMARY
From an internal control perspective, SDLC provides a guide for managing risks
associated with software development.
Each phase of the SDLC is designed to identify and address potential risks to the
project, such as project failure due to budget constraints, scope creep, missed
milestones, or technical issues that could result in disrupted operations.
By using SDLC, project teams can identify risks early in the project and develop
appropriate mitigation strategies to minimize the impact of these risks.
CONTROLS IN SDLC
• The planning stage (also called the feasibility stage) is exactly what it sounds like: the phase in which
developers will plan for the upcoming project.
• It helps to define the problem and scope of any existing systems, as well as determine the objectives for
their new systems.
• By developing an effective outline for the upcoming development cycle, they'll theoretically catch
problems before they affect development. And help to secure the funding and resources they need to
make their plan happen.
• Perhaps most importantly, the planning stage sets the project schedule, which can be of key importance if
development is for a commercial product that must be sent to market by a certain time.
AUDIT OF PROJECT
The audit of projects has become more complex with the adoption of formal project management
methodologies, and the increased demand for auditing projects real-time as they are being undertaken.
Auditors are often expected to identify problems in projects before the problems cause significant
damage. This expectation by management has the effect of dramatically increasing the audit risk attached
to projects and highlights the importance of using a framework in the audit of projects.
Project Success
Other considerations:
1. Are the key stakeholders satisfied with the project?
2. Is the objective or purpose of the project being achieved?
3. Are there shortfalls in the project?
4. Is damage being done to relationships between key parties in the project?
AUDIT OF PROJECT
Deliverables Achievement of the project purpose
Audit considerations might include: Questions the auditor could ask might include:
1. Will all the deliverables be produced? 1. Are the key objectives of the project clearly
2. Will the quality of the deliverables be at the level stated and realistic?
specified? 2. Are there likely important consequences of
3. Will the delivery be within the timeframes the project that have been ignored?
promised? 3. Are the objectives of the project aligned to
4. Will the deliverables be presented in a manner that the organization’s mission, vision, values,
supports their easy use and integration into key objectives and strategies?
operations? 4. As far as practical, do the key stakeholders
5. Is there adequate flexibility to ensure that support the objectives, as applied to them?
reasonable and worthwhile changes to deliverables
can be made as the project proceeds?
AUDIT OF PROJECT
Stakeholder satisfaction Project purpose achievement
In some projects, all specified deliverables are Questions the auditor could ask might include:
produced, yet some key stakeholders are 1. Are the key objectives of the project clearly
dissatisfied with the project. Reasons for stated and realistic?
stakeholder dissatisfaction are varied and could 2. Are there likely important consequences of the
project that have been ignored?
include poor understanding of the project and
3. Are the objectives of the project aligned to the
deliverables, unreasonable expectations, project organization’s mission, vision, values, key
staff not understanding stakeholder needs objectives and strategies?
adequately and not producing what they want, and 4. As far as practical, do the key stakeholders
changes to stakeholder needs being ignored during support the objectives, as applied to them?
the project through inflexible change
management.
Projects should ideally be completed at or below budget. However, it is important when auditing this
factor to take into account changes to the quantity and quality of deliverables, and events that could not
reasonably have been anticipated. In many cases, cost overruns are indicative of poor project risk
management, and a failure to learn lessons from other projects.
Time
Time management is an essential component of project management, and is therefore an important audit
concern. The comments made above about costs may also apply to time. Shortfalls Shortfalls may occur at
any time in the project lifecycle. There may be shortfalls in the quantity or quality of the deliverables, the
testing of deliverables, the ability of deliverables to work together to achieve the project purpose, in
reporting and meeting governance requirements, in communications, and in other areas of internal
control.
AUDIT OF PROJECT
Shortfalls
Shortfalls may occur at any time in the project lifecycle. There may be shortfalls in the quantity or quality
of the deliverables, the testing of deliverables, the ability of deliverables to work together to achieve the
project purpose, in reporting and meeting governance requirements, in communications, and in other
areas of internal control.
Even though many of the potential shortfalls are implicitly addressed under other headings, it is useful to
have shortfalls as a separate category to remind the auditor to give them adequate attention.
Relationship damage
As projects progress, it is important project managers adequately address relationships, particularly those
between the project team and key stakeholders, the project governance team, project sponsors,
operational management, and others. It is important for the smooth functioning of the project for
relationships within the project team to be well- managed.
Excerpt From Project Management: the Managerial Process Larson, Erik W.;
https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewBook?id=0
https://www.atlassian.com/agile/project-management/program-management
https://ecampusontario.pressbooks.pub/informationsystemscdn/chapter/7-3-systems-development-life-cycle/
https://www.cio.com/article/230427/why-it-projects-still-fail.html
https://www.smartsheet.com/content/project-selection
https://www.forbes.com/sites/forbestechcouncil/2021/09/10/16-keys-to-successful-it-project-
management/?sh=25cdcbf74661
https://www.auditboard.com/blog/sdlc-vs-change-management-controls/
https://www.brightwork.com/blog/using-project-metrics-for-successful-project-
management#:~:text=Examples%20of%20project%20metrics%20include,The%20number%20of%20open%20tasks.