DFM BIT Coursework

Development, Frameworks and Methods

1

Student Name: Myint Oo @ Amirul Hassan

UOG Student Registration ID: 000805763

Coursework Title: Children Support Agency

COMP1648: Development, Frameworks and Methods

Due Date: 11/11/2013

Center: KMD (Yangon, Myanmar)


2

Table of Content

Section A

A.1 Management Summary …………………………………………………………..….5

A.1.1 Some about current information system……………………...………….….5

A.1.2 Current issues which CSA is facing…………..………………………….…5

A.1.3 What CSA expects from MIS………………………………………….…...5

A.1.4 Management on developing new MIS……………………….……………..6

A.1.5 DSDM is appropriate for MIS project…………….....……………………..6

A.1.6 Advantages of using DSDM…………..……………………………….…...6

A.1.7 Disadvantages of using DSDM…………………………………………......6

Section B

B.1 High Level Requirement

B.1.1 Short explanation of high level requirement requirements………….….….8

B.1.2 Short explanation of functional and non-functional requirement……….…8

B.1.3 Appropriate High level requirements………………………………..…...8-9

B.1.4 Inappropriate High level requirements……………………………….....9-10

B.2 Moscow Prioritization

B.2.1 List of functional and non-functional requirements based on

high level requirement (appropriate)………………………………………….…10

B.2.2 Explanation of setting prioritizing the requirements………………..…11-12

B.2.3 High level requirements shown in three increments………………..…12-14

Section C

C.1 Management Summary (LSEPI Issues based on DPA)

C.1.2 Why Data Controller is important in CSA………………………….….....16

C.1.2 How Data Controller will help overcome LSEPI issues

with two case study examples……………………………………………..…16-17


3

C.2 Management Summary (BCS Code of conduct)

C.2.1 What professional body do…………...………………………..……..….18

C.2.2 Purpose of professional body…………………………….……………...18

C.2.3 Four professional issues that the system developer

may need to consider ……………...………………………..……....18-19


4

Section A


5

Management Summary

Some about current information system

The current information system doesn’t come into use for all fields of CSA. They have to

overcome a lot of obstacles to manage projects with it. The current information system can’t be used

for managing projects as it doesn’t support. It can only be used for the financial transactions in CSA.

The system they run doesn’t gratify all their needs as it’s an off-the-shelf payroll system. So, a new

management information system has become a must to monitor all projects of CSA. CSA is

overcoming various difficulties as it’s lacking an effective MIS. The following are some key issues

that the CSA is facing currently.

Current issues which CSA is facing

- Due to the different approaches and requirements of doing the project by different staff,

the organization doesn’t have a consistent way of doing a project

- Staff are very dependent on each other because of lack of guidance from the SEG

- No systematic way of recording information

- Some staff keep the record of the project using a paper based system

- The current system is not secure

- The Finance Director doesn’t get correct financial data from Area Managers and Regional

Directors sometimes and they information provided was not very clear enough

- There is no hard connection between the Financial system and MIS

- The head of HR have some problems with Area Managers for keeping the record of their

staff

- No clear record of which contracts are presently in force, what resources are needed and

the deadline of each contract etc

- Peter Jackson, Area Manager has to give much time of searching pieces of data and

collecting all the data together

What CSA expects from MIS

As CSA is running 60 different projects at different places, the requirements and issues from all

offices are increasing. The current system can’t help with all. The new MIS will be developed with

these following requirements which are really required by CSA. New MIS will help CSA monitor and

manage all projects.

The new MIS will be able to gather all data from local centers and it can be accessed from all local

offices. It can produce correct report with complete details for SMT, Trustees and funders. It will

contain some standard set of performance indicators which will help measure CSA projects. It can

keep correct financial data and shows how much resource and fund are used for each projects. The

financial data can only be accessed by the authorized person. Apart from financial data, every

department will have access to see the information they need. It will have a standard way of keeping

the data. Entering the same data at the same place will not be allowed. So, the data will become

consistent and correct. It will allow accessing to the sensitive data of CSA to the authorized people

only. It will keep the details of contracts between CSA and funding bodies which is important for

starting a project. It will also save the demographic data of young people and this type of data can be

accessible from local centers depending on their needs. It also helps regional director, area managers

and lead workers manage their respective projects.


6

Management on developing new MIS

The new MIS will be developed under the instruction of the Administrative Services Director,

Jim Massey and the finance director, Steve Sutherland. These two people have been working in CSA

for a long time and know all about CSA. Jim Massey himself wants to change the current MIS and he

surely knows that current MIS is completely rubbish. He also realizes CSA needs an effective

management information system. He also states that as long as CSA doesn’t change the current

system, there will always be hardship to get new contracts in the future which might impact the whole

organization. Steve Sutherland suggests that the new MIS must include finance management for local

projects and access to financial data should be protected.

DSDM is appropriate for MIS project

According to Sebastian LeFevre, an Information Systems Consultant, he has just had a

contract with CSA to help analysis of what the organization really needs. He reviewed the current

information system and found that it is lack of security and secure storage of data and many more

problems. He also recommends using an agile method, called DSDM.

DSDM is appropriate for developing a new MIS because the MIS will be developed and

managed under a top management group called Administrative Service director and Finance Director.

The high level requirements are already gathered. Functionality is clear enough as the staffs have

already disclosed their needs in the interview, for example, (No clear record of which contracts are

presently in force, what resources are needed and the deadline of each contract etc) discussed by

Julieanne Black.

Advantages of using DSDM

As all the requirements are collected at the beginning, the system is more likely to meet the

business needs for examples; almost all staffs of CSA have identified their respective needs in the

interview. It will increase the speed of development and increase quality because of the end user

involvement. For example, Peter Jackson, Area Manager who has been working in the organization

for 18 years, has a lot of idea concerning the organization needs, is very willing and pleased to be a

part of the development. So, he can give feedback thought prototyping which can make a quality

system delivers the real needs of the organization. Time boxing and cost of system can be fixed by

analyzing the clear and understandable functions or requirements.

Disadvantages of using DSDM

There will be features which need to be reduced due to the time boxing. For examples

Functions which are not very important for the organization will be removed. But for good

information system, these types of requirements are necessary for example “Sending messages to

young people about events in the area”.

Total words for Section A: 988


7

Section B


8

A short explanation of high level requirement

High level requirements are the same as business requirements which are better understood by the top

level management. It is only planned to offer guidance to the key issues or problems. This can be split

into functional and non-functional requirements.

A short explanation of functional and non functional requirement

Functional requirements describe what a system is supposed to do. These are always the main

functions of a system to be built. They focus on these criteria such as business rules, validation,

managing finance, reporting requirement etc. Non functional requirements describe further functions

of the system to be built except functionality. It indicates criteria which evaluates the function of a

system instead of exact behaviors. They focus on these criteria such as performance, security,

maintainability, reliability etc.

Remark: I have also taken a few requirements from the interview list in order to get an effective

information system. Without them, the system will be incomplete and unusable. These are excluded in

overall requirements list given at the case study.

B1. High level appropriate and inappropriate requirements

B1.1 High level requirements (Appropriate)

1. Collecting data correctly from local offices

MIS must be able to keep the data about projects from all local centers. If required, it must

offer data immediately. Depending on data, SEG can offer guidance to improve the

performance of employees and projects.

2. Producing management reports for both SMT and Trustees

MIS must produce reports about each project, only then they can estimate for further projects

and make decision what to do next. They can also offer necessary instructions for projects

having problems. Everything they ratify is based on project reports.

3. Adding a standard set of performance indicators into the system in order to measure the

project

MIS will include some standards set of performance indicators for example, the time box of a

project, use of resource, budget, man power, number young people improved in each project

to measure the effectiveness and success of projects.

4. Giving better data as to how finances and resources are allocated

MIS must have this function to get correct financial records from local offices as regional

directors are reluctant to give accurate financial data. It must also be able to offer suggestions

to the Head Office to allocate finance and resources because CSA needs to know the use of

resources and finance for each project running at different offices. Only then they can send

information to their related parties who have asked to see it.


9

5. Developing a common interface for the Management Information System and external

systems so that data is only entered once

CSA will have hardship to control MIS if it contains the same data at different places. So,

entering the data more than once must be restricted.

6. Can pass the information from on project to another

To get faster performance of the projects, the MIS should provide easy access to information

from one project to another. It increases workload and reduce overheads and saves time.

7. Ensuring the data is protected and it is allowed to use to the right people at different

levels in the organization

A data controller must be appointed to keep data securely. The system must provide access to

sensitive data such as financial information to the authorized person only because there are

many staffs in CSA and the data can be used for illegal purposes.

8. Keeping details of the contracts between CSA and funding bodies for each project

MIS must have this requirement in order to set time boxing, use resources and man power for

each project at CSA. This will help CSA manage projects.

9. Permitting projects to keep demographic data about young people in a standard way,

able to be seen by central offices

The management team of CSA must know demographic data concerning young people

because they have to know what the real needs of young people are. Only then they can know

what types of project are required to start at what area.

B1.2 High Level Requirement (Inappropriate)

10. Containing a simple case management tool to allow project workers to record short

notes in a secure way

This requirement can make the MIS complex and unusable by keeping a lot of detail

information of managing the projects which are not very important for CSA.

11. Developing an enterprise scheduling tool for the managing meetings with staff and

young people

The Management information system will become very large if it contains enterprise

scheduling tools which are not urgently needed by CSA. They just need an effective

management tool to manage projects.


10

12. Integrating existing data into the system

As CSA doesn’t have a standard way of recording projects information, the existing data

won’t come into use for developing MIS.

13. Developing the system in order to be extendable to contain extra features in the future

This requirement should be thought before development of the MIS but not very important for

CSA to monitor projects. MIS should have only core functions for management (for example

keeping financial records correctly). CSA has just intended to add features of the MIS after it

has been developed.

Word Counts B1= 861

********************************************************************************

Moscow

B2. List of functional and non-functional requirements

B2.1The following are functional and non-functional requirements based on appropriate high

level requirements with prioritization.

Functional Requirements

1. Collecting data correctly from local offices Must Have

2. Producing management reports for both SMT and Trustees Must Have

3. Giving better data as to how finance and resources are allocated Must Have

4. Keeping details of the contracts between CSA and funding Must Have

bodies for each project

5. Adding a standard set of performance indicators into the system

in order to measure projects Must Have

6. Permitting projects to keep demographic data about

young people in a standard way, able to be seen by central offices Must Have

7. Developing a common interface for the Management Information

system and external systems so that data only entered one Could Have

Non-Functional Requirements

8. Ensuring the data is protected and it is allowed to use

to the right people at different levels in the organization Should Have

9. Can pass the information from on project to another Could Have


11

B2.2 Explanation of setting about prioritization with justification

Functional Requirement

Collecting data correctly from local offices Must Have

This is a must have requirement for developing MIS. As CSA needs MIS to monitor all projects, the

system must be added this requirement to be able to collect correct data about each project from local

offices. Without having this in MIS, CSA will have difficulties to manage projects from head offices

as data about projects are missing which are very important for managing projects.

Producing management reports for both SMT and Trustees Must Have

The requirement must be included in MIS because it must produce reports by showing all

management information for example, progress of project, use of resources and man power used for

each project etc. Both SMT and Trustees need reports to offer necessary guidance and show that the

projects are going well to the funders.

Giving better data as to how finance and resources are allocated Must Have

This is a must have requirement for developing MIS because MIS must have correct financial record

and it should provide data for the use of finance and resource when needed. Only then CSA can

estimate for future projects and avoid unwanted cost.

Keeping details of the contracts between CSA and funding Must Have

bodies for each project

MIS must includes this requirement because MIS must have all information of contracts between

CSA and funding bodies in order to offer contract information to the contract team when required.

With this information, contract team can manage current contracts.

Adding a standard set of performance indicators into the system Must Have

in order to measure projects

This requirement can’t be left because CSA will not able to measure the projects running under it so

that MIS must be added some standard set of performance indicators for example, functions that

calculate use of resources, finance, number of young people improved by each project. This will help

CSA make better projects in the future.

Permitting projects to keep demographic data about

young people in a standard way, able to be seen by central offices Must Have

By keeping demographic data systematically, CSA can easily analyze for future projects based on

these data. So, I selected this requirement as a must have for developing MIS.


12

Developing a common interface for the Management Information Could Have

system and external systems so that data only entered one

CSA can monitor or manage projects without this requirement as it is related to data input and

restriction of inserting duplicate data. But MIS may include duplicate data if it doesn’t add this

requirement.

Non-Functional Requirements

Ensuring the data is protected and it is allowed to use Should Have

to the right people at different levels in the organization

This is a should have requirement for developing MIS because it’s related to authentication and

security. CSA can run MIS to monitor projects without this requirement. As it’s a non-profit

organization, unauthorized access to data may not effect very much on CSA. This requirement should

be included to prevent unwanted risks.

Can pass the information from on project to another Could Have

This requirement can be left for developing MIS because MIS will be able to collect all information

about project from all local offices. So, authorized people at different local offices will have access to

the data from MIS.

First Increment, Second Increment and Third Increment

Each requirement will be described for how long they will take to be completed.

As the project will be developed by using DSDM, it should be finished during six months. 8

hours for a day and 40 hours for a month and 960 hours for six months. Within 770 hours, all

must have functions will be completed.

These are the must have requirements which will be delivered as the first increment. The MIS will

really be workable with these requirements and employees in CSA can give feedback for each

increment for avoid unwanted errors and meet it their desired requirements.

First Increment

No Requirement Hours Prioritization

1 Collecting data correctly from local offices 120 Must Have

2 Producing management reports for both SMT and

Trustees

80 Must Have

3 Giving better data as to how finance and resources are

allocated

100 Must Have

4 Keeping details of the contracts between CSA and

funding bodies for each project

100 Must Have

5 Adding a standard set of performance indicators into the

system in order to measure projects

80 Must Have


13

6 Permitting projects to keep demographic data about

young people in a standard way, able to be seen by

central offices

80 Must Have

7 Ensuring the data is protected and it is allowed to use


70

8 Developing a common interface for the Management

Information system and external systems so that data

only entered one

70

9 Can pass the information from on project to another 70

Total Must have hours= 770

This should have requirement is essential but not very important for the system to contains in the first

increment. So, it will be delivered as the second increment to the users.

Second Increment




Trustees

80 Must Have


allocated

100 Must Have



100 Must Have



80 Must Have



central offices

80 Must Have



70 Should Have



only entered one

70

9 Can pass the information from on project to another 70

Total should have hours = 70

Second Increment total hours = 840


14

These are could have requirement and these can make MIS better. It could be left if the time box is

not enough. But, MIS will work without any problems.

Third Increment




Trustees

80 Must Have


allocated

100 Must Have



100 Must Have



80 Must Have



central offices

80 Must Have



70 Should Have



only entered one

60 Could Have

9 Can pass the information from on project to another 60 Could Have

Must Have= 770 hours

Should Have= 70 hours

Could Have= 120 hours

Within six months, MIS will be finished. But some unexpected risks may occur, so, there will be

some delays to deliver the system. If the project is likely to be late, should have and could have

requirements could be left.

********************************************************************************


15

Section C


16

(C1)

As CSA is a charity organization, it relies on public trust. It’s not possible to make sure that CSA

is 100% safe at all times. So, CSA needs to show that they focus on its responsibilities to keep the

data securely and it is taking balanced measures for protecting personal data from being misused. As

it has 60 different projects at different local offices, data protection has become an issue for it with

large amount of data of young people and funders but although small charity organizations are

possibly to keep personal data on people for example staff, trustees. Currently CSA is facing various

difficulties to collect data as staffs have no awareness of keeping data securely and no professionalism

about dissemination of data. What’s worse is duplication of the same personal data because CSA has

no standard way of keep data related to young people, staff and funders or supporters.

In order for CSA to stand on its existing reputation, it needs to handle all its data securely. CSA

should make sure that the personal information is not misused and doesn’t reach into wrong hands.

So, to keep and manage data securely, a data controller should be appointed who has to process CSA

data under Data Protection Act. DPA is only related to the treatment of personal data. He will be

lawfully in charge for making sure that data processing complies with the DPA. DPA is in relation to

protect people from the misuse of their personal information. In order for data controllers to work at

organization, they need to register with the Information Commissioner by providing details on the

type of data which will be hold and the purpose of processing personal data. DPA states eight

principles that the data controllers must follow them when processing the data.

As Data controllers must follow the eight principles, the data about CSA projects will become secure.

Every local office can access to data within CSA depending on their needs but they must comply with

the data protection act. So, data will be protected and not misused. Public trust for CSA will increase.

The following are the issues that CSA may have to face after developing a centralized management

information system attached what the data controller will have to solve these issues.

Example (One)

CSA has all the personal data of employees, young people and funders. If the government or other

charity organizations ask for the data it holds to use for other purpose, CSA will likely to share the

data to them.

Data controller help overcome this issue according to DPA 1,

- Deciding why the government or other charity organizations needs the personal data and what

they intend to do with it

- Making sure that CSA provides clear and correct privacy notices to employees or young

people for collecting their personal data

Privacy notice should contain the purpose of processing their personal data

and the processing of their personal information is fair such as who you may

disclose the information to that subject would not expect.


17

Example (Two)

The system will permit projects to keep demographic data about young people which will be

accessible by central offices. Existing data will also be kept in the new MIS.

According to DPA 3,

- Data controller must make sure that whether the personal information that the CSA holds is

relevant. In order to consider if each is relevant for the purposes this is described in a privacy

notice to the data subject and in notification to the Information Commissioner Organization.

- Data Controller must ensure that the data he holds is too much. The excessive data that he

doesn’t require for his specified purposes, must delete it.

- Data Controller must establish if the data is sufficient to make decisions it informs, decisions

that may have a major impact on the data subject will probably needs a great deal of

information and CSA is often required to make those decisions.

- Making sure that CSA holds the right information is important for both decisions making and

protecting individuals CSA hold data about. It’s ethical and legal responsibilities for both

CSA and data controller to keep their personal data properly.

Word Counts: 700


18

(C2)

Purpose of the code of conduct for a professional body (BCS)

Today, People around the world are using IT for different purposes. Especially, organizations and

companies are mainly using IT for their daily processing to be smooth and reduce workload. As IT is

on the rise, the IT professionals and universities are also increasing day by day. And, the IT society

will become outrageous because IT professionals and universities are misusing IT and taking

advantages of people who are lack of IT knowledge. Not only in IT but also other fields are like that.

It’s widely regarded that using IT is very expensive in organizations and companies. So, every

organization doesn’t need to have wasted their investment by having unusable systems. So, they need

a professional body to control all these issues. That’s why Professional bodies such as BCS have to

form to handle IT professionals and set the standards and rules for them to work accordingly. Here is

the purpose of BCS

Promote the study and practice of computing and to advance knowledge of and education in

IT for public’s advantage.

Sets out the professional standards needed by the society

Applies to members of all grades (including students)

BCS Code of conduct

Based on the following BCS code of conduct, the four professional issues are done.

(d) “Shall not reveal or allow to be revealed, or use for personal advantage or to profit a third party,

private information apart from the permission of relevant authority, or as needed by legislation”.

(e) “NOT misrepresent or withhold information on the performance of products, systems or services

(unless lawfully bound by a duty of confidentiality not to disclose such information), or take

advantage of the lack of relevant knowledge or inexperience of others”.

(g) “Shall refuse and not make any offer inducement”. (f) “Shall avoid hurting others, their belongings, reputation, and employment by false” etc. (b) “Shall avoid any condition which may raise conflict of interest between professionals and

employers and organization”.

(a) “Shall be focus on and careful of public health, safety and environment in professional role”.

Ref: BCS, the Chartered Institute for IT, 8 June 2011. Code of Conduct for BCS members. Trustee

Board Regulations Schedule 3 Volume 4, page 2-3. BCS, UK.

Four Professional Issues

After developing MIS for CSA, the system developer will know all about a charity organization

and have the copy of MIS as he would develop it. If other charity organization may ask him to

develop a similar system for their organization, he may sell the information system of CSA by

adding some necessary functions.

In this condition, the system developer will be in breach of rule (d) and (e) of duty of relevant

authority of the BCS. The case would be clear of disclosing information for personal gains without

letting CSA know and keeping information of the MIS of CSA on the performance of system and

taking benefits from other organization who doesn’t know that the system that the system developer


19

will deliver to them legally belongs to the CSA. Being a professional, he should seek permission and

provide explanation to CSA before he discloses information. He should also tell other organization

that he has developed the same similar system for CSA. So, he will take some of the functions from it

to develop a system for them.

Some of the main employees in CSA such as Sean McNally, Northern Regional Director isn’t

interested and willing for the new information system because he doesn’t want to have been

supervised from the central office so that he can take benefits with this way. So, he may

probably tell system developer to add some wrong functions by offering bribes to make central

office fail to manage his office.

According to BCS code of conduct, the system developer will be in breach of rule (g) and (f) of

professional competence and integrity and he shouldn’t take any bribe from Sean McNally and other.

Instead, he should tell the management team about that.

As the management information system that CSA wants to have is a large development project,

the system developer may take this an opportunities by giving time for other’s project during

developing CSA project in order to get more money at the same time. So, he will likely to deliver

the system later than the deadline.

In this situation, role (b) of Duty to relevant section of the BCS is the most suitable. This case would

be a plain case of increasing conflicts between system developer and CSA because he will deliver the

system late. As a professional, he should work according the commitment with CSA and finish within

time box or. Time is very important for every organization or company. So, he should not break his

commitment. He should make direct disclosure to the management team of the CSA with the correct

reasons why he fails to deliver the system on time. He should seek advice from them how to move

next.

As the system developer has contracted to CSA to develop an information system, he must

collect personal data about young people, employees and funders and will have all personal data

in his hand. He may likely to use these data when developing similar information systems.

According to BCS code of conduct, the system developer will be in breach of rule (a) of public trust.

As a professional, he should always be careful of public security and privacy. He should not disclose

their data for any purposes without their permission.

Word Counts: 734 (Exclusive of BCS Code of Conduct rules)

DFM BIT Coursework

Business

Transcript of DFM BIT Coursework