What is Your Confidence Level that Controls are in Place in automated (or manual) applications?
-
Upload
steven-mitchell -
Category
Documents
-
view
218 -
download
0
Transcript of What is Your Confidence Level that Controls are in Place in automated (or manual) applications?
![Page 1: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/1.jpg)
What is Your
Confidence Level that Controls are in Place
in automated (or manual)
applications?
![Page 2: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/2.jpg)
Integration of BA, BPM, SDLC, PM
What are Accountants’ roles regarding establishing controls?
• Business Analysis (subject matter experts SMEs)
• Business Process Management
• System Development Life Cycle
• Project Management
![Page 3: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/3.jpg)
Who are the SMEs
in developing
financial control
requirement?
![Page 4: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/4.jpg)
Necessary!Must understand & consciously integrate activities of
Financial Auditing / IT Auditing
Business Analysis (BA)
Business Process Management / Improvement (BPM / BPI)
System Development Life Cycle (SDLC)
Project Management (PM)
![Page 5: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/5.jpg)
BPM
BA, SDLC
PM
Strategic Goals
Accountant(SME)
control specs
![Page 6: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/6.jpg)
Project initiation, Requirements identification, Work definition, and Task assignment
6Information Technology Project Management, Fifth Edition, Copyright
2007
Owner, User, SME Specification,Business AnalysisBusiness Process ManagementProject Management
User specifications, Systems Analysis & Project Management
Project Management & Expert Knowledge
Project Management & Expert Knowledge
Project Management & Expert Knowledge
![Page 7: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/7.jpg)
Some background info / examples.
Double entry accounting. Paccioli, 1494.The control? Debits and Credits must balance.Processes must be defined & corrected prior to automating
Automated financial systems 1950s – 1960sProblems
Specifications – Not what users needed.Errors – Processes not understood. Bugs in the code.Controls – Missing or ignored.
Enron, HealthSouth, Sub-prime loans.(1986-87 loan approval expert system.)
Desire Adequate, error free system with necessary controls
![Page 8: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/8.jpg)
Warnings when acquiring Business (or any) IT Systems
Managers / IT auditors / Users specifying requirements must recognize when automated controls are not present.
Are
business process improvement (BPI) best practices
accounting best practices
business analysis, system development life cycle (SDLC) best practices
project management (PM) best practices
addressed during development of the system?
Are BEST PRACTICES followed during development?
If not, great likelihood controls not in place, user needs not covered.
Warning!
Warning!
Warning!
![Page 9: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/9.jpg)
Thoughts
from
IT Auditors, Forensic Accountants,
Ivar Jacobson’s The Object Advantage
Whitten, Bentley, & Dittman authors of Systems Analysis & Design Methods
Kathy Schwalbe author of IT Project Management
PMI, A Guide to the Project Management Body of Knowledge
and my experiences.
Paul Crigler
UAB Department of Management, Information Systems, & Quantitative Methods
IS and MBA-IT instructor
![Page 10: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/10.jpg)
Losing control (and money)
due to
• Finagling the facts• Violating the rules• Stealing• Incorrect / Invalid reporting• Processes or process steps that are NOT
correct or are NOT followed or are NOT automated
![Page 11: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/11.jpg)
!!!• We must be aware of and understand the integration of
• Business Process Management• Financial Audit / IT Audit / Forensics• Business Analysis methods• Systems Development methods• Project Management techniques
• and their best practices
![Page 12: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/12.jpg)
IT Audit within the Audit Process
(1st three steps applicable when developing or acquiring an
information system)Financial Statement Unaudited
Understand the Company
Identify Significant Processes
Understand Internal Controls
Evaluate Fraud Risk Factors disclosed by
Internal Control
Develop Final Risk Assessment
Etc.
1. Complete review
2. Submit Financial Statement draft for review
3. Issue Financial Statements
Financial Statement Audited
Etc.
![Page 13: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/13.jpg)
How was automated control system developed?
The enterprise with its many processes
guided by GAAP, ISACA, industry standards and
best practices.
BPM, BPI best
practices BA,SDLCbest
practices
PM, PPM best
practices
![Page 14: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/14.jpg)
How are controls originated?
• Who establishes the business rules?
• Who defines the processes?
• Who defines the controls?
• Who are responsible for controls?
![Page 15: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/15.jpg)
When Processes are Automated
Who defines the controls (and the processes)?
Accountants, Operation Managers, Process Engineers, etc. - using BPM, BA best practices
Who analyzes, designs, builds computer system?
Business and Systems Analysts, Designers, Programmers - using SDLC best practices
Who insures project is executed on time, within budget, completely and with quality?
Project Managers, Project Portfolio Managers -using PM, PPM best practices
![Page 16: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/16.jpg)
Verifying
• What is the evidence automated controls are not in place?
• Will discrepancies indicate?
• Will tests?– Debits vs. Credits?– Raw material in vs. finished goods out?– Through-put. Others?
• What indicates that BPM, BA, SDLC, PM best practices were followed?
![Page 17: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/17.jpg)
Which is Best?
Testing in?
Building in?
US automakers of 1970s?
Japanese automakers in 1970s?
![Page 18: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/18.jpg)
Build quality into automated control systems
The enterprise with its many processes
guided by GAAP, ISACA, industry standards -
best practices.
BA, SDLCbest
practicesPM, PPM
best practices
BPM, BPI best
practices
using
![Page 19: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/19.jpg)
Business Process Management
1st ___________
Business Process Management
Business Process Improvement
(BPM, BPI)
![Page 20: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/20.jpg)
Some Major Processes
1. Cash receipts2. Cash disbursements3. Revenues and Accounts Receivables4. Procurement / Accounts Payable5. Payroll / Human Resources6. Financial Statement Close Process 7. Information Technology8. Other Processes Specific to the Business and
its Industry
![Page 21: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/21.jpg)
Speed Are the processes generating the specified outputs in a timely manner?
Reliability Are the business processes consistent?
Is up to date information available to the right people?
Integration Do the business processes integrate all the necessary components seamlessly?
Do the processes link all the required data feeds?
Flexibility Are the processes capable of absorbing changes initiated by the environment?
Security Are the processes equipped with the proper security features capable of protecting confidential client information?
Is information authentic and reliable?
Process Evaluation Criteria
![Page 22: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/22.jpg)
Activities of business process improvement projectEnvisioning
Strategy
Understanding theexisting business
CustomerDemands
Bench– marking
Envisioning
ReengineeringDirective
Model of the Existing Business
Objective Specification(vision of future, the new company)
![Page 23: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/23.jpg)
Business process improvement Rebuilding
Objective Specification(vision of future, the new company)
The Model –the redesigned process(es) for the New Business
Envisioning
Reversing theExisting Business
Engineering theNew Business
Installing theNew Business
ReengineeringDirective
“as-is”
“to-be”
The reengineeredCorporation (the documentation)
Business Process Redevelopment
![Page 24: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/24.jpg)
Business process improvement
Continuous Improvement
Envisioning
Reversing theExisting Business
Engineering theNew Business
Installing theNew Business
ReengineeringDirective
“as-is”
“to-be”
The reengineeredCorporation (the documentation)
Business Process Reengineering project
Improvements
Radical Δ ?(Radical change?)
No
Yes ?
![Page 25: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/25.jpg)
Enterprise Applications
• Virtually all organizations require a core set of enterprise applications – Financial mgmt, human resources, sales, etc.– Frequently purchased (COTS – commercial off
the shelf)– Frequently need to have custom elements added
• Systems Integration process of building unified information system out of diverse components purchased software, custom-built software,
hardware, and networking.
Warning!
COTS – squeezing size 10 foot into size 4 shoe
Warning!
Integration of components– a major source of concern
![Page 26: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/26.jpg)
Enterprise Applications
![Page 27: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/27.jpg)
Framework for improving and automating processesSee page 470See page 470Goals:
Improve Business Processes
(controls), Business Knowledge
&Communications to
accommodate strategic business objectives
Implementation Activities
The Business Drivers
PlayersSystems UserAccountantsSystems OwnersProject Managers Systems AnalystsSystem Designers
The Technical Drivers
Warning!
Goals do not match strategic business objectives!
Warning!
Stakeholders not on board! Stakeholders do not take ownership!
Warning!
Processes are not in place or are not followed!
![Page 28: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/28.jpg)
BA, Control Specifications & SDLC
2nd
_____________
Business Analysis, Control Identification
&
Systems Development Life Cycle
![Page 29: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/29.jpg)
Business Analysis / RequirementsSystems Development Life Cycle
If BA / Financial Controls / etc. requirements are not properly addressed ….
Warning!
If SDLC best practices are not in place ….
For definitions go to http://en.wikipedia.org/wiki/Business_analysis
![Page 30: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/30.jpg)
Typical SW Project
Information Technology Project Management
30
![Page 31: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/31.jpg)
Objectives for the Accountant (or manager) responsible for specifications
1. Understand business analysis and systems analysis and relate to scope definition, problem analysis, requirements analysis, logical design, decision analysis phases of SDLC.
2. Understand systems analysis approaches for solving business system problems.
3. Understand scope definition, problem analysis, requirements analysis, logical design, and decision analysis phases in terms of information system building blocks.
4. Understand scope definition, problem analysis, requirements analysis, logical design, and decision analysis phases in terms of purpose, participants, inputs, outputs, techniques, and steps.
![Page 32: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/32.jpg)
Accommodate Business Strategy
Systems Analysis and DesignProcesses
System Building
Blocks from Systems Analysis
perspective
Information System Building Blocks
Warning!
Goals do not match strategic business objectives!
Warning!
BA, IT Auditing, SDLC, and Project Management processes are not in place!
Warning!
People are not on board or being properconsidered!
![Page 33: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/33.jpg)
5-33
What is Systems Analysis ?
Systems analysis problem-solving technique that decomposes a system into component pieces for studying how well parts work and interact to accomplish purpose. The What, Why & Who
Systems design problem-solving technique that assembles system’s component pieces into complete system The How
Information systems analysis development phases in information systems development project -- primarily focus on business problem and requirements -- independent of technology used to implement solution
![Page 34: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/34.jpg)
5-34
Context of Systems Analysis
Identify alternate solutions
Project Charter
Warning!
A SDLC process is not in place.
Warning!
Repository not maintained, understood, and used.
![Page 35: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/35.jpg)
5-35
Requirements Discovery
used by systems analysts to
identify system problems & solution requirements from user community
Accountants when the system’s focus is to provide controls
![Page 36: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/36.jpg)
5-36
Business Process Redesign
BPR feature of systems analysis to achieve major business changes
goal dramatically improve fundamental business processes
independent of information technology.
Warning!
BPR does not occur prior to new system design – resulting in automating bad processes.
![Page 37: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/37.jpg)
FAST Systems Analysis Phases
1. Scope Definition Phase– Why is project worth considering?
2. Problem Analysis Phase– Why is new system worth building?
3. Requirements Analysis Phase– What do users – Accountants - want from new system?
4. Logical Design Phase– What must new system do?
5. Decision Analysis Phase– What is best solution?
Scope boundaries of project – area of a business that project may address
![Page 38: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/38.jpg)
5-38
Scope Definition Phase Terms
Steering body committee of executive business and system managers that studies and prioritizes competing project proposals
(steering committee)
Project charter final deliverable for preliminary investigation phase
defines the project scope, plan, methodology, standards, etc.
Warning!
Steering committee not in place.
Warning!
Project Charter (contract) not adequate.
![Page 39: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/39.jpg)
5-39
Context of Problem Analysis Phase
USERS
Who are involved in this phase?
What is the purpose of this phase?
![Page 40: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/40.jpg)
40
Key Term of the Problem Analysis Phase
Context Diagram pictorial model that shows how system interacts with world around it
and
specifies system inputs and outputs.
Our System
![Page 41: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/41.jpg)
Requirements Analysis Phase
Users
Project
Mgrs.
![Page 42: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/42.jpg)
5-42
Context of Logical Design Phase of Systems Analysis
Users
ProjeCT
Mgrs.
![Page 43: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/43.jpg)
5-43
Context of Decision Analysis Phase
Bui
lder
sD
esig
ners
Ow
ners
Have requirements now can determine how new system might be implemented to cover all requirements while dealing with technology constraints.
![Page 44: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/44.jpg)
5-44
Feasibility Matrix
Candidates are compared with each other
and ranked.Warning!
A stakeholder attempts to influence the decision by corrupting the data, modifying the weights “arbitrarily”, etc.
![Page 45: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/45.jpg)
Project Management
3rd
_____________
Managing the Project
Managing the Project Portfolio
![Page 46: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/46.jpg)
Need for Organizational Standards
Standards and guidelines help project managers be more effective.
Senior management can encourage:– use of standard forms and software for project
management.– development and use of guidelines for writing project
plans or providing status information.– creation of a project management office (PMO).
Warning!
Expect problems if have no standing Technical Standards Committee.
Warning!
Expect problems if standards and guidelines 1)are not defined, 2)practitioners are not trained, 3)standards are not followed.
![Page 47: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/47.jpg)
What Is a Project?
Project “a temporary endeavor undertaken to create a unique product, service, or result.”
(Operations are work done to sustain the business.)
A project ends when its objectives have been reached, or the project has been terminated.
Projects can be large or small and take a short or long time to complete.
![Page 48: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/48.jpg)
Project
1. Has unique purpose
2. Is temporary
3. Is developed using progressive elaboration
4. Requires resources, often from various areas
5. Should have a primary customer or sponsor• project sponsor provides direction and
funding for project
6. Involves uncertainty
Warning!
C level management and sponsors don’t understand projects.
Warning!
Management doesn’t support the project
Warning!
Risk Management Plans not in place
Warning!
Domain experts / SMEs / Accountants providing control specs are not engaged
![Page 49: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/49.jpg)
49
Project Management Framework
Warning!
Project does not support strategic plans.
![Page 50: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/50.jpg)
Project Management Perspective necessary to appreciate ROI
$ Benefits
$ Costs
Traditional Focus
Feasibility
Analysis
DesignBuild Test Ship
Focus must continue beyond implementation to reap benefits.
Development Operations with Support
All that happens after “project” ends
Warning!
BA & SDLC must utilize best analysis, design, and support processes
Warning!
IT Controls must be in place to minimize risk so maximum $ will be made.
Warning!
Requirements must be correct so maximum utilization will be achieved by users.
![Page 51: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/51.jpg)
Project and Program Managers
Project managers work with project sponsors, project teams, and other people involved in projects to meet project goals.
Program: “A group of related projects managed in a coordinated way to obtain benefits and control not available from managing them individually.”*
Program managers oversee programs and often act as bosses for project managers.
![Page 52: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/52.jpg)
1-52
Project Manager
Project Manager experienced professional
- responsible for planning, monitoring, and controlling projects
with respect to schedule, budget, deliverables, customer satisfaction, technical standards, and system quality.
Warning!
Without experienced PM may not include users’ (Accountants’, Managements’, etc.) concerns in system.
![Page 53: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/53.jpg)
Project Management Certification
• PMI provides certification as a Project Management Professional (PMP).
• A PMP has documented project experience, agreed to follow code of ethics, and passed exam.
Warning!
Don’t have experience, certified PMs managing IT Control projects.
![Page 54: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/54.jpg)
Different players, different agendas
6.1 / 64
Warning!
Must identify all stakeholders & understand their agendas!
![Page 55: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/55.jpg)
55
Project Stakeholders• Stakeholders are the people involved in or affected by
project activities.
• Stakeholders include:1. Project sponsor (person generally with $$$ and clout)
2. Project manager
3. Accountants, Project team
4. Support staff
5. Customers
6. Accountants, Users
7. Suppliers
8. Opponents to the project can stop or kill a project
Warning!
Stakeholders are not adequately identified and engaged.
War story about Office Paper Recycle Project stakeholders
Another war story about HR Admin system stakeholders
![Page 56: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/56.jpg)
Importance of Top Management Commitment
top management commitment
key factor for project success.
Top management must help project managers
– Secure adequate resources.
– Get approval for unique project needs in timely manner.
– Receive cooperation from people throughout organization.
– Learn how to be better leaders.
Warning!
Management not committed to project
![Page 57: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/57.jpg)
Need for Organizational Commitment to IT
• If the organization has a negative attitude toward IT difficult for IT project to succeed
• Chief Information Officer (CIO) at a high level in organization helps IT projects
• Assigning non-IT people to IT projects more commitment
Warning!
CIO not at high level in company
Warning!
Few non-IT people on the project
Warning!
IT issues not standing agenda item for Board of Directors
![Page 58: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/58.jpg)
58
Level of Activity and Overlap of Project Process Groups Over Time
Warning!
Project team does not address all groups in integrated fashion.
Must understand Iterative Elaboration
nature of systems projects.
![Page 59: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/59.jpg)
59
Nine Project Management Knowledge Areas
• Knowledge areas describe the key competencies that project managers must develop.
– Four core knowledge areas lead to specific project objectives (scope, time, cost, and quality).
– Four facilitating knowledge areas are the means through which the project objectives are achieved (human resources, communication, risk, and procurement management).
– One knowledge area (project integration management) affects and is affected by all of the other knowledge areas.
Warning!
Project plan and execution do not address all knowledge areas.
Warning!
Project integration management not understood & followed.
![Page 60: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/60.jpg)
PM Capability Maturity Model (CMM)
Low risk
High risk
Not competitive
Very competitive
Warning!
Low CMM rating
a big red flag!
Warning!
Low CMM ratinghigher costs lower qualitymore time
Lack of Maturity of enabling
processes such as Auditing (financial & IT),
Control identification, BPM, BA, SDLC, PM will be detrimental, increase
risks, and reduce competitive ability.
![Page 61: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/61.jpg)
61
Project Success Factors
1. Executive support
2. Accountant & User involvement
3. Experienced project manager
4. Clear business objectives
5. Minimized scope
6. Standard software infrastructure
7. Firm basic requirements
8. Formal methodology
9. Reliable estimates
10. Other criteria, such as small milestones, proper planning, competent staff, buy-in and ownership, and clear communications
Warning!
Without these success factors -internal controls and necessary features may not be included.
![Page 62: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/62.jpg)
62
Suggested Skills for Project Managers
• Project managers need a wide variety of skills.
• They should
– Be comfortable with change.
– Understand the organizations they work in and with.
– Lead teams to accomplish project goals.
Warning!
Project manager
does not understand the business,
are not leaders.
![Page 63: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/63.jpg)
63
Project Manager Skills
1. Communication skills: Listens, persuades.
2. Organizational skills: Plans, sets goals, analyzes.
3. Team-building skills: Shows empathy, motivates, promotes esprit de corps.
4. Leadership skills: Sets examples, provides vision (big picture), delegates, positive, energetic.
5. Coping skills: Flexible, creative, patient, persistent.
6. Technology skills: Experience, project knowledge.
![Page 64: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/64.jpg)
64
Sample Gantt Chart
Work Breakdown Structure showing all tasks of project
Warning!
All tasks not completely identified.
![Page 65: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/65.jpg)
65
Ethics in Project Management
1. Ethics - important part of all professions.
2. Project managers often face ethical dilemmas.
3. In order to earn PMP certification, applicants must agree to the PMP code of professional conduct.
4. Several questions on the PMP certification exam are related to professional responsibility, including ethics.
Warning!
Have concerns that project is executed ethically.
![Page 66: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/66.jpg)
66
Project Management Office (PMO)
• responsible for developing, coordinating, promoting, and supporting project management function throughout organization.
• Possible goals include:1. Collect, organize, and integrate project data for entire
organization.
2. Develop and maintain templates for project documents.
3. Develop or coordinate training in various project management topics.
4. Develop and provide a formal career path for project managers.
5. Provide project management consulting services.
6. Provide a structure to house project managers while they are acting in those roles or are between projects.
Warning!
PMO not in place or is not effective.
![Page 67: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/67.jpg)
How was the computer based control system developed?
The enterprise with its many processes
guided by GAAP, ISACA, industry standards and
best practices.
BPM, BPI best
practices BA & SDLC
best practices
PM, PPM best
practices
If not followed - Warning!
by following and using
![Page 68: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/68.jpg)
Ask yourself –Would we want professionals trained in Project Management
to manage a major compliance implementation?
Develop an understanding
of existing internal controls
Existing internal
controls (if any)
Existing internal
controls (if any) as we
understand
Create internal
controls that accommodate
SOX
Continuous compliance
improvement
SOX “compliant”
internal controls
![Page 69: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/69.jpg)
To have adequate IT systems and controls
Managers, Financial Auditors, users on project teams, and IT auditor must insure that controls were built-in
Managers, Financial Auditors, Users & IT Auditor should insist on
Business Process Best Practices Business Analysis Best Practices
System Development Life Cycle Best Practices
Project Management Best Practices
by being on the look-out for
![Page 70: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/70.jpg)
To increase the quality of systems require the certification of those
• specifying the controls CISA, CISM, CGEIT, CRISC, CPA
• capturing the specifications CBAP
• designing the systems various technology specific certifications (MS, Oracle, IBM, etc.)
• managing the project PMP
![Page 71: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/71.jpg)
business processes
GAAP, etc.
industry standards
ISACA, etc.
The Enterprise
Financial Auditors, Users, & IT auditors specifying requirements should be on the look-out for warnings so IT systems and
controls will be implemented following Best Practices.
BPM, BPI best
practices
BA & SDLC
best practices
PM, PPM best
practices
![Page 72: What is Your Confidence Level that Controls are in Place in automated (or manual) applications?](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649dda5503460f94ad07e5/html5/thumbnails/72.jpg)
Thank you!
These slides are available.
To receive a copy send an email to
with subject line “ISACA presentation”
Questions?