1. ict project management
TRANSCRIPT
Introd uc tion o f Pro je c t Ma na g e me nt & Ko re a In fo rm a tio n Syste m Au d it
Young H. Choi Kor ea I T Consul t i ng I nc. ,
SW Pr of essi onal Engi neer
J un 12, 2014
Co nfid e ntia l
Young H. C hoi
• Se n . Au d ito r / Ko re a IT C o n su lt in g • In d u st ry Pro fe sso r (IC T) • Pre sid e n t / Ko re a SW Q u a lity Assu ra n c e • Fo rm e r IT Dire c to r / Fa irc h ild Se m ic o n d u c to r (US) • Fo rm e r Se n . Ma n a g e r / Sa m su n g SDS • Fo rm e r Ma n a g e r / Hyu n d a i Ele c t ro n ic s • IS Pro fe ssio n a l En g in e e r • IS Se n io r Au d ito r • IC T Se n io r Au d ito r • C ISA (ISAC A, Au st in C h a p te r in Te x a s, US)
2
Profile
Co nfid e ntia l 3
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
Co nfid e ntia l 4
About 8,400 Miles (20h 50m by flight)
Co nfid e ntia l 5
In the past, all roads lead to Rome
However now, all roads lead to SNS
Social System Relation
Co nfid e ntia l 6
● World is small enough thru 6 stages, 4 stages via Twitter
Be Small World Network
● Word of mouth -> World of mouth
the theory that everyone and everything is six or fewer steps away, by way of introduction, from any other person in the world, so that a chain of "a friend of a friend" statements can be made to connect any two people in a maximum of six steps
Co nfid e ntia l 7
1. ICT Project Management
Over Worked !! !
Co nfid e ntia l 8
▶ To understand the meaning and processes of managing projects to raise its success rate
1. ICT Project Management
Wha t is ICT Pro jec t
▶ To provide benefits for people and their organizations,
and improve the quality of life of citizens,
Given the constraints of funds, time and resources, policymakers,
Co nfid e ntia l 9
-Information and Communication Technologies (ICT) is not only with hardware, networking systems, software and applications to achieve a goal,
1. ICT Project Management
ICT Project
H/W
S/W
N/W
Appl.
but requires a substantial amount of human activity in the projects aligned with the larger goals of the organization.
Co nfid e ntia l 10
Definition o f ICT Pro jec t Ma na gement
1. ICT Project Management
■ A set of tools
for planning, implementing, maintaining, monitoring and
evaluating progress of activities in line with larger goals and
objectives of the organization, it defines what has to be
accomplished
■ A method, a discipline, and a process
Source : AICICT (Th e Un ite d Na tio n s Ec o n o m ic a n d So c ia l C o m m issio n )
Co nfid e ntia l 11
▶ People, Process and Technology which are influential factors to project performance in achieving the project’s goals or objectives.
▶ Defining, balancing and integrating the relationships among these factors can result in the project’s optimum performance.
1. ICT Project Management
Vita l Fa c to rs o f Pro jec t Ma na gement
Co nfid e ntia l 12
☞ Poor project design
1. ICT Project Management
Ma jo r Rea sons o f Pro jec t Fa ilure
So process, outputs(deliverables) and resources should be managed responsibly
☞ Poor project management
Co nfid e ntia l 13
▶ The project plan should detail all areas of discipline that will
answer the question, how do we achieve the goals, objectives
and requirements of the project?
1. ICT Project Management
Disc ip lines o f Pro jec t Ma na gement
▶ Qualified and competent managers must be prepared to
handle the following disciplines:
Co nfid e ntia l 14
1. Scope
2. Time
3. Cost
4. Human Resources
5. Risk
6. Quality
7. Procurement
8. Communication
9. Integration
10. Issues & Acceptance
11. Change
1. ICT Project Management
Disc ip lines o f Pro jec t Ma na gement
Co nfid e ntia l 15
To be successful Project, the following principles should be observed
1. Participation
– People who are part of the project should be involved at
every stage, from the initial needs assessment through to
monitoring.
1. ICT Project Management
Rec ommend ed Princ ip les fo r Suc c essful Pro jec t
Co nfid e ntia l 16
2. Local ownership and capacity development
– For projects to be sustainable, they must be locally owned and accompanied by human and organizational capacity development.
1. ICT Project Management
3. Alignment
– The potential benefits for the poor are more likely to be realized when ICT activities are aligned with the larger demand-driven development efforts of partners, particularly those related to poverty reduction.
Co nfid e ntia l 17
4. Institutional ownership and leadership
– A sense of ownership by and leadership of partner institutions are important.
Although successful ICT pilot programs are often driven by individuals, there must also be an institutional base to extend the project’s reach and increase the number of people involved.
1. ICT Project Management
Co nfid e ntia l 18
5. Competitive enabling environment
– An enabling ICT policy environment includes respect for freedom of expression, diversity and the free flow of information, completion of ICT infrastructure provisions, and investment in service development, including local content and the adoption of open source solutions
1. ICT Project Management
Co nfid e ntia l 19
6. Financial and social sustainability
– In order for projects to be financially sustainable, all potential costs and revenue generation should be included in the planning process from the start.
1. ICT Project Management
Co nfid e ntia l 20
7. Risk considerations
– Possible and unforeseeable negative impacts need to be taken into account and
carefully monitored, including watching out for how the benefits of ICT-supported interventions may be unequally distributed
1. ICT Project Management
– i.e. deepening economic, social and cultural divides rather than reducing poverty.
Co nfid e ntia l 21
▶ Managing the project scope and resources, particularly time, cost and people
Ma jo r Cha llenges o f Pro jec t Ma na gement
1. ICT Project Management
▶ To manage time, good project management practice observes the different phases of project management, which include: Planning, Implementation, Monitoring and Evaluation
Co nfid e ntia l 22
▶ Sta rte d Silve r Dig ita l Era with Sm a rt De vic e s
Ima ge o f Sma rt World
Realize Digital Democratization
Co nfid e ntia l 23
Dig ita l Divid e : Sma rtp hone Phob ia e tc
Dig ita l Toy ? Dig ita l Wea p on ?
Sma rt Devic e Boom & Knowled ge Ga p
Illite ra c y = > No PC Knowled ge = > No Sma rtp hone
Digital Divide
Co nfid e ntia l 24
Break Time !!!
Co nfid e ntia l 25
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
2. The introduction of Korea IS Audit
Co nfid e ntia l 26
?
Co nfid e ntia l 27
■ IOT all connection via an internet
■ Information Big data
■ Personal information
■ System security
Complex I/F & Security
Co nfid e ntia l 28
As- wa s & As- Is ERP
Evolution of ERP System
Co nfid e ntia l 29
2. Korea Gov. Law of IS Audit
☞ IS Auditor who must not be influenced by project owner and
system developer is to check the information system in view
of 3rd party,
to improve the efficiency and acquire the security about
things which are related for building the system and stable
operation.
- Source: Korea Act Article 2, Paragraph 14
Definition of IS Audit
Co nfid e ntia l 30
Objective of IS Audit
▶ In view of 3rd party => IS Auditor should be objective of the problems and independent from project owner and other related ones
Correction notice -> Contractor
Control
No Delegation No Control
Contra c tor
IS Aud ito r
Pro jec t owner
2. Korea Gov. Law of IS Audit
Co nfid e ntia l 31
▶ Improve the system effectiveness and the contribution to business profitability
▶ Acquire IT’s cost-efficiency ; Response time, Resources etc to meet the pre-defined target
▶ Ensure the system securities; Integrity, Availability and
Confidentiality
▶ Monitor whether to follow the procedures defined by IS Audit Act
2. Korea Gov. Law of IS Audit
Objective of IS Audit
Co nfid e ntia l 32
▶ To lead the successful system development whilst minimizing the
significant risks ▶ What means the successful system development
Budget : Build IT enabled business system within budget Delivery : To complete the system development by the contractual
date Quality : to satisfy the business system with requirements of
functions, performance and security etc
2. Korea Gov. Law of IS Audit
Key Success Factor for System Development
Co nfid e ntia l
NIA (Na tiona l
Info rma tion
Soc ie ty
Agenc y)
Ministry o f Sec urity &
Pub lic Ad ministra tion
Ko rea
Government
Sta tute
33
Digital Government Act
Enforcement of ordinance for Digital Gov. Act
Notice of IS Audit Standard
Explanation of IS Audit
Guideline of IS Audit
Order / Management
Guideline of IS Audit
Execution
Management of requirement and task execution
Business type based
Checklist (48 items)
Responsible By Audit related Law / Notice / Guidance
2/2010
5/2010
2. Korea Gov. Law of IS Audit (Law enforcement)
Co nfid e ntia l 34
Type IS Audit Mandatory CY 2010 CY 2011 CY 2012
Act
Informatization promotion Act
No. 5669 (1999.1.21) Article 15 paragraph 2 (IS Audit)
Law of effective Introduction and operation of IS
No. 7816 (2005.12.30)
Digital government Law
No.10012 (2010.2.4)
Enforcement Decree
Presidential No.16458Article 10 sub-paragraph 3
Presidential No.19598
(2006. 6.30)
Presidential No. 22151 (2010.5.4)
Enforcement Rule
Enforcement rule Article 11 paragraph
1 sub-paragraph 5
Information & Communication rule No. 198 (2006. 6.30)
Standard Audit Standard of Information System (IC Notice No. 999-104)
Audit Standard of Information System (Ministry of security & public administration notice No. 2008-18)
Audit Standard of Information System (Ministry of security & public administration notice no. 2010-30 (2010.05.04) and
2010-85 (2010.12.22)
Audit Standard of Information System (Ministry of security & public administration notice no. 2010-85 (2011.7.1)
Audit Standard of Information System (Ministry of security & public administration notice no. 2012-11(2012.3.2)
Guideline Audit guideline of IS V1.0 (NIA 2009.05.28)
Audit guideline of IS V1.0 (NIA 2009.05.28)
PO Guideline of IS Audit project
(2011.7.27)
2. Korea Gov. Law of IS Audit (By period)
Co nfid e ntia l 35
Required observance by Project owner who is PO Issuer (Article 57,
Paragraph 2)
▶Support IS Auditor by project owner while working with project contractor
▶ No interrupt and unreasonable order for IS Auditor
IS Audit Observance
2. IS Audit Working Process
Mandatory Remediation about issues reported after IS Audit (Article
57, Paragraph 3)
▶ Based on the level of risk IS Auditor checked, all issues must be solved based on
the type of Mandatory correction, Warning and Recommendation
Co nfid e ntia l 36
IS Audit applicable for any public company investing more than about 0.5 M USD, which is excluding SW packages and HW in total cost
2. IS Audit Working Process
Mandatory IS Audit
However if investing less than 0.1 M USD which is small project and no worthy to audit, head officer of public company might request its exemption. But exceptions are as below. For any public service which is related with government administration Collaborated systems which many public companies are using each other
or building together In case of the system interface and common use by many public
companies If decided by head officer of public company, IS audit is required
Co nfid e ntia l 37
As Is
Arc
To Be
Arc
QA Activity
Business Management
P R O C E D U R E
O U T P U T
S E R V I C E
Tech
nology
Process
IS
Plan
ning
Imp.
Plan
System
Architecture
Application
System
Data Base
Test
Activity
Opera
tion
Ready
Com
Ple
tion
Data
Collec
tion
&
Beta
Testing
Building
Data
Quality
Control
Provide
Service
Service
Support
Building
Data
Base
Line
Mgmt
Structure
ITA ISP System Development DB OP MA
IS Audit A
rea
▶IS Audit processes include EA (Enterprise Architecture), ISP (Info. System
Planning), DB, Operation and Maintenance etc.
2. IS Audit Working Process (Framework V4.0)
Co nfid e ntia l 38
• Activities for IS audit are being taken usually at project site. They are serviced with type of stepwise IS audit and continuing audit based on
project characteristics.
• Do audit at major steps based on SW development cycle. Support steps at analysis, design and implementation
• Submit the audit report about all system areas which 4 to 10 IS auditors worked for 1-2 weeks
• Working at project site from the project beginning and guide quality and inform correction to the contractor and report to project owner
• Liaison role between project owner and contractor • Advisory for project owner in manageable and
technically with 1-2 IS auditors
Stepwise Audit
Continuous Audit
2. The execution of IS Audit (Stepwise vs. Continuous Audit)
Co nfid e ntia l 39
감리평가(▶▶▶▶ 2010 - 30▶ ) 1. Highly accepted (적정) : No risk found in achieving the project goal at the time of development stage.
2. Accepted (보통) : Small issues found but which are not impacting the project delivery and can be solved with only adjusted strategy and resources
3. Partially accepted (미흡) : Significant problem found in achieving the project goal. It requires slightly changed strategy and resources
4. Not accepted (부 적정) : Significant problems found in achieving the project goal, which can not be solved with current strategy and limited resources
Op tiona l issue s Ma nd a to ry issue s
Short Te rm Short Te rm
Long Te rm Long Te rm
Project owner will decide whether recommended issues must be solved in short or long term basis (negotiable).
2. The execution of IS Audit (Evaluation Level)
Co nfid e ntia l 40
Service
ISP Dev Audit
QA
Continuing Audit
Personal Security Planning for IS Security
System Analysis EA
ISMP PMO
Support
Planning
Define Requirement
Decision Selection Mgm’t Maint.
Biz. management & Control
Operation
Biz.
Acceptance
Proposal
Select Audit Partner
Contract
Start Prj.
Progress
Payment
Change
Audit
Completion
Biz. M
anagement
Issue PO
Prepare RFP
Maintenance Support Biz.
Cancellation
2. IS Audit Working Process (Management w/Service)
Co nfid e ntia l 41
• Apply to the best-fit audit model for accomplishing the successful improvement after analyzing the business project with the structural
and logical process in mind
Pro jec t t ype
(Devel opment or Mai n t enance
Progress l evel o f Pro jec t (Anal ys i s , Des i gn et c )
Area al l ocat i on for aud i t process (Management , Arch i t ec t ure et c )
Fi nd check po i n t for each area
IS Audi t v i ew
(Per formance or secur i t y et c )
Pro jec t A
rea
Audit View/ Check basis
Biz. Typ e /Aud it Time
Check items Review items
Check Framework
Guidance by area
Detailed review items Review method
Compliance by a rea
2. IS Audit Working Process (By Biz. Type)
Co nfid e ntia l 42
View Check Factors Description
Process
Plan Reasonability Review project plan, resources, progress etc적정성
Process Reasonability
Review procedures defined about development / operation / maintenance and r isk, quality, schedule and change etc
Compliance Review the compliance being maintained while working for the project
Product
Functionality Review the functionalities in view of completeness, integr ity and interoperability
Integr ity Review data correctness and integr ity
Usability Review the easy operation for users
Stability Review system stability in view of backup, business continuity and recovery구 신속성
Security Review system security to avoid from hacking etc
Efficiency Review business eff iciency with a reliable response t ime, scalability and adaptability
Compliance Review the output, procedure, standard and methodology to check the compliance
Consistency Requirements must be traced for any match
성과Performan
ce
Realizability ROI (Return On Investment), Achievement etc
Sufficiency Review the satisfaction of all requirements defined in the project plan
감리영역
감리관점/
점검기준
정보화전략계획수립
(ISP)
시스템개발
(SD) 유지보수
(MA)
사업유형/감리시점
데이터베이스구축
(DB)
운영
(OP)
2. IS Audit Working Process (Perspective)
Co nfid e ntia l 43
Step Check Items Explanation
Execution
&
Control
1. Change Management
Does any changes in pre-defined project scope follow the proper procedures and provide a traceability ?
2. Progress Management
Is project schedule managed in time and controlled properly ?
3. Resource Management
Are all resources being taken in schedule and managed properly as defined in the project plan ?
4. Communication Is the communication between project owner and contractor in good and reliable position ?
5. Risk Management
All risks are managed well and reported in time ? And to relieve those any procedures are being taken and traced ?
6. Quality Management
Does contractor provide activities to improve the project quality as always for the project owner and report periodically ?
2. IS Audit Working Process (In Audit Management Area)
Co nfid e ntia l
Process Normally stepwise IS audit is consisted of 9 sub-processes
IS Audit
Plan
Pre Audit
Start Audit
On-site
Audit
PO
Audit
Execution
Submit
Report
Audit Closing
Adjust Report
Remedy Plan토
Final Confirm
Approval of Audit plan
Confirm key issues
Inform corrections요구
Accepted or rejected인
Submit final scores and approval인
Submit
output
Interview &
Review Docs.
Reflect changes
Plan correction
Confirm correction & report
1 2 3 4 5 6 7 8 9
On site Remote
44
2. The execution of IS Audit
Co nfid e ntia l
Stepwise IS Audit is being taken 3 level of activities normally
as below,
A00. Preliminary
On-site Analysis
B00. On-site
Audit
C00. Confirm
Remediation
001. Report of
Audit Plan
002. Report of
Audit Processing
003. Report of
Issue Correction
2. IS Audit Common Procedure (Activities)
Co nfid e ntia l
절차도 Preliminary Audit is consisted of 3 steps as below,
A10. Prepare
Preliminary Audit
A20. Execute
Preliminary Audit A30. IS Audit Plan
A11. Scheduling A21. Receive Docs. A31. Write Audit Plan
A12. Resource plan A22. Define a scope
A23. define checklist A24. Meeting with Prj
owner & contractor
A32. Review/Confirm Audit Plan
2. IS Audit Common Procedure (Pre Audit)
Co nfid e ntia l
개요 ▶ ▶▶ B10. Start IS Audit B20. Kick-off Meeting B30. Execution of IS Audit
B11. Prepare on-site audit B21. Official Audit Meeting B31. Receive documents
B12. Confirm facilities B22. Meeting minutes B32. Review documents
B33. Find issues/risks etc
B34. Communication B35. Meeting with Contractor
B36. Meeting with Prj. owner
B37. Finalize issues
B40. Prepare IS Audit Rpt B50. Closing Meeting B60. Finalize Audit report
B41. Prepare Rpt by area
B42. Report Collection
B42. Review Reports
B51. Prepare meeting
B52. Start meeting
B61. Review issues
B62. Reconciliation
B63. Finalize report
2. IS Audit Common Procedure (On-Site Audit)
Co nfid e ntia l
시정조치는 ▶▶▶▶ ▶▶▶ ▶▶▶▶ ▶▶▶▶ ▶▶▶▶▶ ▶▶▶▶ ▶▶▶ ▶▶▶▶▶ ▶▶▶ ▶▶▶ ▶▶▶▶ ▶▶ C10. Check Remediation C20. Confirm correction
C30. Prepare Confirmation
C11. Receive contractor request
C12. Plan Check Schedule
C13. Share check plan
C21. Confirm results
C22. Mutual review
C31. Draft Report
C32. Review Report
C33. Revise Report
C23. Interview w/2 parties
C24. Submit opinion
C40. Submit Post Audit Rpt
C41. Finalize Report
C42. Submit Report
2. IS Audit Common Procedure (Remediation)
Co nfid e ntia l 49
Ind ex o f IS Aud it Rep ort
Describes all audit areas
1. Project management
2. Application
3. Data Base
4. System Architecture
IS Audit at Design level
Describes IS Audit Plan
Summarized opinion
by Audit leader
2. The execution of IS Audit (Report)
Co nfid e ntia l 50
II. Summa rized op inion
2. The execution of IS Audit (Report)
Co nfid e ntia l 51
Break Time !!!
Co nfid e ntia l 52
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
3. COBIT Framework of ISACA
Co nfid e ntia l
"The advanced economy could not run for thirty seconds without computers." - Alvin To ffle r in Tommrrow’ wea lth -
53
3. COBIT Framework of ISACA
Co nfid e ntia l 54
Source : CISCO 2011
■ Future world is hyper connected environmentally with IOT (Internet
of things) and M2M (machine to machine) which not constrained with
time and space and create new business growth and values
Rapidly Changing Hyper Connected Society
Co nfid e ntia l 55
Not increasing World PC Market, Rapidly growing Smartphone/Tab
3. COBIT Framework of ISACA
Co nfid e ntia l 56
3. COBIT Framework of ISACA
COBIT 5 is ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises
In 1969 incorporated in US, by a small group of individuals who recognized a need for a centralized source of information and guidance in the growing field of auditing controls for computer system.
* COBIT sta nd s fo r Co ntro l o b je c tive s fo r info rma tio n a nd re la te d te c hno lo g y
Co nfid e ntia l 57
• Provide a renewed and authoritative governance and
management framework for enterprise information and
related technology
• Integrate all other major ISACA
frameworks and guidance
• Align with other major frameworks
and standards
COBIT Cube
3. COBIT Framework of ISACA
Co nfid e ntia l 58
▶ COBIT (Control objectives for information and related technology)
is being developed continuously.
3. COBIT Framework of ISACA (Evolution)
Co nfid e ntia l 59
▶ Korea IS Audit is focused on system development in view of functions, security and effectiveness to meet business demand,
3. COBIT Framework of ISACA (vs. Korea IS Audit)
while COBIT is business process oriented in terms of 1) Plan & Organization 2) Acquire & Implementation 3) Deliver & Support 4) Monitor & Evaluate
COBIT Control Model
Co nfid e ntia l 60
3. COBIT Framework of ISACA (Enablers)
Co nfid e ntia l
IT Goals
61
3. COBIT Framework of ISACA (Aligned with IT & Biz Goal)
Co nfid e ntia l
4 Doma ins
34 Proc esses
318 (A c t iv it ies/Ta sk s)
62
3. COBIT Framework of ISACA (Process oriented)
Co nfid e ntia l 63
3. COBIT Framework of ISACA (Primary Drivers)
Co nfid e ntia l 64
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
Co nfid e ntia l 65
Key challenges in Auditing Environment
▶ Complex system with always connected !!!
Co nfid e ntia l 66
Wha t is Sma rt d evic e ?
Ma ny func tions a re toge the r in integ ra ted d evic e whic h is fle xib le with c ustomer a p p lic a tio n insta lled a nd tra nsfo rma tive
Smart Device ?
Co nfid e ntia l 67
Key challenges in IS Auditing
1) The scope of IS Audit
2) Communication with partners
4) Management of resource, delivery and quality
3) Process Knowledge about Information system
▶ Need to be clearly well defined about issues below !!!
Co nfid e ntia l 68
For more information Please contact:
Korea IT Consulting http://www.itall.net
#1503 Leaders Bldg, Seochojungang-ro, Seocho-gu, Seoul Korea 137-912
Tel 82-2-582-2400 Fax 82-2-583-9242
Contact
Co nfid e ntia l 69
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
Q&A
Co nfid e ntia l 70
Q&A
Co nfid e ntia l 71
Gracias !!!