IT organization & Management

SECURITY RISK MANAGEMENT

Risk management is the identification, assessment and prioritization of risks followed by coordinated
and economical application of resources to minimize, monitor, and control the probability and/or
impact of unforeseen events.
Security risk management is the specific culture, processes and structures that are directed towards
maximizing the benefits of security in support of business objectives.
Adopting a risk based approach allows agencies to priorities activities based on the likelihood and
consequence of a risk being realized, to maximize business outcomes while minimizing the
occurrence or effects of events that may negatively affect outcomes.

Understanding security risk management

Non-corporate Commonwealth entities (agencies) need to develop a security risk management
process to identify:

▪ specific risks to their people, information and assets

▪ the agency’s level of risk tolerance
▪ appropriate protections to reduce or remove risks
▪ Untreatable residual risks (such as doing business on the internet) and accept responsibility for
the risk.
An appropriate level of security risk will vary from agency to agency but the process should be
transparent and justifiable. Risk avoidance is not risk management.

Regardless of an agency’s functions or security concerns, the central messages for managing security
risks are:
▪ security risk management is the business of each staff member including contractors in the
agency
▪ risk management, including security risk management, is part of day-to-day business
▪ the process for managing security risk is logical and systematic, and should form part of the
standard management process of the agency
▪ Changes in the threat environment are to be continuously monitored and necessary adjustments
made to maintain an acceptable level of risk and a balance between operational needs and
security.
Agencies are to:

▪ establish the scope of any security risk assessment and identify the people, information and
assets to be safeguarded
▪ determine the threats to people, information and assets in Australia and abroad, and assess the
likelihood and impact of a threat occurring
▪ assess the risk based on the adequacy of existing safeguards and vulnerabilities
▪ Implement any supplementary protective security measures that will reduce the risk to an
acceptable level.
 Commonwealth risk management policy guide
The goal of the Commonwealth risk management policy is to embed risk management as part of the
culture of Commonwealth entities where the shared understanding of risk leads to well informed
decision making.
The Commonwealth risk management policy sets out nine elements which non-corporate
Commonwealth entities must comply with in order to establish an appropriate system of risk
oversight and management.

The nine elements of the Commonwealth risk management policy are to:

1. Establish a risk management policy.

2. Establish a risk management framework.
3. Define responsibility for managing risk.
4. Embed systematic risk management into business processes.
5. Develop a positive risk culture.
6. Communicate and consult about risk.
7. Understand and manage shared risk.
8. Maintain risk management capability.
9. Review and continuously improve the management of risk.

THE 5 MISTAKES YOU MAY BE MAKING

WITH YOUR IT RISK MANAGEMENT
1. Not having a comprehensive approach to the problem.
In other words, if you’re only preparing your IT security team to address IT security risk issues, your
approach is all wrong. IT risk management should be an organizational effort, and should involve the
general council, CEO, chief information officer, chief technology officer, chief information security
officer, and anyone else who plays a role in information technology or risk management. When you
have the right people involved in the process, you’re far more likely to have an organized response to
a cyber-security issue. This also allows for a more streamlined risk-reporting process that goes
through ground-floor IT managers and up through the C-suite.

2. Failing to prioritize material IT risk.

Many organizations focus only on protecting data that they’re legally bound to protect, like
personally identifiable information (PII). After all, that seems to be what most “bad guys” are after,
right? Not quite.

Hackers don’t just steal credit card information—they can, and do, go after many different types of
valuable data. As we mentioned earlier, the loss of highly sensitive data doesn’t just harm a
company’s reputation—it could be a complete competitive disruption, and result in irreversible
damage.

For example, let’s say the trade secrets I’m using to develop my next widget wind up in the hands of
someone with ill intentions. Now, I’m at a major competitive disadvantage. I’ve spent tons of time
and money making my product (and the processes by which the product is created) unique, and now
someone has those secrets. And I have no idea what they’re going to do with them.

The question you’re probably asking is, “How do I know what to protect?” And that’s a great
question. The answer is that companies most protect what is most valuable to them. Sometimes,
that’s not PII—rather, it’s the special “thing” that makes them who they are. Keep in mind that an IT
security team isn’t necessarily the right team to identify what your most important data is—which is
why you should involve your entire organization, like we mentioned in “Mistake #1.” If you have
your entire organization working to protect this special trade secret or intellectual property, then you
ensure that the people involved with your “secret sauce” are fully vested in its protection and
security.

3. Not identifying the right threats.

If your IT team thinks the only way your data can be compromised is by a loophole in your network,
think again. Actually, many of the most highly publicized data breaches are made possible when a
vendor with heavy access to your data has a loophole in their security. Attacks can also happen when
you receive third-party hardware or software that has been compromised.

To manage these risks, you need to develop supply chain risk management and vendor risk
management programs. (If you’re unsure where to start with vendor risk management, check
out 10 Vendor Risk Management Questions You May Be Too Scared To Ask.) Planning for the
possibility of a third-party driven security breach—either through your network, your vendor’s
network, or your software or hardware—will give you the peace of mind (and a plan of action) you
need should you encounter an issue.

4. Failing to understand the risk that insiders pose.

There are three primary methods through which your IT security can get hacked: remotely, through
the supply chain, or by insiders.
Edward Snowden is a recent example of an individual with access to a great deal of data who ended
up causing catastrophic damages. When individuals in your organization are given access to
privileged information or vital data, there are several steps that should be taken to monitor and
observe their behavior. The loosely defined steps would be as follows:

Find out what every employee has access to, and determine whether it’s necessary for each of them
to have that level of access.

Limit access to those who have it unnecessarily.

Closely monitor those who have necessary access to highly sensitive data and information.

5. Not meeting fiduciary responsibility.

When a security breach takes place, it doesn’t just affect your IT department—it can affect finances,
regular operations, legal obligations, and more. So if you aren’t ensuring that your organization is
acting in good faith and as a good steward for investors, shareholders, and stakeholders, you’re
making a grave mistake.

Legal: Organizations care about preventing individuals with malevolent intentions from breaching
their network and causing harm. To that end, organizations need to ensure that they’re taking every
measure possible to protect their data and the data they may be housing of others.
Financial: Every organization owes a fiduciary duty to their shareholders. So if an organization
doesn’t take the aforementioned measures to protect their data and their data is compromised, people
will lose money. This must be avoided at all costs.

Operational: CEOs, board members, and general councils must have a heightened level of scrutiny
for IT security risk. It’s vital that the higher-ups of every organization are ensuring that the right
security measures are deployed, the right people are monitoring risk, the right employees are trained
about “if/when” situations, etc. These C-suite members play an important role in closing “risk
loopholes” for the future.
It’s important to note that IT security risk is legal risk. Aside from federal and industry-driven laws
and regulations that a company may be bound to, there are broader responsibilities that every
company needs to comply with. If organizations fail to meet these expectations, they will violate
their fiduciary duty (and will probably end up in even more trouble).
*If you walk away from this article understanding just one thing, let it be this:

IT risk management isn’t just about protecting technology; it’s about protecting your entire business
process.
If you heed the warnings we’ve outlined and work to fix any of these five mistakes that you may be
making, we’re certain that the risk your organization is facing will be far less.

8 WAYS TO BECOME AN IT LEADER

Becoming an IT leader is important to many IT professionals. Below are a few highlights on
strategies that can help you moving your career in that direction. These highlights are based on my
own experience, but also come from working directly with several IT VPs and CIOs at different
companies.

Innovate
Do not settle for the status quo. One of the best ways to move up in the corporate world is simply to
be noticed. Instead of leading a team to the point of what is expected, strive to break through ceilings
and bring something that has never been seen. I like to think of it as the Google mentality. Always
work on something that goes above and beyond what is asked in a way that benefits the business, or
saves money or time. From a team-leader point of view, stress to your team the importance of
coming up with new ideas to change the way people work and to take a look at old processes that can
be improved.

Build Deep Business Connections

This is a two-sided piece of advice because these business connections should be internal to your
company as well as external. Internally, if you have a sound understanding with key business
individuals, you will have a better idea of how to help them and will have a wide variety of leaders to
have your back as you move up the chain of command. Sometimes having the relationship is just as
important as producing great products for a company. Everyone wants to move up within their own
company and sometimes the best way to do that is with ideas deployed at other companies. That
means participating in other groups and industry networks. Create connections with the people you
speak to frequently. This will help you come up with different ways to help your own company. On
top of that, you never know when someone might reach out to you with a great opportunity.
Improve Others
One of the most overlooked facets of an IT leader is their ability to improve others. IT leaders are
often looked at as innovators, but the ones who get noticed are the ones who have a wealth of
employees constantly knocking out great results. Many HR and IT leaders, when doing performance
reviews, will label individuals as being unable to achieve beyond a certain level. This usually occurs
when the employee’s people skills are lacking. Soft skills count!

Break Through Disaster

An IT VP once told me that the best project manager isn’t one who manages the good times, but the
person who plans for the fires and puts them out with ease. I think this goes for everyone, not just
project managers. Nothing derails a career like a fire that you can’t put out. If you’re in the middle of
a disaster and come out on top, it will make you look that much better in the eyes of the people
holding your career in their hands.

Grasp Opportunities
If you think you have what it takes, stick your neck out there for some of the more high-risk, high-
reward projects or teams. Maybe at your company there is a group that gets to experiment with new
technologies. Try to get in there and take it by the reins. Maybe there is a group that has been
underperforming and everyone knows it. You could go for manager of that group and try to turn
things around. Create a plan and tell leadership how you can fix it. If you can transform something
small into something big, in a good way, management will notice.

Diversify Your Roles

You can probably get up to a VP level by staying in the same organization structure and becoming
excellent at it, but to get to that next level it helps to have a broad range of experience in different
types of information technology, and even some business experience wouldn’t hurt. The best leaders
are able to rely on a broad range of past experience and lessons learned. If you’re vying for a
leadership position, variety counts.

Take Heart in Future Direction

One of the biggest lessons I learned early in my career was to get into right-place-at-the-right-time
situations by learning what the plan was a year or two ahead of time and working toward getting into
one of those roles. The latest and greatest efforts of the IT strategy are some of the positions that
have the most visibility and sometimes have some of the most weight when it comes to handing out
promotions. If you hear that the goal is to start moving to the cloud in the next three years, take a
look at your current technology and see if it can be a pilot program to put it in the cloud in the next
six to 12 months. If it goes well and you stay on top of it, leadership will look at you as a thought
leader.

Chat with Leadership

Once you start moving up the chain of command, it becomes more and more about who you know.
One of the best things you can do for your career is simply build a relationship with leadership. Go to
the charity golf outings, the Christmas parties, the social events and make it a point to speak to the
leaders for a few minutes. Address them by name and keep it cordial. Eventually when you walk past
them in the hallways, you can stop and chat for a few minutes and start expressing ideas. Eventually
if all is going well, try to ask a leader to be a mentor. The experience and the relationship can go a
long way.

THE SIMPLIFIED PROJECT

MANAGEMENT PROCESS
One of the challenges of explaining project management to people who are unfamiliar with the
approach, is that descriptions are often either so high-level as to be meaningless, or so detailed that
they are overwhelming. Over the years, I have come to use a model as a framework for introducing
and discussing project management tools and techniques. It can be used as the basis for a five-minute
explanation of what is involved in project management, but also as an outline for more detailed
discussions. (The actual model can be found on the Key Consulting website under free templates and
info.)

A brief description of each step follows:

Assemble Team
The project planning team will be assembled, including appropriate representation from
customers/clients, and sometimes subcontractors and vendors. Initial roles and responsibilities will be
defined.

Deliverables: Initial project setup documentation.

Define Project Objective
With the project team in place, the overall project purpose will be verified and detailed project
objectives developed. A phase-exit review will be conducted to ensure that the project is ready to
move into the next phase, which is planning.

Deliverables: project charter, phase-exit review checklist.

Define Project Scope
An appropriately detailed Work Breakdown Structure (WBS) will be developed to ensure the project
scope is properly agreed to and understood by all stakeholders. This also allows the complete project
to be split into appropriate sub-projects and/or phases.

Deliverables: Project work breakdown structure.

Construct an Initial Plan
Once tasks of an appropriate level have been identified in the WBS, they will be organised by the
project team into logical network diagrams, with estimated durations. This allows the project
manager to predict when activities will be complete, assess the feasibility of target dates, and identify
the critical path for the project.

Deliverables: Initial work plan.

Add Resources, Costs, Risks, etc.
Certain project resources may be defined as critical resources. In particular, the project manager may
suspect that key project staff may be faced with too much work. If so, estimated resource usage
 information can be added to the project plan to allow resource forecasting. Cost is obviously also
critically important, and expenditures can be added to the plan to create estimated cash-flow
requirements. Risk management can also be utilised on projects to provide a framework to better
manage events that occur beyond the control of the project team.

Deliverables: Resource availability and commitment profiles, risk identification and control
strategies, cash-flow forecasts.
Obtain Stakeholder Buy-in
To ensure the project is implemented as smoothly as possible, with the support of the involved
parties, it will be necessary to review the initial plans with all the major project stakeholders and to
solicit buy-in from each one. A phase-exit review will be conducted to ensure that the project is
ready to move into the next phase, which is control.

Deliverables: Approved final plan, phase-exit review checklist.

Publish the Plan
Once the plans are agreed to, they must be effectively communicated to all stakeholders. This can be
done in hard copy or via electronic media, depending on the resources available. On most projects, a
communications plan will be developed, and distribution of the plans will follow the guidelines laid
out in the communications plan.

Deliverables: Plan published to all stakeholders.

Collect Progress Information
On a regular basis, the project manager will collect progress information that has been reported by
the project team. This will allow the compilation of progress reports, such as:

▪ Activities completed within the past two weeks

▪ Activities forecast for the next two weeks with a focus on activities on the critical path
▪ Funds expended vs. fund expenditure forecast
▪ Prioritized issues report
Metrics can also be developed to measure project progress in other ways, such as earned value, or
activity float statistics. If the project manager reviews the progress data and concludes that the
project is complete, a phase-exit review will be completed to confirm that all the objectives have
been met before moving into the final closure phase.

Deliverables: Set of progress reports, set of exception reports, metrics report, (phase-exit review
checklist).
Analyze Current Status
By analyzing the progress information received, the project manager will be able to augment the
above reports with information about which areas of the project are of concern and where problems
are likely to occur in the future. This allows managers to focus on the important/critical areas of the
project.

Deliverables: Project evaluation report(s).

Adjust the Plan, and Manage Project Change
Based on the analysis, and with the support of the project team, the project manager will make plan
adjustments to help reduce risks, accommodate scope changes, or to compensate for activities that
have not occurred on schedule. Once this has happened, the plan will re-published and the cycle
repeated until the project is complete.

Deliverables: Change request forms, updated plan.

Close Project
When the objectives of the project have been achieved, the project manager will close down the
project. This will involve some financial closure tasks, as well as archiving of the project materials.
A lessons-learned document will be developed to benefit future projects, and if possible a project
team celebration will be held.

SIX TIME MANAGEMENT TIPS FOR

PROJECT MANAGERS
To be a successful project manager, you must be able to manage your time well. The best project
managers ensure they are productive for most of their time and avoid time-wasters at all costs. Here
are some tips that can help you manage your time more efficiently.

Create the Plan

What does this have to do with time management I hear you ask? Well, if everyone knows what they
are doing and have a plan with regular milestones to focus on, you as project manager will spend a
lot less time dealing with issues brought about by a lack of clarity.

Remember the 80/20 Rule

The 80/20 rule (or the Pareto Principle) is the idea that by doing 20% of the work you can produce
80% of the benefit of doing the whole job.

The value of this for a project manager is that it reminds you to focus on the 20 percent of activities
that matter. Of the activities you do during your project, only 20 percent are important. Those 20
percent produce 80 percent of your results. Identify and focus on those activities.

Not Just Status Updates

It’s best to avoid team meetings where you go around the room asking each person to give a status
update. These meetings have little value and waste time. Instead, spend that time focusing on risks,
issues and opportunities. Use the team to brainstorm solutions and create ideas.

Have an agreed agenda that you stick to in team meetings. If you schedule an hour for the meeting,
make sure it lasts for an hour and no longer.

Take significant issues off-line if they are likely to cause a meeting overrun. Don’t make everyone sit
through lengthy technical discussions that don’t involve them. Set up a working group to focus on the
issues and report to the team at a future meeting.
Stop Micro Managing
Avoid delving into the detail of the work. With software development projects, it’s not necessary for
the project manager to get involved at the code level, leave this to the developers. You’ve selected
the right team for the job. Let them get on with what they are best at, while you concentrate on
steering the project to a successful conclusion.

Don’t Do the Work

Many project managers make the mistake of getting involved in ‘doing the work’. Avoid this at all
costs. Managing projects is a full-time job and taking your eye off the ball (even for a short period)
can lead to problems. It may be tempting to carry out a few tasks when a deadline is looming, but
leave this to others while you get on with managing the project.

Create a To-do List

Email fixation is a modern-day problem that can distract you from doing the tasks you need to or
plan to. Creating a daily to-do list keeps you focused on achieving your objectives. Scratching tasks
from your list can create a real sense of achievement and drives further activity.

Summary
Time management is an essential skill for project managers. If you can’t manage your own time, how
can you expect to manage your teams? Ask each day what you did to move the project forward. Plan
your next day, what will you do to ensure your project continues along the straight and narrow path.
Plan your time, manage your resources with a light touch and communicate effectively. With a little
time management, project success should come easier.

BUILDING RELATIONSHIPS IN
PROJECT MANAGEMENT
Building relationships is just as important within the project team as it is outside. Good relationships
can be the difference between outstanding success and dismal failure because it’s all about getting
people to like and trust you so that they will deliver what you need them to deliver at the right time in
the right way.

We have talked previously about managing stakeholders, finding out about and managing their needs
and expectations, however this is much easier if you have developed good relationships with
stakeholders in the first place.

Networking Helps Build Relationships

Networking (internal and external) is essentially about building solid business relationships. To do
this you need good skills in creating rapport and listening.

If you can make a connection with people on subjects you have a genuine interest in, their confidence
in you will grow. Use this connection to engage them and then ask genuine questions and just listen.
They’ll often tell you what you need to know. Strong bonds will inevitably stem from commonalities
discovered in simple conversation.
Getting Personal
Building good relationships means being truly interested in the people you deal with, both from a
business and personal view. While discussing business issues is usually the main purpose of speaking
with someone, finding out something personal about them takes the relationship to the next level.

Learning about hobbies, special interests, family, accomplishments, leisure time activities,
organization memberships, and special dates such as birthdays will help you make a deeper
connection with them.

The important thing is what you do with the information. When dealing with team members,
suppliers, clients and stakeholders try to mix personal information in the conversation. Every contact
doesn’t have to be about business. It’s about peeling away the layers of formality and resistance to
improve your chances of achieving what you want to achieve from the interaction.

Establish a Culture That Favors Relationships

The best project managers are those that develop a good sense of community within the project team.
Establishing a healthy culture as part of that community can help win the hearts and minds of clients,
staff and suppliers. Culture is about sharing values and a healthy culture will be one that has people
who care about each other. In projects it’s about creating a ‘community’ within the project team that
shares a common purpose.

It’s not just a nice idea. A healthy culture can give a team an edge both in performance and in
attracting good quality team members which is of vital importance. A good culture includes (often
unspoken) expectations about the way things are done. In a project team these can be about how
members respond to inquiries, how they greet each other, and how they behave when the pressure is
on.

It’s about treating people with respect and listening to their point of view. This doesn’t mean you
have to agree, but it does mean you respect their right to think differently and to express their views.

Cultures need leaders to set expectations and offer guidance on what’s important. As a project
manager you will need to be aware that people are watching you for clues as to how to behave in
relationships with others. Actions speak louder than words.

Supplier Relationships
The contractual relationship is often one that’s all about who has the power. One of the best ways
that project managers can improve their supplier relationships is to develop loyalty. Loyalty is a two-
way street and to earn trust of suppliers, project team members need to demonstrate their value. It
includes being professional and respectful in dealings with suppliers, being efficient in delivery of
orders and specifications and working one-on-one when the supplier needs it.

In essence, it’s about remembering that suppliers are people too and will respond well to a personal
touch. When making a judgment about how their client will be treated, a supplier can’t help but
consider how he or she is treated by that organisation. Project managers can cultivate supplier loyalty
through open and honest communication. Keep them informed about major decisions and show them
you have thought about how decisions will impact on them.
IT Projects Also Require Good Relationships
All this applies very well in IT projects. Too much of interaction within the IT industry is about
technical information and people are too often forgotten. However when people start talking,
listening and understanding each other, communication is improved and productive relationships are
developed. IT can deliver solutions if the people involved understand what the client is asking for.

Good Relationships Are Key to Success

It’s easy to have good relationships when everything is running smoothly. But relationships really
count when the project or related activities start to come undone. If you don’t do or say something on
the basis of ‘preserving the relationship,’ think again…if the situation is such, the relationships might
not be worth preserving.

As with anything that involves people, establishing processes to encourage good communication and
relationships and make clear expectations, provides the cornerstone for success in any project.

THE SIX PRINCIPLES OF PROJECT

MANAGEMENT
Right now project management certification is the entire rave, but I have been using a similar change
model for quite some time with great success. It’s called the ‘Six Principles of Service Excellence’,
and it transitions easily to basically any type of project or initiative you are trying to effectively
implement. For the project management aficionados and novices out there, think of it as the six
principles of project management.

As a Performance Consultant, I regularly use these basic principles when launching a new initiative
or learning and development programmer, and especially when integrating new HR, Quality or,
Operational Improvement Processes.

Principle 1: Vision and Mission

In order to be successfully executed, every project or initiative should begin with the end in mind.
This is effectively accomplished by articulating the Vision and Mission of the project so it is crystal-
clear to everyone. Creating a vision and mission for the project helps clarify the expected outcome or
desired state, and how it will be accomplished.

Principle 2: Business Objectives

The next step is to establish two to three goals or objectives for the project. Is it being implemented
to increase sales and profit, customer loyalty, employee productivity and morale, or product/service
quality? Also, it’s important to specifically quantify the amount of improvement that is expected,
instead of being vague.

Principle 3: Standards of Engagement

Simply put, this means establishing who will be part of the project team? What will be the frequency
of meetings? What are the meeting ground rules? Who is the project owner? Who is designated to
take notes, and distribute project meeting minutes and action steps? This goes along with any other
meeting protocol that needs to be clarified.

Principle 4: Intervention and Execution Strategy

This is the meat of the project and includes using a gap analysis process to determine the most suited
intervention (solution) to resolve the issue you are working on. There are many quality management
concepts that can be applied ranging from a comprehensive “root cause analysis” to simply “asking
why five times.” Once the best possible intervention has been identified to resolve the issue, then we
must map out our execution strategy for implementing the intervention. This includes identifying
who will do what, when, how, and why?

Principle 5: Organizational Alignment

To ensure the success and sustainability of the new initiative or process brought on by this project,
everyone it will directly impact must be onboard. To achieve organizational alignment (or buy-in),
ongoing communication must be employed in-person during team meetings, electronically via email
and e-learning (if applicable), and through training. The message must include the WIIFM “what’s in
it for me” at every level; otherwise most stakeholders will not be interested or engaged around the
new initiative.

Principle 6: Measurement and Accountability

And last, how will we determine success? Well, a simple project scorecard that is visually interesting
is a great way to keep everyone updated and engaged. A scorecard is an excellent resource for
holding employees, teams, and leaders accountable for the implementation, refinement, and
sustainability of the new initiative or project. Accountability means that consistently, top performers
will be rewarded and recognized; while those needing improvement will be coached with specific
expectations and consequences clearly outlined.

5 REASONS TO KILL IT PROJECTS

A survey of IT experts revealed 43 percent of their organizations had recently killed an IT project.
The study, conducted by ISACA, an independent IT governance group, highlighted the top 5 reasons
these organizations named for terminating projects prior to completion.

Here’s the list, with my commentary on each issue:

1. Business Needs Changed: 30%

There are many conditions and situations where a business legitimately changes its requirements
after starting a project. If the project no longer provides meaningful value, then it’s best to stop
throwing good money after bad.

On the other hand, some organisations deliberately obscure a flawed project requirements process by
claiming business needs evolved. Obviously, that’s unhealthy and a true sign of failure.
2. Did Not Deliver as Promised: 23%
This is a typical expectation setting problem: promise anything to get funding and worry about the
consequences later. Shortsighted managers don’t realize that funding is less important than delivering
substantive value. Failure is inevitable when managers don’t clearly identify and deliver business
value.

In some cases, the project really did provide value, which the organization did not recognize due to
communication problems. I recently blogged about one CIO seeking a publicist, presumably to
address this issue:

3. Project Was No Longer a Priority: 14%

If the organization shifted direction without good reason, thus making the project superfluous, then
flawed strategic planning was the culprit. However, if business requirements changed for a good
reason, as suggested in point one, there’s not necessarily a problem.

In general, and this is an obvious point, cancelling projects without a darn good reason is a definite
sign of failure.

4. Project Exceeded the Budget: 13%

On the surface, over-budget projects are the basic metric for failure. I’m actually surprised this
number isn’t higher, because unanticipated cost is always such a clear red flag.

At the same time, some projects run over-budget due to intelligent scope increases that provide
additional value. For example, while automating two departments, the project team realises it can add
a third department for only marginal increases in cost. In such cases, going forward is probably the
right decision despite the higher spend.

Although tempting to use budget performance as simple metric of success or failure, that approach
can be overly simplistic and ignore important nuances related to business value. Nonetheless,
anytime a project goes over-budget the team must offer a detailed explanation.

5. Project Did Not Support the Business Strategy: 7%

This classic indicator of failure often suggests a project rooted in poor requirements analysis.
However, as with previous points, it’s also possible changing business needs made the original
project goals obsolete.

The survey is most interesting to highlight significant issues related to project failure. However,
some of the questions are too ambiguous to provide straightforward conclusions. In general,
understanding whether a project is successful requires examining the business environment and
context.
8 IT STRATEGIC PLANNING MISTAKES
TO AVOID
The Doorstop Plan
This is not War and Peace. Aim for 15 pages, says Gartner VP Dave Aron, who saw one IT plan
weigh in at 250 pages. Consider PowerPoint instead of Word as your medium of choice, says Cullen.
It fosters brevity. And limit it to 25 slides.

The Shelf ware Plan

There’s nothing as worthless as what Aron calls the “write once, read never” plan. “The strategic
plan needs to be a living thing,” says IT consultant Laurie Orlov. To avoid seeing your plan become
shelf ware, keep the people who helped create it involved, have it handy and refer to it often. “One
CIO I know starts every meeting with a strategy moment: He asks, how will our business win and
how does this meeting help?” says Aron. “He had to cancel the meeting the first time because no one
could answer the question. But everyone thought about it before the next.”

Don’t Wait ‘Till Next Year

Strategic plans “require regular revalidation and refreshment,” says Orlov. Michael Hites, CIO of
New Mexico State University, updates his three times a year.

The Devil Really Is in All Those Details

Details don’t belong in the strategic plan. It should be a stake in the ground, says Orlov. This is the
year we introduce social networking tools in order to accomplish X, Y, or Z. It shouldn’t include
hard dates or product selections. “People start to turn strategic plans into project lists,” says Cullen.
“Then they don’t know where to stop.” If you feel you must include operational plans, put them in an
appendix.

Carved in Stone and Just as Heavy

“You don’t want to go the ‘we-agreed-to-that-and-we’ll-never-change-it’ route,” says Orlov. Expect
the unexpected. “What if the company suddenly makes an acquisition or there’s a leadership
change?” Cullen asks. Want to really elevate your plan? Include scenario or contingency planning.

The English as a Second Language Trap

Too many IT strategic plans are written in jargon. You’re setting a direction for IT to support the
business. Do so in business terms. “IT people that highlight buzzwords and product names are only
doing an IT plan for their own department,” says Orlov. Throw out the IT lingo. Connect your goals
to key business drivers.

One Size Doesn’t Fit All

It sounds like a lot of work now, but it will save you time later: Create customized versions of your
plan to address the differing needs of the plan’s audiences—the executive team, the IT department,
 business unit heads and vendors/partners. At the very least, create a customized introduction or
executive summary. The goal, says Cullen, is to have one strategy and several ways of presenting it.

Shooting for the Stars

Keep it real. “Don’t be too ambitious in your first plan,” advises Cullen. “Don’t try to change
everything.” When it doubt, under promise and over deliver.

GOOD PROJECT MANAGEMENT

EQUALS GOOD RISK MANAGEMENT
So how does an IT project manager translate a customer’s business needs into a system that solves
the customer’s business problem? The key is good project management. Companies with lax project
management are far more likely to have professional liability claims than those with formal project
management processes in place. Well-thought-out project management processes significantly reduce
your IT project management risk.

According to project management expert Karl Wiegers, one of the critical first steps in IT project
management is defining a project’s vision and scope. For each project, you should clearly outline in
writing:

▪ Business requirements. All detailed requirements should be based on clear business needs. IT project
managers can gather business requirements from the client’s senior managers, an executive sponsor, a
project visionary, product management, marketing department, or anyone else who has a clear
understanding of the need for the project and the value it will provide to the client company and its
customers.
▪ Vision of the solution. A long-term vision for the new system will provide context for decision-making
throughout product development. The vision statement should not include detailed functional
requirements or project planning information.
▪ Scope and limitations. It’s critical to define the proposed solution’s concept and range, along with what
will not be included in the product. Clarifying the project’s scope and limitations establishes realistic
expectations for the various stakeholders, as well as a reference frame against which the team can
evaluate proposed features and requirements changes.
▪ Business context. Any business issues related to the project need to be clarified and summarized. These
might include profiles of major customer categories, assumptions that went into the project concept, and
the management priorities for the project.
To reduce your own IT project management risk, it may be wise to follow an established project
initiation and management process.

10 REQUIREMENT TRAPS YOU SHOULD

AVOID
According to Wiegers, successful software projects are built on a foundation of well-understood
requirements. Yet too often, tech project managers get caught in traps that prevent them from
 effectively collecting, documenting or managing project requirements. Several symptoms indicate
that you might be getting caught in a “requirement trap:”

▪ Confusion about what a requirement is

▪ Lack of customer involvement
▪ Vague or ambiguous requirements
▪ Unprioritised requirements
▪ Functionality that no one uses
▪ Analysis paralysis
▪ Scope creep
▪ Inadequate requirements change process
▪ Insufficient change impact analysis
▪ Inadequate requirements version control

CUSTOMER RELATIONSHIP
MANAGEMENT
Customer Relationship Management is a comprehensive strategy and process of acquiring, retaining,
and partnering with selective customers to create superior value for the company and the customer.
It involves the integration of marketing, sales, customer service, and the supply-chain functions of the
organization to achieve greater efficiencies and effectiveness in delivering customer value.

Why CRM?

To keep track of all present and future customers.

To identify and target the best customers.
To let the customers know about the existing as well as the new products and services.
To provide real-time and personalized services based on the needs and habits of the existing
customers.
To provide superior service and consistent customer experience.
To implement a feedback system.
Scope of CRM

Advantages of CRM

Provides better customer service and increases customer revenues.

Discovers new customers.

Cross-sells and up-sells products more effectively.

Helps sales staff to close deals faster.

Makes call centers more efficient.

Simplifies marketing and sales processes.

Disadvantages of CRM

Sometimes record loss is a major problem.

Overhead costs.
 Giving training to employees is an issue in small organizations.

ECISION SUPPORT SYSTEMMIS

DECISION SUPPORT SYSTEMS (DSS) are
interactive software-based systems intended to help managers in decision-making by accessing large
volumes of information generated from various related information systems involved in organizational
business processes such as office automation system, transaction processing system, etc.

DSS uses the summary information, exceptions, patterns, and trends using the analytical models. A
decision support system helps in decision-making but does not necessarily give a decision itself. The
decision makers compile useful information from raw data, documents, personal knowledge, and/or
business models to identify and solve problems and make decisions.

Programmed and Non-programmed Decisions

There are two types of decisions - programmed and non-programmed decisions.

Programmed decisions are basically automated processes, general routine work, where:

These decisions have been taken several times.

These decisions follow some guidelines or rules.

For example, selecting a reorder level for inventories is a programmed decision.

Non-programmed decisions occur in unusual and non-addressed situations, so:

It would be a new decision.

There will not be any rules to follow.

These decisions are made based on the available information.

These decisions are based on the manger's discretion, instinct, perception and judgment.

For example, investing in a new technology is a non-programmed decision.

Decision support systems generally involve non-programmed decisions. Therefore, there will be no exact
report, content, or format for these systems. Reports are generated on the fly.
Attributes of a DSS

Adaptability and flexibility

High level of Interactivity

Ease of use

Efficiency and effectiveness

Complete control by decision-makers

Ease of development

Extendibility

Support for modeling and analysis

Support for data access

Standalone, integrated, and Web-based

Characteristics of a DSS

Support for decision-makers in semi-structured and unstructured problems.

Support for managers at various managerial levels, ranging from top executive to line managers.

Support for individuals and groups. Less structured problems often requires the involvement of
several individuals from different departments and organization level.

Support for interdependent or sequential decisions.

Support for intelligence, design, choice, and implementation.

Support for variety of decision processes and styles.

DSSs are adaptive over time.

Benefits of DSS

Improves efficiency and speed of decision-making activities.

Increases the control, competitiveness and capability of futuristic decision-making of the

organization.

Facilitates interpersonal communication.

Encourages learning or training.

Since it is mostly used in non-programmed decisions, it reveals new approaches and sets up new
evidences for an unusual decision.

Helps automate managerial processes.

Components of a DSS

Following are the components of the Decision Support System:

Database Management System (DBMS): To solve a problem the necessary data may come
from internal or external database. In an organization, internal data are generated by a system
such as TPS and MIS. External data come from a variety of sources such as newspapers, online
data services, databases (financial, marketing, human resources).

Model Management System: It stores and accesses models that managers use to make decisions.
Such models are used for designing manufacturing facility, analyzing the financial health of an
organization, forecasting demand of a product or service, etc.

Support Tools: Support tools like online help; pulls down menus, user interfaces, graphical
analysis, error correction mechanism, facilitates the user interactions with the system.

Classification of DSS
There are several ways to classify DSS. Hoi Apple and Whinstone classifies DSS as follows:

Text Oriented DSS: It contains textually represented information that could have a bearing on
decision. It allows documents to be electronically created, revised and viewed as needed.

Database Oriented DSS: Database plays a major role here; it contains organized and highly
structured data.

Spreadsheet Oriented DSS: It contains information in spread sheets that allows create, view,
modify procedural knowledge and also instructs the system to execute self-contained instructions.
The most popular tool is Excel and Lotus 1-2-3.

Solver Oriented DSS: It is based on a solver, which is an algorithm or procedure written for
performing certain calculations and particular program type.

Rules Oriented DSS: It follows certain procedures adopted as rules.

Rules Oriented DSS: Procedures are adopted in rules oriented DSS. Export system is the
example.

Compound DSS: It is built by using two or more of the five structures explained above.

Types of DSS

Following are some typical DSSs:

Status Inquiry System: It helps in taking operational, management level, or middle level
management decisions, for example daily schedules of jobs to machines or machines to operators.

Data Analysis System: It needs comparative analysis and makes use of formula or an algorithm,
for example cash flow analysis, inventory analysis etc.

Information Analysis System: In this system data is analyzed and the information report is
generated. For example, sales analysis, accounts receivable systems, market analysis etc.

Accounting System: It keeps track of accounting and finance related information, for example,
final account, accounts receivables, accounts payables, etc. that keep track of the major aspects of
the business.

Model Based System: Simulation models or optimization models used for decision-making are
used infrequently and creates general guidelines for operation or management.
KNOWLEDGE MANAGEMENT SYSTEM
is not radically different from all these information systems, but it just extends the already existing
systems by assimilating more information.

As we have seen, data is raw facts, information is processed and/or interpreted data, and knowledge is
personalized information.

What is Knowledge?

Personalized information

State of knowing and understanding

An object to be stored and manipulated

A process of applying expertise

A condition of access to information

Potential to influence action

Sources of Knowledge of an Organization

Intranet

Data warehouses and knowledge repositories

Decision support tools

Groupware for supporting collaboration

Networks of knowledge workers

Internal expertise

Definition of KMS
A knowledge management system comprises a range of practices used in an organization to identify,
create, represent, distribute, and enable adoption to insight and experience. Such insights and experience
comprise knowledge, either embodied in individual or embedded in organizational processes and
practices.

Purpose of KMS

Improved performance

Competitive advantage

Innovation

Sharing of knowledge

Integration

Continuous improvement by:

o Driving strategy
o Starting new lines of business
o Solving problems faster
o Developing professional skills
o Recruit and retain talent

Activities in Knowledge Management

Start with the business problem and the business value to be delivered first.

Identify what kind of strategy to pursue to deliver this value and address the KM problem.

Think about the system required from a people and process point of view.

Finally, think about what kind of technical infrastructure are required to support the people and
processes.
 Implement system and processes with appropriate change management and iterative staged
release.

Level of Knowledge Management