This document discusses compliance, awareness, and assurance in IT strategic planning. It discusses how IT project management fits into the balanced scorecard to ensure IT assets are aligned with organizational goals, well-managed to minimize risk, and efficient and productive. It then discusses how most IT departments use ineffective project management techniques, with surveys from 2000 showing over 50% of projects going over budget and schedule. The document outlines how to identify, categorize, and mitigate risks through a risk management plan. It proposes using critical success factors to prioritize business processes and projects. Effective communication, proper use of standards, ethics, political awareness, technical skills, and legal compliance are identified as critical factors for project success.

1. Chapter 9
COMPLIANCE, A
WARENESS, AS
SURANCE
Maulia Jayantina Islami
(23510095)
maulia@students.itb.ac.id
Presented on IT Strategic Planning Class-MCIO ITB 2011

2. BSC assure IT asset Aligned with Organization’s goal
and Well managed so Risk can be minimized
assure
IT assets
aligned
well-managed
efficient
Minimize Risk
productive

3. “Most IT Departments utilize ineffective Project Managemet technique”
~Jessica Keyes~
Survey ‘2000
• 53 % overrun on schedule & budget
• 31 % cancelled
• 16 % completed on time
• 87 % over budget more than half Suceesful IT
• 45 % failed (didn’t get the expected benefit) project
• 88-92 % over schedule
need
Project
Management
Technique

4. Chapter Agenda
How IT Project Management Fits into the BSC
The Proactive Risk Strategy
Risk Awareness
Risk Assesment
Critical Factors to Project Success

5.  Identify Risk by creating risk item checklist
 Customer will change or modify requirements
 End Users lack sophistication
 Delivery deadline will be tightened
 End User resist system
 Server may not be able to handle larger number of
user simultaneously
 Technology will not meet expectation
 There is a larger number of users than planned
 End Users lack training
 The project team is inexperienced
 The system (security and firewall) will be hacked

6. • Categorize Risks (Keil et al, 1998)
 Customer will change or modify
requirements
 End Users lack sophistication
 Delivery deadline will be tightened Project Risk
 End User resist system
 Server may not be able to handle
larger number of user
Contoh
simultaneously
 Technology will not meet
expectation Technical Risk
 There is a larger number of users
than planned
 End Users lack training
 The project team is inexperienced
 The system (security and firewall)
will be hacked Business Risk
 ………………
 ………………

7.  RMMM (Risk Mitigation, Monitoring, and Management)
Tabel 9.2 Typical Risk Mitigation, Monitoring, and Management (RMMM) Plan
x.1 Scope and Intent of RMMM Activities
Project ini akan di-apload ke server, dan server ini diekspose ke dunia luar, sehingga perlu dikembangkan security protection….... (dst.)
x.2 Risk Management Organizational Role
Manajer proyek harus menjaga effort dan schedule team agar sesuai jalur. Menjadi tanggungjawab bersama untuk proactive dalam mengantisipasi
resiko yang potensial terjadi selama project berlangsung….. (dst.)
x.3 Risk Description
x.3.1 Description of Possible Risks
Bagian ini akan mendeskripsikan risks yang mungkin terjadi selama project berlangsung
Business Impact Risk: (BU)
Software yang diproduksi tidak sesuai dengan kebutuhan dan permintaan client. Resiko ini akan berakibat pada bisnis jika produk tidak lagi sesuai
dengan keseluruhan strategi bisnis dari perusahaan.
Customer Characteristic Risk: (CU)
Kurangnya keterlibatan customer dalam project, dan customer tidak dapat bertemu dengan developer pada waktu yang tepat. Pengalaman
customer terhadap produk yang dikembangkan dan kemampuan untuk menggunakannya juga termasuk di dalam resiko ini.
Development Risk: (DE)
Resiko yang diasosiasikan dengan ketersediaan dan kualitas tools yang akan digunakan dalam membuat produk. Peralatan dari sisi client harus
compatible dengan software yang akan dibuat.

8.  RMMM Plan. Risk Table
Probability
No. Risks Category Impact
(%)
1 Customer will change or modify requirements PS 70 2
2 Lack of sophistication of end user CU 60 3
3 Delivery deadline will be tightened BU 50 2
4 Technology will not matc expectation TE 30 1
5 Inexperienced Project Team ST 20 2
6 Server may not be able to handle a larger number PS 30 1
of users simultaneously
7 System (security and firewall) will be hacked BU 15 2

9.  Sample RMMM Strategy
Table 9.3 Sample RMMM Strategy
Project Risk RMMM Strategy
Budget sebagian besar dikontribusikan untuk area desain dan development yaitu subsistem
database. Oleh karena itu jadwal dan personil akan disesuaikan untuk meminimalisasi efek dan
maksimalisasi keuntungan yang seharusnya didapat. (dst…….)
Technical Risk RMMM Strategy
Menambahkan 2 senior software engineer yang berpengalaman dalam web based application.
Untuk memenuhi tenggat waktu yang diberikan dan kesesuaian hasil, maka kemajuan project akan
dimonitor secara ketat. (dst……)
Business Risk RMMM Strategy
Untuk mengantisipasi kurangnya dukungan oleh manajemen senior terhadap project team, maka
team akan berjuang keras untuk menunjukkan positive attitude selama meeting dengan customer,
sama baiknya dengan menunjukkan performa kerja yang professional. (dst……..)

10.  RMMM Risk Information Sheet (williams et al., 1997)

11. Avoid the risk by Evaluating the Critical Success Factor
(CSF) of business or business line
Table 9.5 CSF Project Chart
Critical Success Factor
No Business Process
1 2 3 4 5 6 Count Quality
P1 Measure delivery performance by suppliers X X 2 B
P2 Recognize/reward workers X X 2 D
P3 Negotiate with suppliers X X X 3 B
P4 Reduce number of parts X X X X 4 D
P5 Train supervisors X X 2 C
P6 Redesign production line X X X 3 A
P7 Move parts inventory X 1 E
P8 Eliminate excessive inventory build-ups X X 2 C
P9 Select suppliers X X 2 B
P10 Measure X X X 3 E
P11 Eliminate defective parts X X X 3 D

12. Divide business process priority
Table 9.5 CSF Project Chart
Critical Success Factor
No Business Process
1 2 3 4 5 6 Count Quality
P1 Measure delivery performance by X X 2 B QUALITY
suppliers
P2 Recognize/reward workers X X 2 D
P3 Negotiate with suppliers X X X 3 B
P4 Reduce number of parts X X X X 4 D
P5 Train supervisors X X 2 C
P6 Redesign production line X X X 3 A
P7 Move parts inventory X 1 E
P8 Eliminate excessive inventory build-ups X X 2 C
P9 Select suppliers X X 2 B
P10 Measure X X X 3 E
P11 Eliminate defective parts X X X 3 D
PRIORITY
Figure 9.1
CSF Priority Graph

13. Being Political
Proper Standard
Technical
Critical Factor
Effective to prject
Communication Success
Legal
Ethics
Organization

14. • Effective Communication
 Make people comfort
to talk
 Understand end-users
 Write effectively with proper style
 Meaningful presentation
 Clear articulations
 Mediate disputes
 Understand politics & organizations

15. • Proper utilization of standards

16. • Ethics
fair
forthright ETHICS impartial
Honest

17. • Being Political
 Identify opposants. Why? How?
 Write agreements + report
(audit trails)
 Speak directly & truthfully
 Clarify rumors
 Solid rationale decisions

18. • Technical
 Right Technological Skill
 adequate resource

19. • Legal

21. Thankyou