CISA Domain 3
What is a project portfolio?
All projects being carried out in an organization at a given point in time. A program is a group of projects and tasks that are closely linked together through common strategies, objectives, budgets and schedules. Portfolios, programs and projects are often controlled by a project management office (PMO), which governs the processes of project management but are not typically involved in the management of the content. Like projects, programs have a limited time frame (i.e., a defined start and end date) and organizational boundaries.
Where can IS projects be initiated from?
Any part of the org, including the IT department.
What is the role of information system security engineer on a project?
Applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risk associated with these vulnerabilities. Key to meeting this role is: Defining the needs, requirements, architectures and designs to construct network, platform and application constructs according to the principles of both defense in breadth and security in depth.
What is required for a PMO?
As an owner of the project management and program management process: Must be a permanent structure Adequately staffed to provide professional support in these areas to maintain current and develop new procedures and standards.
How can the schedule be graphically represented?
various techniques such as Gantt charts, the critical path method (CPM) or program evaluation and review technique (PERT) diagrams.
What is a key element of the benefits realization processes?
• Assessment of the benefits realization processes • Business case
What is the role of user management on a project?
• Assumes ownership of the project and resulting system • Allocates qualified representatives to the team • Actively participates in business process redesign, system requirements definition, test case development, acceptance testing and user training. • Review and approve system deliverables as they are defined and implemented.
What is the role of user project team on a project?
• Completes assigned tasks • Communicates effectively with the systems developers by actively involving themselves in the development process as subject matter experts (SMEs) • Works according to local standards and advises the project manager of expected and actual project plan deviations
What is the role of systems development management team on a project?
• Completes assigned tasks • Communicates effectively with users by actively involving them in the development process • Works according to local standards • Advises the project manager of necessary project plan deviations
What major factors is project benefits realization compromised of?
• Cost • Quality • Development/delivery time • Reliability • Dependability
What WP specifications should be included?
• Dependencies on other WPs • Definition of how to evaluate performance and goal achievement.
What are the key elements of project benefits realization?
• Describing benefits management or benefits realization • Assigning a measure and target • Establishing a tracking/measuring regimen • Documenting the assumption • Establishing key responsibilities for realization • Validating the benefits predicted in the business • Planning the benefit that is to be realized
What are key things to remember with WBS and respective WPs?
• The top WBS level represents the final deliverable or project. • Sub-deliverables contain WPs that are assigned to an organization's department or unit. • All elements of the WBS do not need to be defined to the same level. • WPs define the work, duration and costs for the tasks required to produce the sub-deliverable. • WPs should not exceed a duration of 10 days. • WPs need to be independent of each other in the WBS. • WPs are unique and should not be duplicated across the WBS.
What are the 4 phases in project benefits realization?
• Understand • Plan • Realize • Report
What are the 3 types of project management org structures?
1. Functional-structured organization—In a functional-structured organization, the project manager has only a staff function without formal management authority. The work is broken down in departments and a project manager is allowed to advise peers and team members only as to which activities should be completed. 2. Project-structured organization—In a project-structured organization, the project manager has formal authority over those taking part in the project. This includes authority over the project's budget, schedule and team. 3. Matrix-structured project organization—In a matrix-structured organization, management authority is shared between the project manager and the department heads.
What are the functions the IT Steering Committee performs?
- Reviews project progress regularly (e.g., semimonthly or monthly) and holds emergency meetings when required. - Serves as coordinator and advisor. Members of the committee should be available to answer questions and make user-related decisions about system and program design. - Takes corrective action if necessary due to project progress and issues escalated to the committee.
What can an OBS help ensure?
A material deliverable is not overlooked. Especially when dealing with intangible project results such as organizational development.
What is the result of FPA?
A measure of the size of an information system based on the number and complexity of the inputs, outputs, files, interfaces and queries with which a user sees and interacts. This is an indirect measure of software size and the process by which it is developed versus direct size- oriented measures such as SLOC counts.
For projects, what is required for benefits realization?
A planned approach to benefits realization is required, looking beyond project cycles to longer-term cycles that consider the total business benefits and total business costs throughout the life of the new system.
What helps indicate the stage boundaries?
A project schedule. Stage boundaries are explained in section 3.2, Business Case and Feasibility Analysis.
What happens after the OBS has been complied?
A work breakdown structure (WBS) is designed to structure all the tasks that are necessary to build up the elements of the OBS during the project.
What does the project sponsor assume?
Overall ownership and accountability of the project and chairs the steering committee.
What is the differentiator between portfolio and project management?
Programs are more complex, usually have a longer duration, a higher budget and higher risk associated with them, and are of higher strategic importance.
What process does project management begin with?
Project Charter
What does the project portfolio database include?
Project data such as owner, schedules, objectives, project type, status and cost.
What is mandatory in project portfolio management?
Project portfolio database.
What are project schedules?
Project schedules are living documents and should indicate: • Tasks for a WP • Start and finish dates • Percentage completed • Task dependencies • Resource names of individuals planned to work on those tasks
What is the differentiator between program and portfolio management?
Projects of a program belong to an organization's project portfolio as do projects that are not associated with a program.
What is the role of the project sponsor on a project?
Provides funding for the project and works closely with the project manager to define the critical success factors (CSFs) and metrics for measuring the success of the project. Data and application ownership are assigned to a project sponsor. A project sponsor is typically the senior manager in charge of the primary business unit the application will support.
What is the role of the IT Steering Committee?
Provides overall direction and ensures appropriate representation of the major stakeholders in the project's outcome.
How can ROI be measured to make go/no-go decisions?
ROI may be measured as value of benefit/costs, which then can be compared with an organization's cost of funds, to make a go/no-go decision. This ROI framework can then be used as a benchmark to evaluate the progress of the project and identify causes, if the actual ROI is not aligning with the planned ROI.
How is size estimation calculated?
Resources assigned (R) × duration (D) = total resources (TR, a constant quantity); which is the classic "man × month" dilemma curve. Any point along the curve meets the condition R × D = TR. At any point O on the curve, the area of the rectangle will be TR, proportional to the budget. Few resources=project will take longer (a point close to LR) Many resources=shorter (a point close to LD). LR and LD are two practical limits: a duration that is too long may not seem possible; use of too many (human) resources at once would be unmanageable. Figure 3.3C
What is the methodology and processes used in program management?
Very similar to those in project management and run in parallel to each other. However, they must not be combined and have to be handled and carried out separately.
What does it suggest when an org fails to consistently meet its ROI objectives?
Weakness in its SDLC and related project management practices.
What is required to manage portfolios, programs, and projects?
Well-designed structures such as expert pools, a PMO and project portfolio groups. Specific integrative tools such as project management guidelines, standard project plans and project management marketing instruments are also used.
What is a WP?
Work package in the WBS. Each WP must have a distinct owner and a list of main objectives and may have a list of additional objectives and out-of-scope objectives.
Does benefits realization include a post-implementation review?
Yes. Time must be allowed for initial technical problems to be resolved and for the project benefits to accrue as users become familiar with the new processes and procedures.
Is project benefits realization part of governance?
Yes. Project benefits realization must be part of the governance and management of a project and include business sponsorship.
What is the IT Steering Committee's responsibility?
All deliverables, project costs and schedules.
What is the slack time and zero slack time in the Critical Path Estimation (CPM)?
Activities that are not in the critical path have slack time, which is the difference between the latest possible completion time of each activity that will not delay the completion of the overall project and the earliest possible completion time based on all predecessor activities. Activities on a critical path have zero slack time. By working through the network forwards and backwards, the earliest possible completion time for the activities and the project are determined. A path is any set of successive activities that go from the beginning to the end of the project. Associated with each activity in the network is a single number that best estimates the amount of time the activity will consume.
What is a Gantt Chart?
Aid in scheduling the activities (tasks) needed to complete a project. The charts shows: • When an activity should begin and end along a timeline. • Which activities can occur concurrently and sequentially. • Resources assigned to each task and by what percent allocation Aids in identifying: • Activities that have been completed early or late by comparison to a baseline. • Whether the project is behind, ahead or on schedule compared to the baseline project plan. • Used to track the achievement of milestones or significant accomplishments for the project such as the end of a project phase or completion of a key deliverable.
What is Software Size Estimation?
Methods of determining the relative physical size of the application software to be developed. Estimates can be used to: Guide the allocation of resources Judge the time and cost required for its development Compare the total effort required by the resources
What is the Function Point Analysis (FPA) technique in Planning?
Multiple-point technique used for estimating complexity in developing large business applications.
What basis does the WBS level of detail serve?
Basis for the negotiations of detailed objectives among: • Project sponsor • Project manager • Project team members
When are project resources estimated?
Beginning of project using techniques of software/project size estimation
How is a project initiated?
By a project manager or sponsor gathering the information required to gain approval for the project to be created. This is often compiled into terms of reference or a project charter. Approval of a project initiation document (PID) or a project request document (PRD) is the authorization for a project to begin.
How are Function points in the FPA computed?
By first completing a table (figure 3.7) to determine whether a particular entry is simple, average or complex. Five FP count values are defined, including the number of: • User inputs • User outputs • User inquiries • Files • External interfaces Upon completion of the table entries, the count total in deriving the function point is computed through an algorithm that considers complexity adjustment values (i.e., rating factors) based on responses to questions related to issues such as: • Reliability • Criticality • Complexity • Reusability • Changeability • Portability Function points derived from this equation are then used in a manner analogous to SLOC counts as a measure for cost, schedule, productivity and quality metrics. Example: productivity = FP/person-month, quality = defects/FP, and cost = $/FP
What do strategy-makers perform?
Comprehensive study and evaluate which factors are "qualifying" or "winning" and then compare those factors with strengths, weaknesses and competencies of services available to complete and maintain systems.
What roles would an IS Auditor have on a project team?
Control expert May also provide an independent, objective review to ensure that the level of involvement (commitment) of the responsible parties is appropriate. In such cases, the IS auditor is not performing an audit but is participating on the project in an advisory role. Depending on the level of the IS auditor's involvement, he/she may become ineligible to perform audits of the application when it becomes operational.
What is the Software Cost Estimation technique in Planning?
Cost estimation is a result of software size estimation and helps to properly scope a project.
Which 3 intertwining elements should a project management pay special attention to?
Deliverables Duration Budget Project duration and budget must be commensurate with the nature and characteristics of the deliverables. In general, there will be a positive correlation between highly demanding deliverables, a long duration and a high budget. Figure 3.3A
What is the role of senior management on a project?
Demonstrates commitment to the project and approves the necessary resources to complete the project.
When should the schedule be revisited for compliance?
During the project execution, to verify compliance and identify variances at key points and milestones. Any variances to the budget and schedule should be analyzed to determine the cause and corrective action to take in minimizing or eliminating the total project variance. Variances and the variance analysis should be reported to management on a timely basis.
What is the objective of benefits realization?
Ensure that IT and the business fulfill their value management responsibilities, particularly that: • IT-enabled business investments achieve the promised benefits and deliver measurable business value. • Required capabilities (solutions and services) are delivered: -On time, both with respect to schedule and time-sensitive market, industry and regulatory requirements -Within budget • IT services and other IT assets continue to contribute to business value. See Chapter 2 for more details on benefits realization.
What does an IS project have to make it a project?
Objectives Deliverables Start and end dates
What is the objective of quality assurance on a project?
Ensure the quality of the project by: • Measuring the adherence of the project staff to the organization's SDLC • Advise on deviations • Propose recommendations for process improvements or greater control points when deviations occur. The points where reviews occur depend on the SDLC methodology used, the structure and magnitude of the system and the impact of potential deviations. May include a review of process-based activities related to either project management or the use of specific software engineering processes within a particular life cycle phase. Such a focus is crucial to completing a project on schedule and within budget and in achieving a given software process maturity level.
What is the Cost Budget technique in Planning?
Estimating the amount of effort that will be required to carry out each task.
What is an indirect measurement of the the software size?
FPA
What are the various elements that should be considered before selecting a project management technique?
Figure 3.3
What are the 4 commonly used methodologies in Information System Development Project Cost Estimation?
Four commonly used methodologies to estimate the cost of an information system acquisition and development project are: • Analogous estimating—By using estimates from prior projects, the project manager can develop the estimated cost for a new project. This is the quickest estimation technique. • Parametric estimating—The project manager looks at the same past data that were used in analogous estimating and leverages statistical data (estimated employee hours, materials costs, technology, etc.) to develop the estimate. This approach is more accurate than analogous estimation. • Bottom-up estimating—In this method, the cost of each activity in the project is estimated to the greatest detail (i.e., starting at the bottom), and then all the costs are added to arrive at the cost estimate of the entire project. While the most accurate estimate, this is the most time-consuming approach. • Actual costs—Like analogous estimation, this approach takes an extrapolation from the actual costs that were incurred on the same system during past projects.
From what is the budget deduced?
From the resources required to carry out the project by multiplying fees or costs by the amount of each resource. Software->Resources->Budget. Figure 3.3B
What should an IS Auditor understand as a starting point for development-related projects?
How the business defines value or a return on investment (ROI) for development-related projects.
Who identifies the project manager of new projects?
IT Steering Committee
Who should review IS project requests and prioritize them?
IT Steering Committee
What is different between the OBS and WBS?
In contrast to the OBS, the WBS does not include basic elements of the solution to build but shows individual work packages (WPs) instead.
What does an OBS represent?
Individual components of the solution and their relationships to each other in a hierarchical manner, either graphically or in a table.
What are the project management component processes?
Initiating Planning Executing Controlling and Monitoring Closing
What is a task list?
List of actions to be carried out in relation to WPs and includes assigned responsibilities and deadlines. Aids the individual project team members in operational planning and in making agreements.
What is an example of a non-IS project within a related program?
Mergers and acquisitions (M&A)
What is the Scheduling and Establishing the Time Frame technique in Planning?
Scheduling involves establishing the sequential relationship among tasks. This is achieved by arranging tasks according to the following two elements: Note: Organizations that use FP methods develop criteria for determining whether a particular entry is simple, average or complex. • Earliest start date, by considering the logical sequential relationship among tasks and attempting to perform tasks in parallel, wherever possible • Latest expected finish date, by considering the estimate of hours per the budget and the expected availability of personnel or other resources, and allowing for known, elapsed-time considerations (e.g., holidays, recruitment time, full-time/part-time employees)
What do critical path estimations help estimate?
Shortest possible completion time for the overall project.
Where does FPA not behave well?
Software (such as OS, process control, communications and engineering). Other estimation methods are more appropriate for such software and include the constructive cost model (COCOMO) and FPA feature points of De Marco and Watson-Felix.
What are project objectives?
Specific action statements that support attainment of project goals.
What is a commonly accepted approach to define project objectives?
Start off with an object breakdown structure (OBS).
What is the objective of program management?
Successful execution of programs including, but not limited to, the management of program: • Scope, financials (costs, resources, cash flow, etc.), schedules, objectives and deliverables • Context and environment • Communication and culture • Organization
What is project management?
The application of knowledge, skills, tools and techniques to a broad range of activities to achieve a stated objective such as meeting the defined user requirements, budget and deadlines for an IS project.
What is the Critical Path Methodology (CPM) technique in Planning?
The critical path is the sequence of activities that produces the longest path through a project. It is the route along which the project can be shortened (accelerated) or lengthened (delayed). All project schedules have (at least) one critical path, usually only one in nonmanipulated project schedules.
Why does single-point estimation not work for complex systems?
They do not support more than one parameter in different types of programs, which, in turn, affects the cost, schedule and quality metrics. To overcome this limitation, multiple-point estimations have been designed. See Function Point Analysis.
What is the objective of the PMO?
To improve project and program management quality and secure project success, but it can focus only on activities and tasks and not on project or program content.
Why is a specific program organization required?
To make autonomous projects possible while making use of synergies between related projects in the program.
What does size estimation yield?
Total resources
What is the communication structure of the program manager?
Typical communication structures in a program are program owner's meetings and program team's meetings. To formally start a program, some form of written assignment from the program sponsor (owner) to the program manager and the program team is required. Because programs most often emerge from projects, such an assignment is of paramount importance to set the program context and boundaries as well as formal management authority.
How are task lists used?
Typically compiled into a project schedule at the planning phase of a project and are used in the controlling phase of the project to monitor and track the progress and completion of the WPs.
What is the role of security officer (or security team) on a project?
• Ensures that system controls and supporting processes provide an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures • Consults throughout the life cycle on appropriate security measures that should be incorporated into the system • Reviews security test plans and reports prior to implementation • Evaluates security-related documents developed in reporting the system's security effectiveness for accreditation • Periodically monitors the security system's effectiveness during its operational life
What are the sizing and measurement techniques in the Planning phase?
• Information System Development Project Cost Estimation • Software Size Estimation • Function Point Analysis • Cost Budgets • Software Cost Estimation • Scheduling and Establishing the Time Frame • Gantt Charts • Critical Path Methodology • Program Evaluation Review Technique • Timebox Management
What is included in a project charter?
• Objective of the project • Stakeholders in the system to be produced • Project manager • Sponsor
What are 4 ways project initiation can be achieved?
• One-on-one meetings—between the project team members and the project manager. • Kick-off meetings—project manager to inform the • Project start workshops—a project start workshop to obtain cooperation from all team members and buy- in from stakeholders. This helps develop a common overview of the project and communicates the project culture early in the project. • A combination of the three
What are the objectives of project portfolio management?
• Optimization of the results of the project portfolio (not of the individual projects) • Prioritizing and scheduling projects • Resource coordination (internal and external) • Knowledge transfer throughout the projects
What elements should be included in the Cost Budget technique?
• Personnel hours by type (e.g., system analyst, programmer, clerical) • Machine hours (predominantly computer time as well as duplication facilities, office equipment and communication equipment) • Other external costs such as third-party software, licensing of tools for the project, consultant or contractor fees, training costs, certification costs (if required), and occupation costs (if extra space is required for the project) Having established a best estimate of expected work efforts by task (i.e., actual hours, minimum/maximum) for personnel, costs budgeting now becomes a two-step process to achieve the following results: Phase-by-phase estimate of human and machine effort by summing the expected effort for the tasks within each phase. Multiply the effort expressed in hours by the appropriate hourly rate to obtain a phase-by-phase estimate of systems development expenditure. Other costs may require tenders or quotes.
What is the structuring of the WBS?
• Process-oriented • In phases
What are typical program management roles?
• Program owner • Program manager • Program team
What are some typical project portfolio reports?
• Project portfolio bar chart • Profit versus risk matrix • Project portfolio progress graph
Who is on the IT Steering Committee?
• Project sponsor-Chair • A senior representative from each business area that will be significantly impacted by the proposed new system or system modification • Project manager
What is the role of the project manager on a project?
• Provides day-to-day management and leadership of the project Ensures that project activities remain in line with the overall direction Ensures appropriate representation of the affected departments Ensures that the project adheres to local standards Ensures that deliverables meet the quality expectations of key stakeholders Resolves interdepartmental conflicts Monitors and controls costs and the project timetable. The project manager may facilitate the definition of the project scope, manage the budget and control the activities via a project schedule. Where projects are staffed by personnel dedicated to the project, the project manager will have a line responsibility for such personnel.
What is the role of systems development management on a project?
• Provides technical support for hardware and software environments by developing, installing and operating the requested system. • Provides assurance that the system is compatible with the organization's computing environment and strategic IT direction • Assumes operating support and maintenance activities after installation.
What is the role of quality assurance on a project?
• Reviews results and deliverables within each phase and at the end of each phase • Confirms compliance with requirements.
What should the project manager determine during project planning?
• Scope of the project (with agreement from stakeholders on project scope) • Various tasks that need to be performed to produce the expected business application system • Sequence or order in which these tasks need to be performed • Duration or the time window for each task • Priority of each task • IT and non-IT supporting resources that are available and required to perform these tasks • Budget or costing for each of these tasks • Source and means of funding for labor, services, materials, and plant and equipment resources involved in the project • Sizing and measurement techniques
How should automated cost estimation main components be divided to develop cost estimates of the information system and total project?
• Source code language • Execution time constraints • Main storage constraints • Data storage constraints • Computer access • The target machine used for development • The security environment • Staff experience
What is a SMART objective?
• Specific • Measurable • Attainable • Realistic • Timely
What does the WBS represent?
• The project in terms of manageable and controllable units of work • Serves as a central communications tool in the project • Forms the baseline for cost and resource planning
