|
|
|
Features
< Back
Sarbanes Oxley : Technology : Project Management
Accountability from Project Managers to the Executive Suite
By
Jan Sondergaard
|
|
Jan Sondergaard
Hewlett Packard
|
Visibility: Why it?s important to view projects from the executive point of view
In spite of years of applying sophisticated project management theory and tools to project management, leading IT executives continue to tell me that one of their biggest problems is that internal customers still claim they have an insufficient understanding of what IT is doing for them and what value they provide.
Worse yet, some executives acknowledge that their IT organization is perceived as a ?black hole? or even a ?bottleneck.? On one level, this is a perception issue, yet it also reflects the reality that many large IT organizations lack the capacity to automatically capture, view, and report on all of the work IT is doing.
This lack of automation rises beyond a perception problem to one of real corporate risk. With no control and visibility into application security and changes, sustainable Sarbanes-Oxley compliance is impossible.
This lack of a big picture also presents a significant challenge for today?s Project Management Office (PMO). While many organizations have implemented time-reporting systems and project scheduling tools, such tools are limited by their narrow focus on managing individual projects and reporting.
Without a consolidated view into all the demand placed on IT, the PMO is unable to prioritize work to meet corporate objectives. Additionally, there is no way to enforce enterprise-wide standards or methodologies, so there is no consistent way to improve project outcomes -- much less demonstrate that IT?s day-to-day activities comply with Sarbanes-Oxley.
Driving compliance: Implementing enterprise project standards and methodologies
Gaining a big picture view of what IT is working on is ultimately a by-product of implementing standard project methodologies that can be managed and controlled by the PMO. This ensures that the day-to-day information collected in a project and portfolio management system can be relied upon to provide executives and project managers with a single, real-time system of record that supports reporting requirements and overall decision-making.
The best way to implement standards across an organization is to take a top-down project and portfolio management approach that allows you to define and enforce ?control points? throughout the processes. The PMO can achieve this by leveraging automated workflow templates that can be used as is or easily configured to better fit the organization?s needs.
Implementing a project and portfolio management system that provides field level security throughout the workflow process can help you achieve sustainable corporate Sarbanes-Oxley compliance. Field level security will ensure that the right people have access to the right information (such as application changes and code migrations) at the right time ? and that those specific actions are easily captured in an audit trail.
For example, Constellation Energy, a leading supplier of competitive energy in the United States and Canada, utilized the Mercury Project and Portfolio Management Center to create standard demand and change management practices, resulting in reduced audit sample points by over 95 percent, driving a recurring tangible savings of over $1 million per year in audit costs.
By automating its change management processes with a standard methodology, the company has been able to replace multiple application change management processes and systems with a single change management platform. Today, Constellation?s business and IT teams leverage the new system to support the management of business issues, IT change requests, change prioritization, change resolution, and change deployment. All system change requests, approvals, and migrations are documented and auditable within the normal flow of day-to-day work.
Jeff Johnson, Vice President, Corporate Applications at Constellation Energy, states that ?In the face of regulatory compliance and complex new application environments, effective and sustainable governance is important. With the Mercury product suite as the foundation to our solution, we can work closely with the business to drive corporate goals and objectives, lower costs, and reduce risks, while managing issues such as SOX compliance.?
Reducing Risk: Manage by exception with real-time escalations and reporting
One way to mitigate the risk and time of maintaining compliance initiatives is to take advantage of project and portfolio management solutions that offer real-time alerts and indicators. For example, project risk thresholds can be established across the company through standard templates that lock down project health metric settings, such as those related to schedules, costs, and resource capacity. Automated alerts can then be set up to notify key stakeholders when a project?s health may be in jeopardy, and access to project details via a Web browser facilitates rapid response and problem resolution.
For example, consider what might happen if a critical resource leaves the company or can no longer work on an enterprise financial application roll-out. Having visibility into the precise impact this resource loss may have will help a project manager quickly identify areas of exposure and take remedial action. And from a compliance perspective, having a standardized project process will ensure that a new employee can be quickly integrated into the project system and given appropriate access controls to the enterprise financial management application.
Additionally, real-time dashboards that can be personalized by role and individual preferences enables exception-oriented visibility into IT trends, status, and deliverables. Along with high-level trends and metrics, they also offer details on everything IT is working on, including strategic projects, non-project work, project health metrics, issues, risks, resource allocations, critical project interdependencies, and overall costs.
By implementing a project and portfolio management system that enables you to standardize processes and project definitions through automated workflow templates, you can enforce a consistent set of project management practices that ensures that the data captured accurately reflects the day-to-day work of your organization. Armed with accurate, reliable information, IT professionals at all levels can more effectively respond to the demands of the business while creating a culture of accountability that can support current and future regulatory requirements.
For Constellation Energy, this has truly paid off. Concludes Jeff Johnson, ?Today we have an enterprise view of IT support effort and application changes. ?This has allowed us to achieve sustainable compliance and dramatically reduce the level of IT and Audit Department effort around the business and IT change management process.?
Jan Sondergaard
Hewlett Packard
Jan Sondergaard is
Vice President of Products at Hewlett-Packard.
|
|
|
|
|
