Integration Of BPM, BA, SDLC, PM - What Are Accountant S Responsibilities 3-27-2012

Must understand & consciously integrate activities of Financial Auditing / IT Auditing Business Analysis BA Business Process Management / Improvement BPM / BPI System Development Life Cy

What is

Your

Confidence Level that

Controls are in Place

in automated

(or manual)

applications?

• Business Process Management

• System Development Life Cycle

• Project Management

Who are the SMEs

in developing

financial control requirement?

Must understand & consciously integrate activities of

Financial Auditing / IT Auditing

Business Analysis (BA) Business Process Management / Improvement (BPM / BPI)

System Development Life Cycle (SDLC)

Project Management (PM)

BPM

BA, SDLC

PM

Strategic Goals

Accountant

(SME)

control

specs

Project initiation, Requirements identification,

Work definition, and Task assignment

6 Information Technology Project Management, Fifth Edition, Copyright

User specifications, Systems Analysis & Project Management

Project Management & Expert Knowledge

Project Management & Expert Knowledge

Project Management & Expert Knowledge

Some background info / examples.

Double entry accounting Paccioli, 1494

The control? Debits and Credits must balance

Processes must be defined & corrected prior to automating

Automated financial systems 1950s – 1960s

Problems

Specifications – Not what users needed

Errors – Processes not understood Bugs in the code.

Controls – Missing or ignored

Enron, HealthSouth, Sub-prime loans

(1986-87 loan approval expert system.)

Desire  Adequate, error free system with necessary controls

Warnings when acquiring Business

(or any) IT Systems

Managers / IT auditors / Users specifying requirements must

recognize when automated controls are not present

Are

business process improvement (BPI) best practices

accounting best practices

business analysis, system development life cycle (SDLC) best

practices

project management (PM) best practices

addressed during development of the system?

Are BEST PRACTICES followed during development?

If not, great likelihood controls not in place, user needs not

covered.

Warning!

Warning! Warning!

from

IT Auditors, Forensic Accountants,

Ivar Jacobson’s The Object Advantage Whitten, Bentley, & Dittman authors of Systems Analysis & Design Methods

Kathy Schwalbe author of IT Project Management PMI, A Guide to the Project Management Body of Knowledge

and my experiences.

Paul Crigler UAB Department of Management, Information Systems, & Quantitative Methods

IS and MBA-IT instructor

Losing control (and money)

due to

• Finagling the facts

• Violating the rules

• Stealing

• Incorrect / Invalid reporting

• Processes or process steps that are NOT correct or are NOT followed or are NOT automated

• We must be aware of and understand the integration of

• Business Process Management

• Financial Audit / IT Audit / Forensics

• Business Analysis methods

• Systems Development methods

• Project Management techniques

• and their best practices

IT Audit within the Audit Process (1 st three steps applicable when developing or acquiring an information system)

How was automated control

SDLCbest practices

PM, PPM best practices

How are controls originated?

• Who establishes the business rules?

• Who defines the processes?

• Who defines the controls?

• Who are responsible for controls?

When Processes are Automated

Who defines the controls (and the processes)?

Accountants, Operation Managers, Process

Engineers, etc - using BPM, BA best practices

Who analyzes, designs, builds computer system?

Business and Systems Analysts, Designers,

Who insures project is executed on time, within budget, completely and with quality?

Project Managers, Project Portfolio Managers

- using PM, PPM best practices

• What indicates that BPM, BA,

SDLC, PM best practices were

followed?

Build quality into automated

BA, SDLCbest practices

PM, PPM best practices

BPM, BPI best practices

using

Business Process Management

1st _

Business Process Management

Business Process Improvement

(BPM, BPI)

Some Major Processes

1 Cash receipts

2 Cash disbursements

3 Revenues and Accounts Receivables

4 Procurement / Accounts Payable

5 Payroll / Human Resources

6 Financial Statement Close Process

7 Information Technology

8 Other Processes Specific to the Business

and its Industry

Speed Are the processes generating the specified

outputs in a timely manner?

Reliability Are the business processes consistent?

Is up to date information available to the right people?

Integration Do the business processes integrate all the

necessary components seamlessly?

Do the processes link all the required data feeds?

Flexibility Are the processes capable of absorbing

changes initiated by the environment?

Security Are the processes equipped with the proper

security features capable of protecting confidential client information?

Is information authentic and reliable?

Process Evaluation Criteria

Activities of business process improvement project

Envisioning

Strategy

Understanding the existing business

Customer Demands

Business process improvement

Rebuilding

Objective Specification (vision of future, the new company)

The Model – the redesigned process(es) for the New Business

Envisioning

Reversing the Existing Business

Engineering the New Business

Installing the New Business

Business Process Redevelopment

Business process improvement

Continuous Improvement

Envisioning

Reversing the Existing Business

Engineering the New Business Installing the New Business

Business Process Reengineering project

Improvements

Radical Δ ? (Radical change?)

No Yes ?

Enterprise Applications

• Virtually all organizations require a core set

of enterprise applications

– Financial mgmt, human resources, sales, etc.

– Frequently purchased (COTS – commercial off the

shelf)

– Frequently need to have custom elements added

• Systems Integration  process of building

unified information system out of diverse components

 purchased software, custom-built software,

hardware, and networking.

Warning!

COTS – squeezing size

10 foot into size

Enterprise Applications

Framework for improving and automating processes

Processes are not

in place or are not followed!

BA, Control Specifications & SDLC

2nd _

Business Analysis, Control Identification

&

Systems Development Life Cycle

Business Analysis / Requirements Systems Development Life Cycle

If BA / Financial Controls / etc requirements are

not properly addressed ….

Warning!

If SDLC best practices are not in place ….

For definitions go to http://en.wikipedia.org/wiki/Business_analysis

Typical SW Project

Information Technology

Project Management

30

Objectives for

the Accountant (or manager) responsible for specifications

1 Understand business analysis and systems analysis and

relate to scope definition, problem analysis, requirements

analysis, logical design, decision analysis phases of SDLC.

2 Understand systems analysis approaches for solving

business system problems.

3 Understand scope definition, problem analysis,

requirements analysis, logical design, and decision analysis phases in terms of information system building blocks.

4 Understand scope definition, problem analysis,

requirements analysis, logical design, and decision analysis phases in terms of purpose, participants, inputs, outputs,

techniques, and steps.

Accommodate

Business Strategy

Systems Analysis and Design Processes

System Building Blocks from Systems Analysis perspective

Information System Building Blocks

Warning!

People are not on board or being proper considered!

What is Systems Analysis ?

Systems analysis  problem-solving technique that

decomposes a system into component pieces for studying how well parts work and interact to accomplish purpose

Systems design  problem-solving technique that

assembles system’s component pieces into complete system The How

Information systems analysis  development phases in information systems development project primarily

focus on business problem and requirements independent of technology used to implement solution

Context of Systems Analysis

Identify alternate solutions

Project Charter

Requirements Discovery

used by systems analysts to

identify system problems & solution

requirements from user community

Accountants when the system’s focus is to provide controls

Business Process Redesign

BPR  feature of systems analysis to

fundamental business processes

independent of information technology

Warning!

BPR does not occur prior to new system design – resulting in

automating bad processes.

FAST Systems Analysis Phases

1 Scope Definition Phase

– Why is project worth considering?

2 Problem Analysis Phase

– Why is new system worth building?

3 Requirements Analysis Phase

– What do users – Accountants - want from new system?

4 Logical Design Phase

– What must new system do?

5 Decision Analysis Phase

– What is best solution?

Scope  boundaries of project – area of a business that project may address

Scope Definition Phase Terms

Steering body  committee of executive business

competing project proposals

Key Term of the Problem Analysis Phase

Context Diagram  pictorial model that shows how system interacts with world around it

and

specifies system inputs and outputs.

Our System

Requirements Analysis Phase

Context of Logical Design Phase of Systems Analysis

U s e r s

Feasibility Matrix

Candidates are compared

with each other and ranked.

Warning!

A stakeholder attempts to influence the decision by

corrupting the data, modifying the

weights “arbitrarily”, etc.

Project Management

3rd _

Managing the Project Managing the Project Portfolio

Need for Organizational Standards

Standards and guidelines help project managers be more effective.

Senior management can encourage:

– use of standard forms and software for project

management.

– development and use of guidelines for writing project

plans or providing status information.

– creation of a project management office (PMO).

Warning!

Expect problems if have no standing Technical Standards Committee

What Is a Project?

Project  “a temporary endeavor undertaken to create a unique product, service, or result.”

(Operations are work done to sustain the business.)

A project ends when its objectives have been reached, or the project has been terminated.

Projects can be large or small and take a short or long time to complete.

Project

1 Has unique purpose

2 Is temporary

3 Is developed using progressive elaboration

4 Requires resources, often from various areas

5 Should have a primary customer or sponsor

• project sponsor provides direction and

funding for project

6 Involves uncertainty

Warning!

C level management and sponsors don’t understand projects.

Warning!

Management doesn’t support the project

Warning!

Risk Management Plans not in place

Project Management Perspective necessary to appreciate ROI

Focus must continue beyond implementation to reap benefits.

Development Operations with Support

All that happens after “project” ends

Warning!

BA & SDLC must

utilize best analysis,

design, and support

processes

Warning!

IT Controls must be

in place to minimize risk so maximum $ will be made.

Warning!

Requirements must

be correct so maximum utilization will be achieved by users.

Project and Program Managers

Project managers work with project sponsors, project teams, and other people involved in projects to meet project goals.

Program: “A group of related projects managed in a

coordinated way to obtain benefits and control not available from managing them individually.”*

Program managers oversee programs and often act as bosses for project managers.

Project Manager

Project Manager  experienced professional

- responsible for planning, monitoring, and controlling projects

with respect to schedule, budget, deliverables,

customer satisfaction, technical standards, and system quality Warning!

Without experienced PM may not include users’

(Accountants’, Managements’, etc.) concerns in system

Project Management Certification

• PMI provides certification as a Project

Management Professional (PMP).

• A PMP has documented project experience, agreed to follow code of ethics, and passed exam.

Warning!

Don’t have experience, certified PMs managing IT Control projects.

Different players, different agendas

War story about Office Paper Recycle Project stakeholders Another war story about HR

Admin system stakeholders

Importance of Top Management Commitment

top management commitment

Top management must help project managers

– Secure adequate resources.

– Get approval for unique project needs in timely manner – Receive cooperation from people throughout

organization.

– Learn how to be better leaders

Warning!

Management not committed to project

Need for Organizational Commitment to IT

• If the organization has a negative attitude toward IT difficult for IT

Level of Activity and Overlap of Project

Process Groups Over Time

Warning!

Project team does not address all groups in integrated fashion.

Must understand Iterative Elaboration nature of systems projects.

– Four core knowledge areas lead to specific project objectives

– Four facilitating knowledge areas are the means through

which the project objectives are achieved (human

resources, communication, risk, and

procurement management).

management) affects and is affected by all of the other

knowledge areas.

Warning!

Project plan and execution

do not address all knowledge areas.

PM Capability Maturity Model (CMM)

Low risk

High risk

Not competitive

Very competitive

Auditing (financial & IT),

8 Formal methodology

9 Reliable estimates

10 Other criteria, such

as small milestones, proper planning,

competent staff,

buy-in and ownership, and clear communications

Suggested Skills for Project Managers

• Project managers need a wide variety of skills

• They should

– Be comfortable with change.

– Understand the organizations they work in and with.

– Lead teams to accomplish project goals.

Warning!

Project manager

does not understand the business,

are not leaders.

Project Manager Skills

promotes esprit de corps.

(big picture), delegates, positive, energetic.

Sample Gantt Chart

Work Breakdown Structure showing all tasks of project

Warning!

All tasks not completely identified.

Ethics in Project Management

2 Project managers often face ethical dilemmas

3 In order to earn PMP certification, applicants must

agree to the PMP code of professional conduct.

4 Several questions on the PMP certification exam are

related to professional responsibility, including

ethics.

Warning!

Have concerns that project is executed ethically.

Project Management Office (PMO)

• responsible for developing, coordinating, promoting, and

supporting project management function throughout

organization.

• Possible goals include:

organization.

topics.

acting in those roles or are between projects.

Warning!

PMO not in place or is not effective.

How was the computer based

control system developed?

The enterprise with its many processes

guided by GAAP, ISACA,

industry standards and

best practices.

BPM, BPI best practices BA

& SDLCbest practices

PM, PPM best practices

If not followed

- Warning!

by following and using