Project Governance and Management
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hi there, and welcome back to
00:00
Certified Information Systems Auditor.
00:00
We'll now commence Module 4,
00:00
which is Domain 3,
00:00
information system acquisition development,
00:00
and implementation. Let's begin.
00:00
As with the other domains,
00:00
these are your learning objectives
00:00
and task statements which
00:00
isochore mandate for anyone doing this particular exam.
00:00
These are important references
00:00
for your review and for your study,
00:00
just to note down to make sure that
00:00
you've covered everything in the modules.
00:00
Our first topic is project governance and management.
00:00
In this module, we'll be looking
00:00
at what project management is,
00:00
some of the practices,
00:00
the life cycle and structure of projects,
00:00
some of the roles and responsibilities
00:00
that take place within projects,
00:00
the project management office or PMO,
00:00
project initiation and objectives,
00:00
and some planning structures.
00:00
Let's begin. What is project management?
00:00
Basically, it underpins the acquisition, development,
00:00
and implementation process of most organizations.
00:00
You as a Certified Information Systems Auditor,
00:00
will be involved in a number of
00:00
projects and a lot of project work of your career.
00:00
In a lot of organizations,
00:00
you can have several projects running concurrently.
00:00
Depending upon the size of the organization,
00:00
there could be any number
00:00
of them running at the same time.
00:00
The project portfolio management is
00:00
basically a function that
00:00
will identify the common objectives,
00:00
identify and manage risk,
00:00
and identify resource connections.
00:00
As you can imagine in a large organization,
00:00
if you do have several projects running at the same time,
00:00
there is a possibility that there
00:00
might be some priorities or
00:00
some requirements or outcomes which
00:00
will be the same across multiple projects.
00:00
That's why project portfolio management
00:00
is fairly important.
00:00
Also, project management structure,
00:00
policy and procedures and controls,
00:00
these will all be important things within an organization
00:00
that should be sent down and should
00:00
be controlled and managed.
00:00
The project management practice,
00:00
so it's basically the application of knowledge, skills,
00:00
tools, and techniques to a broad range
00:00
of activities to achieve a stated objective.
00:00
Put very simply, it's organizations getting stuff done.
00:00
There are three main objectives which you'll
00:00
often find for most projects,
00:00
regardless of what they are,
00:00
what the user requirements are,
00:00
so what they want, the budget,
00:00
how much money can be spent on it,
00:00
and the deadlines when it is actually due.
00:00
Projects will often begin with a project charter,
00:00
which is essentially
00:00
a high-level statement or document that
00:00
really determines exactly what
00:00
the outcome of the project is going to be.
00:00
Let's have a look at the project management life cycle.
00:00
This is from the Project Management
00:00
Institute and it's from
00:00
the Guide to the Project
00:00
Management Body of Knowledge, fifth edition.
00:00
If you're needing to find a little bit more
00:00
about how projects work and how they're managed,
00:00
that would be a good starting point for you.
00:00
It's a very simple process at a high level.
00:00
There's a starting point,
00:00
it's initiating phase in which the project is defined,
00:00
stakeholders are engaged, resources are obtained,
00:00
and budget is allocated.
00:00
Then there is a cycle of planning and
00:00
executing which is controlled
00:00
and monitored throughout that life cycle.
00:00
Then we finally finish up with the closing,
00:00
which is hopefully the resulting outcome
00:00
of a successful project and an end result.
00:00
Then the closing and end of the project.
00:00
There are
00:00
quite a few different project management structures
00:00
that you might encounter.
00:00
They're loosely defined under three main types.
00:00
You have a functional structured organization.
00:00
In this case, the project manager is drawing upon
00:00
resources from other departments
00:00
>> within the organization.
00:00
>> The project manager is responsible
00:00
for the actual delivery of the project,
00:00
but doesn't have any formal management authority
00:00
over the resources.
00:00
You also have a project structured organization.
00:00
In this case, the project manager has formal authority
00:00
over those who are taking part in
00:00
the project and manages the budget,
00:00
the time frames,
00:00
and the deadlines comprehensively.
00:00
Then finally, there is a matrix structured organization,
00:00
which could be a combination of
00:00
functional structured organization
00:00
and project structured organization.
00:00
The roles and responsibilities
00:00
of project management are fairly varied.
00:00
You'll often see in large projects,
00:00
a project steering committee which
00:00
could be made up of senior stakeholders,
00:00
senior management, or people
00:00
who are relevant to the particular project.
00:00
Or you may just have representatives from
00:00
senior management who have oversight.
00:00
There's often a project sponsor.
00:00
This is the person who has
00:00
actually decided to undertake that particular project,
00:00
enlarge area projects, you
00:00
might also have user management,
00:00
in which case, if they're just particularly a project
00:00
that will have ramifications on a user population,
00:00
you might need very specific areas of user management.
00:00
We also have project teams,
00:00
project managers, obviously.
00:00
Quality assurance is obviously
00:00
a fairly important part that
00:00
basically an area that's might determine
00:00
exactly the quality outcomes of the project.
00:00
Depending upon the nature of the project,
00:00
it could be systems development management
00:00
or a system development project team.
00:00
Obviously, security plays a part in this
00:00
and the information system security engineers.
00:00
Project management techniques at the very high level,
00:00
are fairly simple and there's three of them.
00:00
Budget, how much the project
00:00
is going to cost, the duration,
00:00
how long it's going to take to actually produce,
00:00
and obviously the key deliverables of the project.
00:00
What E is going to be produced over
00:00
the time and the budget that's being allocated.
00:00
In organizations, you'll often see terms such
00:00
as portfolio management or program management.
00:00
Project portfolio is all the projects being
00:00
carried out in an organization
00:00
at any given point in time.
00:00
That is a helicopter view of
00:00
an organization's project functions which
00:00
could be very keyed into
00:00
strategic goals and objectives of the business.
00:00
It really is how
00:00
the business is going to function today and the future.
00:00
We have programs.
00:00
Groups have projects that are linked
00:00
closely through common strategies.
00:00
There might be a number of
00:00
different application upgrades which all
00:00
have a common requirement across that organization.
00:00
For large organizations, you'll often find
00:00
a project management office or a PMO.
00:00
The project management office owns
00:00
the project management and program management process.
00:00
In other words, they'll be in charge of running,
00:00
the execution of old projects within an organization,
00:00
and also the processes and
00:00
the procedures that govern them.
00:00
This will be an all permanent organizational structure,
00:00
so you'll often have a project
00:00
management office made up of
00:00
dedicated personnel who do
00:00
nothing but project management.
00:00
They'll often basically maintain
00:00
a project portfolio database to
00:00
keep track of a large number of
00:00
projects that may be in their portfolio,
00:00
and they are responsible for the benefits realization.
00:00
That's a key test of any project,
00:00
is determining if the benefits of
00:00
the project can be realized by the organization.
00:00
Kicking off a project or
00:00
project initiation is very simple generally.
00:00
It's usually one-on-one meetings,
00:00
so all stakeholders can get into a room to
00:00
determine the scope and the outcomes of the project.
00:00
A number of kickoff meetings involving stakeholders or
00:00
end-users potentially will often
00:00
guide the commencement of the project.
00:00
Then there might be a number of workshops that will
00:00
certainly define the actual activities
00:00
that are going on within a project,
00:00
or a combination of all three.
00:00
Project objectives. These need to be
00:00
specific statements that support the project goals.
00:00
You may have heard the acronym SMART previously,
00:00
so any project objectives need to be very specific.
00:00
They need to be able to be measured.
00:00
They also need to be attainable and realistic and timely.
00:00
Looking at any objectives in a project,
00:00
particularly from an audit perspective,
00:00
you need to apply the SMART measure
00:00
against anything that you are reviewing.
00:00
Planning structures, there's a few options here,
00:00
depending upon the nature and the size of the project.
00:00
They can be broken down into a number of areas,
00:00
so either by objectives.
00:00
Each project is managed based upon
00:00
the objectives that their outcomes are going to be.
00:00
A work breakdown structure,
00:00
so these are the actual specific tasks that need to be
00:00
completed by the resources within the project,
00:00
or even work packages which basically roll up a lot of
00:00
the work breakdown structure items
00:00
or the objective breakdown structure items.
00:00
A couple of key points on planning structure.
00:00
The work breakdown structures or
00:00
any of the breakdown structure are
00:00
hierarchical and go down into
00:00
further level of detail and granularity,
00:00
the further down you go.
00:00
You also need to look at basically the work duration,
00:00
the costs of each of
00:00
the tasks within each of the structures,
00:00
clearly defined and part of that.
00:00
You'll often see that represented in a Gantt chart
00:00
in programs like Microsoft Project, for example.
00:00
Work packages should also be
00:00
relatively defined to be relatively short,
00:00
so it shouldn't really exceed 10 days duration,
00:00
and work packages should be unique and should not be
00:00
duplicated across the work breakdown structure.
00:00
Depending upon the nature of the project,
00:00
these are tools which you are able to use to
00:00
describe and further define
00:00
the complexities of your project.
00:00
That's it for our lesson in project management.
00:00
We've basically covered a little bit
00:00
what project management is,
00:00
a few of the practices,
00:00
some of the lifecycle and structures,
00:00
the roles and responsibilities involved within
00:00
projects and the stakeholders,
00:00
the techniques involved in project management,
00:00
the portfolio program management practices,
00:00
the project management office,
00:00
and something on the planning structures as well.
00:00
We hope you enjoyed
00:00
this lesson and I'll see you at the next one.
Up Next
