Presentation is loading. Please wait.

Presentation is loading. Please wait.

Know Before They Code Conducting Critical IT Risk Assessments.

Published byBartholomew Lee Modified over 9 years ago

Similar presentations

Presentation on theme: "Know Before They Code Conducting Critical IT Risk Assessments."— Presentation transcript:

1 Know Before They Code Conducting Critical IT Risk Assessments

2 © Solitaire Interglobal Ltd. Kat Lind Ms. K.R.E. Lind (Kat) is the Chief Systems Engineer at Solitaire Interglobal, Inc. (SIL). She has more than 45 years of experience in risk, analysis, general analytics and the management, design and implementation of large scale, high performance database systems. Kat is a frequent guest speaker at conferences and symposiums, spanning technical and user perspectives. She teaches a full curriculum relating to the design, implementation and tuning of database deployments at a graduate level. Ms. Lind’s expertise has been acknowledged by published interviews in nationwide and international magazines, typified by a recent interview for IBM Systems Journal. Published extensively, Ms. Lind has authored articles, books on technical subjects and papers covering a wide range of topics. Ms. Lind has been instrumental in developing SIL’s predictive performance modeling (PPM) which uses applied chaos theory and catastrophe mathematics. Under her direction, SIL has widened the scope of PPM beyond IT to areas such as marketing, general analytics, operational forex and more. Her in-depth, broad experience spans many industries such as finance, manufacturing, health care, government, transportation, etc. Ms. Lind’s technical expertise is considerable, as it has grown and evolved for more than 45 years of working with analytics, business intelligence, risk and large masses of data. 2

3 © Solitaire Interglobal Ltd. Session Objectives Discuss the demonstrated patterns of pivotal decision points, scope control, information needs and process isolation for IT risk assessments. Illustrate each section with supporting analysis from other organizations’ successes and failures. 3

4 © Solitaire Interglobal Ltd. Expected Outcomes Understanding of the critical functionality and the controls that are present in an IT risk assessment Knowledge of task flow and dependencies in an IT risk assessment effort Insight needed to build a basic project plan for IT risk assessment 4

5 © Solitaire Interglobal Ltd. Risk and SIL SIL performed 300,000+ risk assessment models in 2014, of which 76% dealt directly with IT risk analysis. Risk assessment for IT goes beyond normal risk and exposure considerations. SIL’s methodology covers areas that have been shown to be critical to effective risk evaluation in the IT arena. 5

6 © Solitaire Interglobal Ltd. IT Risk – Definition and Scope Business disruption due to IT failures Component failure Budget or timeframe overrun Security incursions (subject unto itself) Social engineering integration Potential exposure to budget or timeframe Possible consequences Probability of an event 6

7 © Solitaire Interglobal Ltd. IT Risk – Why does anyone care? Lost revenue Increased cost Damage to reputation Loss of customers, clients and users Reduced productivity Erosion of stakeholder confidence Staff churn Reduction in market share Endangered organization viability 7

8 © Solitaire Interglobal Ltd. IT Project Landscape IT risk assessment is designed to mitigate risk Increasing exposure and risk translate to a need for greater scrutiny and planning Over 63% of IT projects fail to meet planned functional requirements Over 89% of IT projects fail to meet planned budget Over 92% of IT projects fail to meet original schedule 8

9 © Solitaire Interglobal Ltd. Critical Components Patterns of pivotal decision points Complexity Timing dependent Integration Volatility Scope control Information needs Process isolation Risk identification 9

10 © Solitaire Interglobal Ltd. Case Study #1 Arena: New application development Client: Government transportation department Background: Previous three projects failed, loss of over $15M CDN Risk profile: High due to complex environment, varying definitions of objectives, lack of success metrics and monitoring 10

11 © Solitaire Interglobal Ltd. Case Study #1 - Results Risk assessment: Identified 15 actionable steps to mitigate risk (areas of design, infrastructure, consultant management) Areas of focus: JAD held and resulted in joint buy-in and responsibility matrix Targeted CPCM – adjudicated RFP with bonding Oversight on development Results: Project ran 3 days over schedule and $15K under budget. Performed without violation of performance bond for three years 11

12 © Solitaire Interglobal Ltd. Case Study #2 Arena: Functionality expansion Client: Government healthcare agency Background: Regulation changes forced rapid modification to existing systems Risk profile: High due to aged system, deprecated tools, confusion on objectives, elasticity of budget and staffing 12

13 © Solitaire Interglobal Ltd. Case Study #2 - Results Risk assessment: Identified 28 actionable steps to mitigate risk (areas of code analysis, infrastructure, change management, testing) Areas of focus: Fourdham analysis performed to identify targeted code changes Targeted CPCM to better allocate resources Modeling oversight on development and testing Tracked success metrics Results: Code analysis took 8 weeks, but code remediation completed successfully in 3.2 weeks. Project completed in 5 weeks less than regulated timeframe. No additional infrastructure required. Organization was one of only 1.6% to meet deadline and did so with less than 23.5% of the budget required by any of the other organizaqtions. 13

14 © Solitaire Interglobal Ltd. Case Study #3 Arena: Additional user base Client: Financial services organization Background: Competition drove need for rapid function enhancement, while acquisition increased user base by 322% Risk profile: High due to multi-level complexity, cultural assimilation, lack of clear executive sponsorship, varying sources of budget and staffing 14

15 © Solitaire Interglobal Ltd. Case Study #3 - Results Risk assessment: Identified need for further analysis and scope definition Final risk assessment: 31 actionable steps to mitigate risk (areas of scope definition, project management, development control, staff supplementation, social engineering) Areas of focus: Further analysis and prioritization of enhancements and deployment Definition of executive sponsor and management structure Creation and execution of social engineering plan for messaging, training and collaboration among users and developers Deployment structured in agile phases Oversight on development, training and performance Results: Deployment varied from plan by less than 6% by phase. Budget variance was -4% to plan. User feedback was 91% positive after 4 month period. Final review from CEO was that it was the best deployment that he had seen in 37 years. 15

16 © Solitaire Interglobal Ltd. Risk Assessment Process Evaluate possible impact Determine risk profile (calibration useful) Decide if further investigation necessary Define scope and view Identify success metrics Create process flow diagrams for mitigation and management of risk Monitor metrics during development 16

17 © Solitaire Interglobal Ltd. Contacts Kat Lind Chief System Engineer Solitaire Interglobal Ltd. kat@sil-usa.com 17 Dianne Almand Relationship Manager Solitaire Interglobal Ltd. DianeA@sil-usa.com 770-367-5746

Download ppt "Know Before They Code Conducting Critical IT Risk Assessments."

Similar presentations

PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
Chapter 15: Packaged Software and Enterprise Resource Planning

Chapter 15: Packaged Software and Enterprise Resource Planning
Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”

Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”
Climate Change Adaptation A Framework for the City of Philadelphia Chastain C., Ferguson J., Gudernatch S., Kondracki E, Levy J., Tran L.

Climate Change Adaptation A Framework for the City of Philadelphia Chastain C., Ferguson J., Gudernatch S., Kondracki E, Levy J., Tran L.
Delivery Business Solutions April 29, 20131 Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
W5HH Principle As applied to Software Projects

W5HH Principle As applied to Software Projects
PPA 502 – Program Evaluation Lecture 10 – Maximizing the Use of Evaluation Results.

PPA 502 – Program Evaluation Lecture 10 – Maximizing the Use of Evaluation Results.
Iterative development and The Unified process

Iterative development and The Unified process
4. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Explain the elements of project management and the responsibilities of a.

4. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Explain the elements of project management and the responsibilities of a.
ECM Project Roles and Responsibilities

ECM Project Roles and Responsibilities
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.

McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.
IS&T Project Management: Project Management 101 June, 2006.

IS&T Project Management: Project Management 101 June, 2006.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
CHAPTER 19 Building Software.

CHAPTER 19 Building Software.
Don Cole Risk Assessment and Mitigation Project Management for ARA Engineers and Scientists.

Don Cole Risk Assessment and Mitigation Project Management for ARA Engineers and Scientists.
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
CORPORATE PROFILE

CORPORATE PROFILE
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?

Similar presentations

Ads by Google