is 483 information systems management james nowotarski 15 may 2003
TRANSCRIPT
IS 483Information Systems Management
James Nowotarski
15 May 2003
• Recap training and help desk• Understand risk management• Understand procurement process (RFP)
Today’s Objectives
Topic Duration
• Recap last week 20 minutes
• Assignment 2 reports 20 minutes
• Quiz - Training & Help Desk 30 minutes
• *** Break 15 minutes
• Risk management 60 minutes
• Procurement process 50 minutes
Today’s agenda
Topic Duration
• Recap last week 20 minutes
• Assignment 2 reports 20 minutes
• Quiz - Training & Help Desk 30 minutes
• *** Break 15 minutes
• Risk management 60 minutes
• Procurement process 50 minutes
Today’s agenda
User training and total cost of ownership
time
callvolume
callcomplexity
User training and total cost of ownership
Increasesuser productivity/effectiveness
Increasestotal costof ownership
Decreasestotal costof ownership
Decreasesuser productivity/effectiveness
• Process-related, rather than application-specific training
• Additional software functionality (new or existing software)
• Providing FAQ’s from the help desk
• Training new users
• Retraining existing users on functionality they have forgotten
• Not providing any training• Providing training at the
wrong time• Providing ineffective training• Replacing software with
same level of functionality • Providing functionality not
required by user
Source: Gartner
Help Desk
Planning• Collect trend information and evaluates trends• Gather planning information to avert problems and
promote the use and further development of network capabilities
Development• Provide development assistance to end users on business
controls, recovery management techniques, etc.• Evaluate new applications for inclusion on distributed
networkDeployment• Provide/Coordinate user training on hardware, software,
proceduresSupport• Provide first tier of support for problem resolution• Compile and maintain online knowledge base
Responsibilities
Tiers of Support
Tier 1
Tier 2
Tier 3
Role
Help Desk
Product Specialists
Product Developers
Help Desk
• Competent help desk representatives– technically competent, current– attitude (calm, patient, thick skin, empathetic, respectful)
• Variety of help vehicles, e.g.,– FAQ/knowledge base– online chat/discussion groups– super users
• Regular communication during problem resolution– report status– be available – practice effective listening skills
• Follow-Up afterward– survey/feedback– ensure customer satisfaction
• Measure and assess (SLA)• Train users to eliminate need for support in the first place
Strategies used by successful Help Desks to obtain user satisfaction
Help Desk
• Performance goals are set for– all help desk agents– all support resources (e.g., vendors, tier 2, etc.)
• Sample list of performance goals:– % of calls resolved on the first call– % of calls where user hung up before talking to agent– % of calls resolved at each tier– Mean Time to Repair (MTTR) for all trouble tickets– Number of tickets for each severity level– MTTR for each severity level– Number of tickets for each tier– MTTR for each tier– MTTR for specific hardware or applications– Number of problems resolved proactively before a telephone
call made
Help Desk Service Level Agreements (SLAs)
Help Desk
• Limits the amount of knowledge needed by help desk agent
• Ensures users have same level/version of products, reduces complexity of multiple version support
• Limits number of vendors and suppliers to be dealt with, enables more standardized interactions with these firms
Product standards enable higher quality help desk service
Help Desk
1. Coordination of support across tiers utilizing single point of contact and ownership transfer concepts
2. Ability to integrate and automate service, problem, change and asset management processes
3. Provision of quality and easy-to-use knowledge-based authoring tools
4. Capacity to offer tight integration of these elements:• legacy tools• telephony• Web chat• VoIP (voice over Internet protocol)• self-support• software distribution• remote control• network and system management (NSM)
Consolidated Service Desk (CSD) Scope of Functions
Help Desk
Provider Perspective• Lowers people costs associated with service• Offers complete picture of all application and
system costs• Reigns in support “chaos” that resulted from
multiple help desks
User Perspective• Higher quality support and service• More seamless interaction with help desk/IT• Anywhere, anytime support• Users can be more self-reliant
Benefits of Consolidated Service Desk (CSD)
Topic Duration
• Recap last week 20 minutes
• Assignment 2 reports 20 minutes
• Quiz - Training & Help Desk 30 minutes
• *** Break 15 minutes
• Risk management 60 minutes
• Procurement process 50 minutes
Today’s agenda
Topic Duration
• Recap last week 20 minutes
• Assignment 2 reports 20 minutes
• Quiz - Training & Help Desk 30 minutes
• *** Break 15 minutes
• Risk management 60 minutes
• Procurement process 50 minutes
Today’s agenda
Topic Duration
• Recap last week 20 minutes
• Assignment 2 reports 20 minutes
• Quiz - Training & Help Desk 30 minutes
• *** Break 15 minutes
• Risk management 60 minutes
• Procurement process 50 minutes
Today’s agenda
IT Objectives
IT Objectives
• IT is aligned with the business, enables the business, and maximizes benefits
• IT resources are used responsibly
• IT related risks are managed appropriately
• economic
• technical
• organizational
• legal
• terrorism
Source: Control Objectives for IT (CobiT)
IT Risk Management
• Economic
• Technical
• Organizational
• Legal
• Terrorism
Major Categories of Risk
Risks that can potentially affect the business• business environment changes• financial performance
IT Risk Management
• Economic
• Technical
• Organizational
• Legal
• Terrorism
Major Categories of Risk
Risks that can affect the development, implementation, and operation of a system• integrating technology with legacy• applying unproven technology• conversion may uncover “dirty” data• management inexperienced with projects of this size
IT Risk Management
• Economic
• Technical
• Organizational
• Legal
• Terrorism
Major Categories of Risk
Risks that can potentially result from lack of acceptance of a system• low morale• decline in effectiveness/efficiency
IT Risk Management
• Economic
• Technical
• Organizational
• Legal
• Terrorism
Major Categories of Risk
Risks arising from potential lawsuits and liabilities associated with implementation of a project• shareholder lawsuits• data privacy• Foreign Corrupt Practices Act (FCPA)
IT Risk Management
• Economic
• Technical
• Organizational
• Legal
• Terrorism
Major Categories of Risk
Risks arising from intentional destruction or malevolent modification of:• physical equipment• data• software• network
IT Risk Management
The process in which potential risks to a business
are identified, analyzed and mitigated,
along with
the process of balancing the cost of protecting the
company against a risk vs. the cost of exposure to
that risk.
Risk Management
Importance of risk management
• Dependence on electronic information and IT systems is essential to support critical business processes. Successful businesses need to better manage the complex technology that is pervasive throughout their organizations in order to respond quickly and safely to business needs. . .
. . . In addition, the regulatory environment is mandating stricter control over information. This, in turn, is driven by increasing disclosures of information system disasters and increasing electronic fraud. The management of IT-related risks is now being understood as a key part of enterprise governance.
Source: IT Governance Institute
Importance of risk management
• One in three senior executives does not have any IT risk management process in place; only half of those who do are confident the processes are strong enough.
• Two out of three executives say their companies do not understand IT-related risks well enough.
Importance of risk management
• Management needs it to benchmark the existing and planned IT environment
• Users need it so they can be assured that adequate security and control exists
• Auditors are increasingly being called on by management to proactively consult and advise on IT security and control-related matters; without a framework, this is exceedingly difficult
Need for a risk management framework
Risk Frameworks
RISK MANAGEMENT MODEL
Identify Analyze Mitigate
Cost of protection Cost of exposure
$$ $$
Measure
Risk Frameworks
Fidelity’s Risk Cube
Risk Frameworks
Identify Analyze Mitigate Measure
Risk Awareness Risk ManagementRiskMeasurement
---------- Fidelity Risk Cube ----------
Risk Frameworks
RISK Cube - Key Questions
• R is for Return– Are we achieving an appropriate return for the risks we
take?
• I is for Immunization– Do we have controls and limits in place to limit
downside risk?
• S is for Systems– Do we have systems in place to measure and report
risk?
• K is for Knowledge– Do we have the right people, skills, culture, and
incentives for effective risk management?
Risk Management Approaches
Risk Management Approaches
• Interdisciplinary Approach
• Portfolio Approach
• Options Thinking
• Chaos Theory
Risk Management Approaches
• Interdisciplinary Approach– Applies an integrated assessment of the risks from
various groups in a company to determine and assess all dimensions of risks
– This approach is critically important when analyzing cross-functional risks because of the number of different stakeholders involved (e.g., when implementing an ERP system)
• Portfolio Approach– Treat IT resources such as hardware, software,
services and personnel as collection of investments– Creates mix of low-risk, low-payoff initiatives along
with high-risk, high-payoff ones
Risk Management Approaches
• Options Thinking– Similar to Portfolio Approach– Creates financial options approach to create a guide for
managing IT investmentso Allows the business unit to change deals to avoid
losses in bad outcomes and enhance gains in good outcomes
– Create risk profile using decision “tree” extending 5 years into future
– Group ends up with many possible outcomes along with probability of each outcome
– At end of each project stage, stakeholders re-evaluate the risks and benefits of continuing or ending the project
Risk Management Approaches
• Chaos Theory– Utilizes the approach of assuming that over time very
small, almost unnoticeable differences can start a chain reaction that will eventually generate big changes
– Projects planned with cutting edge technology should focus on near-term big returns on the investment
– Focus less on ROI (return on investment) and more on what business impact the project will have
Risk vs. Technology Maturity
Impact of Technology Maturity
Risk Early Adopter Mid Adopter Late Adopter
hands-on implementation experience little exper / high riskmore exper / mid risk
much exper / low risk
vendor survival for project after shake-out high risk mid risk low risk
sudden changes in direction of technology high risk mid risk low riskintegrating technology with existing portfolio
high risk mid risk low risk
Benefits
Period for Start of Payoff Short term Mid term Long term
Size of Returns per period Biggest Bigger Big
Risk Management at Project Level
Steps Taken by Prudent Managers
• List the risks that could occur and when they could occur
• Determine what detection method can alert IS that risk occurred
• Establish detection method
• Estimate each risk’s probability of occurring
• Formulate plans that can mitigate each risk
• Establish teams that will monitor and mitigate the risk
Risk Assessment Example
RISK CATEGORY DESCRIPTION PROBABILITY IMPACTIMPACT DESCRIPTION
CONTINGENCY PLAN
Schedule May not hit scheduled conversion date
M H Unless everything falls into place, may not hit 7/1 conversion go live date
Cut scope to increase likelihood of hitting date;
If date not hit, continue running old system
Group Problem
Describe two types of risks giving an example of each that an IS manager should consider when evaluating the options on replacing a legacy system that will no longer correctly process transactions when a new law goes into effect in six months.
Topic Duration
• Recap last week 20 minutes
• Assignment 2 reports 20 minutes
• Quiz - Training & Help Desk 30 minutes
• *** Break 15 minutes
• Risk management 60 minutes
• Procurement process 50 minutes
Today’s agenda
Procurement - Process
RFP Process
1. Pre-RFP
2. RFP
3. Proposal Submissions
4. Proposal Evaluations
5. Vendor Selection
6. ProcurementMethod
7. ROI Analysis
8. NegotiateContract
Objective: Identify best solution to meet stated business need while minimizing cost and risk
1. Pre-RFP
• Also known as Requirements Definition
• Preliminary analysis for management (not given to vendor)
• Serves as basis for Request for Proposal (RFP) and evaluation criteria
• May be a simple presentation (small firm) or a formal report
• Most important step in the system procurement process
1. Pre-RFP
Steps in the Pre-RFP
• Problem is noticed
• High-level requirements are identified
• Preliminary alternatives proposed
• Request for Information (RFI) issued
– Vendors are called/consultants consulted/research conducted
– Breadth of alternatives is identified
– Vendors identified to participate in future stages
• Ideally, 3-6 vendors found for each alternative
• Collect information from each vendor for the Pre-RFP report to management
1. Pre-RFP
Sections of the Pre-RFP Report
• Problem statement
– Current state
– Gaps
– Risks
• Alternative solutions
• Ratings (of each alternative)
• Range of costs and benefits
• Recommended alternative and rationale
2. RFP
• Blueprint for system functionality
• Confirms in detail the exact requirements stated in both business and technical terms
• Limited distribution (e.g., 3-5 vendors)
– Protect confidentiality
– Keep selection process manageable
2. RFP
• Business need/Functional requirements
• Statement of Work to be done
– Software characteristics
– Implementation plan
– Training strategy
– Maintenance and support
– Cost budget
• Procedural details
– Form and structure of proposal
– Schedule (meetings, demos, selection)
– Key contacts
• Selection criteria
Contents of an RFP (see also Assign. 3)
2. RFP
• Multiple solutions available that will fit the need
• Multiple vendors can provide the same solution
• Products for the project cannot be clearly specified
• Project requires vendors to combine and subcontract products and services
• Lowest price is not the determining criterion for award
• Final pricing is negotiated with the vendor
• Corporate policy requires it
When should an RFP be used?
2. RFP
• RFP team develops better understanding of the project from both a technical and business perspective
• Compels vendors to create competitive solutions
• Does not favor one vendor over another (in theory)
• “Everybody singing from same hymn book”
– vendors working from same set of rules and requirements
• Facilitates evaluation of competitive solutions
– provides a foundation on which to base a more rigorous evaluation of a vendor
Advantages of Using an RFP
2. RFP
• Should the purchaser include info on budget? on number of RFP’s issued?
• It is recommended that the purchaser provide indicative figures in both instances
• Maximum of five qualified vendors should be invited to submit a proposal
• Presentations/demos only for those making the short list
• Give vendors $$$ to encourage higher-quality submissions
Additional points from Assignment 2 papers, past quarters
3. Proposal Submissions
• Forums to answer vendor questions (written, oral)
– Vendor conferences before proposal submission
• Response content and format
• Sometimes requires "proof" statements, such as "This feature was implemented 12 months ago and is currently installed at 10 sites. Names and addresses are provided in the reference section."
4. Proposal Evaluations
• Business and Technical Solutions
– Rating scale: (0=unresponsive, . . ., 5=exceptional)
• Vendor qualifications (site visits, reference checks)
• Preliminary cost, value, and risk analysis
• Cost proposal may be a separate document from technical proposal
• Vendor demo
• Personnel assignment
• May be a two-stage process, with only a “short list” of 2-3 vendors doing demos and making “best and final” offers
• Question: Who are the key stakeholders in this process?
4. Proposal Evaluations
• Ability and track record of vendor to meet schedule and budget commitments?
• Satisfaction levels of vendor’s current customers, particularly long-term customers?
• Vendor’s project management capabilities, including estimation, project planning, project tracking, and project control?
• Vendor’s ability to protect your confidential information?
• Vendor’s track record for providing support?
• Any litigation pending against vendor?
• Is the vendor financially stable?
In selecting a vendor, there are major management and technical considerations
Management considerations
4. Proposal Evaluations
• Ability and track record of vendor to meet technical challenges of project?
• Evaluation of vendor’s development capability (both work products and development processes)?
• Level of vendor’s expertise in your industry (e.g., Financial Services)? In this application area (e.g., CRM)?
• Level of vendor’s expertise with the development and execution environments for the system?
• Quality of vendor’s past work? Are metrics available?
In selecting a vendor, there are major management and technical considerations (cont.)
Technical considerations
End of slides