eBusiness Projects Risk - PowerPoint PPT Presentation

1 / 53
About This Presentation
Title:

eBusiness Projects Risk

Description:

CISA, CIA, MHKCS, CCP, CSP, CDP, CFE, CFSA, FFA. COO - Focus Strategic Group Inc. 2 ... Offers consulting and training services: Internal Audit and IT Audit ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 54
Provided by: fran108
Category:

less

Transcript and Presenter's Notes

Title: eBusiness Projects Risk


1
e-Business Projects Risk Management
Mr. Frank Yam CISA, CIA, MHKCS, CCP, CSP, CDP,
CFE, CFSA, FFA COO - Focus Strategic Group Inc
2
FOCUS Group
  • Founded in 1997
  • Offers consulting and training services
  • Internal Audit and IT Audit
  • IT Management and Strategic Planning
  • Information Security
  • Business Continuity Planning
  • Greater China Advisory and Business Development

3
Mr. Frank Yam
  • Professional career started in 1984. Focusing on
    IT Audit, Internal Audit, and Management
    Consulting
  • ISACA
  • Past President Hong Kong Chapter
  • International Membership Board Member
  • Global Conference Program Committee Member
  • Governmental and Regulatory Agency Board Member
  • Chairperson - China Development Working Group
  • Expert Reviewer - CISA Exam Review Manual

4
Presentation Outline
  • Myths and Pitfalls
  • The e-Business Project Risk Model
  • Performance Management and Benchmarking
  • The Role of IS Auditors
  • Asking the Tough Questions

5
What is e-Business?
  • A means to provide services or material via
    electronic communication
  • Usually assumed to be based on Internet
    communication
  • Can also be based on
  • Electronic Data Interchange (EDI)
  • Touch tone telephone
  • Custom written client / server application

6
e-Business Project
  • Any business project that involves using
    e-Commerce and related technologies and processes
    to develop, expand or enhance its business
    activities.

7
Forces Driving the E-volution
Technology Improvements
Competition drives efficiency
Increased internal penetration
e
Internet savvy customers
Media coverage
Rich valuations
Paper money to digital cash
First mover advantage
8
Worldwide e-Business
Surge in Asia Pacific e-Commerce will result in
US1.6 trillion of revenues by 2004. Worldwide
online spending will reach US6.9 trillion in
2004. With Asia Pacific market accounting for
more than 20 of total sales.
9
Business is going to change more in the next ten
years than it has in the last fifty. Bill Gates
10
Only takes 3 minutes to find and order a book!
11
e-Business
  • e-Banking services
  • e-Shopping (E-books and E-music)
  • e-Food
  • e-Hotel
  • e-Ticket
  • e-Logistics
  • e-Gambling
  • e-Learning

12
e-Business
Benefits - Company Perspective
Lower Operational Costs - Rental, Wages, Stock
Improved Customer Services - 24/7,
Multi-languages, Multimedia
Improved Company Image - International,
Professional
More Potential Customers - Borderless
13
Barriers to e-Business
Security and Privacy are the major barriers to
online purchase.
14
Myths and Pitfalls
15
The MythsHow Do e-Business Projects Fail?
  • Very vague business objectives
  • Lack of real business model
  • Inadequate market research
  • Inflation of actual customer demand
  • Shortfall in fulfillment
  • Does not meet user requirement
  • Poor website design
  • Navigation or operating process not user-friendly

16
The Pitfalls (1 of 2)
  • The Project Teams PROMISES
  • Improve productivity and efficiency
  • Increase/maintain competitiveness
  • Reduce costs

17
The Pitfalls (2 of 2)
  • Finally,
  • Over budget
  • Project reschedule and re-reschedule ...
  • Project partial delivery or re-scoped
  • Not fulfilling user requirements

18
The PitfallsStatistics
  • Over 30 of projects are cancelled before
    completion
  • Over 50 of projects cost 100 or more than their
    original estimates
  • Only 16 of software projects are completed on
    time and within budget
  • In large companies, only 9 of projects are
    completed on time and within budget
  • The average time overrun on projects is 222

19
A Reality Check
  • Market conditions
  • Product complexity
  • Manufacturing flexibility
  • Fulfillment complexity
  • Marketing structure
  • Sales and channel structure
  • Terms and conditions flexibility
  • Economic conditions
  • Regulatory environment

Source Gartner
20
Key Success Factors
  • Funding / Resources
  • Focus
  • Speed to market
  • Customer confidence
  • Security

21
The e-Business Project Risk Model
22
The e-Business Project Risk Model
  • Content delivery risks
  • Technology risks
  • Organisational risks
  • Resource risks
  • Market risks
  • Project risks (e.g. scope creep)

23
The e-Business Project Risk Model
  • Depending on the objective, risk may vary
  • To have presence in cyberspace
  • To provide information only
  • To facilitate transactions with existing
    customers
  • To reach new markets and new customers
  • To create a brand new business model

24
Security Risk
  • System penetration (social engineering)
  • Authorisation violation (passwords)
  • Trojan horse
  • Communications monitoring (spoofing)
  • DoS
  • Repudiation

25
Risk Mitigation
  • Build risk into your plan, schedule and budget
  • Test, test, test
  • Communicate early and often
  • Anticipate the best, but plan for the worst

A Project Manager is a Crisis Manager. B.
Thomas
26
Murphys Law
If anything can happen, it will, and at the
worst possible time.
Failure to manage e-Business project risks can be
disastrous to an organisation.
27
Self Assessment Checklist
  • Alignment with Strategic Plan/e-Business Vision
  • Impact on Customers
  • Risk Assessment
  • Feasibility Studies / Cost Benefit Analysis
  • Right Resources for the right job

28
Special Attributes
  • More modular and component driven
  • Rely less on traditional SDM, and more on
    iterative prototyping methods
  • Wider range of partners/suppliers (project
    co-ordination risk)
  • Special skills (both business and technology) and
    competencies expected
  • Greater diversity in the range of user groups

29
Special Challenges
  • Dealing with multiple stakeholder groups
  • Understanding of stakeholder requirements
  • Meeting / managing stakeholder expectations of
    systems functionality and availability
  • Finding project managers with appropriate skill
    sets
  • Managing a wider range of external parties

30
The Balancing Act
31
Key Issues to Address
  • Strategy
  • Security
  • Delivery and Operations
  • Systems and Technology
  • Performance Management
  • Processes
  • Organizations and Competencies
  • Legal
  • Tax

32
How do you manage change?
  • In spite of our amazing advances, the work of an
    organisation is accomplished by PEOPLE
  • It is peope who
  • Interface with the customer
  • Make the product
  • Deliver the service
  • Plan and co-ordinate how work gets done
  • Improve processes and systems
  • Ensure quality and return a profit

33
Performance Management and Benchmarking
34
Performance Management
  • The board should measure performance by
  • Defining and monitoring measures together with
    management to verify that objectives are achieved
    and to measure performance to eliminate surprises
  • Leveraging a system of balanced business
    scorecards maintained by management that form the
    basis for executive management compensation

35
Performance Management
  • High performance organisations
  • Focus on alignment of philosophy and goals
  • Create a climate of trust among all stakeholders
  • Acquire individuals who can collaborate and work
    together effectively

36
Performance Management
  • Performance measures
  • Cost
  • Schedule
  • Performance objectives
  • User requirements
  • Defined performance metrics (threshold and
    objectives)
  • KPI

37
Benchmarking
ISACA Example
38
Benchmarking
ISACA Example
  • Most senior officer in ISACAs database, from 800
    Fortune500 and significant government entities
  • 146 responses for 205 entities 17.5

39
The Role of IS Auditors
40
How can IS Auditors add value?
  • Involvement
  • Directly in Project Management Team and/or
  • Indirectly in Project Steering Committee
  • Analysis
  • Cost
  • Return
  • Potential financial implications
  • Contract terms (i.e. SLA)

41
How can IS Auditors add value?
  • Security and risk management
  • Setting security objectives
  • Identifying threats
  • Providing advice on feasible solutions
  • Developing incident response capability BCP

42
How can IS Auditors add value?
  • Monitoring
  • User Requirements
  • Security and Controls
  • Testings
  • Documentation

43
How can IS Auditors add value?
  • Proactively looking ahead
  • New Business Drivers
  • Mobile Commerce risks and opportunities
  • Impact of Natural Language Technologies

44
Asking the Tough Questions
45
Asking the Tough Questions
  • Is the e-Business strategy aligned with
    enterprise strategy?
  • Does e-Business delivers against the strategy
    through clear expectations and measurement?
  • Is the e-Business strategy to balance investments
    between supporting and growing the enterprise?
  • Are formal project planning techniques used?
  • Is the project scope clearly defined and approved?

46
A sample control framework
  • Security
  • Confidentiality
  • Integrity
  • Availability
  • Accountability
  • Legal
  • Contractual risk
  • Jurisdictional risk
  • Privacy enforcement
  • Reliance on third parties Escrow and Auditing
  • IP rights

47
A sample control framework
  • Development Process
  • Policies and standards
  • Application design
  • Testing
  • System performance
  • Change management
  • Capacity planning and management
  • Openness and flexibility
  • Data conversion
  • Implementation / Rollout

48
A sample control framework
  • Application Integrity
  • Validation of critical data
  • Application audit trails
  • Exception and monitoring reporting
  • Confirmation
  • Data transmission and reception
  • Backup and recovery

49
A sample control framework
  • Internet Technology
  • Plug-ins, programs, and components
  • Browsers
  • ISPs
  • Cookies and push technology
  • Publishing
  • Content
  • Production process

Source Morgan Stanley
50
Final Thought
  • Think, Think, Think

51
Frank Yam
  • Chief Operating Officer
  • Focus Strategic Group Inc
  • Tel 852-81012892, Fax 852-25754853
  • Email frankyam_at_yahoo.com
  • CISA Certified Information Systems Auditor
  • CIA Certified Internal Auditor
  • CFE Certified Fraud Examiner
  • CSP Certified Systems Professional
  • CCP Certified Computing Professional
  • CDP Certified Data Processor
  • CFSA Certified Financial Services Auditor
  • FFA Fellow of the Institute of Financial
    Accountants
  • MHKCS Full Member of the Hong Kong Computer
    Society

Progress through sharing and active participation
52
THANK YOU !!!
Questions and Discussion
53
I will be back
Write a Comment
User Comments (0)
About PowerShow.com