Project Management

In a cutthroat market, where the competition is constantly on the attack to break into your market share, implementing a project-based system can give your organisation the necessary tools to be more efficient and agile.

However, rapidly changing consumer demands, technologies and other factors make it ever more difficult to generate a strategic advantage from projects, let alone develop one. Also since a large organisation can easily end up having to manage multiple projects at the same time, the new management paradigm can appear too complex.

What your company really needs is the expertise that can guide you starting from conception and planning, down through procurement and execution in order to maximise whatever resources you have. Each move must be well thought out so that there are clear goals and objectives as well as methods to achieve them.

Programme Management

Are you running multiple projects pointing to an overall strategic direction? Then you’ll need more than just a “scaled-up” version of project management to make sure every component’s work effort is well coordinated to achieve your enterprise’s desired outcomes.

Through our expertise in programme management, we’ll work with your stakeholders, executives and clients to achieve the following:

  • Design a well-articulated management structure and clearly define decision-making roles & responsibilities – This will ensure decisions are made rapidly with zero to minimal overlapping issues and to promote a unified, well-synchronised advance towards the common objective.
  • Set objectives then make sure they are met by guiding your key personnel in coordinating activities across projects.
  • Design or utilise existing financial models such that they adhere to your enterprise’s financial policies.
  • Develop procedures for reporting expenditures specific to the programme.
  • Establish the programme infrastructure, including
    • The appropriate technical environment and tools (e.g. hardware, software, communication, and other IT-related items)
    • IT staff and administrators
  • Evaluate your enterprise’s current IT architecture to determine whether it will suffice to achieve your objectives. If it doesn’t, propose options you can take to meet what is required.
  • Plan out activities that should take place in different levels in the organisation.
  • Implement a periodic review of the programme progress as well as of interim results to ensure everything is aligned with the strategic outcome.

Programme and Project Reviews

Whether we’ve helped you set up your programme or you did it on your own, time will come when you’ll need to know whether everything is going as planned. If it appears like the entire programme is going smoothly, chances are, something’s going awfully wrong somewhere. Remember, even the most well-planned projects and programmes are still under the mercy of unforeseen variables.

We’ve got highly specialised reviews for either projects or an entire programme. We’ll be able to provide you answers to questions like:

  • Are all projects aligned with the programme’s intended direction?
  • Are the people working on your projects as focused with the business rationale as they have been with meeting deadlines and utilising resources?
  • Where are your risks and exposures? How can they be remedied?
  • Is the project viable at all?

We understand how your staff would want to function normally as quickly as possible. Rest assured, our programme and project reviews are conducted swiftly and efficiently so that both interruptions and oversights are brought to a minimum.

After we’re done, you can expect a detailed quantitative assessment of your programme and/or projects’ status.

Basically, we’re not here to find mistakes; we’re here to help you find ways to correct them. If a project rescue is required, we’ll be the first to lend a hand.

Project Rescue

Believe it or not, many of our clients approached us not before or during their project’s planning stages. But rather, after having gone through sloppy execution, when they end up losing control. In other words, we’re usually at the receiving end of the distress signal, after they’ve punched the panic button.

While obviously this isn’t the ideal time to seek the aid of any expert because it means you’ve incurred unnecessary losses already, all is not yet lost. If the appropriate remedial actions are taken in a timely manner, you can still achieve highly acceptable end results.

In fact, in most of our experiences with project rescue operations, we’ve been able to put projects back on track – just the way the planners wanted them to be. We’ll also help you devise airtight strategies to prevent your project from going astray again.

At the end of our project rescue,

  • You’ll regain complete control
  • Milestones will be reached as planned
  • Requirements will be accomplished, and
  • The project will be realigned with ideal business directions

Project Governance Processes

Constructing a firm underlying structure is essential in any organisation. So before we’ll institute project management, we’ll do the following first.

  • Set up a PMO or Project Management Office to ensure, among others, that
    • Utilisation of facilities, budgets, technical support and other resources will be well coordinated
    • Work products can be tracked and reviewed
    • Issues regarding methodology and processes will be given appropriate attention
    • Training can be organised
    • Project management discipline be instilled in the IT department
  • Establish a steering committee to oversee the implementation of IT and business strategies
  • Fill up slots for a project manager, IT executive and a business sponsor and define the roles of each
  • Infuse project management practices to all affected units of the enterprise

Establishing PMOs, steering committees and other management structures is the easy part. Many organisations spend so much in order to create the structures related to project management, only to find out later that the effort has been all for naught. That’s why we won’t end there. Our objectives will therefore include the following:

  • To plant and cultivate an environment appreciative of project governance i.e. one that does not project it as just a bunch of bureaucratic processes and protocols.
  • To establish an organisational culture that starts at the top.
  • To make everyone involved understand that the power of project governance still lies in the hands of those who will ultimately implement it.

A project-driven enterprise is never propelled by a single project. Since multiple projects require a more complex governing structure, you’ll need to understand the intricacies of programme management.

Check our similar posts

How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Computer Forensics

So you had a customer data security breach last weekend? Do you know you could be held liable in court for failing to implement required security procedures? That’s right. Due to the overwhelming surge in identity theft wherein nearly 20 million Americans have already been affected, most states have enacted laws to curtail this fast rising crime. Therefore, it is important to redefine how your company deals with customer data security.

  • First, you’ll want to know what your obligations are as dictated by law. Some places, for example, require the destruction or deletion of personal data through shredding, erasing, or by rendering them undecipherable.
  • Second, not only do you need to comply with the said requirements, you’ll also have to prove in court that you actually complied if ever a security breach does happen.
  • Third, you need to be aware of your post-breach duties to avoid being dealt additional penalties.

Obviously, such situations now call for individuals who are experts in both the legal and technical aspects regarding data security. Such individuals are practitioners of a relatively new discipline known as computer forensics.

Armed with our computer forensics specialists, we’ll be able to help you deal with the above concerns. As a result, you can be prevented from having to pay fines that can go up to hundreds of thousands of euros.

There are other equally important reasons why you would want to avail of computer forensics services. For example, you’ll need computer forensics specialists because you want to:

  • Catch a person involved in criminal activities such as child porn, stealing of personal data, and destroying intellectual property.
  • Investigate a computer, network, or even a mobile device for clues that may lead to the culprit.
  • Determine the extent and possible causes when you discover your digital data has been damaged.
  • Find and recover damaged, deleted or encrypted data regardless of whether the cause was intentional or not. If the data in question will be used as evidence in a legal action, there are certain procedures that need to be followed during recovery operations to retain the integrity of the data. Computer forensic specialists are highly qualified for such operations.
  • Implement security policies in your organisation. Such policies have to operate within legal bounds if you want to avoid possible sanctions in the future. These policies should also be designed such that future forensic operations can be conducted with a high likelihood of success.

That said, a company that integrates computer forensics into its IT security policies and practices will be better equipped to remedy the situation once data security has already been compromised than a company that doesn’t.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Is the GDPR Good or Bad News for Business

The European Union?s General Data Protection Act (GDPR) is a new data authority coming into force on 25 May 2018. It replaces the current Data Protection Directive 95/46/EC, while extending the remit to include the export of personal data outside the EU. It aims to give EU citizens and residents living there more control over their personal information. It also hopes to make regulatory compliance simpler for participating businesses.

The Broad Implications for Business
The GDPR puts another layer of accountability on businesses falling within its remit. It requires them to implement ?comprehensive but proportionate governance measures? including recording how they make decisions. The long-term goal is to reduce privacy infringements. In the short run, businesses without good governance may find themselves writing new policies and procedures.

Article 5 of the European Union?s General Data Protection Act lays down the following guidelines for managing personal data. This shall be ?
? Processed transparently, fairly, and lawfully
? Acquired for specific, legitimate purposes only
? Adequate, relevant and limited to essentials
? Not used for any other, incompatible purpose
? However it may be archived in the public interest
? Kept up to date with all inaccuracies corrected
? Ring-fenced when the information becomes irrelevant
? Adequately protected against unauthorised access
? Stored in a way that prevents accidental loss
Furthermore, affected businesses shall appoint a ?controller responsible for, and able to demonstrate, compliance with the principles.?

Implementing Accountability and Governance
The UK Information Commissioner?s Office has issued guidelines regarding provisions to assure governance and accountability. These are along the lines of the ?don’t tell me, show me? management approach the office has generally been following. In summary form, a business, and its controller must:
? Implement measures that assist it to ensure demonstrated compliance
? Maintain suitable, relevant records of personal data processing activities
? Appoint a dedicated data protection officer if scale makes this appropriate
? Implement technologies that ensure data protection by design
? Conduct data protection assessments and respond to results timeously

Implementing the General Data Protection Act in Ireland
The Irish Data Protection Commissioner has decided it is unnecessary to incorporate the GDPR into Irish law, since EU regulations have direct effect. The office of the Commissioner is working in tandem with data practitioners, and industry and professional bodies to raise awareness in business through 2017. It has produced a document detailing what it considers the essentials for business compliance. Briefly, these pre-requisites are:
? Ensure awareness among key personnel, and make sure they incorporate the GDPR into their planning
? Conduct an early assessment of quality management gaps, and budget for additional resources needed
? Do an audit of personal data held, to determine the origin, the necessity to hold it, and with whom shared
? Inform internal and external stakeholders of the current status, and your future plans to implement the GDPR
? Examine current procedures in the light of the new directive. Could you ?survive? a challenge from a data subject?
? Determine how you will process requests for access to the data in the future from within and outside your organization
? Assess how you currently obtain customer consent to store their data. Is this “freely given, specific, informed and unambiguous”?
? Find how you handle information from underage people. Do you have systems to verify ages and obtain guardian consent?
? Implement procedures to detect, investigate, and report data breaches to the Data Protection Commissioner within 72 hours
? Implement a culture of always assessing the effect on individual privacy before starting new initiatives

So Is the GDPR Good or Bad for Business
The GDPR should be good news for business customers. Their personal data will be more secure, and they should see their rate of spam marketing come down. The GDPR is also good news for businesses currently investing resources to protect their clients? interests. It could however, be bad news for businesses that have not been focussing on these matters. They may have a high mountain to climb to come in line with the GDPR.
Disclaimer: This article is for information only and not intended as a comprehensive guide.

Contact Us

  • (+353)(0)1-443-3807 (IRL)
  • (+44)(0)20-7193-9751 (UK)

Ready to work with Denizon?

Contact Us Today