Download   Report
  1. business and industrial
  2. business operations
  3. management
  4. project management

IA’s practical approach to driving success for strategic and transformational

DRAFT
www.pwc.com
IA’s practical approach to
driving success for
strategic and
transformational
initiatives
DRAFT
ISACA Geek Week 2014
DRAFT
Agenda
Module
A. Welcome and Introduction
B. Transformational Change
C. Strategic initiatives – the risks
D. Internal Audit’s role
E. Keys to successful transformation assurance
F. Recap & Questions
G. Contact details
PwC
2
Welcome and Team Introduction
DRAFT
Welcome & Team Introduction
Antwon Hardwick
•
•
•
•
•
PwC
Director- US East Region Project Assurance Leader
Located in Atlanta, GA
Project, Program and Portfolio assurance and management for transformational projects
13+ years consulting experience with clients in insurance, energy, software, IT services, construction,
and entertainment and media
Led on-going program management office (PMO) oversight activities for global multi-year $140M
ticketing platform transformation for Fortune 500 leading company. Performed a number of risk
management and assessment activities to include focused project risk assessments, deep dives, health
checks, and periodic status reporting to the client's Audit Committee and senior executives.
4
Transformational Change
DRAFT
Transformational change
Market trends
Accelerating investments in significant
projects to enable business transformation
initiatives.
IT spending has been cut over the last few
years resulting in a backlog of IT projects.
Multiple and uncoordinated assurance
requirements; IA, external audit, SOX,
Compliance, Risk Management.
Organizations are resource-constrained –
not adequately staffed to advance projects
and maintain existing operations.
Regulatory requirements are expanding,
adding to compliance efforts.
Complex dependencies across projects.
PwC
6
6
DRAFT
What are your experiences with project success rates?
Our 2012 survey indicates that 200 global companies were spending over $4.5B on
projects to deliver changes required to implement their strategy.
20% of ERP implementation
projects are not completed.
51% of ERP implementation
viewed as a failure
(Gartner)
(Robbins-Gioia Survey)
71% of ERP projects do not meet
the expectations of senior
management
84% of projects do not meet
all criteria for success
(Standish Group)
(CSC Index/AMA Survey)
2%: Companies that had 100%
of their projects on time, within
budget, to scope and delivering
the right business benefits.
(PwC Global Survey on State of
Project Management)
PwC
35%: Number of companies
where system projects
deliver expected business
benefits
(PwC Global Survey on State
of Project Management)
7
DRAFT
As a result…
Boards, Audit Committees, and other senior business
executives are increasingly recognizing the level of risk
posed by large programs and are seeking greater
transparency into strategic initiatives to understand if
projects will deliver the business outcomes…..
• Are we going to have a positive return on investment?
• Are our people engaged and the business ready to change?
• Is the solution the best we can deliver for the costs we can afford?
• Have we got the skills we need looking at the really important things
we need to do?
• Are we on-time, on-budget and on-scope?
• Are we getting the best out of our third parties?
• Is there appropriate governance to ensure project outcomes?
• Are we maintaining the integrity of our control environment?
…..there is increasing demand for project transparency
PwC
8
DRAFT
Reasons for program failures
Poor estimation
continues to be
the largest
contributor to
project failures.
Poor estimates,
lack of
sponsorship and
poorly defined
scope are 3
primary reasons
cited for project
underperformance
Source: PwC’s 3rd Global Survey on State of Project Management (2012)
PwC
9
The state of the Internal Audit profession 2012
92%
of CAEs
…consider project risk as
either important or very
important.
82%
of Executives
…think large program
risk is considered well
managed.
PwC
27%
of CAEs
37%
of Executives
10
Transformation change: Internal Audit challenges
01
02
03
04
05
PwC
Building a portfolio risk assessment process which
considers the current and emerging risks and evolves
with project delivery.
Enhancing existing project audit methodology to
consider current techniques and more dynamic
application.
Understanding and leveraging the ‘lines of defense’
appropriately.
Acquiring the right resources and skill sets to assemble
the team.
Identifying effective methods for communicating and
reporting risks timely.
11
Strategic initiatives – the risks
DRAFT
Key areas of project risk
Risks are not isolated to classic project management artifacts, but extend to a broader ‘risk universe’.
Technology
• Infrastructure
• System architecture
• Networking
• Security
• Availability
• Performance
• Disaster recovery
Governance
• Strategic Alignment
• Senior Management
Commitment
• Sponsorship / Champions
• Governance and Decision
making
• Synergy identification and
tracking
Data
• Data Structures
• Mapping
• Cleansing Effort
• Conversion and
validation
• Data governance
• Backup and recovery
• BI and reporting
strategy
Program Management
• Time schedules
• Budgets
• Resources/staffing
• Vendors
• Knowledge transfer
• Issue and Risk
management
• Scope management
Process and Solution
• Requirements
• Business processes
• System Development Life
Cycle
• Data
• Controls
• Bolt-ons
• Interfaces/integrations
PwC
$
$
$
$
*
*
Organization
• Business impacts
• Training
• Communication
• Organizational alignment
• Change management
• Compliance and controls
• Business continuity
13
DRAFT
Project risk – Inherent, Delivery, Delivered
Inherent
$
$
Delivery
Delivered
Strategy and Governance
No strategic roadmap for IT
spend
Project does not align with business No business owner for realizing
strategy
project benefits postimplementation
Program Management
Organization lacks a project
management methodology
Project reporting is inconsistent
and inaccurate
Organization
Organization has little
Business SMEs have limited
Organization resists adoption of
experience with large projects capacity for involvement in delivery the new solution
Solution and Process
No process maps or metrics
impairs ‘case for change’
Interim processes are ad-hoc and
labor intensive
Solution does not include robust
internal controls (SOX
compliance)
Data
Data is not ‘clean’
Data conversion is inaccurate
Backup and archiving not
included in solution
Technology
Inconsistent technology
platforms, and no vision for
rationalization
Insufficient environments to
support development, test, and
production
No support and maintenance
plan for new infrastructure
$
Lessons learned are not
captured
$
*
*
Note: There are high level examples only. In most cases, there will be many specific risks corresponding to each box above.
PwC
14
DRAFT
Who plays a part in managing program risk?
Large transformation projects typically have a number functions supporting risk and quality management.
Understanding the respective roles and levels of assurance provides a holistic view of current assurance levels
and helps identify the gaps that may need to be addressed.
Work stream monitoring
activities
Examples of Level 1 activities:
• Program risk function
• Program PMO
• Vendor PMO & QA
PMO monitoring and assurance activities
Examples of Level 2 activities:
• Operational risk teams
• Compliance teams
• Organizational or independent PMO
• Targeted QA activities (from within the organization
but independent of the project)
• Product vendor provided assurance
PwC
External vendor and internal
audit
Examples of Level 3 activities:
• Internal Audit reviews (part of the
annual plan)
• ‘Health checks’ and targeted
specialist ‘Deep Dive’ reviews
• External Audit reviews
15
Internal Audit’s role
DRAFT
In 2013, were stakeholders satisfied with IA’s role?
Source: Examining the issues – 2013 IA Global survey
PwC
17
DRAFT
How can IA add value to a project?
Stay ahead of the curve
Get involved early.
Build a ‘three lines of defense model’.
Develop an embedded assurance plan.
Operate the integrated assurance plan, making responsive changes
based on the shifting risks.
Use Subject Matter Specialists.
Agree how, when and to who you will report.
Focus on value.
PwC
18
DRAFT
How can IA add value to a project?
Develop forward looking view
1. Navigate the integration
risk landscape
2. Understand stakeholder
perspectives and provide
deeper insights
3. Cut through the clutter
Questions
How well aligned is internal audit’s
plan with the critical risks facing the
organization?
Does internal audit provide a point of
view to help the business improve its
responses to risk?
How effectively does internal audit
communicate with stakeholders?
How can IA effectively engage in Transformation initiatives
• Think and act strategically to focus
on key integration risks
Internal audit understands the
organization’s strategy, initiatives, and
related risks; project audit activities are
derived from a top-down risk
assessment and aligned with stakeholder
expectations.
• Leverage the second line of
defense Internal audit contributes to
and coordinates with organization and
program risk management efforts,
providing insight to the overall risk
management process and focusing audit
efforts appropriately.
PwC
• Understand the business Internal
audit is in a unique position to
objectively assess perspectives of various
integration stakeholders – leverage this
to foster the desire for internal audit
involvement in integration (and all
significant) business initiatives.
• Build trust through ongoing
dialogue Significant attention is given
to face-to-face communication with
stakeholders, including the audit
committee. In these meetings,
additional perspective is provided
around the management of critical risks.
• Leverage specialists Internal audit
uses specialists —both internal and
external—to support work in areas
where it does not have the breadth and
depth of expertise to effectively provide
a point of view.
• Simplify reporting, make it
consumable Internal audit reports
contain concise messages clearly linked
to underlying business risks.
• Deliver advice and best practices
Internal audit provides deep insights in
all of its activities, as well as proactively
offering advice on the design of future
processes.
• Connect the dots Internal audit
identifies common themes and trends
across the organization, enabling the
business to close gaps.
19
DRAFT
How can IA add value?
Controls are often overlooked
Go Live
UAT
Implement
Build
Design
Solution Blueprint
Cost of controls
high
Test Build
The design of internal controls (configurable, manual, and access/security) during business process
design, rather than identifying and correcting control weaknesses after the process and systems are
installed, provides the greatest value in terms of process, system, and data integrity, at the lowest cost.
Post imp.
Cost of controls
increases as
project progresses
Pre--implementation
Pre
During
development
low
start
PwC
Project life cycle
finish
20
DRAFT
Developing a Project Assurance Plan
Why is a Project Assurance Plan important?
• Helps to understand the roles and sources of assurance available to a project
• Help you to develop a risk-driven integrated assurance plan that is aligned to
the three lines of defence.
When should the Project Assurance plan be developed?
• Ideally this occurs from the beginning of the integration program, and makes
use of the program’s initial risk assessment activities. However, it can be
implemented at any point in the lifecycle.
Who should be involved in developing the Project Assurance
plan?
• Key project stakeholders (internal to the project team and business)
• Representatives from each line of defense (the PA plan is often a component
of an integrated risk or quality management plan)
PwC
21
DRAFT
Managing risk over the program lifecycle
Delivering Change
Assess
Design
Construct
Implement
Operate & Review
Is the ‘case for
change’ robust with
clear scope, business
outcomes and
ownership?
Will the organization
& technical design
deliver the benefits?
Is the solution being
built as designed and
robustly tested?
Is the business ready
to go with detailed go
live and support
plans in place?
Are the benefits being
delivered and what
could be improved?
• Project
governance
and mgt review
• Planning and
mobilization
• Business case
review
• High level target
operating model
• Organization
change strategy
• Deployment
strategy
• Business process
design
• Data and
reporting design
• Test and data
conversion
strategies
• Security &
controls
• People and Org
Design
• Dedicated vendor
management
• Solution testing
and remediation
• Training plans and
execution
• Data conversion
• Security and
control
configuration
• Business
continuity planning
• Benefits
management plan
• Support model
design
• Test and training
results
• Go-live process
• Data conversion
process
• Transition to
business as
usual (BAU)
planning
• Stakeholder
engagement
• Go-live readiness
assessment
• 30-90 day support
• Business adoption
• Benefits
realization
• Compliance and
controls
certification
*
*
Driving Change
Is the Change Management approach appropriate and delivering success?
Is the organization engaging key stakeholders (including existing vendors/partners) throughout the change?
Is the program being effectively governed against guiding principles and managed across all workstreams?
$
$
$
Is delivery of business benefits a key focus throughout the lifecycle?
$
PwC
22
Keys to successful transformation
assurance
DRAFT
Top 10 Keys to success
Key events that may contribute to a successful Project Audit:
1.
Stakeholder buy-in & tone at the top, understanding & acceptance of engagement
2. Staffing, proper technical skills, qualifications and capabilities allowing the team to quickly
establish credibility
3. Understanding project needs and expectations, as well as the level of comfort desired
4. Scoping appropriately, leveraging a risk based approach and delivering upon the agreed scope
5. Up-front communication regarding scope of review, extent of review, timing of review and level of
details to be provided in reporting
6. Execution and completion of work within defined budget and schedule
7. Change agility, being able to change with the project needs (adjust timeline, etc.) but avoiding
scope creep
8. Communication to all parties
9. Relevance, providing actionable useful and timely deliverables (reporting) – consider requirements
of the audience (i.e. Audit Committee, Sponsor, Project Manager, etc.)
10. Monitoring project progress between checkpoint reviews to minimize ramp-up time required at
each checkpoint
PwC
24
Recap and Closing
DRAFT
Recap & Questions
Get involved early.
Build a ‘three lines of defense model’.
Develop an embedded assurance plan.
Operate the integrated assurance plan, making responsive changes
based on the shifting risks.
Use Subject Matter Specialists.
Agree how, when and to who you will report.
Focus on value.
PwC
26
Contact Details
DRAFT
Thank you
Team contact information
Antwon Hardwick
(678) 419-8618
Team contact information
Kshipra Pitre
(678) 296-6066
© 2014 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the United States
member firm, and may sometimes refer to the PwC network. Each member firm is a separate
legal entity. Please see www.pwc.com/structure for further details.
ATLAS The much-needed guide to investment portfolio taxation

ATLAS The much-needed guide to investment portfolio taxation

* Managing risk in construction projects – PwC

* Managing risk in construction projects – PwC

PwC Alternative Fund Services Our services

PwC Alternative Fund Services Our services

Comparative Analysis of the Climate Survey Results

Comparative Analysis of the Climate Survey Results

How can an integrated operations and business planning framework increase

How can an integrated operations and business planning framework increase

Document 180333

Document 180333

How To Coach, Motivate & Incent To Sales Management Association Webcast

How To Coach, Motivate & Incent To Sales Management Association Webcast

Document 351873

Document 351873

Flash News CRD IV package: Binding LCR ratio postponed!

Flash News CRD IV package: Binding LCR ratio postponed!

Good news for US taxpayers with RRSPs or RRIFs Tax Insights

Good news for US taxpayers with RRSPs or RRIFs Tax Insights

abcdocz.com

© Copyright 2024