Development and administration of information projects: instructional material

122  Descargar (0)

Texto completo

(1)Este documento forma parte de la producción editorial del Centro Interamericano de Estudios de Seguridad Social (CIESS), órgano de docencia, capacitación e investigación de la Conferencia Interamericana de Seguridad Social (CISS) Se permite su reproducción total o parcial, en copia digital o impresa; siempre y cuando se cite la fuente y se reconozca la autoría..


(3) Development and Administration of Information Projects At-a-Distance Course. Instructional materiaC. Inter-American Center for Social Security Studies. Education, training ancCresearch organ of the Inter-American Conference on Social - Security _Mexico City, September 2003..

(4) Index Page What does my didactic material consist of and how should I use it?. 5. 7. Module II. Information systems By Ismael Novella Perrusquia Topic 1. Organization and management of information systems. 9. Topic 2. Development, acquisition and maintenance of applications. 25. Topic 3 Administration of information systems projects. 43. Evaluation exercises and activities. 54. Module III. Organizational impact of information technology By Ricardo Loranca Gonzilez. 55. Topic 1. Reengineering in organizations. 59. Topic 2. Redesign of processes for their automatization. 85. Topic 3. The organizational development during change. 99. Topic 4. Outsourcing: one step towards virtual integration. 109. Evaluation exercises and activities. 121. Identification page for the remittance of evaluation activities. 123. At-a-distance Course Development and Administration of Information Projects.

(5) What does my didactic material consist of and how should I use it?. The didactic material consists of a didactic guide and the study material for each one of the Modules of the Course. Didactic guide The purpose of the didactic guide is to offer you a general orientation on the procedures for the development of the Course and recommendations as to how to obtain utmost benefits from the Course. It is important that you read the entire didactic guide before starting with the study material and even that you review it before initiating a new module. The didactic guide contains the following chapters: Outline of the Course: this chapter presents the basis, objectives and outcome profile, which will allow you to delimit the purposes of the Course and to have a point of reference that will permit you to evaluate if it meets your learning expectations. It also includes a scheme which indicates the order of the modules, so that you may carry out a follow up of the modules and distinguish the internal relationship of each one of the parts of the Course. Likewise, the key words and the evaluation exercises for each module are presented, as well as the characteristics of the final paper. Methodology: includes the communication media through which you can maintain contact with this Center and be aware of the responsibilities of your tutor. In the chapter What is expected of me as participant in an at-a-distance course? certain recommendations are included as to how to obtain utmost benefits from the Course. In the chapter What activities do I have to perform and how will my performance be evaluated? The deadlines are established for the delivery of each exercise. In the study material, at the end of each module, these activities are also described. Likewise, the procedure and the characteristics of the credits that the CIESS will grant for your successful completion of this Course are also described. "-•. Educational team: In this section the coordinators and tutors are introduced. Glossary: Offers a list of important terms for the study of the topics approached in the Course.. r.. At-a-distance Course Development and Administration of Information Projects.

(6) Study material This material is divided according to the three modules. It describes the topics selected taking into consideration the learning objectives presented in a sequential manner to permit a gradual and progressive assimilation. For the achievement of the learning objectives of each module it is important that the corresponding texts are read before working on the exercises and activities designated for the evaluation. After finalizing your evaluation activity, remember to send it in due time to the CIESS in accordance with the specified dates.. Inter-American Center for Social Security Studies.

(7) .ModuCe II. Information Systems. INTRODUCTION No doubt, the world's move towards digitalization involves also the essence itself of social security institutions, but at a different rhythm, slower than that of other sectors such as banking, commerce, industry and private services. This difference results fundamentally from the strong investments necessary to adopt advanced technology. In the competitive and global environment of our times, information systems, understood as entities formed by human elements, hardware and software, play a strategic institutional role; history tells us that up to a few years ago, information systems were in the hands of computation technicians and specialists. However, now that they have become solutions for the organization, all their levels must be involved in the planning, development and evaluation of information systems. The evolutional panorama of informatization in America's social security, has also shown, since fifteen years ago, a constant adoption on the part of institutions of technologies to automatize data processing, eliminate the enormous volumes of storage of documents and offer more efficient and better quality services. This has represented a transformation of the operating processes and an impact on the organizational culture. However, the application of the new technologies to improve quality in the rendering of services, is not per se a fact that will guarantee the success of plans. Among other factors, it is essential to count with an adequate administration of the information projects that will determine how to integrate hardware and resources, telecommunications, methodologies, information systems, users, storage and that will include, in a permanent manner, aspects of security, control, auditing and evaluation.. OBJECTIVE • Analyze the organization, administration, infrastructure and operations performed for the development and administration of systems.. At-a-distance Course Development and Administration of Information Projects.

(8) KEY WORDS Application Business area Control Effectiveness Efficiency Hardware Information systems. Operative system Planning Procedure Project Software Strategy. TOPICS 1. Organization and management of information systems 2. Development, acquisition and maintenance of applications 3 Administration of information systems projects Author of all the topics: Ismael Novella Perrusquia. EVALUATION EXERCISES AND ACTIVITIES Second activity (individual exercise) A) On the basis of the actual situation of your institution, prepare an essay no longer than ten pages on the following points: 1. Starting from an approach to systems ranging from the general to the specific, describe your institution as a service rendering entity and its principal functional areas; point out the areas in charge of information processing, describing their tasks and responsibilities. 2. Outline the practices and procedures of the systems development area (directorate or management), giving your opinion on its efficiency, effectiveness and on the controls it handles. 3. Explain the maintenance and change control requirements in the software of information systems. You may document this part with the information on the area, the review of documents, the interview, or the observation. 4. Describe an actual project for the development, acquisition or maintenance of information systems or information project, its phases and features. Propose an alternate model of development to enable the system to comply with the goals of the organization.. Inter-American Center for Social Security Studies.

(9) l'oyic 1. Organization and management of information systems By Ismael Novella Perrusquia. 43_. Summary Under this topic, different tools are provided to direct strategically the development of information systems, helping the organization to perform in an effective and efficient manner. Short, medium and long term plans for the development of information systems must be aligned with the plans of the organization. Within the c Tele of development of the information systems there is a group of administration practices; which are the best practices and what benefits they represent for an organization, are aspects that will be discussed in the contents of this first topic. A fundamental part of any information systems project development is that relative to the human resources that integrate the work team, which by its own nature is a multidisciplinary team; hence the importance of identifying and defining the activities of the information systems committee. On the other hand, the adequate organizational structure, the precision in the definition of jobs and the segregation of functions, are important aspects to reach the objectives established by the systems area. Policies and procedures are a complement of this part and play a central role, provided they are set forth in writing, updated and understood by all personnel.. At-a-distance Course Development and Administration of Information Projects.

(10) .,-. ,-.. ,--. ■ _,'. ,-,.

(11) Topic 1. Organization and management of information systems By Ismael Novella Perrusquia. 1. Strategic activities of systems management 1.1. STRATEGIC PLANNING. Strategic planning puts corporate and departmental objectives in motion and helps to achieve an effective and efficient organization. It must be oriented towards projects and assigned the priority required by the business. The systems department must have a long term plan (from three to five years) and a short term plan (one year); they both must be congruent with one and other and with the plans of the organization. For example, an organization with the objective of utilizing advanced technology, must typically have an innovating area of information systems (IS). In like manner, an organization self-defined as a supplier of low cost services, will have a low cost IS department.. Methodology for the Strategic Planning of Information Systems. I. Identify Current situation. II. Define inform. Technol. bjectives. III. Select strategies. IV. Develop Implement. plan.. A.Vision of the enterprise. D.Determine oppormnities in information systems. Fidentify implement. option. J. Develop implement. E.Define objective applications. G.Develop software strategies. B.Analyze environment outside the business C. Analyze present environ. in information Systems. master plan. H.Develop hardware strategies L Develop implement. strategies. = Formal point of approval. Methodology for the strategic planning of systems. 11. At-a-distance Course Development and Administration of Information Projects.

(12) 1.2 IS COMMITTEE High management must create a committee of IS users that will direct the systems activities. The members must be managers representing the principal areas of users, the director general and the director of IS must be part of this committee. Etablishing an IS committee is the ideal road to permit harmony between the mission and the corporate objectives, with the daily performance of the systems area. Ideally, the committee must include representatives of the principal areas of the organization. Its objective will be to review the requests towards systems (applications, infrastructure, support, etc.), assign priorities and follow up the implementation of the projects. In like manner, it is the responsibility of the committee to make sure the effective and efficient use of information resources, to establish priorities for attention, examine costs and support the development of new projects. The IS committee is also responsible for reviewing and approving all the requests for systems service, according to the objectives of the business. The decisions include defining criteria such as centralization vs decentralization, assignment of responsibilities, approval of agreements at a service level (SLA), the definition, review and approval of outsourcing.. THE SYSTEMS COMMITTEE. Functions of the Systems Committee —Support the integration of work teams —Make available resources for personnel training Make available resources for equipment and phys. facilities —Permit responsible personnel to solve technical problems. Functions of the systems committee. 2. Policies and procedures Both policies and procedures must be defined and written by Management to ensure uniformity. They must be clear and concise to permit their easy observance. It is advisable that an independent examination be made periodically to make 12 Inter-American Center for Social Security Studies. The committee must include representatives of theprincipal areas of the otgankation..

(13) sure that the policies and the procedures are understood and applied. The person making this examination must maintain an objective attitude without being influenced by those being examined. In making this type of examination, he must make sure that the execution is consistent with the standard.. 2.1 Written policies and procedures All policies and procedures must be presented in writing and updated with the last organizational changes. Management must create an atmosphere that will make it possible to establish controls, assuming responsibility for the development, documentation, promulgation and control of policies. Likewise, it will make sure that all employees have understood and apply the policies correctly.. XXX Mexico. Information Security Administrator. Policy XXXM will maintain a Safe Environment to Prevent the Accidental or Intentional Loss of Information of XXXM Safety policy of an enterprise <Name of the Company> Practices and Procedures: "Recovery of AS/400 Operation". Page 1 of 9 Preparation date Oc000 Review date Jan/01. Contents 1. OBJECTIVE. 2. 2. SCOPE. 2. 3. DEFINITION OF CONTINGENCY. 2. 4. CONDITIONS TO ACTIVATE THE PLAN. 3. 5. NORMAL OPERATION. 3. 6. CONTINGENCY SCENERIES. 4. 6.1 AS/400 failure. 4. 6.2 Failure in communications. 5. 6.3 Interruption of operation of Site ISSS. 7. 6.4 Interruption of operations of the offices of CA&C. 9. Example of the contents of a technical procedure 13 At-a-distance Course Development and Administration of Information Projects.

(14) 2.2. Human resources practices for systems. a) Hiring Must ensure that the most effective and efficient personnel was selected and hired. Must also ensure that legal and corporate requirements are being met. They include: • • • • •. Verification of antecedents. Confidentiality agreements. Bonding of employees (to protect against economic losses). Conflict of interests agreements. Non competition agreements.. Control risks may consist in that: • The personnel hired is not up to the requirements of the job. • References are not verified. • Risks derived from hiring temporary or external personnel.. b) Promotion Must be understood by all employees. Must be based on objective criteria, considering individual development, education, experience and responsibility.. c) Training Must be offered regularly to all employees. Mainly when there is new hardware or software. It is necessary that training cover all technical aspects, such as those relative to the control of projects and of administrative and managerial skills It is important to offer crossed training, because this makes it possible to decrease the dependency on one employee (this must be part of the succession planning) and provides back-up personnel in case of contingencies. However, having more personnel who know the operation of a system may involve certain risks.. d) Calendarization and time reports Calendarization helps to have an efficient operation and ensures the efficient use of computation resources. Time reports are useful to monitor this calendarization It is important that the information registered is correct.. 14 Inter-American Center for Social Security Studies.

(15) e) Performance evaluation These evaluations must be made periodically. They help to identify personnel for promotions and salary increases. It also helps to measure the satisfaction of employees.. I) Annual vacations It is necessary to make vacations mandatory for all employees. This causes that at least once a year someone else is performing each function. Another advantage is hat this reduces the opportunity to commit fraudulent or illegal acts because during this time fraudulent activities may be identified provided there is no collusion between the employees covering absences. The rotation of jobs also reduces the possibility of malicious acts.. g) Termination policies Must be set in writing and define specific steps. Likewise, they must provide adequate protection to the assets of the organization, access to computation equipment and to data. It is necessary, therefore, that they include: • • • • • • • •. Resignations and rescission of contract. Delivery of all the keys, access cards and identifications. Erasure of all identification login and passwords. Notification to the rest of the personnel. Settlement of final payment and removal from payroll. Termination interview. Delivery of all the properties of the organization. Escorted departure.. h) Employees manual This manual must be within reach of all employees and should explain: • • • • • • •. Safety policies and procedures. Expectations of the organization. Fringe benefits. Vacation policies. Rules for overtime. Hiring of external personnel. Evaluation of performance. 15 At-a-distance Course Development and Administration of Information Projects.

(16) • Emergency procedures. • Disciplinary actions relative to: - Absenteeism. - Confidentiality/safety - Number of compliances with agreements.. 2.3 Outsourcing Outsourcing is a contractual agreement between the organization and an external supplier to handle part of the information processing function, through payment of an agreed upon tariff and meeting an agreed upon level of service. The reasons to opt for outsourcing include: • • • •. Need to focus on critical activities. Pressure on profit margins. Need to increment competitiveness that demands cost saving. Flexibility with respect to organization and structure.. As discussed in more detail in Module Three, to develop outsourcing is not only a cost decision, it is a strategic decision that has control implications on the management of the area. Service quality, guaranties of continuity of the service, control procedures, competitive advantages and technical know-how must be taken into consideration. It is also important to watch compatibility with the supplier in terms of organizational culture and personnel. After having taken the decision to adopt outsourcing, this must be reflected in a contractual negotiation that will include service agreements; these agreements must be a control instrument. Likewise, management should handle actively the relationship with the organization providing the outsourcing. Contracts must include a description of media, methods, processes and structure with which the service will be offered, as well as the control of quality. In addition to the elements that, we repeat, are discussed in more detail in Module Three, it is important when hiring outsourcing, to take into account: Contractual protection: contract protecting the institution adequately. Audit rights: right to audit the operation of the supplier. Continuity of the operation: continued service in case of disaster. Confidentiality/integrity/availability of information on the part of the institution hiring the outsourcing. • Access control/administration/safety controlled by the supplier. • Reports and follow up of problems controlled by the supplier. • Controls on the net: controlled by the supplier. • • • •. 16 Inter-American Center for Social Security Studies. Contracts must include a description of media, methods, processes and structure with which the service will be offered, as well as the control of quality..

(17) 3. IS administration practices There exists a group of administration practices whose benefits result in higher efficiency and better control of the project. This topic presents eight of the best administration practices within the development cycle of the IS.. a) Budgets Permit the forecasting, monitoring and analysis of financial information, as well as having a better control of expenses, mainly in an area of the system where high technology expenses can be incurred.. b) Users satisfaction This is a measure that permits ensuring the effectiveness of the operation of the IS with its users. The users and the IS must hold service agreements to be audited periodically to ensure compliance with the terms agreed upon. To this effect, surveys of users are generally used.. c) Benchmarking/industry standards This makes it possible to determine the level of development of the systems area, by comparing against similar areas. These performance standards or statistics can be obtained from industry statistics, groups of users, suppliers, consultants, publications or professional associations.. d) Capacity and growth planning Capacity and growth planning is important in any operation and is especially important in an IS area, due to the costs normally handled. A computation center must be evaluated frequently to determine that its operation is carried out as efficiently as possible, thus ensuring that the operation will permit future growth.. e) Financial administration practices In system areas incurring in high costs, it is very important to make this expense more productive. There are different options in this respect. 17 At-a-distance Course Development and Administration of Information Projects.

(18) • Cost control: consists of dividing the systems area in several cost centers. • Profit center: considering cost centers as profit centers. • Users payment scheme: the budget of the IS is apportioned among the users, according to the use made of computation resources. It can improve the application and monitoring of the expenses of the IS, including employment of personnel, use of computation equipment and other relevant costs.. f) Goals review Efficiency is measured with respect to the aspects that can be improved, while the measuring of effectiveness implies the comparison between performance and defined goals. These goals can be established in operative, technical or economic terms. Once the goal has been defined, it is necessary to evaluate its progress individually and globally.. g) Logbooks for time of response They permit monitoring the operation daily with respect to the activities developed. They offer a description of the tasks developed and the time used to complete them.. h) Documents standards Documents must be available for the principal functions in the IS area. They generally include: • • • • •. Computation operations Systems software Maintenance and acquisition of Hardware and software Application software. • • • • •. Managerial reports Physical and logical safety Short term planning Time reports Human resources administration. 4. Organizational structure 4.10 rganization chart There are generally two main managerial structures in an IS area: operation and development; however, it is frequent to find a third structure involved in special projects. 18 Inter-American Center for Social Security Studies. The measuring of effectiveness implies the comparison between performance and defined goals..

(19) • Operation: it is mostly related to support the continuous operation of the technological infrastructure. • Development: operates in projects for the development of application and maintenance of those already existing. • Special projects: this area exists sometimes to operate in activities ordered to achieve a specific objective in a specific time. ORGANIZATIONAL STRUCTURE SYSTEMS DIRECTOR SPECIAL PROJECTS MANAGER. APPLICATIONS DEVELOPMENT AND MAINTENANCE MANAGER. INFRASTRUCTURE AND OPERATIONS MANAGER. Example of organizational structure. 4.2. Definition of positions. The organizational structure and descriptions of functions are different in each organization, depending on the nature of the business. However, it is important that key functions are adequately segregated. (see functions separation chart). The principal positions are:. a) Capturer At the present time, most of the capture of data is made by user's personnel in on line processes, where editing and validations are carried out in actual time. It is important that the supervision function be performed by a person different from whoever captured the information. All transactions with an error must be recaptured and go through the same screens and processes as the first time. The capturer must be forbidden access and updating of software and sensitive files. In case of a batch capture, it is generally the responsibility of the Data Control department (control desk) which performs the following tasks: • Receives source documents, safeguards its integrity and returns them after capturing. • Prepares document lots with necessary control figures and totals. • Calendarizes and runs capturing jobs. • Verifies, keeps a record and distributes exits.. 19 At-a-distance Course Development and Administration of Information Projects.

(20) b) Library-tape library Generally reports to the Operations Manager. Must record, issue, receive and safeguard all the programs and data of the computation equipment (with tapes or discs). Many organizations use automatized programs to make this control easier.. c) Control desk Responsible for the collection, conversion and control of incoming documents, as well as for obtaining control figures, generate exits and distribute them. The supervisor of the control desk reports to the Operations Manager.. d) Operations Generally, this is a synonymous of information processing. It includes all the personnel necessary to run the computation equipment effectively and efficiently. It includes assets such as servers hosts, magnetic media, data, communications, etc. Access to the computation center must be restricted; its controls are divided as follows: • Receives source documents, safeguards their integrity and Data Safety returns them afterwards: control that protects the equipment from the loss of information processing capacity caused by environmental, mechanical, electrical, electronic contingencies. • Receives source documents, safeguards their integrity and Data Safety returns them afterwards: includes standards and procedures that protect information from destruction, modification or consultation (intentional or accidental). This aspect of safety in turn integrates: a) Physical safety b) Education to employees c) Logical safety • Process controls: ensures that the organization receives complete information in due time, precise and safe (it is related to operations). Data control/control desk: control of E/S. Production control: implies the control of process storage jobs.. 20 Inter-American Center for Social Security Studies.

(21) e) Safety administration Requires the commitment of management to generate a clear policy, specifying the safety standards and procedures to follow. The tasks of the safety administration must be clearly defined in this policy. For an adequate segregation of functions it must report to the director of the IS. It is necessary to make sure that the users comply with the established policy and that controls prevent non authorized access to the assets of the organization. Its functions include: • Maintain rules for the access to files and resources. • Maintain safety and confidentiality on the emission and maintenance of users codes and access codes (passwords). • Monitor safety violations and take corrective measures. • Review periodically and evaluate safety policies, and suggest changes in this respect.. f) Quality assurance Generally develops tests and verifications that permit ensuring that the programs developed and modified follow the defined standards, and that they satisfy users needs.. g) Administration of BDs Defines and maintains the structure of the BDs. It is necessary to know the organization and the interrelationship of users and the relationship with the information (it is forbidden to access production data or application programs). Its functions include: • Specify physical design of the DBs. • Change physical design to improve performance. • Determine optimization tools. • Test and evaluate optimization and scheduling tools. • Solve queries of the programmers and educate them in the strategy of the BDs. • Implement BDs definition controls (access, updating or concurrence). • Monitor use and performance of BDs with statistics. • Define and initiate support and recovery processes. The BDA (BD administrator) may define controls on the BDs and may ignore them. It can also obtain passwords and access the data, and therefore, must be controlled: 21 At-a-distance Course Development and Administration of Information Projects.

(22) • • • •. Separation of functions. Supervision/management approval. Review of the log books of the DBA. Detecting controls on the use of BDs tools.. h) Systems analyst Specialist who designs or implements applications within the life cycle of systems development (See Topic 4 — SDLC methodologies).. i) Applications programmer Specialist responsible for programming applications, according to the specifications documented in the analysis. Must work in a test environment.. j) Systems programmer Responsible to maintain the system operative and other systems software tuned and operating.. k) LAN administrator May be in the IS or in any user area. It is responsible for the technical and administrative control of the LAN. Must not have programming responsibilities. May have user responsibilities.. d) Help desk Generally develops service functions for users in the use of computation solutions for final users. Additionally, it monitors, improves and controls the performance of central applications. In the present environment, every day more organizations consider it important to increment the technical ability of the personnel of the help desk, improving their skills in areas that only systems programmers and operations personnel used to know.. 22 Inter-American Center for Social Security Studies.

(23) 4.3 Segregation of functions in systems It is important that the systems area provides information to users, but without affecting other alien functions. Example of functions that must be delegated to users: • Authorization of transactions: responsibility of the user area. The degree of delegation corresponds to the level of responsibility. Periodical verifications of the organizations and auditing must be made. Conciliation is a user responsibility (although it can be carried out by the control desk). It provides confidence and certainty on the results of the system. • Custody of assets: the "owner of the data" must define responsibilities and levels of authorization to access and modify its data.. It is important that the rystems area provides information to users, but without affectingother alien fitnctions.. On the other hand, it is important also to separate certain critical functions within the systems area. The functions that must not be combined are: Control table. Analyst. Program mer. capture. Operat. DBA. AdmSec. Control x Tbi Analyst Program x mer x x x x Capture x x x x x x x Operat x x DBA x x x x AdmSec x Tape Library x x SysPgmr x OA X = Functions that cannot b combined because there are no compensatory controls to mitigate the risk. Tapes Library. SysPgmr. OA. x x x x x x x x. The following points are indicators of problems: ➢ Unfavorable attitudes of users. ➢ Excessive costs. ➢ Exceeded budgets. ➢ Delayed projects. ➢ High personnel rotation. ➢ Inexperienced personnel. ➢ Frequent hardware and software errors. ➢ Excessive backlog of users requirements. ➢ Slow response of the system. ➢ Many hardware and software projects not authorized or not justified. ➢ Frequent updating of hardware and software. ➢ Exceptionally large exception reports. ➢ Lack of follow up to exception reports. ➢ Poor motivation. ➢ Lack of succession plans. ➢ Confidence in one of two key persons. 23 At-a-distance Course Development and Administration of Information Projects.

(24) Questions for reflection How do the information systems in your institution achieve the materialization of goals and of organizational objectives? What practices on the handling of human resources, outlined in this topic, are applied in your computation center or systems department? Which are the best IS administration practices applied in your organization? Do you consider that the segregation of functions is applied rigorously within your computation center or systems department?. Bibliographic references. Capron H L L Computers: Tools for the Information Age, BK&CDR Holtsnider Bill and Jaffe D. Brian, (2000). IT Manager's Handbook: Gettingyour New Job Done, Publisher: Morgan Kaufman Publishers. Shapiro Carl and Varian Hal (1998) Information rules: A Strategic Guide to the Network Economy Publisher; Harvard Business School Publishing. www.metagroup.corn 24 Inter-American Center for Social Security Studies.

(25) Topic 2. Development, acquisition and maintenance of applications By Ismael Novella Perrusquia. Summary The development of the information technology is a phenomenon that involves without exception the institutional and personal ambits and that makes it mandatory to carry out a permanent personal effort to be up to date with advancements, mainly with respect to: which are the mechanisms that will permit taking better advantage of this technology. Thir topic is destined to make a general study on the importance of information systems for the fulfillment of the mission, vision and functions of any organization or enterprise. How to define an information system, how to adequately control its development or acquisition, what practices may be applied for an adequate maintenance, are aspects that are analyzed in this part of Module I. 25 At-a-distance Course Development and Administration of Information Projects.

(26) ✓. ✓. J. J. J. J.

(27) Topic 2. DeveCoyment, acquisition and maintenance of apyacations By Ismael Novella Perrusquia. 1. Frame and pre-requisites for the development of applications Applications should be considered as fixed assets with respect to the cost of the assets they control and with respect to their implicit costs of development/ acquisition and maintenance.. Applications should be considered as fixed assets.. An application development or acquisition project must start with a well defined business objective. To start, there must be clear communication between managers; a well established systems development life cycle methodology must be used. The advantages of the interaction with a user are: • The user has more influence if there are formal procedures and SDLC guides. • Applications auditors can check the relevant phases of SDLC with independence and report its adherence to the original objectives and to the procedures of the company. • Applications auditors may become involved in specific phases of the SDLC depending on their technical ability • Applications auditors may evaluate the methods and techniques used in the SDLC.. 1.1 ROLES AND RESPONSIBILITIES It is advisable that the audit function take an active part in the SDLC, which would facilitate implementing in the system the appropriate controls. The key groups and individuals that must be involved in the SDLC are: r. • • • •. Project directive committee. User management. Project sponsor. Project manager.. 27 At-a-distance Course Development and Administration of Information Projects.

(28) • Work team (user and applications). • Safety officer. • Quality assurance manager.. RISKS OF INADEQUATE SDLC METHODOLOGIES. 1.2. • That the system does not meet the needs of the user (the project was a waste of resources). • The budgetary limits are exceeded (poor SDLC methodology or poor administration of the project. • The new system leaves the company at a competitive disadvantage (poor administration of the project) if existing complexities or incompatibilities were not identified. The result is the lack of credibility in the applications and loss of motivation. The leader of the project, being conscious that a good methodology does not guarantee the success of the project, must also check the participation of the user and of the high management.. 2. Implementation structured methodology (SDLC) Allows us to plan and develop applications in an orderly and controlled manner. It is divided into several phases; activities are defined for each phase with dates of termination and products to be delivered. The most common phases are:. 2.1. FEASIBILITY STUDY. Determines the strategic benefits of implementing a system, whether improved productivity, future savings, operative efficiency, strategic value, etc. In the products to be delivered, included in the feasibility study, are: ID I) I) I> ID ID. Time in which the solution is required. Determination as to whether the computer solution is desirable/necessary. Explanation as to whether the existing system can solve the requirement. Identification of the suppliers that offer this solution. Determination of the approximate cost of development. Explanation as to whether the solution adheres to the plans of the business.. 28. Inter-American Center for Social Security Studies. The leader of the project must also check the participation of the user and of the high management..

(29) lb. Determination as to whether develop or purchase.. 2.2 DEFINITION OF REQUIREMENTS (ANALYSIS) It is very important that all users related to the project are actively involved in this stage. This makes it possible to obtain commitment and ensures that the needs of the users are being considered. The users specify their needs (automatized and non-automatized) and how they wish to have them satisfied. If it was decided that the best alternative is to purchase an existing software, the user must be actively involved in the process of evaluation and selection of the package.. 2.3. ACQUISITION OF SOFTWARE. This phase applies only when it was decided to purchase a package. A document called proposal application, with the detail of the technical and users requirements, is prepared and sent to different suppliers to determine which one of them better adheres to the require rents and offers the most attractive price. Contents of the "proposal application" Requirements. References Feasibility/financial stability. Supplier support. Availability of source code. Years of experience. List of planned improvements. Detailed definition of the functional requirements of the final user. Evaluate to which extent they are cvered by the supplier with the application only and consider in a separate point what it covers with inter-phases or additional programming. Verify other customers and successful projects. Mainly, it has to be verified with new suppliers or suppliers that are not well known in the market. It also applies in the case of representatives of a foreign company. The supplier must have a complete line of support such as HelpDesk, local training, software updating, automatic notification of new versions and maintenance. This is especially useful in the event that the supplier should leave the business; it is generally included in the contract. The older it is, the more reliable it will be. A short list implies that the product will not bet updated.. 29 At-a-distance Course Development and Administration of Information Projects.

(30) 2.4 ERP (ENTERPRISE RESOURCE PLANNING) SYSTEMS Every day more enterprises and organizations are migrating their applications to ERP Integrated systems, such as SAP, PeopleSoft, Oracle Financials, BAAM or J.D.Edwards. It is generally considered as a standard acquisition; however, due to the complexity of the project and to its high impact on all the organization, it must be treated as a major project, analyzing the impact, risk and benefits expected.. 2.5 DETAILED DESIGN This is an important phase before developing the program. Here, flow diagrams and detailed specifications are developed for each documented functional requirement. Also, conversion plans for the data existing in previous systems must be included.. 2.6 PROGRAMMING. Programs are developed to cover the documented requirements in the analysis. It is especially important to have defined programming standards that will facilitate the work among all the members of the programming equipment. It is advisable to use structured programming techniques.. 2.7 TESTS A group of tests is the process that will ensure that a program, module or system operates as designed and as required by the user. It is important to have a formal tests plan to be followed and documented as the tests are developed.. The following tests can be developed: > Unit tests: testing of the operation of individual programs or modules. Data groups are used which test the design of the programs, ensuring that they operate as designed. > Inter-phase tests: evaluate the connection among two or more different components interchanging information among them.. 30. Inter-American Center for Social Security Studies. A group of tests is the process that will ensure that a program, module or system operates as designed and as required by the user..

(31) ➢ System tests: ensure sure that the programs or modules interact among them correctly. They include the following tests: • Recovery: ensure the recovery after a hardware or software failure. • Safety: ensure that there will be no safety gaps. • Volume: test the operation of the system with large volumes of information, to ensure its performance at peak hours. ➢ Functional tests: ensure the operation of the system against the requirements of the users. ➢ Tests in parallel: ensure the correct operation of the system, comparing it with the results of the previous system.. 2.8 IMPLEMENTATION After having developed the tests successfully, the new system is ready to migrate to production. It is important to define a specific date to disconnect the previous system and start working with the new system. The change to the new system must not affect the normal operation of the business. Generally, the change is made after a week end, an accounting closing or at the end of a period of heavy work.. 2.9 POST-IMPLEMENTATION CHECK-UP This has as an objective to ensure that the implemented system operates correctly and as requested and designed. It is advisable to make this check-up at least six months after having released the system. This check-up can be made by: 1. The implementation team (systems personnel and users). 2. Independent personnel (internal auditor or external consultants) As a result of this check-up, a report is generated showing the deficiencies found, the risk involved and the recommendations for improvement.. 31 At-a-distance Course Development and Administration of Information Projects.

(32) 3. Alternative development methodologies 3.1 ANALYSIS FOCUSED AT DATA Permits the development of an accessible information BD that will allow the preparation of specific reports according to the needs of the user. It does not imply the disappearance of transactional processes, but the recognition that they generate most of the information and that this information already exists.. 3.2 DEVELOPMENT FOCUSED AT OBJECTS The design is divided into two levels: the first is the abstract design: the second is the physical design (incorporates restrictions).. Advantages: • Ability to handle many types of data. • Provision to model complex data relationships. • Capacity to solve the demands of a changing environment.. 3.3 PROTOTYPES (HEURISTIC DEVELOPMENT) Creates systems through a controlled process of test-error; it is supported on fourth generation tools. The initial emphasis is in the design of screens and reports. There are two approaches: 1. Build the complete model: this approach has the problem that users do not understand that there is more to do after having finished the screens and reports: preparation to handle high volumes, handling different terminals, support-recovery, batch processes and audit tracks. 2. Gradual building: this approach runs the risk that it meets expectations but may have poor controls.. Disadvantage of the two approaches: • Users add extras that make it inefficient. • The control of changes is much more complicated. 32 Inter-American Center for Social Security Studies.

(33) The following strategy is recommended for implementation: Defrosting — Implementation — Freezing An incremental approach is recommended (release gradually 100% useful modules).. 3.4 FAST RAD DEVELOPMENT Makes it possible to develop systems faster, reducing costs and maintaining quality. This approach uses: • • • • •. Small and well trained development teams. Evolutional prototypes. Powerful tools to model data, prototypes and re-use of components. Central repository. Rigid time limits.. Development stages: 1. Conceptual definition 2. Functional design 3. Development of the data base and of the applications. 4. Deployment: tests, training, data conversion, releasing.. 3.5 RE-ENGINEERING Updates an existing application, extracting and re-using programs.. 3.6 REVERSE ENGINEERING Studies an application or product and develops a similar system. There are two ways: • Decompilation. • Analysis of reverse engineering.. 33 At-a-distance Course Development and Administration of Information Projects.

(34) Risks: • SW licenses forbid reverse engineering or decompilation. • Decompilers are made for hardware, operative systems and very specific third generation languages.. 3.7 STRUCTURED ANALYSIS It is a frame to identify processes and data of an application using data flow diagrams. (DFDs). Strengths: -Fast identification of the concerns of the user. -Easy support with CASE tools. -More oriented to the analysis of problems than to a design. Weaknesses: - Difficult to represent concurrent tasks and telecommunications. - Does not solve the problem of structuring a system on concurrent tasks.. 4. Applications maintenance practices (change management) A standard methodology is necessary to develop and carry out changes to operation systems. This methodology must ensure that changes are: Appropriate to the needs of the organization. Duly authorized - Documented. - Tested. ▪ Approved by the management of the user. 4.1. INITIAL AUTHORIZATION. No matter where the request for change comes from, users and systems must approve changes to programs in production. Formal communication media must be used. The application for changes must include, as a minimum: ❑ Name of the applicant. ❑ Date of the application, date on which the change is required. ❑ Priority of the application. 34. Inter-American Center for Social Security Studies.

(35) ❑ Detailed description of the application. ❑ Detailed description of the effects on other systems or programs. ❑ Reason for the change. ❑ Justification of costs-benefits. ❑ Signature of the user manager. The format must be assigned a sequential number at the time of receiving it in systems. A record must be kept of the programming and tests tasks, authorization of the systems manager, date/hour of the change and personnel carrying out the change. There must be an adequate segregation of functions to pass the tests on to production.. 4.2 APPROVAL Only after the user has seen and is satisfied with the results of the tests, he will sign his acceptance and the changes will be passed on to production; if there are emergency changes, this has to be done retroactively.. 4.3. CONTINUOUS UPDATING OF DOCUMENTS. Only O'er the user has seen and is satisfied with the results of the tests, he will sign his acceptance and the cianges 1Yill be passed on to production.. Documents must be updated with each change through: • • • • • • •. Flow diagrams. Programs narratives. Data dictionary. Entity-relationship models. DFD s. Operation instructions. User's procedures.. Documents must be updated with each change.. These documents must be also kept at the alternate locality for cases of disaster.. 4.4 MIGRATION TO PRODUCTION r. Must be made by an area independent of those who made the changes and tests.. 35 At-a-distance Course Development and Administration of Information Projects.

(36) 4.5 TESTING THE CHANGES TO THE PROGRAMS. It is necessary to make sure that there are controls that protect the programs against unauthorized changes. The objectives of the control are: Restricted access to program libraries. Check-ups by the supervisor. Applications for change duly approved and filled in. Select a sample of changes and follow track Make sure that all requisites were met. • Observe the procedure to pass programs on to production. • • • •. There may be unauthorized changes if ❑ The responsible user is not aware of the change (did not sign). ❑ A change application format was not prepared. ❑ The programming manager did not sign his approval. ❑ The user did not sign accepting the tests. ❑ The source code was not correctly reviewed. ❑ The programming manager did not sign approving the release to production. ❑ The programmer added an extra code for his own benefit.. 4.6 INTEGRITY OF THE SOURCE AND EXECUTABLE CODE. Each module executable in production must have its equivalent in a source code. This control is vital to ensure the integrity of the programs in production. The date of modification of the source code must not be subsequent to the date of the executable code. The participant must pay special attention to the users developing applications in PC's.. 4.7 COMPARISON OF THE SOURCE CODE. It is an effective and simple method to detect changes to programs, which consists in taking a support from one month ago and bring down a source code, comparing it with the new code, using software tools. It is important to bear in mind that this procedure does not detect if a program was changed, corrected and returned to the original. 36. Inter-American Center for Social Security Studies.

(37) 4.8. EMERGENCY CHANGES. There are times when emergency changes are required to solve critical problems. These changes must be made by the programmer using special and very powerful users; everything done with these changes must be monitored and they must be invalidated when the emergency ends. Two formats for changes to programs in production must be filled in post-mortem.. 5. Development tools/productivity aids 5.1 CODE GENERATORS. These are tools that generally have a CASE product incorporated for the definition of screens or reports; a code that produces them is automatically generated.. 5.2 CASE CASE is the acronym of Computer Assisted Software Engineering. It is the use of automated tools for the development of SW. There are three different types: 1. Upper CASE: Describes and documents requirements of the business. 2. Middle CASE: Develops detailed requirements (screen designs, reports, editing criteria, data dictionary, processes diagrams) 3. Lower CASE: It is the generation of code and definitions of BDs. The participant must make sure that there was involvement of the user in the lifting of requirements. Risks of the use of CASE: • It does not guarantee that the programs will solve the requirements of the business. • An effective methodology is necessary. • It is necessary to control the integrity between CASE and No-CASE programs. • The changes in the application must be reflected in the repository of the CASE. The control of applications continues to be the same. • • Strong security of access to the repository is required. CASE tools generate information which is very useful to the systems area.. CASE toolsgenerate information which is very useful to the systems area.. 37 At-a-distance Course Development and Administration of Information Projects.

(38) 5.3 4GLs (FOURTH GENERATION LANGUAGES) Their characteristics are: © © © © ©. Non procedural language. Portability. Facilities: of screen design, CBT's, Help. Programmer Workbench. Easy to use.. There are the following types: © © © ©. Report queries and generators. Embedded in BDs: FOCUS, RAMIS, NOMAD Of relational BDs: SQL+, MANTIS, NATURAL Generators of applications: COBOL or C. 5.4 ANALYSIS OF FUNCTION POINT It is a manner of measuring applications (Allan Albrecht, IBM, 1970s). Counts number and complexity of entries, exits and files. Amply used to estimate the complexity of an application.. 53 GENERATORS OF TESTS These are aids to depurate (debuggers) and code analyzers. There are also the generators of test data; according to the characteristics of the data, they generate systematically and at random data that may be used by the applications.. 6. Specialized systems 6.1 ARTIFICIAL INTELLIGENCE (AI) AND EXPERT SYSTEMS These technologies include: expert systems, natural language products, neural nets, intelligent text handlers, voice recognition and translators. The systems area must be especially concerned with these systems when they are a relevant part of the processes of the business. The errors produced by AI systems may have more severe impacts than those produced by traditional systems.. The errors produced by AI systems may have more severe impacts than those produced by traditional systems.. 1. 38. Inter-American Center for Social Security Studies.

(39) There are expert systems that are Audit tools: operative systems, on-line environments, access control and PC environments. There are other expert systems that aid in specific tasks, such as: audit planning, internal control analysis, quality check-up, fiscal planning and users training. In identifying these systems in the organization, it is important to do the following: — Understand the purpose and functionality of the system. - Evaluate the significance for the organization as well as potential risks. - Review the logics built in the system (make sure that it is precise and that true experts were used to build it). Review the procedures to update the information on the basis of knowledge. - Check-up the safety of the system, especially on the basis of knowledge.. 6.2 DATA WAREHOUSE It is an information warehouse, especially designed to support the taking of decisions; therefore, the quality of information is critical. In the development of a data warehouse the following is important: 1. The credibility of the source information. 2. The accuracy of the source information. 3. The accuracy of the extraction and transformation process.. r.. A data warehouse includes four components: O A warehouse or data warehouse where the information is physically stored. This includes storage fixtures, a server and a data base administration system.. r.. O A data source acquisition module which is a software that copies data from their original sources, cleans them and transfers them to another warehouse. O A module of delivery to the final user where questions can be made and answers can be obtained. It includes generators of reports, OLAP (on line analytical processing) and other information request tools. D A metadata deposit which is a guide that permits the user to find more things in the data warehouse. For the health and social security sector, the data warehouse has several applications. For example, in the case of the supply of medicines and therapeutic goods, the Supply Directorate needs to know the existence of such products in each one of 39 At-a-distance Course Development and Administration of Information Projects.

(40) the warehouses distributed throughout the country, what type of distributors it has, which are their delivery times and if they have complied with their delivery program. The financial areas, in their lines of collection of workers and employers quotas, payment of subsidies, payment of pensions and payment of fringe benefits in general, are other fertile fields for the incorporation of the data warehouse, with which it is possible to consolidate critical information resulting from audits, as well as specialized records to avoid fraud. To implement a data warehouse it is necessary to have basic operation and administration systems prepared (accounting, inventories, banking transactions, conciliated accounts, etc.) because the data warehouse will be fed from them. The cost of developing this warehouse may be several thousands of dollars, although an important growth in its use is foreseen.. 6.2 DECISIONS SUPPORT SYSTEMS (DSS) It is an interactive system that provides the user with an easy access to decision models and data that allow the user to take semi-structured decisions. Work Frames: 1. Gorry-Scott-Morton: defines nine types of problems divided according to the degree of structure of the decision and according to the managerial level at which it occurs. 2. Sprague-Carson: each DSS has its own data, decisions models and dialogue generator; it emphasizes the importance of the user inter-phase. Questions for reflection: According to your labor experience, what weight would you assign to the needs of the users in the information systems development projects? Is the level of participation of the user adequate? Which is the degree of integration between basic operation systems and administration systems within your institution? Is it necessary to integrate different applications in one single automated system? What development methodologies are most usual in your context? Could new technologies be incorporated to reach more efficiency in the projects? Which are the application maintenance practices used in your organization? Do you consider that safe methods for updating are applied? 40 Inter-American Center for Social Security Studies. To implement a data warehouse it is necessary to have basic operation and administration systems prepared..

(41) Bibliography. Avison, D.E. & Fitgerald G. (1994) Information systems development: methodologies, techniques and tools. London. Laudon, C., Kenneth & Laudon, P., Jane (1996). Administration de los sistemas de information. Organkacion y tecnologia, Mexico, Prentice Hall Hispanoamericana. McConnell, Steve (1997), Desarrolky gestion de proyectos informaticos, Madrid, McGrawHill Interamericana. Senn, A. James (1992), Analisisy diseiio de sistemas de information, Mexico, McGraw Hill Interamericana.. 41 At-a-distance Course Development and Administration of Information Projects.

(42) J. J.

(43) topic 3. Administration of information systems yrojects By Ismael Novella Perrusquia. Summary Information systems are projects susceptible of being administered to reasonably achieve the expected success; this will depend on the manner in which "administer a project" is understood, especially because there actually is a number of information systems projects that must be handled simultaneously. There are different methods to achieve that an information systems development project is successful in time, cost and quality; these methods are identified in the fourth topic of the first module. In addition to these methods, there is a list of recommendations or steps to be followed to attain the desired goal in the development of systems. Administer a project means to make a work plan and then carry out this plan; therefore the elements included in the three first topics of this module are aspects that can be incorporated to the administration of a project in order to successfully reach the established goal.. 43 At-a-distance Course Development and Administration of Information Projects.

(44) ■-•••.

(45) topic 3. Administration of information systems .projects By Ismael Novella Perrusquia. 1. Definitions and basic concepts Characteristics of a project: o o o o o o. Sole event. Date of initiation and termination. Budgeted cost. Defined resources. Defined tasks. Specific objectives.. What happens in organizations?. Before There were few projects and they ran very slowly.. There are many simultaneous projects and their demands are higher (time, cost, uali. Mission. Initiatives and Strategies Substantive Processes Administrative Processes. Programs. Proja cts. 45 At-a-distance Course Development and Administration of Information Projects.

(46) o The organization defines its mission and vision. o Aligned to these, the great initiatives to be developed are defined. o Substantive processes are those which are known as the "chain of values", or the functions chained with those from which the product of service offered to the customer is obtained. Administrative processes support substantive processes. o One program integrates several projects.. Characteristics of IS projects They require that the leader of the project is able to handle the following factors: ■ Technology: • Constant and accelerated change. • Different solutions to one single problem. ■ Business: • High demand for a good performance and reliability • Requires scalability and flexibility of systems. ■ Administrative: • Involvement of users and directors. • Administration of change. ■ Human: ▪ Wear and stress - Communications.. 2. Fundamental elements A project must be successful in: • Time • Cost • Quality. How does a project evolve?. 46 Inter-American Center for Social Security Studies.

(47) Due to its degree of progress % of progress. Time. Due to the utilization of resources Effort or use of resources. Time. Risk vs Cost Cost/Progress. Time. Life cycles of information system projects 1. Start 2. Analysis 3. Design 4. Programming 5. Tests 47 At-a-distance Course Development and Administration of Information Projects.

(48) 6. Implementation 7. Acceptance The development phases of a system coincide with the development of the project.. Cost or resources. The developmentphases of a system coincide with the development of the project.. A 0.) U. bA 0. co 0. Time. 3. Alternate models of information systems development. These are other systematic strategies for the development of information systems. Alternate development for information systems development models contain phases and activities arranged in a logical manner that increment the probabilities of achieving a successful project, but they are not panaceas; they have to be used, adapting them to each specific situation. Among the most important models are: ° o o o. Cascade Incremental By iterations Spiral. as Inter-American Center for Social Security Studies. Alternate development for information systems development models contain phases and activities arranged in a logical manner that increment the probabilities of achieving a successful project..

(49) Cascade model Start Analysis. Design. Programming. ➢ At the end of each phase the next phase starts. ➢ If an error or omission is detected, it goes back to the previous phase. Errors identified in the implementation make it necessary to go back to the design or to the start.. Incremental model. Start Analysis. Design Phase 1 \. Design Phase 2. Programming 1 r. Tests 1. Design Phase n. Programming 2. Programming n. Tests 2. Tests n j v. Integral Tests. Implementation. 49 At-a-distance Course Development and Administration of Information Projects.

(50) ➢ An initial analysis is made. ➢ Development is programmed in incremental phases (modules); each phase adds new functionalities, but they are individual. ➢ Each phase (module) has its own design, programming and unit tests activities. ➢ Integral tests summarize the functions of all the modules. Iterative model. Iteration 1. Iteration 2. Analysis. Analysis. Design. Programming I. Tests. Iteration n. Design. Programming. Programming. Tests z. ImplementaticAl. Implementation. Implementation. ➢ A component is released in each iteration. ➢ Each component is complete in itself, independently of the other. Spiral model (evolutional prototypes) Design. Construction. Analysis. Evaluation J. 50. Inter-American Center for Social Security Studies.

(51) • It starts trying to obtain the most relevant components and the development is aimed at this purpose. • The final result is evaluated and improvements are designed.. 3. Administration of Projects according to the PMI What is the PMI? The ProjectManagement Institute (PMI®), founded in 1969 and located in Philadelphia, Pennsylania USA, is the association at a worldwide level for professionals who administer projects. It has more than 86,000 members throughout the world. Historical Data: • Founded in 1969. • In 1969 it held its first seminar with 83 participants. • In the decade of the seventies it issued its first magazine, the `Project Management ,,,Quarterly"(PMQ), which was later on called "Project ManagementJournal" (PMJ). • During the decade of the nineties, membership, programs and services grew. • It also issued a code of ethics and started with the first certification examination (Project Management Professional Certification). • In 1990 membership was higher than 8,500. • It printed the Project Management Body of Knowledge (PMBOK® Guide), summarizing all the knowledge on project administration. At present: The PMI supports more than 86,000 members in 125 countries throughout the world. These members are individuals who work in the administration and control of projects in very different industries, including aerospace, automotive, business, construction, engineering, financial services, information technology, pharmaceutical and telecommunications. The services offered by the PMI are: • Professional Standards The PMBOOK® Guide, is a standard with worldwide recognition for the administration and control of projects. • Certification Offers a rigorous certification program, based on an examination, that recognizes the knowledge and achievements of individuals involved in the administration of projects.. 51 At-a-distance Course Development and Administration of Information Projects.

(52) • Research Has bi-annual conference programs where the results of research, books and access to a research data base on the subject are presented. • Publications PM Network®: Is the monthly magazine. Project Management Journal®: Is the quarterly magazine. PMI Today®: Is the monthly periodical. • Training and Development Seminars and master degree courses focused at the administration of projects. • Knowledge Reference/research material via internet and delivery of documents. • Professional Development Annual seminar and symposiums. • On line Carrier Services Labor exchange, directory of members, curriculum vitae.. Scheme of the PMI A project has the following phases. • • • • •. Start —> Planning. Start Planning Control Execution Closing. > Execution. Control <. Closing. PMI processes vs life cycle of information systems. C) C. as a-. in. Execution and Control. co. C. co C. C). C. E E as. 2. a-. 52 Inter-American Center for Social Security Studies. a. Implementation. 0. a).

(53) There exist tools, techniques and methods, both qualitative and quantitative, to administer human resources and materials throughout the life of a project and that help to obtain the results expected in cost, time and quality. Areas to consider according to the PMI 1. Scope 2. Time 3. Cost 4. Quality 5. Human Resources 6. Communications 7. Risk 8. Procurement 9. Integration. 4. Twelve steps for the success of a project 1. Select the best project leader. 2. Make the work team as tangible as possible. 3. Prepare a project charter 4. Take the time to define requirements 5. Use fragmentation for a better planning. 6. Investing in planning, savings in execution. 7. First estimation and then budgeting. 8. Try to prevent problems. 9. Define a base line for control. 10.Establish a defined process for control. 11.Take the necessary time to close. 12.Use a standard methodology. Questions for reflection How are information projects administered in your organization? To what extent does your organization apply the information systems development models outlined herein? What activities are performed in your organization to control projects and achieve them within the budget, the program and the expectations of the user? In a project administration context, what advantages and disadvantages are offered by the alternate information systems methods outlined in this topic? ,-,. 53 At-a-distance Course Development and Administration of Information Projects.

(54) Bibliographic references. Cleland & King. Manual Para la Administracidn de Projector CECSA 1998. J.Davidson Frame. La nueva direccidn de proyectos. Granica 2000 Project Management Institute. A Guide to the Project Management Body of Knowledge, PMBOOK PMI publications, 2000. EVALUATION EXERCISES AND ACTIVITIES. SECOND ACTIVITY (Individual Exercise) A) On the basis of the actual situation of your institution, make an essay no longer than ten pages, on the following points: 1. As from the systems approach that goes from the general to the specific, describe your institution as a service rendering entity and its principal functional areas; indicate the areas in charge for information processing, which are their tasks and responsibilities. 2. Outline the practices and procedures of the systems development area (Directorate or Management), giving your opinion on its efficiency, effectiveness and on the control handled. 3. Explain the procedures for maintenance and change control in the software of information systems. You can document this part with information on the area, the review of documents, the interview or the observation. 4. Describe an actual project for development, acquisition or maintenance of information systems or information project, its phases and characteristics. Propose an alternate development model to permit the system to meet the goals of the organization.. 54 Inter-American Center for Social Security Studies.

(55) Nioclute III. Organizational impact of information technology. INTRODUCTION The knowledge of the previous modules on general aspects of informatics, have been aimed at offering elements that will allow you to reflect on the improvement in the daily practice of automatization work. In like manner, it is important to ask oneself: What would happen if the institution itself or the area in which I work would be faced with a major strategic change, that would imply new outlines including the updating in the mission of the organization? In this case the approach of automatization would depend totally on the new strategies. The contents of the module was thought at a start as the complementary part of the information systems (human resources, organization structure, etc.); however, to the extent that it was analyzed and structured, it was possible to conclude that all the components of the information technology (whether information systems, technologic platform or information human resources) must depend on a directive of the highest level and scope, which shall be defined by the strategic planning of the institution and perhaps carried out through a process reengineering exercise. Therefore, it is important that you, whether you work as an executive, personnel of an informatics coordination, or of a users area, are well aware of and apply the concepts contained in this module with the purpose that you may have a more ample panorama in which information technology is located, and may in turn become a protagonist agent for the change in your organization.. t. OBJECTIVE. • Analyze the organizational impact generated by the incorporation of information technologies.. 55 At-a-distance Course Development and Administration of Information Projects.

(56) KEY WORDS Basic competitiveness Chain of value Competitive scope Cost advantage Critical factors of success Discontinued thought Differentiation Empowering of employees Key decisions. Outsourcing Performance measuring Process Process Reengineering Processing functions Values system Vertical integration Virtual integration. TOPICS 1. Reengineering in organizations 2. Redesign of processes for their automatization 3. The organizational development during change 4. Outsourcing: One step towards virtual integration Author of all the topics: Ricardo Loranca Gonzalez. EVALUATION EXERCISES AND ACTIVITIES Third activity. (Individual exercise) A) Choose two of the process reengineering principles that you consider that the institution to which you belong has applied or could apply. Support your reply describing the manner in which they have been carried out, specifically in your department or area of competition. Maximum length: one page. • • • • • • • •. Eliminate activities that have no added value. Organize around results instead of around functions or tasks. Seek that the user of the result of a process is the person who carries out the process. Obtain quality and capture information from the source. Consider resources that are geographically disperse as if centralized. Standardize processes on the basis of leader practices of the industry "best practices". Promote the creation of multi-functional positions. Assign points of decision to whoever carries out the work and build the process with integrated controls.. 56 Inter-American Center for Social Security Studies.

(57) • • • • • •. Use visual methods for the control of processes. Reduce preparation time. Use processes in parallel. Establish relationships and agreements with suppliers and customers. Apply automatization and the applicable technology. Build up a capability and a mentality for continuous improvement.. B) Which of the following types of activities have been handled in the organization to which you belong by means of outsourcing? Describe briefly the benefits obtained and comment if you consider that it could be possible to reach virtual integration with anyone of your suppliers or users of your services. Length: one page. • • • • • • • • •. Informatics Human resources Vigilance services Messenger services Telecommunications Accounting Taxes Internal auditing Inventory administration. ■ •■. 57 At-a-distance Course Development and Administration of Information Projects.

(58) J. J. J. J. J.

(59) topic 1. Reengineering in organizations Por Ricardo Loranca Gonzalez. Summary Process reengineering in organizations may be originated by many different reasons: economic changes in the external environment, mergers or absorptions among organizations. However, one of the most specific motives to initiate a reengineering project is the search for competitive advantage. Competitive advantage may be obtained through three basis strategies: cost leadership, differentiation and competitive scope. The chain of values is constituted by all those activities that generate added value for customers or users of the services or products of an organization. Its systematic study sets the base that will permit identifying or implementing the changes that will generate a competitive advantage. Information technology is a component that has very special influence on the chain of values; this influence can be such, that it will furnish by itself a competitive advantage for the organization with respect to costs, differentiation or scope.. 59 At-a-distance Course Development and Administration of Information Projects.