FINAL PAPER
IFSM 301
In our class, we use a model for writing that applies to both the classroom environment and the professional environment. FIRST, answer the question in your own words. Be sure to answer the question thoroughly, especially if it has multiple parts. SECOND, provide a credible source to reinforce your answer. The source should support your work, not be the major part of your answer. THIRD, provide an example that demonstrates your understanding of the question or demonstrates the concept you are discussing. Remember that your OWN work should be 85-90% of the answer and the sources, quotes, or in-text citations should only be used to support, reinforce, or demonstrate the points.
All materials submitted must be original materials developed by the student solely for use in this class and must conform to academic policies. Submission of reused materials may result in a reduced grade or non-acceptance of the assignment at the faculty member’s discretion.
By signing this 72-Hour Final Assessment, I confirm that the work contained on this assignment is my own, I have received no outside assistance and have properly cited and referenced any external research that has been incorporated in my answers. I have fully complied with Policy on Academic Dishonesty and Plagiarism (Policy 150.25).
Failure to properly credit your research sources is a violation of this policy.
__ (Typed signature represents actual signature) - Final Assessments without signature will not be accepted.
Instructions:
Answer all of the questions below. Question #1 is required! Your responses should demonstrate your understanding of the course content and your analysis and critical thinking; you are not expected to just reiterate what is in the e-book, but to integrate the information in your responses. Answers will be in the form of a list or short answers, as indicated in the questions. Proper APA style must be used for any citations and references that you use. Your Final Assessment will be scored on your demonstration of your understanding and integration of the course concepts.
The Final Assessment is valued at 100 points and 15% of your final grade. There are 10 Final Assessment items. Each Final Assessment item is valued at 10 points.
The Final Assessment
1. Assume that a list of requirements for a new system has been put together. List 4 stages of the SDLC where those requirements are used and explain how the list of requirements would be used during each stage.
Planning- In this phase, requirements are analyzed for feasibility. Once the requirements are deemed feasible, you can begin to build a project overview/plan that usually focuses on defining the roles and responsibilities of IT personnel, clearly defined expectations, security controls required, risk factors, budget requirements, any standards that need to be adhered to and project timeline. The planning phase essentially provides the justification for acquiring the resources needed to create the IT solution that will support your requirements.
Design- In this phase, a System Design Document is created that provides the blueprint for how to achieve the functionality required that support your requirements. For example, in the case of WW, a recommended screen layout of the financial audit system is presented to developers in order for them to write the necessary code.
Build- In this phase, developers execute the system design document to create the system needed to support your requirements. This includes procuring and installing any hardware, writing code, creating databases, creating test procedures and ironing out any “bugs”.
Test- In this phase, the system is tested in order to assess functionality, usability and performance. The system must work as designed and conform to the functional requirements. All requirements previously discussed and laid out in the planning phase must be addressed by system. Therefore, testing is essential before the final Launch phase. For example, the financial audit system should provide the required functionality needed to adhere to the new audit and reporting requirements.
2. Choose four standard corporate executive positions and describe their roles on the IT Steering Committee.
Chief Information Officer- Essentially, the CIO is the primary organizer of the IT steering committee/IT governance board. His/her job may vary from organization to organization. Typically, the CIO supports the main goals of the IT steering committee which are IT strategic planning and project prioritization. The CIO offers his or her technical expertise in order to support or not support an IT project. The CIO does not often have the final say. The CIO’s views are weighed like any other member of the committee. According to FFIEC (2014),” The CIO should be a member of executive management with direct involvement in key decisions for the company and usually reports directly to the CEO. The CIO should play a key role in the strategic technology planning as well as supporting activities of peers in various lines of business. The position often has a leadership role on the IT steering committee.”
Chief Executive Officer-The CEO chairs the IT steering committee. The CEO’s role is to ensure that the company’s long term strategic business plans increase shareholder value. Therefore, in the IT steering committee, the CEO usually will have final say and decide whether the IT strategic plans are aligned with the overall strategic business plan. For example, in the case of WW, the steering committee will present to the CEO the recommendation to create the mobile marketing app. The CEO will weigh the other officers’ views and decide whether it has an impact on ROI and shareholder value. The CIO might recommend using social media instead of allocating resources to the mobile marketing app.
Chief Financial Officer- The CFO is responsible for the administrative, financial, and risk management operations of the company. As it pertains to the IT steering committee, the CFO develops a financial and operational IT strategy, metrics for that strategy, and the ongoing development and monitoring of control systems designed to preserve company assets and report accurate financial results. The CFO will provide financial analysis and recommendations to the IT steering committee in order to aid decision making efforts.
Chief Operations Officer- The COO oversees ongoing business operations within the company. As a member of the IT steering committee, the COO is second in command and is responsible for overseeing how IT projects are aligned with day-to-day operations.
3. Explain the relationship between the IT architecture and the IT Roadmap used in the IT Strategic Plan.
The IT roadmap is essentially what IT strategies will be delivered over time. In order to successfully follow and ultimately implement this roadmap, the IT architecture must be in place to support this. For example, if you are expanding your business to several locations and want to ultimately implement a WAN (Wide Area Network), you must have the hardware or infrastructure architecture in place to support this expansion.
4. Different kinds of personnel are required to staff an IT department depending on their IT strategy. For the two organizations below, identify four IT positions that are most important in each organization and why.
a. An organization whose IT strategy is to outsource as much of their IT as possible.
Chief Information Officer- The CIO’s job in this organization is essential because he/she must decide what will be outsourced.
Chief Technology Officer- The CTO’s responsibility will be focused on integrating the outsourced technologies with the in-house technologies.
Security Officer- It is important that a security officer be present in-house to mitigate the emergence of cyber threats and data breaches.
Enterprise Resource Planner- The ERP planner is responsible for collecting data from outsourced and internal applications in order to store, manage and interpret data to assess and manage business applications
b. An organization whose IT strategy is to develop proprietary, in-house applications that directly support their business and operation
Chief Information Officer- build strategies and solutions that drive ROI, seek ways to integrate technology and efficiency in order to cut costs, increase efficiency, and achieve business and technology objectives.
Chief Security Officer- The CSO will serve as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs.
Applications Management Officer- Oversee programming and software development personnel. This department will focus on things such as Software Development Life Cycle (SDLC) and data analytics to improve business processes as well as manage application portfolios in support of business goals.
Chief Technology Officer- The CTO’s responsibility will be focused on scientific and technological issues, as well as policy, research and development. The CTO will oversee the Helpdesk/Service Dept. and Network Engineering Dept.
5. Explain what business continuity planning is, who should create the plan, and the role of IT.
According to Lindros (2013), “Business continuity refers to maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood, epidemic illness or a malicious attack across the Internet. A business continuity plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more.”
The first step in BC planning is for business leadership to recognize the need for a BCP strategy and commit resources to support it. A BCP team will be established and will consist of the CEO, CIO and functional area leads. Once the team is established, the next step is to interact with senior leadership executives to define what the most up to date business strategies and priorities for the business are. Once these operational priorities are relayed, the analysis team will conduct a business impact analysis to determine and qualify the business impact that a disruptive event would pose. Once events are defined and rated for event probability and impact, a business continuity strategy can be created in order to ensure ongoing business operations. Implementing the strategy and conducting ongoing plan maintenance are your next steps so that the full strategic value of your BCP can be realized. It is important to note that a BCP is not a disaster recovery plan.
6. Explain what it means to say that the “IT Strategic Plan is aligned to the business Strategic Plan”.
IT Strategic Plans have to be aligned with the goals of the stake holders. Essentially, IT projects have to be analyzed and implemented in parallel with a strategic business plan. CIO’s don’t make these decisions based on personal desires, CIO’s have to make sure that they take into account the enterprises and stakeholder’s business objectives when prioritizing IT projects and creating the IT Strategic plan. For example, a bakery may have strategic business plan to increase profit by 5%. A good way to achieve this is to make WIFI at all locations part of your IT strategic plan. WIFI will make customers stay longer and perhaps spend more money, thus, increasing profits.
7. Explain risk management and what it means to the CIO.
Risk management is essentially a business process that identifies vulnerabilities and threats to your information system resources in order to achieve business objectives. It also includes measures in order to mitigate the risks in order to reduce the risk to level that can be tolerated. The four stages to risk management planning are risk identification, risk quantification, risk response and independent third-party risk monitoring and control.
The CIO must be able to examine risk variables in order to reduce project failures. Project failures have enormous impacts on costs, reduced market shares, lost revenue and cascading effects on other projects, causing delays.
8. Give an example of a tangible (quantifiable) and an intangible (qualitative) performance measure and discuss the value of each.
Tangible data is anything that can be expressed as a number, or quantified. An example of this could be in the case of WW, using the new financial auditing system to display quantifiable information like a 10% increase in monthly revenue to assess performance. Tangible data has value because it is used to create numerical data or data that can be turned into useable statistics.
Intangible data cannot be expressed as a number. An intangible performance measure could be a survey that assesses quality of service. Intangible data has value because it supports understanding of underlying reasons, opinions, and motivations. It also provides insights into the problem or helps to develop ideas to improve business processes.
9. The CIO is responsible for the business rules or requirements that generate a new system or changes to the existing system. How is his/her role responsible for these changes?
The CIO is responsible for understanding the company’s future business strategies in order to be able to generate a new system or changes to the existing system that will provide the most value. In order to accomplish this, CIO’s must develop an Improvement Road Map that includes individual strategies that will be delivered over time. To make changes, the CIO will present IT initiatives to the IT governance board with recommendations along with supporting documentation. The governance methodology to be used will be a criteria-based matrix. Companies are looking for ways to cut costs by becoming more efficient. Technology is a way to achieve this. Therefore, CIO’s are asked more and more to tailor their IT plans towards a more strategic and innovative approach. The CIO’s are responsible for developing a an innovation process in which new systems can be discovered, assessed and implemented in order to increase profits and improve business processes.
10. What is change management and how does it relate to the IT organization?
Resources FFIEC. (2014). Chief Information Officer. Retrieved from IT Exam Handbook: http://ithandbook.ffiec.gov/it-booklets/management/roles-and-responsibilities/it-roles/chief-information-officer-chief-technology-officer.aspx Lindros, K. (2013, November 14). How to Create an Effective Business Continuity Plan. Retrieved June 02, 2015, from CIO.com: http://www.cio.com/article/2381021/best-practices/how-to-create-an-effective-business-continuity-plan.html
November 25, 2014 7