Prior to project commencement, the benefits the company wishes to receive should be pre-defined (e.g. cost savings - anticipated time of their realisation, monitoring metrics). In order to avoid missing out on these benefits at the end of the project, they must be followed throughout the whole process of implementation.
Senior management should ultimately be involved in the implementation process (their decisions on resource allocations, staff motivation/rewards, etc.) For larger organisations it is advisable to monitor the project via a steering committee or project control group, with participation of a senior board representative(s). The board may require some IT and/or project management training to understand the background of the project.
The next step is to ensure a well thought-out project plan is put in place. The software supplier can assist with this exercise, however, this process needs to be controlled by the organisation implementing the system. The plan plays an important role in ensuring that the project's critical issues are defined and communicated to all involved in the project. The plan should clearly specify the major steps of the project and each important action, timeframe, responsibility and measure of success must be documented.
To prevent ineffective planning, the plan needs to be regularly monitored and revised upon need during the implementation process. A contingency plan is another must - there always has to be an "emergency solution" ready in case of unforeseen circumstances such as serious delays in implementation etc.
The company management will, at the outset of the project, propose which internal and external resources will be needed. As a comparative example: in small businesses using basic systems a bookeeper can set up a new accounts system in one month, mid-range companies would need two or three staff over three months whilst for the ERP systems often over 10% of the workforce work fulltime on the basic stage of the project for 6 months or longer. The project will require the best professional team available. The workload can be relieved by using temporary staff/outside contractors or consultancy services.
The package to be bought should meet the company's particular needs (coding structures, reporting formats, security levels, tailoring the system to particular business processes). The project team will have to get a comprehensive training program - most effectively in small groups (6 people) and close to the time when the system will be used in practice.
The system installation must be carried out thoroughly - all sites must be checked, from all the workstations logged into the application to every printer. It is inevitable that the company holds a checklist, prepared with the supplier, providing a summary of delivery and system set-up documentation as well as the sign-off process description. After installation, the company should be in a position to test the application, using sample data and processing a set of transactions and paying special attention if the outcomes meet the company's expectations.
Before entering/transferring static data it is advisable to check whether the new application supports the same export facilities as the previously used one, etc. The rule is to be very careful and check all the documents produced, input transactions and their processing (update if necessary), reconciliation of the relevant control accounts, frequent back-up of the system, etc. It is also a good idea to have the systems implementor on-site for the first few days to help if problems occur.
Peter Borak is Information Risk Manager at KPMG Slovensko. His column appears monthly. Send comments or questions to email@example.com.
29. May 2000 at 0:00 | Managing Info Risk