Schedule A Canadian Chartered Bank Case Study
Enterprise Program and Portfolio Management System
The mandate of the Enterprise Program Director was to successfully implement the PPM system and ensure rapid enterprise adoption. The scope of the mandate included: planning, implementing, and ensuring the technology components were operational and up to date (PPM system, infrastructure, provisioning, security, middleware, software licenses etc.), full life-cycle development consistent with the bank’s methodology, legacy application migration to the PPM, system, data integration, legacy-application decommissioning, change management, financial management, and stakeholder management. One of the biggest challenges was stakeholders’ resistance to abandoning their vertical disparate project applications and onboarding to the PPM system.
There were a myriad of other significant challenges during the continuum of the development life cycle; these included: performance degradation, fault-tolerance failures, and inadequacy of the vendor’s data warehouse solution which compromised regulatory and management reporting. As well, PPM system has a complex security model and the bank made a conscience decision to implement an open model to help contain performance issues and to accelerate implementation.
The open security model inhibited prevention of unauthorized changes to project data and gave rise to privacy risks due to the transparency of sensitive data. Furthermore, there were major audit control deficiencies from the previous year that were not yet resolved; major control deficiencies are escalated to high levels if not resolved in a timely manner.
During the first two weeks of the WCI consultant’s onboarding, the bank’s program director encountered an accident which forced him to take disability leave, the duration of which will segue to his retirement. This unexpected and unfortunate set of circumstances significantly compromised transition; the WCI consultant immediately took leadership of delivering the program and reporting directly to the executive sponsor, and the executive steering committee.
The following is a summary of actions taken against the challenges mentioned above.
Completed all business requirements and obtained sign os to ensure stakeholders commitment to agreed system features and functions.
Chaired and facilitated a one-day comprehensive presentation of the PPM systems to demonstrate, clarify and answer all questions on systems capability. This opening address was delivered by the executive sponsor who made his expectations crystal clear as to the mandate of the program and the obligation of all stakeholders to commit to the success of the PPM system. This was the pivotal point in the program’s evolution.
Formal stakeholders’ meetings were scheduled with a monthly cadence to inform and address ongoing issues and concerns.
Both synchronous and asynchronous training programs were conducted throughout the enterprise on a periodic basis to maintain stakeholder’s engagement and interest.
Well-orchestrated engagement visits were made to selected stakeholders on a periodic basis to provide focused time and attention to matters where and when needed.
The PPM system has an application stack, middleware and run-time environments, any of which, singularly or in combination with other components could adversely affect performance. Performance tuning on the database and infrastructure components brought some improvements. Implementing performance-monitoring utilities highlighted bottlenecks which were addressed to the extent possible. However, performance at peek time usage was still an issue. After more extensive analysis, it was concluded additional performance improvements can only be achieved through simplification of customized and configurable applications codes; these codes were necessary to facilitate the bank’s processes and requirements. It was decided that more complex performance solutioning will be undertaken by the vendor at a future date if/when the bank decides to migrate from an in-house model to a SaaS model.
Fault tolerance failures:
A node on the cluster appeared to reach maximum capacity which caused downtime and required service restart. This was highly disruptive since users had to be locked out and could not get their jobs done. Project managers prefer to focus on their main mandate of managing projects rather than having to deal with system issues Eventually this node was replaced, as well any another node on testing environment, thereby incurring unplanned costs.
Reporting is a critical requirement of any system. It was disappointing the PPM vendor’s data warehousing solution and claims of an operational system did not materialize. The bank reversed its decision and demanded repayment of the monies spent to acquire the Data warehouse. The mid-term solution was a construction of an internal data warehouse by the project team, and transferring data from the PPM system OLTP database nightly with24-hour concurrency of full extracts, and reporting from the warehouse using front-end reporting tools. As part of the longer-term solution, the program had initiated a permanent solution to migrate all data from the PPM system application database to the bank’s Enterprise information platform where project data can be linked to other business subject areas to provide powerful and cross-functional reporting capabilities.
The open security model became a serious management issue of data ownership and accountability for data integrity since it was possible for one program manager to change another project manager’s data without notification or consent. Another drawback of this open model was visibility to financial data and competitive data which had to be rectified. As a stop-gap measure, we succeeded in masking sensitive data but a more sophisticated solution was needed around the project managers’ accountability for timely accurate and complete project data. The program leadership initiated a comprehensive study of the security options against the banks hierarchical structures to determine whether a roles-based, process-based or some other solution will be sufficient.
The results of this study were reviewed by our stakeholders and project team with a recommendation to implement a process-based security model. The steering committee then decided that implementation of this solution will be performed by the vendor as part of the migration from an in-house model to a Saas model.
Audit control deficiencies remediation:
The audit of the program by the bank’s auditors uncovered some major control deficiencies as well as a few minor ones. Major control deficiencies if not resolved are reported to the bank’s board of directors, and the deadline for resolution was quickly approaching. Remediation of audit issues had to be substantiated by concrete audit evidence to cross-reference against the auditor’s program and checklists. This required long hours of focused intense work in a short period to close process gaps and implement new or modified processes with all requisite documentation, and demonstrating these processes have been implemented and embedded in the organization. Once of csuccess factors in resolution was the WCI consultant was CISA certified, had performed both financial and interim audits, and able to effectively communicate with the auditors during their investigation. The auditors were satisfied that the major controls deficiencies were resolved and reported their satisfaction to executive management.
Implementation of all modules were implemented on schedule and to specifications.
Enhancements to functionality were implemented on schedule and to specifications.
Incidents were resolved in a timely manner and to users’ satisfaction.
Reporting experienced limited but growing success, with plans and funding in place to continue improving.
Regulatory reports were produced and disseminated on schedule.
All lines of business were successfully migrated to the PPM system.
Data integrity was on an improvement continuum; formal data integrity methodologies and metrics were put in place by the Data Governance organization.
Processes were put in place to triage and approve all incoming requests for increased functionality, including formation of a change approve board and formal ITIL process for change and release procedures.
WCI received several accolades and were given other opportunities at the bank.