BUSINESS MANAGEMENT
BOOKSSOFTWARE
CDsINTERNAL AUDIT
BOOKS
SOFTWARE
CDs
|
|
SUPPORT
CENTER DATE: 4/11/01 QUESTION: We are beginning a RBIA audit to address governance over the contract development and project implementation for a major initiative in our Company. The VP project sponsor will not be the final owner of the process/system once it is fully implemented. This project sponsor is going to try to convince us that "everything is beautiful" since he has received senior management and Board approval for the project and the vendor. How should we have the conversation with the project sponsor concerning the governance role over the contract and the project implementation. What are the important things to ask to ensure that we properly address governance? ThanksANSWER: A few comments before I offer a suggestion on how to proceed. First, every project has the support of senior management. To admit otherwise is tantamount to admitting that we are breaching the Standard of Care provisions of the Companies Act or the Foreign Corrupt Practices Act. So you can discount that statement. It doesn’t change anything. If "everything is beautiful" simply because senior management and the board approve it, I cannot for the life of me figure out why companies go bankrupt! Second, many initiatives in companies are developed by one group and administered by others. It is usual to have different vice presidents involved in both. There is a vice president (or group of) that perform governance over the development process and a separate vice president (or group of) that end up owning the finished process and perform governance over its ongoing operations. Third, I am a little confused by the term "contract development and project implementation of a major initiative." I can only assume that there is a major project implementation of which only a part of it is the development of a contact with an outside vendor. Based on the above, I would suggest that you break all this down in two very clear and distinct audits: Implementation
governance Each will have a separate customer. I would further break out of the implementation governance audit a separate audit that addresses the contract development with the vendor. This will allow you to deal with the all the other implementation governance issues, net of the contract piece, much easier as the second audit in the implementation phase. The smaller the audit, the easier it is to stay focused and accomplish your TSOs In terms of your discussion with the project sponsor (I am assuming that they are a vice president) I would place in front of them a big chart outlining the very clear separation between development/implementation responsibilities and the ongoing operations responsibilities. This is specifically designed to prevent him/her from escaping their fundamental governance responsibilities over the development/implementation phase. I would then take the opportunity to explain to them the kind of issues that they need to address from a Governance perspective in order to protect themselves from allegations that they are abusing the stockholders assets. I would explain that the purpose of the audit is to make sure that they are well covered and protected in this area. Pitch your governance audit along the lines of protecting them (remember the RBIA premise that controls protect people!). With this approach, you may be able to turn a difficult position into one of assistance, especially if the vice president is ignorant of basic governance duties that they are required to perform.
|
  
The Best of the Best for 2006RBIA
Gold Medal RBIA
Silver Medal RBIA
Bronze Medal Congratulations!
SOX
404 RISK CONTROL MANAGER 2.1 SOFTWARE
|
|||
|
RBIA™
and PGRM™ Osterio, Inc. All rights reserved worldwide.
|
Updated: February 2, 2007 |
