6. Compliance and Program Management Methodologies 1842

Compliance and Program Management Methodologies 1842

  • P

    For GCC area - Change Management, I am used to seeing PMBOK used as the methodology for managing change.
    Recently I have heard companies utilizing such methodologies as Agile, OSS, SCRUM etc… these all seem to be similar to the existing PMBOK methodology. (see inf.vtt.fi/pdf/publications/2002/P478.pdf for details)
    Some friends that do similar compliance auditing in IT as myself have made statements such as:
    ‘It is a disaster looking to happen’
    'It entails allowing your SD people to ‘anticipate’ future needs to software and lets them tinker and just kinda ‘do what they will’
    'In most of the circles I associate with, it’s also refered to as ‘cowboy coding’
    Would there be major issues in SOX with it, because it allows people to modify code without proper (traditional) signoffs?

    0
  • H

    Would there be major issues in SOX with it, because it allows people to modify code without proper (traditional) signoffs?
    An excellent point and I agree with these concerns.
    However, the PM methodology would need to add SOX related controls where necessary to ensure compliancy requirements are met (e.g., change management, source management control, testing environmental controls, etc). In other words SOX requirements need to take precedence over JIT, RAD, or other approaches to ensure no key financial controls are bypassed in development.
    P.S. I’ve had extensive training in Project management, including PMBOK based PM methodologies and other approaches throughout my career. Below are links related to one of my favorite free PM resources (allpm.com) that I’ve been an active member of for several years.
    Please add www to links below and paste to browser
    General Outline of Project Management Methodology Steps
    allpm.com/index.php?name=PNphpBB2-and-file=viewtopic-and-t=205
    Free older PDF version of PMBOK
    allpm.com/index.php?name=PNphpBB2-and-file=viewtopic-and-t=360

    0
  • P

    Agreed
    If the requirements are met for compliance it wouldn’t matter what methodology is used.
    Now off to ensure they understand that … LOL

    0
Log in to reply