It is very important that The Agency recognises that any ICT project undertaken must be governed, regardless of engagement of the IV&V Provider. This has been highlighted via the MAMPU circular, titled “Panduan Pengurusan Projek ICT Sektor Awam(PPrISA)”.
Figure 4.1 below illustrates the typical ICT project organisation structure with a Project Management Office (PMO) that should be established within any agency, prior to IV&V Provider engagement.
The Agency’s Project Management Office (PMO), will manage the project following the T‑O-R and methodology provided by PPrISA guidelines document, and shall also meet the following industry practices.
- Manage the ICT project from start to finish, including monitoring the progress of the Development Team (regardless of in-sourced, co-sourced or outsourced).
- Plan, monitor and control project budget, timeline, resources and other related project activities.
- Address all issues arising, especially critical issues.
- Ensure project delivery undergoes Quality Assurance (QA) process.
- Work with the Development Team, and allocate resources to address defects reported.
- Conform to, as well as meet or exceed the established quality standards.
For critical and high-impact projects, it is essential that The Agency enforces its PMO to conform to the T-O-R. In doing so, knowing and identifying the need for engaging the IV&V Provider for critical ICT projects becomes apparent as Quality Assurance (QA) processes and defect fixing must not be compromised.
Critical and high-impact ICT projects include, for example:
- system development projects which are of high-risk and potentially life-threatening such as the tsunami alert system or traffic control system;.
- system development projects that could potentially affect and harm public health such as patient information systems or vector control systems;
- system development projects that could potentially pose a threat to national security such as immigration systems or maritime systems;
- system development projects that could potentially affect national economy and finance such as tax systems or accounting systems;
- high complexity and cross agencies system development projects that has a direct impact on the people.
The Agency needs to establish a Change Control Board (CCB) to manage the change requests more effectively. Its responsibility is to review and decide upon any change requests (CRs) raised during ICT acquisition project.
In Figure 4.1 above, the CCB reporting line is dotted because:
- in normal projects, the CCB’s responsibilities can be assumed by the Technical Committee (TC),
- in critical and high impact projects, it is a good practice that CCB is sufficiently resourced with experts (identified and appointed) throughout the duration of the ICT project.
- The CCB may also comprise of representatives of the project’s vendor side (both Development Team and IV&V Provider).
Regardless of items (a) and (b) above, the final approval for CRs raised rests with the Steering Committee.