Project Management

Project Management Central

Please login or join to subscribe to this thread

Topics: Consulting, Integration Management, Strategy
Where can I find some guidance/ templates for starting a project to establish - 'Compliance and Governance project across global Business Units'?
I am on a task to handle a project for establish 'Compliance and Governance project across global Business Units'.

Can someone please guide templates/ starting point for this?
Sort By:
I can not give you templates but I will try to put here as far as I can about the actual process followed in my actual work place which I was accountable to define. Our governance process is tied to SOX controls on project. We use a stage gate life cycle which is on top of every life cycle model/process we use and the approach we use. Basically we have the following stateges: 1-feasibility and approval to check if the business case was approved. 2-business blueprint to check if requirements (product and project) were agreed and approved. 3-realization design to check if the solution design was agreed and approved. 4-realization test to check if user acceptance test was agreed and performed with no open incidents. 5-final preparation to check if all is ready to proceed to move the solution to production environments. 5-project close to check if everything needed has been completed and agreed after hypercare.
Look at oceg.org
...
1 reply by Prashant J. Soni
Apr 10, 2020 12:32 PM
Prashant J. Soni
...
Thank you Thomas.

I will go through it. It looks massive. I am quite hopeful to get some breakthrough with this.
Prashant -

Is the purpose of this project to define and implement controls to be in compliance across the different business units?

The types of deliverables you might have in that case would be policies (defining the expectations), control objectives (translating the policies into specific expectations), training/guidance/support for project/operational teams on meeting the control objectives, and audit/assessment procedures and staffing to monitor compliance with the objectives.

However, as far as how to get started, this is the same as for any other project - identify stakeholders, get a charter formally approved, and start the process of understanding scope and formulating your plans.

Kiron
...
1 reply by Prashant J. Soni
Apr 10, 2020 12:26 PM
Prashant J. Soni
...
Many thanks Kiron. I think I have got the starting point here.

"Is the purpose of this project to define and implement controls to be in compliance across the different business units?"

Yes, you interterpret it right.
Across the BUs and across the globe, that's actually 'the challenge'.

Though other global BUs comes under the same bigger umbrella as one organization, but fundamentally they are vastly different - can be safely assumed as group of 'individual organizations'.

The 2 reasons why I emphasied on 'individual' word are:
1. Some global units are not 'major' development centers, and this has an impact on the willingness to impose those Software centric policies in their org.
2. Buyout would be needed from all the heads/ CEOs of these units-cum-org as they have to approve formation of the whole framework.
Apr 10, 2020 9:31 AM
Replying to Kiron Bondale
...
Prashant -

Is the purpose of this project to define and implement controls to be in compliance across the different business units?

The types of deliverables you might have in that case would be policies (defining the expectations), control objectives (translating the policies into specific expectations), training/guidance/support for project/operational teams on meeting the control objectives, and audit/assessment procedures and staffing to monitor compliance with the objectives.

However, as far as how to get started, this is the same as for any other project - identify stakeholders, get a charter formally approved, and start the process of understanding scope and formulating your plans.

Kiron
Many thanks Kiron. I think I have got the starting point here.

"Is the purpose of this project to define and implement controls to be in compliance across the different business units?"

Yes, you interterpret it right.
Across the BUs and across the globe, that's actually 'the challenge'.

Though other global BUs comes under the same bigger umbrella as one organization, but fundamentally they are vastly different - can be safely assumed as group of 'individual organizations'.

The 2 reasons why I emphasied on 'individual' word are:
1. Some global units are not 'major' development centers, and this has an impact on the willingness to impose those Software centric policies in their org.
2. Buyout would be needed from all the heads/ CEOs of these units-cum-org as they have to approve formation of the whole framework.
...
1 reply by Kiron Bondale
Apr 10, 2020 5:05 PM
Kiron Bondale
...
It is difficult when dealing in a de-centralized model where each business unit is facing different challenges and has different contexts.

However, that is where a lightweight, minimally sufficient policy combined with a principles and control objectives-based framework will serve you much better than a process-heavy approach which will inevitably become "one size fits all".

If each BU buys into the policy, principles and control objectives, it then becomes their responsibility and that of their control officers to define and monitor "how" those are implemented.

Kiron
Apr 10, 2020 6:55 AM
Replying to Thomas Walenta
...
Look at oceg.org
Thank you Thomas.

I will go through it. It looks massive. I am quite hopeful to get some breakthrough with this.
Apr 10, 2020 12:26 PM
Replying to Prashant J. Soni
...
Many thanks Kiron. I think I have got the starting point here.

"Is the purpose of this project to define and implement controls to be in compliance across the different business units?"

Yes, you interterpret it right.
Across the BUs and across the globe, that's actually 'the challenge'.

Though other global BUs comes under the same bigger umbrella as one organization, but fundamentally they are vastly different - can be safely assumed as group of 'individual organizations'.

The 2 reasons why I emphasied on 'individual' word are:
1. Some global units are not 'major' development centers, and this has an impact on the willingness to impose those Software centric policies in their org.
2. Buyout would be needed from all the heads/ CEOs of these units-cum-org as they have to approve formation of the whole framework.
It is difficult when dealing in a de-centralized model where each business unit is facing different challenges and has different contexts.

However, that is where a lightweight, minimally sufficient policy combined with a principles and control objectives-based framework will serve you much better than a process-heavy approach which will inevitably become "one size fits all".

If each BU buys into the policy, principles and control objectives, it then becomes their responsibility and that of their control officers to define and monitor "how" those are implemented.

Kiron

Please login or join to reply

Content ID:
ADVERTISEMENTS

"Humor is but another weapon against the universe."

- Mel Brooks

ADVERTISEMENT

Sponsors