New Project Perils
BA Forum Moderator
EU countries may have the same or even more stringent measures.
>From ComputerWorld
=============================
Shifting regulatory terrain raises new obstacles for project managers.
News Story by Stacy Collett
FEBRUARY 28, 2005 (COMPUTERWORLD) - At Jet Blue Airways Corp., Vice
President of IT Todd Thompson mapped out an aggressive IT schedule for
a new payroll system and a slew of other projects to be completed by
the end of 2005. But the company's controller had different ideas.
"You can't go live in the fourth quarter," she announced.
The reason: The Sarbanes-Oxley Act calls for the toughest oversight yet
of companies' financial reporting practices. As a result, auditors now
look at any new financial systems deployed in the fourth quarter of the
year as red flags.
Just when veteran project managers thought they had navigated the
toughest project pitfalls, the terrain has shifted. Regulations
introduced over the past few years are wreaking havoc with otherwise
solid project plans. These changes can blow up project deadlines and
budgets, drain staff and force project managers into the role of
privacy police. Here are some of the obstacles in the new project
landscape.
Fourth-quarter traps.
The reporting requirements brought on by Sarbanes-Oxley have
controllers putting the brakes on financial IT projects in the fourth
quarter, says Holly Nelson, controller at Jet Blue.
In the real world, most projects are completed in the fourth quarter,
says Catherine Tomczyk, a project manager at First Data Government
Solutions Inc. in Greenwood Village, Colo. But in the financial realm,
big expenses near year's end can give auditors the impression that
someone is using up funds so they don't lose them.
Fourth-quarter projects may also raise auditors' suspicions that
upgrades or new software may have been added without the proper
controls in place.
Financial projects not scheduled with this in mind could be delayed
until the first of the year and perhaps even lose funding, or IT could
be pressured to bring projects live too soon.
Audit overkill.
Project managers at financial services firms also face other regulatory
fallout, such as concerns raised by the Fair and Accurate Credit
Transactions Act and the Fair Credit Reporting Act, which govern the
storage and protection of consumer credit information.
At nonprofit student-loan provider Chela Financial Resources Inc. in
San Francisco, students' credit scores are required to process
applications, but the need to protect that information can lead to
audit overkill.
"We're working on one project now where we have three lawyers involved
in the early requirements phase" because the regulations regarding how
the data can be stored and protected are so specific, says Virginia
Robbins, CIO and a Computerworld columnist. "Historically, we would
only have one."
The bottom line: "More opinions mean more time, more money, and the
cost of the project goes up," she says.
Talent drain.
The USA Patriot Act is hampering the use of foreign nationals in U.S.
projects. The act includes tight guidelines on the use of foreign
workers on federal government projects, and it restricts their access
to company information and facilities. The effect on projects can range
from a nuisance to a serious blow.
At First Data, many members of Tomczyk's team are foreign nationals.
"The day [the Patriot Act] went into effect, everything came to a
crashing halt," she recalls. "My lead architect, two top developers and
my whole mainframe group -- close to 15 people -- had to move to
another wing of the building. We had to find space that wasn't in a
secure area. We had to change IDs and passwords. They couldn't come in
after hours. They had to be escorted everywhere."
The result: lost time, increased expense and lower morale.
Intellectual property problems.
In the Internet Age, intellectual property is on everyone's mind. Too
often, protecting it becomes the project manager's responsibility.
"Every time you change the look and feel of a Web site, you have to
copyright it," says Tomczyk. "Sometimes you're turning it out so fast,
it becomes [the project manager's] responsibility to change copyright
data."
Protecting intellectual property is even more challenging when part of
a project is outsourced. In India and much of Asia, contractual
agreements about copyright protection can be virtually useless, says
Gopal Kapur, president of the Center for Project Management in San
Ramon, Calif. "Contracts don't do anything [in India] unless employees
have been trained" on copyright protection, he says.
Protecting sensitive company or consumer information is another
challenge. Kapur recently visited a medical transcription outsourcing
firm in India and learned that medical information from U.S. patients
was openly available on its databases.
When part or all of a project is outsourced, building in real
protections against copyright and intellectual property abuses can eat
up time and resources.
~~~~~~~~~~~~~~
Collett is a Computerworld contributing writer in Chicago. You can
contact her at stco...@aol.com.