99
© 2007 IT Governance Institute. All rights reserved. www.itgi.org
MANAGEMENT GUIDELINES
Goals and Metrics
From Inputs
PO3 Technology standards
PO4 Documented system owners
PO8 Development standards
PO10 Project management guidelines and a
detailed project plan
AI3 Configured system to be
tested/installed
AI4 User, operational, support, technical
and administration manuals
AI5 Procured items
AI6 Change authorisation
Outputs To
Released configuration items DS8 DS9
Known and accepted errors AI4
Promotion to production DS13
Software release and distribution plan DS13
Post-implementation review PO2 PO5 PO10
Internal control monitoring ME2
• Degree of stakeholder involvement in the
installation and accreditation process
• Percent of projects with a documented
and approved testing plan
• Number of lessons learnt from post-
implementation review
• Percent of errors found during QA review
of installation and accreditation functions
• Number of changes without required
management sign-off before
implementation
• Percent of stakeholders satisfied with the
data integrity of new systems
• Percent of systems that met expected
benefits as measured by the
post-implementation process
• Number of errors found during internal
or external audits regarding the
installation and accreditation process
• Rework after implementation due to
inadequate acceptance testing
• Service desk calls from users due to
inadequate training
• Application downtime or data fixes
caused by inadequate testing
Activities
• Establishing a test methodology that
ensures sufficient acceptance testing prior
to go-live
• Tracking changes to all configuration
items
• Undertaking release planning
• Performing post-implementation reviews
• Evaluating and approving test results by
business management
IT
• Ensure that automated business
transactions and information exchanges
can be trusted.
• Reduce solution and service delivery
defects and rework.
• Respond to business requirements in
alignment with the business strategy.
• Ensure seamless integration of
applications into business processes.
• Ensure proper use and performance of
the applications and technology solutions.
• Ensure that IT services and the IT
infrastructure can properly resist and
recover from failure due to error,
delivered attack or disaster.
Process
• Verify and confirm that applications and
technology solutions are fit for the
intended purpose.
• Release and properly distribute approved
applications and technology solutions.
• Prepare business users and operations for
using applications and technology
solutions.
• Ensure that new business applications
and changes to existing applications are
free from errors.
cases for accredited systems. A R
Recommend promotion to production based on agreed-upon accreditation criteria. I R A R C R I C