Audit

Question 1

How are changes to contracts handled (example)?

Answer 1

Contract changes - change notice
E.g add contractor
They specify change required, who requested it, send to us, we fill in the details
Their procurement approve.

Question 2

How do you report on risks and issues

Answer 2

Engagement RIAD log- common risks, issued every 2 wks - supplier risks, delivery risks on conf
Dependencies raised around resource

Question 3

How do you track requirements (3)

Answer 3

BDDs - functionality from users pov
Also prototypes and designs
SAD - includes NFRs - period of feedback - approved by CIO

Question 4

How do we use WAF?

Answer 4

Complete on the engagement, actions regularly reviewed,

Question 5

What improvements could be made?

Answer 5

Track all the engagements / projects on IS side.

Question 6

DM mission statement - ensure

Answer 6

Our engagements are delivered according to best practice and the DMF

Question 7

5 areas of framework

Answer 7

Team Management
Resource and financial management
Commercial and change management
Governance
Solution management

Question 8

Operating principles…but allowing for…

Answer 8

Consistent, managed delivery approach compliant with core delivery principles and accreditations
Flexibility to intelligently tailor with clients, sectors and operational environments

Question 9

3 processes

Answer 9

Assignment is initiation
Assignment control
Assignment closure

Question 10

Audit - accreditations, yrs, by who

Answer 10

ISO9001, 27001…3yrs…independent

Question 11

Scenarios to consider

Answer 11

Contract - multiple SOWs, each a single piece of work
Contract - multiple SOWs, each with multiple projects within the SIW

Question 12

Article is called

Answer 12

Managing Legacy Technology

Question 13

5 types of Legacy Tech

Answer 13

EOL product
Out of support with supplier
Unable to update
Not cost effective
Above acceptable risk threshold

Question 14

When to migrate (3)

Answer 14

Cost of maintaining old tech becomes greater than replacing with new technology
Supplier support not available
Risk is too great

Question 15

7 principles

Answer 15

Use cont imp to keep tech up to date
Build data asset reg
Know full extent of your infra
Build skills
Have a responsive and flexible service model which can adapt
Consider org business needs , process and culture
Use Tech code of practice

Question 16

WAF helps delivery teams (2)

Answer 16

Assure quality
Minimise risks

Question 17

WAF sets out…for each…via a …

Answer 17

Standards and best practices for each discipline via a framework

Question 18

WAF overview / flow

Answer 18

Management Systems Team - Defije, govern
WAF (best practices & standards)
Disciplines define standards and best practices
Client engagement self assess compliance

Question 19

Why have the WAF?

Answer 19

Simple, effective, scalable framework that can cope with growth / different types of contracts

Question 20

Who is the WAF for (3)?

Answer 20

Everyone
- Staff - understand best practices
- Engagements - Assure client satisfaction
- Discipline Steering - assure standards and best practice

Question 21

WAF - each engagement determines (2)

Answer 21

Which parts it applies to
Schedule and approach for self assessing

Question 22

The schedule for self assessment is set at

Answer 22

Engagement initiation

Question 23

Relationship between WAF / OOM & Policies / DMF

Answer 23

Corp standards - processes and procedures (eg Delivery - assignment or initiation / control / closure)
WAF - ID standards to assure
Client engagement delivery
(e.g that the Damage is in place and followed)

Question 24

3 types of engagements

Answer 24

Outcome-based
Resource augmentation
Innovation and transformation partnerships

Question 26

Outcome-based engagements provide teams..

Answer 26

Responsible for delivery of outcomes / solutions

Question 27

In resource augmentation-based engagements, work is directed and assured by….and IS have no..

Answer 27

The client Contractual responsibility

Question 28

LITRAF

Answer 28

Legacy IT Risk Assessment Framework

Question 29

LITRAF indicators (4)

Answer 29

SW OOS Expired vendor contracts SPOFs Known vulnerabilities

Question 30

Defect….x in y producing zx due to abc

Answer 30

Flaw in application producing unexpected results due to coding erro, missing reqs

Question 31

Some defects could impact …eg…and som don’t, eg….

Answer 31

Operations, pay calc error Layout misalignment

Question 32

Incident - UI or RIQ

Answer 32

Unplanned interruption or reduction in quality

Question 33

How are incidents and defects connected?

Answer 33

Defect may be root cause of incident

Question 34

Tech Debt - was recognised as a ….to manage…as …we’re made

Answer 34

Mechanism to manage tech gaps / code quality as compromises were made

Question 35

Organising tech debt

Answer 35

Arch Structural Test coverage / qual Documentation Code quality Security

Question 36

Address Tech Debt through

Answer 36

Awareness - visible to business / risk impact Backlog

Question 37

Example of tech debt risk

Answer 37

Batch processing manual - Headcount required - Risk of overpaying

Question 38

Tech Debt - 2 best practices

Answer 38

Use consistent approach for identifying and measuring Use a Dashboard

Question 39

Tech Debt questions (4)

Answer 39

How much is there? Which should we fix? How much progress are we making? How much business risk?

Question 40

Tech Debt - example metrics for dashboard (4)

Answer 40

Priority items Cost to remediate New v items remediated Lead time from identification to remediation

Question 41

Tech Debt challenges

Answer 41

Not impacting functionality Complicated changes - downtime Breaches not detected (unknown impact)

Question 42

Tech Debt - use…….eg..

Answer 42

Discovery tools Integrate into CMDB

Question 43

Tech Debt - teams inevitably make…and use….causing products to deviate…..

Answer 43

Sacrifices Workarounds Deviate from NFRs

Question 44

Tech Debt tools(4)

Answer 44

Static code analysis Security and vulnerability analysis Observability analysis SW architect debt analysis

Question 45

Tech Debt - unhappiness

Answer 45

Users not happy with usability Infra / Ops - unhappy with costs Business - frustrated at slow pace Security - apps not up to date with security standards

Question 46

Tech Debt - CIOs need to UL…and DS to …and change the

Answer 46

Understand level Develop strategies to address Culture, policies, methodologies

Question 47

How is tech debt generated? (4)

Answer 47

Planned - decided not to fulfil requirement Delivered - couldn’t deliver it Discovered - identified afterwards Acquired - after live, need SSO following security review

Question 48

Tech debt - cost / risk implications

Answer 48

Maintenance costs Op costs (doesn’t meet efficiency targets) Can’t meet recovery targets - business risk Can’t meet usability targets - higher cost for users

Question 49

Tech debt approaches

Answer 49

Waive requirement - write off Refactor Replace

Question 50

Tech debt - for new project

Answer 50

Focus on NFRs Put in plans and budget to address

Question 51

8 domains

Answer 51

Functionality Reliability Usability Performance efficiency Maintainability Portability (between devices) Security Compatibility (integration)

Question 52

Difficult delivering ….cd bc projects within often…uld

Answer 52

Complex digital business change projects within often unpredictable legislative deadlines

Question 53

Why understand what matters to users?

Answer 53

Can create outcomes that (3) Resonate Improve satisfaction Drive faster adoption

Question 54

MVP - what are the cf

Answer 54

Critical Features

Question 56

What are 8 principles in MP article

Answer 56

Identify real needs of users Focus on mvp Be open about constraints Maintain achievable plan Be responsive to change Keep eye on big picture Continuous engagement with users Phased rollout