Skip to main content

3.11C Post implementation Review

3.11C Post implementation Review



  • Objective of a post implementation review is to determine the efficiency and effectiveness of the system and to ensure that the system is capable to support the business requirements.


  • Following aspects are reviewed during a post implementation review:


  • Whether the system meets the user requirement?

  • Whether controls are appropriately defined and deployed?

  • Whether return on investment (ROI) is effective?

  • Whether the risk of the new system is within the acceptable limit?



  • Lessons learnt during the implementation should be documented and to be considered for future projects.


  • Review should be jointly conducted by the project development team, end users and risk practitioner.


  • Post implementation review should be conducted after sufficient time period to determine the effectiveness, efficiency and adequacy of the project.



Project Closeout


  • Closing a project is a formal process to determine the positive and negative points for the implemented project and how to address the same as next project management.


  • Following are important steps for closing a project:


  1. If any issues are outstanding, specific individuals should be made accountable for follow up and closure.


  1. Document relevant risk related to the project and to update the risk register.


  1. Project documentation should be properly archived for future reference.


  1. Conduct of post implementation review


  1. To take final sign-off from the end user with respect to deliverables.


Key aspects from CRISC exam perspective


Below table covers important aspect from CRISC exam perspective:


CRISC Questions

Answer

What are the prime objectives of post implementation review?




  • To determine the extent to which project met its objective and addressed the requirements originally defined.

  • To determine cost benefit analysis and return on investment

  • To determine lessons learned from the project for improvement of future projects

What should be the area of focus for a risk practitioner during a post implementation review?

To determine adequacy and effectiveness of security controls


Self-Assessment Questions


Practice Questions - 3.11C Post implementation Review

Popular posts from this blog

2.7 Risk Analysis Methodologies

2.7 Risk Analysis Methodologies Risk analysis is the process of ranking of various risk so that areas of high can be prioritized for treating them.   Risk can be measured and ranked by use of any of the following methods:   Quantitative Risk Assessment Qualitative Risk Assessment Semi-quantitative Risk Assessment   Factor that influence the selection for above technique is availability of accurate data for risk assessment. When data source is accurate and reliable, organization will prefer quantitative risk assessment as it will give risk value in some numeric terms like monitory values. Monetary value is easy to evaluate to determine the risk response. Quantitative Risk Assessment In quantitative risk assessment, risk is measured on the basis on numerical values. This helps in cost benefit analysis as risk in monetary term can be easily compared to cost of various risk responses.   In quantitative risk assessment, various statist...
Read more

30% Discount - CRISC Recorded Lecture

We are pleased to announce that we are offering CRISC recorded lectures at 30% discount. Please use below link to avail the discount https://www.udemy.com/course/crisc-with-hemang-doshi/?couponCode=CRISCMARCH21037
Read more

2.5 Project & Program Management

2.5 Project & Program Management ·          It is very important for a risk practitioner to monitor the risk related to the management of the projects.   ·          Some of major reason for failing of IT projects are:   §   Scope creep i.e. requirements are not properly defined at the initial phase. §   Lack planning resulting into over budget and unavailability of skilled resources. §   Lack of structured project management process. §   Systems not tested before implementation §   Compliance or regulatory issues   ·          Root cause for the system failure is to be determined so the learnings can be applied to all the future projects.   ·          Major cause for a project failure is delay in completion. It may happen to make for the time lapsed...
Read more