The Importance of Project Management Software

Have you ever wondered how important software is for managing projects? How much time does it save? How much it can help you in delivering a successful project? What parts of it are lifesavers and what parts can you live without?

Having these questions ourselves, our company has conducted a research with a subject “Project management on an enterprise level”, during the past month, supported by Seavus Project Planner and Seavus DropMind™. The main purpose of the research was to identify the needs and requirements of people who are faced with project challenges everyday.

The research has shown some very interesting results that we would like your input on.

Part I

First, let’s share the statistics about the respondents. The first part of the survey was dedicated to analyzing industry the companies operate in, company’ size, location and job title of the respondent.

From the responses provided, most respondents work in companies within Manufacturing (13.40%) and Consulting (11.34%) industries, directly followed by Business / Professional Services (8.25%), Construction / Home Improvement (8.25%) and Government / Military (7.22%). Other industries presented have less than 7 % of respondents.

Regarding the companies size, most respondents work in SME (24.74%) directly followed by companies with 1000-10000 employees (18.56%). However most of these companies have between 1 and 3 offices (51.55%).

The job title of the respondents is summarized in the graphic below:

We believe this reach provides an accurate sample of the PM market, and that the conclusions can be trusted.

Part II

Next part of the survey was connected to the actual usage of the project management software that is chosen within the responders’ company.

We wanted to explore the usage of the Microsoft® EPM within these companies and more or less we were surprised by the answers. It is interesting to see that large number of companies that have been using MS Project Standard are not using Microsoft® EPM and do not even consider implementing this solution within their companies.

However, it was also interesting to see the importance of different parts constituting the project management solutions for the people using Microsoft® EPM (or for those that are considering using it in the future) and for the people who haven’t been using it or are not considering using it in the future. We have divided the most important features in 4 categories: Project Management, Resource Management, Time Management and Collaboration. Follow up the appropriate responses in the tables below:

(The green colored cells are related to respondents who are or will be using Microsoft® EPM and the orange colored cells are related to people who are not or will not be using Microsoft® EPM).

As you can notice all of the features above are important and very important for the biggest number of the respondents, except for the wikis which both groups has indicated as not important feature. Moreover, almost 79% of respondents stated that it is very important or critical for them to track project progress. Assigning privileges/roles is valued with 3, (on a scale from 1 as useless and 5 as critically important), from almost 50% of the respondents and for all respondents is important to know that their project is on budget and on schedule.

Other interesting answers were given on questions such as where the respondents store important documents (.mpp files; general documents and project related documents). The answers were diverse, since this was an open question. However, some of the most frequent answers were: on the Server, SharePoint, Network, and File Server and it is more than obvious that people want to have their pm solution installed on the server in the company (89%) than to have it hosted (10.81%). Moreover, they prefer to install the solution from their own IT department (75.68%) than to have the installation from the solution provider (24.32%), but almost 57% of the respondents are ready to pay for installation and support from third party.

The answers on the question “How the teams update task progress?” were expected. 37.55% of the respondents stated that e-mail is used for updating task progress. Surprising 18.18% of respondents verbally update tasks and 15.58% use MS® Excel. Software programs were mentioned by a small number of people.

Same answers were given on the question “How do you share info about late tasks, risks, or general project related knowledge?” with 75.32% for e-mail, 48.05% verbally and 28.57% MS® Excel.

This survey provided many valuable answers, but as you can notice, there are some conflict areas. We encourage you to share your opinion on the results and moreover your experience in the field. Let’s create together the big picture of this survey.

Defining Business Processes

When a large enterprise project kicks off, the hope of every project manager is that the customer organization has done a thorough and thoughtful job in defining their current business processes. Implementing a new enterprise solution usually means that some significant areas of the organization are going to change. Things have been done one way up until now and it is time that the organization change those things with the implementation of the enterprise solution that they are now incorporating.

To know exactly where they want to go and for you to know how to get them there, there must be an understanding of where they are coming from. That is usually going to come from subject matter experts (SMEs) within the customer organization and they will be the key individuals to define what those “as-is” business processes are so you can better understand how to get them to the “to-be” business processes that they want to experience.

Defining The As-Is Processes

Before a the customer can improve a process through a project such as we are discussing here, they must understand how it works. The most useful tool for studying the current process is a flowchart. There are other ways, but the key is they need to know how their business processes currently work in the area that will be affected by the project before they can truly help the vendor – your project team – implement an effective solution.

To develop an accurate flowchart, the team assigns one or more members to observe the flow of work through the process. If current SMEs are available, this step may be either unnecessary or very fast, but it has to be handled. It may be necessary for the observers to follow the flow of activity through the process several times before they can see and chart what actually occurs. This record of where actions are taken, decisions are made, inspections are performed, and approvals are required becomes the “as-is” flowchart. It may be the first accurate and complete picture of the process from beginning to end.

Here is a very vital piece of the puzzle: as the team starts work on this first flowchart, they need to be careful to depict what is really happening in the process. They don’t want to fall into the trap of flowcharting how people think the process is working, how they would like it to work, or how an instruction or manual says it should work. Only an as-is flowchart that displays the process as it is actually working today can reveal the improvements that may be needed. It’s easy start thinking too early about the “to-be” processes…the focus must be on the “as-is” processes.

When teams work on processes that cross departmental lines, they may have to talk to people at all levels across the command who are involved in or affected by the process they are working on. It is even more important to get an accurate picture of these cross-functional processes than those whose boundaries are inside a work unit or office.

The team can define the current situation by answering these questions:

• Does the flowchart show exactly how things are done now? If not, what needs to be added or modified to make it an as-is picture of the process?
• Have the workers involved in the process contributed their knowledge of the process steps and their sequence?
• Are other members of the command involved in the process, perhaps as customers? What did they have to say about how it really works?

Summary

This is one way to go about it – and it may be done before you even get the project handed to you. However, it’s been my experience nearly 50% of the time that the customer organization has not done a very thorough job of defining their business processes. The overall affect to the project usually plays out in added resource effort resulting in a budget issue and added timeframes up front resulting in project timeline issues.

If the layout of processes is non-existent, it may even be necessary for the project manager to request a delay on starting the project to give the customer SMEs sufficient time to adequately analyze the current business processes in the organizational areas to be affected by the project. That will be painful, but it will pay huge dividends in the long run.

The Project Manager and Press Briefings

Thankfully, the projects I’ve run have not required that I go before the press and give any kind of a briefing – either pre- or post-project. The closest I’ve come is helping a customer put together written press briefings – these were in the case of US Airways for an enterprise-wide software implementation and Rockwell Collins for the release of their pharmacy website for employees and retirees for publication in a trade journal.

Carl Pritchard presents his take on press briefings and the PM’s role when leading those types of projects. The following text, for the most part, comes from his book entitled “The Project Management Communications Toolkit.” Again, I’m not wholeheartedly endorsing this process or the information contained here, but I think it is solid information nevertheless and would be helpful to project managers who find themselves faced with the need to “meet the press.”

Press Briefings

Few environments are as grueling for a project manager as when he or she must face the media. Press briefings are held to inform members of the media about the status of a project, its environment, or its supporting organization. They are intended to present the project organization (or host organization) in the best possible light. Press briefings are held when a project or its impact is sufficiently significant that public information campaigns using mass media are appropriate. They should be held whenever the project has achieved sufficient recognition that the project organization’s perspective on the effort is deemed to be of public interest. That recognition may be positive or negative in nature, and may be proactive or reactive, depending on the nature of the project organization.

The Subject Matter

The subject matter for a press briefing should be determined well in advance of the briefing to ensure that the correct information is shared and any information that the organization does not want to share is clearly defined for those hosting the briefing. Members of the media are often given “press kits” at such gatherings, highlighting corporate history, general information, past press releases, and any contact persons’ business cards. The organizational spokesperson (sometimes, the project manager) should open with a statement regarding the nature of the project and the issue(s) that brought the project into the public eye. The statement should anticipate any questions, objections, or concerns that may be raised. If broadcast media are present, consideration should be given to phrases, paragraphs, or references that may be presented in 8- to 20-second sections (classic “sound bites”).

A press briefing need not necessarily include question-and-answer periods, but keep in mind that most members of the media will have questions. Although the spokesperson is not compelled to answer these questions, failure to respond is sometimes interpreted as a lack of cooperation or as a sign of deviousness. In situations where off-the-cuff responses may be dangerous, it is wholly appropriate to offer to do supplemental research and respond at a later time. The most effective spokespersons will identify the time when the additional information will be available and how it will be made available. If “no comment” is the appropriate response, alternative means to couch that phrase can be very effective and can leave media representatives with something quotable. Saying “This would not be the time to offer comment on something of that nature,” followed by an iteration of the key point of the briefing affords the presenter the opportunity to emphasize what is important.

Summary

Press briefings are potentially volatile situations, but they are the host organization’s to control. Simple considerations (like morning coffee and comfortable seating arrangements) can go a long way to defuse a potentially hostile audience. Clear rules of conduct and engagement can also minimize the possibility that the session appears to be out of control—and the more that can be done to ensure a positive attitude and a forward-looking perspective, the better.

Ten Guidelines for Managing Passwords in the Enterprise

As a follow-up to my article entitled “The Most Serious Data Threat May be Sitting Next to You,” Mark Sanford from Click Studios sent me a link to their article on “10 Guidelines for Managing Passwords in the Enterprise.” Since data security and data integrity is a critical issue on any enterprise IT project that involves significant data – and they all do – this is extremely timely and appropriate.

Mark and Click Studios have graciously allowed for their article to be provided to the readers of PM Tips. I strongly urge you to also visit their site and the original article here.

10 Guidelines for Managing Passwords in the Enterprise

Today the world is totally dependent on information technology, and many corporations struggle to effectively manage and store passwords securely for their employees. Every other day you hear of large companies exposing customer account details to non-intended audiences, due mainly to poorly managed IT systems and processes. The confidentiality and integrity of sensitive data is paramount to the operations of any size business, and the following guidelines should be considered when choosing any type of electronic password management system (PMS).

1. Remove the need for employees to remember passwords, or even worse, write them down

A key cause of bad password management practices is many employees don’t have a system in which to records their passwords, resulting in them having to either remember them, or write them down and store them in an unsecure manner. The password management system (PMS) must provide adequate functionality, removing the need for employees to remember passwords.

2. Centralize the management of passwords

Centralization of an organization’s passwords is the first step in gaining control of the IT accounts used to operate their business, otherwise there is no visibility or governance of their usage.

3. Ensuring the integrity of sensitive data

To ensure the integrity of data stored in an electronic PMS, there are a few key things to consider:

• Passwords should be encrypted with 256bit AES encryption, and a unique Initialization Vector used for every install
• Users should authenticate against the PMS using their Microsoft Windows domain account credentials
• PMS must provide the option to use two-factor authentication for the user(s) who administer the system
• Sensitive code of the PMS should be obfuscated, to prevent reverse engineering by system or web administrators
• PMS must mitigated against system or database administrators granting themselves access to unauthorized data

4. Make the passwords easily accessible

Users must be able to get to the PMS from any location, must not rely on any client installs, and must give them quick and easy access to their passwords.

5. Must promote the use of strong passwords

The PMS must promote the use of strong passwords, of which the policy for password strength is set by the administrator(s) of the system. Visual representation of password strength must be available when entering passwords, or when reporting against, so the user is constantly reminded if a password’s strength is poor.

6. Must promote regular resetting of passwords

A key component of bad password management practices is not resetting passwords at regular intervals. The PMS must have one or more options for reminding users that passwords are about to expire.

7. Must be portable and recoverable

There is little use centralizing your organization passwords if you’re unable to get to them in case of a disaster. The PMS must provide the mechanism by which all passwords can be exported to a separate file, to be stored outside of existing IT systems – preferable with trusted security personnel.

8. Changes must be traceable and auditable

All large organizations require governance over access to IT systems, and its imperative the PMS must support traceability of all events within it, and must be easily reportable. This applies to standard usage by employees, or administration of the PMS.

9. Must be scalable

If you intend to implement an enterprise class PMS, its crucial the system can scale with your organization, otherwise your investment (time and money) may be wasted.

10. Must be simple to use

As with any IT system, acceptance by its audience is crucial to its success. Provide users with a poorly designed interface, and you will meet resistance at every step. To successfully employ a PMS and realize the benefits it can bring, the PMS must be very simple to use and provide the user community with sound help documentation if required.

(Click Studios – 18^th October 2009)

The Most Serious Data Threat May be Sitting Next to You

An article that appeared recently in InformationWeek magazine examines what is sometimes the most serious threat an organization faces in terms of their own data security – the internal authorized user base. The following article from Ericka Chickowski explains that hackers may covet your data, but insiders are the most common source of database leaks.

How IT pros who manage database security rank database threats:

• An insider attach by someone with root access to the database or database server
• A logical attack on a Web-facing app connected to a database
• Database containing confidential data that IT is unaware of
• A misconfigured database
• A vulnerable database that hasn’t been patched

(Data: Enterprise Strategy Group survey of 179 IT pros)

In their quest to protect sensitive information from outside attackers, many organizations overlook the most imminent threat to their databases: authorized users.

“It sometimes amazes me how little concern companies have for their production data,” says James Koopmann, owner of database consulting firm Pine Horse. “They allow nearly anyone to plug in shareware, freeware, and demo tools to access sensitive production data without any concern for how it might be retrieving, caching, or altering data.”

As discussed in the latest Dark Reading Database Security Tech Center Report, five common factors are most likely to lead to the compromise of databases: ignorance, poor password management, rampant account sharing, unfettered access to data, and excessive portability of data.

Take the lack of security education. In our InformationWeek Analytics 2009 Strategic Security Survey, we asked respondents to rate the time spent on various security efforts. User training came in ninth out of 10 choices, a few points behind log file analysis. Yet in another study, CompTIA’s seventh annual Trends in Information Security report, published earlier this year, 85% of those organizations surveyed that do offer security training to non-IT staff saw a reduction in major breaches.

The goal of training must be to ensure that users who work with databases understand the sensitivity and/or financial value of the data they work with, and therefore are less apt to become casual in their security practices.

Poor password management is another common problem. Either IT departments allow database users to set easy-to-guess passwords, or they make passwords so complicated that workers end up writing them down and sticking them to the computer screen.

“We have to strike a balance between ease of remembering for database users versus how complicated we make the passwords to protect against outsiders,” says George Jucan, CEO of Open Data Systems, a database consulting firm.

Account sharing also creates security issues. While some users take advantage of their co-workers’ credentials, others gain access to data via highly privileged application server credentials. In either case, data compromises can occur without leaving a clear trail to the perpetrator. All that log file analysis won’t help you now.

Unfettered access to data is another common problem. In many cases, employees are given access to more information than they need to do their jobs.

“Most of the databases today provide role-based access control to databases, and few companies actually take advantage,” Jucan says. “If somebody doesn’t even see that certain data exists in the database, they will not be tempted to print it and leave it on the printer.”

Enterprises should also look into data-masking technology to limit the user’s exposure to highly sensitive and highly regulated data sets, such as Social Security numbers, without limiting the user’s ability to do his work.

Finally, take a closer look at technologies and practices for protecting data as it becomes increasingly portable. One of the biggest dangers companies face today is the ability of authorized users to simply download large chunks of information from the database onto spreadsheets, laptops, or portable storage devices. Experts say that tools such as database activity monitoring, data loss prevention, and encryption all can help protect portable data.