Just finishing a project where we helped design and implement application security for a global rollout of a manufacturing company. The politics of a project never cease to amaze me and every project has its own unique politics. I’ve seen it all... A well run project takes strategic vision and the proper leadership to support all the objectives. More often than not, a project is well supported from an operational perspective, but does not have the same level of support or leadership when it comes to security and controls. This is why using a firm independent form the system integrator is so important. Without a proper understanding of the risks involved in implementing the applications from a project as a whole or an individual element such as application security, management is running blind. In many cases, management does not have the experience or expertise in implementing ERP systems, in general, or the specific ERP system. Having both types of knowledge is critical to being able to effectively manage a project.
All too often, the bidding process for system integrators lends to the ‘get it done on time and on budget’ and ‘to hell’ with things like properly designed security or implementing proper internal controls PRIOR to go live. Without strong project leadership, often proper security and controls never gets implemented because post-go-live funding is difficult to attain because the ‘core’ project is over-time and over-budget.
I suspect this blog may hit a few nerves and am looking forward to any comments.