recently finished creating the initial version of a process for developing “applications” by people outside of the IT area.
Almost all companies have such development, where an end user develops something that is used in the business, without the assistance of the Information Technology area. This type of development can be called “shadow IT”, “business as usual”, “end user computing”, dev on the down-low”, but it does have its place. For example, there are times when a complicated spreadsheet, with some minor VBA programming is needed to calculate something that is going to be needed only for that year’s close out. Having the IT department create an application using the corporate standard process would add time, expense, and inefficiency to something that is needed for a very brief moment in the company’s life. However, these tiny little apps sometimes pose tremendous risk to an organization if they are used to make business decisions and/or have operational risk, reputational risk, or audit risk (to name a few) and need controls to be in place to manage the risk.
What we found was that a minimal process that was very agile in its approach that required the bare minimum amount of documentation added very little impact, but now provides a comfort level to executive management, internal audit, and external audit as well as putting some structure around the risk management and mitigation.
This process is in the initial adoption phase and will be refactored based on the results and lessons learned before it takes on program level coverage. In future updates, I will blog the good, the bad, and maybe even the ugly on how it continues to evolve in practice. Based on initial results, I think that many organizations could benefit from the approach we used…
Joshua Barnes, Co-Founder Unified Process Mentors
Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.