BUSINESS NEED SUMMARY TABLE: # Need P Concerns Current Solution Proposed Solution

Transcription

1 EXTRACT FRO BUSINESS REQUIREENTS DOCUENT KEY BUSINESS NEEDS Business case drivers, prduct definitin dcumentatin, legal/regulatry, and ther stated requirements r needs that must be met by the final slutin are described as Key Business Needs. They shuld be defined as much as pssible fr further explratin during detailed requirements definitin. These Key Business needs will define the cre applicatin functinality. BUSINESS NEED SUARY TABLE: # Need P Cncerns Current Slutin Prpsed Slutin 1 Centralize Data Entry basic vendr infrmatin t reduce redundant data entry and naming errrs (i.e. ne system enters IB and anther system enters IB Inc. 2 Rule- and rle-based security and access prfiles. 3 Wrkflw-based prcessing t prvide decisin prmpts, date reminders, and ther autmated triggering, tailred based n situatin, user, etc 4 Risk mitigatin-centric apprach t vendr management 5 Risk-based Vendr Classificatin 6 Capacity-based Perfrmance There culd be vendrs entered int sme systems but nt thers. All systems must be synchrnized n a cmmn indicatr such as Vendr ID and Vendr Name. Vendr infrmatin must cntinue t be prtected equivalent r greater than the current prcess. Need t ensure the quality and cmpleteness f required dcumentatin. Vendr management is nt simply Supply Chain anagement r Custmer Relatinship anagement, but must be based n risk assessment and mitigatin ust allw vendr ranking and tiering by risk, vlume, and LOB t rganize vendrs fr apprpriate management. System respnse time and availability must match WFC SLAs. 7 Interface Ease f Use While user friendly is difficult t cnceptualize, there is n cnsistent lk and feel acrss lifecycle mdules 8 dule-based cmprehensive reprts 9 Alignment with OCC and crprate audit standards. 10 Autmate and standardize the current Vendr anagement Prcess and Prcedures Current reprts are manual r limited t basic, 1- system reprting. Successful cmpletin f wrkflw-based prcessing must als ensure all audit requirements are met. Each system invlved in the vendr management lifecycle independently enters vendr infrmatin Access is granted by system access, security prfiles, and vendr management rules. There is n system managed wrkflw prcessing r built-in QA. Risk management is the central fcus, but is siled acrss many services areas. Key applicatins are running n under perfrming hardware platfrms Infrequent users f sme systems find the mdules intimidating. Current reprts are manual r limited t basic, 1-system reprting. Basic vendr infrmatin wuld be entered int 1 system. If many systems are invlved, the System f Recrd wuld then pass infrmatin in the apprpriate frmat t the apprpriate systems. Vendr infrmatin must cntinue t be prtected equivalent r greater than the current prcess. Use wrkflw wizards that launch when key dates r decisins are activated stepping user thrugh the vendr/risk management prcess. Cmbined a full vendr management lifecycle apprach with risk management the key fcus in the Assess and anagement phases. T huse slutin(s) n hardware platfrms with perfrmance mnitring, autmatic lad-balancing, and built-in scalability. Standardize the interface with the [APPLICATION], and make wrkflw driving Develp a library f predefined reprts available n-demand t each area thrugh security. DESIRED FEATURES TEPLATE_Business Needs Summary_EXAPLE.dc 4/4/2012 Page 1 f 6

2 Interviews, requirements gathering, and research have identified the fllwing high-level Desired Features. These features will be matched t Business Needs, refined, expanded, priritized, and/r mdified during the requirements gathering prcess, and updated prir t final release as part f the sizing effrt. FEATURES SUARY TABLE: # Feature P Usability Cncerns 1 The [APPLICATION] shall assign each vendr an ID number that will link vendr t a single name, and be used in all integrated systems. 2 The [APPLICATION] shall prvide rle-based wrkflw management with a specific wrkflw manager wrkspace r interface that guides users thrugh the varius activities such as risk management prcess. 2.a The [APPLICATION] wrkflw manager shall use wizard-like prmpts that are date and/r decisin activated. 2.b The [APPLICATION] wrkflw prmpts shall prvide a recmmended curse f actin, an ptin fr a user-defined curse f actin, and an ptin t verride the wrkflw actin. 2.c The [APPLICATION] will als allw fr user defined activities. 2.d The [APPLICATION] will allw users t track varius data abut each activity such as prgress and status. 2.e The [APPLICATION] shall prvide an Assignment feature t allw electrnic ntificatin and tracking f crss-department assignments and respnsibilities during the executin f the wrkflw activities. 2.f The [APPLICATION] shall include a Scheduling feature that will bth calculate key prcessing events and allw a user defined date t prvide a means t ntify rle-based users f the required event activity. 2.g The [APPLICATION] scheduling feature shall generate autmated alerts in advance f scheduled activity dates, and escalatin when dates have been missed with n respnse. 2.h The [APPLICATION] wrkflw shall be capable f managing activities fr the entire vendr management lifecycle. 3 The [APPLICATION] will supprt detailed security rles t be defined by prcess (Use Case) and by applicatin t ensure data access and infrmatin integrity matches that set fr surce systems tday. 4 The [APPLICATION] will allw fr new Vendrs t be added and apprved. 5 The [APPLICATION] shall prvide lgging f the system and manual event lgs as a QC-based audit trail t understand the activities taken. The System f Recrd cannt prvide value withut standardizing the initial entry f vendrs in the independent systems withut a cmmn identifier and naming standard. While the scpe is in risk-management f vendrs, every vendr in every repsitry string vendr infrmatin must have a cmmn identifier linking the vendr in varius systems (such as vendr ID and vendr name). Cmmn prcessing is required t ensure all the apprpriate risk-based management requirements are addressed and that they are addressed t the published standard. A wrkflw-based system will supprt QA and ease f use requirements, but must be flexible t allw the user accuntable t make judgment decisins within a framewrk abut the cmpletin f the wrk. As ther departments and individuals are invlved the vendr risk management, the handff must be tracked and within certain defined guidelines, such as times t respnd, standard expectatins, and respnsibility t cmplete the requested wrk must be cmmunicated. Scheduling and ntificatin f wrkflw upcming wrkflw activities shuld be date range based (what is due in the next 30 days) as well as vendr based (what are all the pending activities and dates fr vendr XYZ). The Security and Security Prfiles in place fr the existing surce systems will be retained in the A histric perspective f the vendr risk-management prcess will assist all grups in refining and re-engineering their prcesses and cycle times fr a mre balanced and efficient wrkflw. TEPLATE_Business Needs Summary_EXAPLE.dc 4/4/2012 Page 2 f 6

3 # Feature P Usability Cncerns 6 The [APPLICATION] shall supprt dcument strage and retrieval f all vendr dcuments tied t a Vendr. 6.a The [APPLICATION] shall supprt S Wrd, S Excel, S Visi, and PDF dcument types. 7 The [APPLICATION] shall prvide direct linkage t vendr Cntracts and vendr cntract management infrmatin. 8 The [APPLICATION] shall prvide direct linkage t vendr security plans and security-related vendr management infrmatin. 9 The [APPLICATION] shall supprt bth Inherent Risk Assessment (allws LOB t classify, d due diligence, etc.) features and Residual Risk Assessment (BCP, ESC, IT, legal, etc.) features with the wrkflw prcessing. 10 The [APPLICATION] shall prvide expandable reprting features allwing centralized rule- and rlebased reprt access n demand t predefined and ad hc reprting using the data with the 11 The [APPLICATION] shall have business rules bases n the V Dmain Plicy and Plicy Guidebk as well as ther key published legal and regulatry guidance t ensure OCC cmpliance. 12 The [APPLICATION] must be installed n a scalable hardware platfrm and netwrk with perfrmance mnitring, lad balancing, and ther perfrmance and availability requirements f a [Organizatin] missin critical system 13 The [APPLICATION] shall prvide fr ff-line prcessing t prevent wrk stpping during unplanned system utages. 14 The [APPLICATION] shall prvide fr bulk r mass updates when key elements change. 15 The [APPLICATION] shall supprt the ability t tie a Subsidiary Vendr t its Parent. 16 The [APPLICATION] must allw fr rbust search functinality fr dcuments, ntes, frms, and ther key infrmatin. 17 The [APPLICATION] must allw printing f defined vendr prfiles, schedule, wrkflw cmpleted, and management reprts. 18 The [APPLICATION] shall include a Cmmunicatins feature t allw fr the cnslidated tracking f external and internal telephne and cmmunicatins. There must be stre and access functinality in either a centralized dcument strage repsitry based n the [Organizatin] standards r linkage int the existing dcument repsitries by standardized vendr ID. It shuld be seamless t the end user t access dcuments and infrmatin related t the vendr r the risk management prcess frm any repsitry r lcatin prvided they have the crrect rle- and rule-based security. It shuld be seamless t the end user t access dcuments and infrmatin related t the vendr r the risk management prcess frm any repsitry r lcatin prvided they have the crrect rle- and rule-based security. The wrkflw prcessing must supprt, manage, and track the crssfunctinal risk management activities. Access t the infrmatin maintained within the [APPLICATION] must be rganized and accessible t allw all levels executive, managerial, peratinal, and administrative t understand the vendr risk management prcess and KRIs. Crprate audit and OCC cmpliance t ensure the vendr risk-based management is prtecting [Organizatin] and its interests. Slw respnse times and/r limited availability cannt allw the vendr risk management prcess t be interrupted. Key users must be allwed t perfrm manual wrkflw cmpnents ff-line during an unplanned utage, and synchrnize even manually when back n line. While it shuld be the system design gal t limit redundant infrmatin that crsses systems (i.e. linkage shuld limited t the primary unique index such as Vendr ID), any redundant infrmatin stred in bth the [APPLICATION] and in the surce systems shuld be updatable. Examples might include Vendr anager as the key cntact fr a vendr r grup f vendrs. The system must fllw the dmain rules n structuring Parent/Subsidiary vendrs. Users must be able t search dcuments and data using a variety f best practice advanced search capability. Users must be able t print key predefined dcuments frm the system. Cmmunicatins regarding the executin f vendr risk management shuld be included in the viewable infrmatin t ensure everyne is aware f past and pending cmmunicatins and the respnse. TEPLATE_Business Needs Summary_EXAPLE.dc 4/4/2012 Page 3 f 6

4 # Feature P Usability Cncerns 19 The [APPLICATION] shall include a Ntes feature t allw fr the cnslidated tracking infrmal ntes related t the vendr risk management prcess. 20 The [APPLICATION] shall include a Frms and Letters feature that will generate Frms and Letters t be sent t external vendrs, triggered by prcessing events. 21 The [APPLICATION] shall supprt the [Organizatin] standard Dcument Imaging prcess t get a paper dcuments int the 22 The [APPLICATION] will allw fr the maintenance f users. 23 The [APPLICATION] will allw fr the maintenance f Letter and frm templates. 24 The [APPLICATION] will allw fr the maintenance f reprts. 25 The [APPLICATION] shall cnsist f at least 3 layers f user security: - Lg in security - Rule and Rle-based security limiting the user t views f nly vendrs they have assigned management f, and - Rule and Rle-based cntent security limiting users t nly dcuments within the vendr file that meet their security prfile A ntes feature with publicly viewable ntes and ntes restricted t being viewed nly by the assigned Vendr anager/vendr anagement Crdinatr will assist in managing the wrkflw. The main cncern arund the cllectin f current individual systems is the cmplete inability t prvide additinal features r functinality that enhances prductivity and quality fr all users. The risk-based vendr management file must be a paperless prcess with all key decisin-making and histrical event tracking activities lcated within the 26 The [APPLICATION] shall supprt the cncept f a Vendr Directry, a listing f Vendrs with services prvided, status (Apprved, Pending, Under Review, etc.), main ffice lcatin, and key cntacts (vendr cntact and WF vendr management cntact). CRITICAL SUCCESS FACTORS Critical Success Factr T have integrated (either build ne new system r centrally integrate existing slutins) at a minimum the current functinality [KEY SYSTES] int a centralized system f recrd. T have established a centralized Vendr Data Entry prcess that prvides a cmmn Vendr ID and Vendr Name fr all in-scpe vendrs based n a single attribute such as Tax Identificatin Number, allwing users t trace vendrs frm ne system t anther quickly, easily, and accurately. T have prvided a centralized ndemand reprting repsitry autmating key perfrmance indicatr reprts currently generated either manually r thrugh single system activities. Key Success Indicatr (if applicable) Actin Steps t Assure Success Cmplete Prject Definitin Dcument, wrk plan, and integratin business requirements. Client Acceptance prcess Cmplete Prject Definitin Dcument, wrk plan, and integratin Client Acceptance prcess Cmplete Prject Definitin Dcument, wrk plan, and integratin Client Acceptance prcess. TEPLATE_Business Needs Summary_EXAPLE.dc 4/4/2012 Page 4 f 6

5 Critical Success Factr T have incrprated business rules meeting crprate audit and OCC requirements in the wrkflw prcessing. T have standardized the wrkflw prcessing t the apprved tls and systems within the T have maintained system perfrmance and availability within defined SLAs. T cntinue t met all Service Level Agreements currently in place fr the Vendr anagement Dmain, Enterprise Surcing and Cntracts, and Enterprise Gvernance. T have increased user satisfactin (wrkflw fulfillment and system respnse time) Key Success Indicatr (if applicable) Actin Steps t Assure Success Cmplete Prject Definitin Dcument, wrk plan, and integratin Client Acceptance prcess. Cmplete Prject Definitin Dcument, wrk plan, and integratin Client Acceptance prcess. SLA reprting. SLA reprting. Pst-implementatin user survey. Inclusins (In-Scpe) The [APPLICATION] cnsiders any system that maintains vendr infrmatin (see Vendr definitin in [APPLICATION] Glssary f Terms) in scpe accrding t the fllwing level f impact: 1. Replace r Rebuild The [APPLICATION] will rebuild and replace the cre functinality f the fllwing vendr repsitry and cntract strage systems and add the additinal wrkflw management and reprting functinality and system perfrmance requirements: 2. Integrate Data The [APPLICATION] will develp system-t-system integratin t access data fields and/r dcuments - either physically stre in the [APPLICATION] r lgically link s that the wrkflw manager can perate and access t dcuments is seamless t the end user with the fllwing systems: 3. Standardize Vendr The [APPLICATION] will establish the Vendr Identificatin Standards t ensure cmmn naming and identificatin cnventins fr all applicatins in the rganizatin that stre vendr data need t be standardized, even if the data r dcuments are nt integrated within the This will include: Key Assumptins Assumptin All data strage and data prcessing must be installed and functinal n [Organizatin] Prductin Systems. Descriptin Fr security reasns, there will be n data prcessing r strage utside f [Organizatin] primary systems. TEPLATE_Business Needs Summary_EXAPLE.dc 4/4/2012 Page 5 f 6

6 Detailed security rles will be defined by prcess (Use Case) and by applicatin t ensure data access and infrmatin integrity matches that set fr surce systems tday. The business and system requirements defined in supprt f this PDD are t define rder f magnitude sizing summaries, and will nt be sufficient t build. Requirements in place fr existing systems frm the baseline requirements fr the prpsed slutins. Any migratin f data frm surce systems t the target [APPLICATION] system must ccur systematically with n manual prcessing by [Organizatin] emplyees. igratin must ccur between the hurs f 8P and 6A (CST) and must be cmpleted befre the next business day. Data Driven Events and Calculated fields must be installed and functinal n [Organizatin] Prductin systems. The [APPLICATION] will be based n Object Oriented design cncepts t cmpartmentalize prcessing int cmpnents fr a lw maintenance, change friendly system. The Security and Security Prfiles in place fr the existing surce systems will be retained in the We need t establish the high-level wrk effrt estimates. During each iteratin, detailed analysis and design wrk will refine the in-scpe requirements t prvide the detailed design specificatins. Existing applicatins demnstrate what wrks and what needs refinement. This will be assumed as the base requirements. The prpsed slutin is a prductivity enhancing autmatin slutin, and must free the end users frm rutine administrative system prcessing functins, allwing fr risk management decisin-making and actin taking rles. Risk management cannt be interrupted by system maintenance and updates. Fr security reasns, there will be n data prcessing r strage utside f [Organizatin] primary systems. By rganizing the system int a cllectin f cmpnents, we can build in change management and scalability. Fr example, all the prcessing and calculatin business rules shall be built int a separate mdule used by all ther mdules. Changing the business rules due t envirnmental, legal r plicy changes will be limited t ne cmpnent f the TEPLATE_Business Needs Summary_EXAPLE.dc 4/4/2012 Page 6 f 6