Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

procurement policy

Posted on 2013-11-25
7
258 Views
Last Modified: 2013-12-02
Are there any "best practices" guides for developing a procurement policy for IT (including software, hardware, OS etc). What would auditors be looking for in your IT procurement procedures, what can you get/do wrong in this area that would cause concerns to auditors?
0
Comment
Question by:pma111
7 Comments
 
LVL 22

Accepted Solution

by:
eeRoot earned 100 total points
ID: 39676622
That's to be determined by management and the accounting department.  But generally, it would include showing approval for purchases, verifying vendors are approved venders, and tracking purchases.
0
 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 100 total points
ID: 39676712
Probably looking at the justification or the business case for the purchase of the IT equipment.  Purchase of a new Apple iPad because of "Shiny, shiny, shiny, must have" won't work.

For example the case of a new server might go like.

Old server at end of expected lifetime of five years (there are recommendations on the Net on how long you should keep your computers; don't quote me on the five years as gospel).  Can't upgrade anymore as memory is maxed out and no more higher spec processor available.  Server performance lacking as it is now serving 40 users instead of expected 30.
Now there's something an auditor can understand.

Proposed new server will have an Intel chip blah-blah with 64 Gb of memory and 6 Tb hard disk space and be capable of supporting xy users.  It will also support the blah-blah database from Oracle.  Specifications of server were determined by consulting Microsoft and Oracle - see attached reference documents.

Three quotations were received from various companies and we are using HP because of price and warranty - see attached documents.  The server can be upgraded to 128 Gb of memory and 24 Tb hard disk to accommodate any future expansion.  Expected lifetime of server is blah-blah years.
That's more an auditor could like.  You are showing reasons for purchase, cost of equipment, warranties, life expectancy, upgradability, competitive quotes.

Now there's a lot more that is possible that an auditor might look for, such as costs of retraining staff, data format transfer but you'd really need to ask the auditors.  Some companies may already have policies in place and government agencies should already have them.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 100 total points
ID: 39676934
On the procurement aspect probably key areas are the
- proper documentation on the tendering and governance if the project and program. The person involved and the decision make with appropriate archived and safeguarded.

- proper payment of schedule and deliverables are mapped and checked by the user recipient.  The acceptance of the various test stages conducted are essential to demonstrate fulfillment of functionality, user acceptance and integrated collective acceptance if the whole project deliverabke including system. Importantly not missing the   security test conducted prior to commisioning  and acceptance of the deliverable.
- maintenance and service request are part of the vendor managment too and itil processes available make known for proper escalation of faults, issues and enhancements are documented and apprised.

Overall the process above are generalised in checkpoints of the milestones. And policy is to state such due diligences done in ensuring the completion and no 'slip through'. Even liquidated damages if applicable should be part of the checks.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:btan
ID: 39676938
Always good to check out some policy from public but need to consider references accordingly. Copyright and intellectual property ownership is another agreement to be explicit in all deliverables
http://eurojust.europa.eu/procurement/Pages/procurement-policy-procedure.aspx
0
 
LVL 63

Expert Comment

by:btan
ID: 39676977
Not forgetting supply chain policy as there may be restricted based on countries..or even enterprises perspectives
http://www.casey.co.uk/supply-chain-policy
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 39677290
Procurement needs due diligence and full disclosure. You need to source any item from 2 or more vendors. You need each vendor to reveal any foreseen or unforeseen financial windfalls or upcoming litigation against themselves. Your suppliers aren't always the same as the vendor you bought from, vet them too.
http://www.hpw.qld.gov.au/SiteCollectionDocuments/MitigateRiskSupplyChainPresentation.pdf

http://www.business-anti-corruption.com/tools/due-diligence-tools/public-procurement-tool.aspx
-rich
0
 
LVL 25

Assisted Solution

by:nickg5
nickg5 earned 100 total points
ID: 39688447
You have been given some good ideas so far.

Procurement is the purchase of works, assets, goods and services for the organization.

In your case services, etc.


Here is an interesting article that outlines topics that may need to be considered by you.

1. Objectives of a procurement policy.
2. What are the different stages?
3. Who should be involved.
4. Ethical concerns.
5. Required Paperwork.

Many of the topics discussed can be applied to IT.

http://www.mango.org.uk/Guide/Procurement
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
robocopy 33 114
RAM PROBLEM 5 47
corrupt Databases 9 64
Problem: Word 2016 cannot import a .vsdx created with Visio 2013 6 53
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Using Adobe Premiere Pro, the viewer will learn how to set up a sequence with proper settings, importing pictures, rendering, and exporting the finished product.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question