Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

procurement policy

Posted on 2013-11-25
7
Medium Priority
?
279 Views
Last Modified: 2013-12-02
Are there any "best practices" guides for developing a procurement policy for IT (including software, hardware, OS etc). What would auditors be looking for in your IT procurement procedures, what can you get/do wrong in this area that would cause concerns to auditors?
0
Comment
Question by:pma111
7 Comments
 
LVL 22

Accepted Solution

by:
eeRoot earned 400 total points
ID: 39676622
That's to be determined by management and the accounting department.  But generally, it would include showing approval for purchases, verifying vendors are approved venders, and tracking purchases.
0
 
LVL 50

Assisted Solution

by:dbrunton
dbrunton earned 400 total points
ID: 39676712
Probably looking at the justification or the business case for the purchase of the IT equipment.  Purchase of a new Apple iPad because of "Shiny, shiny, shiny, must have" won't work.

For example the case of a new server might go like.

Old server at end of expected lifetime of five years (there are recommendations on the Net on how long you should keep your computers; don't quote me on the five years as gospel).  Can't upgrade anymore as memory is maxed out and no more higher spec processor available.  Server performance lacking as it is now serving 40 users instead of expected 30.
Now there's something an auditor can understand.

Proposed new server will have an Intel chip blah-blah with 64 Gb of memory and 6 Tb hard disk space and be capable of supporting xy users.  It will also support the blah-blah database from Oracle.  Specifications of server were determined by consulting Microsoft and Oracle - see attached reference documents.

Three quotations were received from various companies and we are using HP because of price and warranty - see attached documents.  The server can be upgraded to 128 Gb of memory and 24 Tb hard disk to accommodate any future expansion.  Expected lifetime of server is blah-blah years.
That's more an auditor could like.  You are showing reasons for purchase, cost of equipment, warranties, life expectancy, upgradability, competitive quotes.

Now there's a lot more that is possible that an auditor might look for, such as costs of retraining staff, data format transfer but you'd really need to ask the auditors.  Some companies may already have policies in place and government agencies should already have them.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 400 total points
ID: 39676934
On the procurement aspect probably key areas are the
- proper documentation on the tendering and governance if the project and program. The person involved and the decision make with appropriate archived and safeguarded.

- proper payment of schedule and deliverables are mapped and checked by the user recipient.  The acceptance of the various test stages conducted are essential to demonstrate fulfillment of functionality, user acceptance and integrated collective acceptance if the whole project deliverabke including system. Importantly not missing the   security test conducted prior to commisioning  and acceptance of the deliverable.
- maintenance and service request are part of the vendor managment too and itil processes available make known for proper escalation of faults, issues and enhancements are documented and apprised.

Overall the process above are generalised in checkpoints of the milestones. And policy is to state such due diligences done in ensuring the completion and no 'slip through'. Even liquidated damages if applicable should be part of the checks.
0
Sign your company up to try the MB 660 headset now

Take control and stay focused in noisy open office environments with the MB 660. By reducing background noise, you can revitalize your office and improve concentration.

 
LVL 65

Expert Comment

by:btan
ID: 39676938
Always good to check out some policy from public but need to consider references accordingly. Copyright and intellectual property ownership is another agreement to be explicit in all deliverables
http://eurojust.europa.eu/procurement/Pages/procurement-policy-procedure.aspx
0
 
LVL 65

Expert Comment

by:btan
ID: 39676977
Not forgetting supply chain policy as there may be restricted based on countries..or even enterprises perspectives
http://www.casey.co.uk/supply-chain-policy
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 39677290
Procurement needs due diligence and full disclosure. You need to source any item from 2 or more vendors. You need each vendor to reveal any foreseen or unforeseen financial windfalls or upcoming litigation against themselves. Your suppliers aren't always the same as the vendor you bought from, vet them too.
http://www.hpw.qld.gov.au/SiteCollectionDocuments/MitigateRiskSupplyChainPresentation.pdf

http://www.business-anti-corruption.com/tools/due-diligence-tools/public-procurement-tool.aspx
-rich
0
 
LVL 25

Assisted Solution

by:nickg5
nickg5 earned 400 total points
ID: 39688447
You have been given some good ideas so far.

Procurement is the purchase of works, assets, goods and services for the organization.

In your case services, etc.


Here is an interesting article that outlines topics that may need to be considered by you.

1. Objectives of a procurement policy.
2. What are the different stages?
3. Who should be involved.
4. Ethical concerns.
5. Required Paperwork.

Many of the topics discussed can be applied to IT.

http://www.mango.org.uk/Guide/Procurement
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Web hosting control panels were first developed to make it faster and easier for most users to set up and operate websites. The graphical user interface (GUI) allows users to perform tasks by pointing and clicking rather than typing highly specific…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question