Solved

procurement policy

Posted on 2013-11-25
7
249 Views
Last Modified: 2013-12-02
Are there any "best practices" guides for developing a procurement policy for IT (including software, hardware, OS etc). What would auditors be looking for in your IT procurement procedures, what can you get/do wrong in this area that would cause concerns to auditors?
0
Comment
Question by:pma111
7 Comments
 
LVL 22

Accepted Solution

by:
eeRoot earned 100 total points
ID: 39676622
That's to be determined by management and the accounting department.  But generally, it would include showing approval for purchases, verifying vendors are approved venders, and tracking purchases.
0
 
LVL 47

Assisted Solution

by:dbrunton
dbrunton earned 100 total points
ID: 39676712
Probably looking at the justification or the business case for the purchase of the IT equipment.  Purchase of a new Apple iPad because of "Shiny, shiny, shiny, must have" won't work.

For example the case of a new server might go like.

Old server at end of expected lifetime of five years (there are recommendations on the Net on how long you should keep your computers; don't quote me on the five years as gospel).  Can't upgrade anymore as memory is maxed out and no more higher spec processor available.  Server performance lacking as it is now serving 40 users instead of expected 30.
Now there's something an auditor can understand.

Proposed new server will have an Intel chip blah-blah with 64 Gb of memory and 6 Tb hard disk space and be capable of supporting xy users.  It will also support the blah-blah database from Oracle.  Specifications of server were determined by consulting Microsoft and Oracle - see attached reference documents.

Three quotations were received from various companies and we are using HP because of price and warranty - see attached documents.  The server can be upgraded to 128 Gb of memory and 24 Tb hard disk to accommodate any future expansion.  Expected lifetime of server is blah-blah years.
That's more an auditor could like.  You are showing reasons for purchase, cost of equipment, warranties, life expectancy, upgradability, competitive quotes.

Now there's a lot more that is possible that an auditor might look for, such as costs of retraining staff, data format transfer but you'd really need to ask the auditors.  Some companies may already have policies in place and government agencies should already have them.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 100 total points
ID: 39676934
On the procurement aspect probably key areas are the
- proper documentation on the tendering and governance if the project and program. The person involved and the decision make with appropriate archived and safeguarded.

- proper payment of schedule and deliverables are mapped and checked by the user recipient.  The acceptance of the various test stages conducted are essential to demonstrate fulfillment of functionality, user acceptance and integrated collective acceptance if the whole project deliverabke including system. Importantly not missing the   security test conducted prior to commisioning  and acceptance of the deliverable.
- maintenance and service request are part of the vendor managment too and itil processes available make known for proper escalation of faults, issues and enhancements are documented and apprised.

Overall the process above are generalised in checkpoints of the milestones. And policy is to state such due diligences done in ensuring the completion and no 'slip through'. Even liquidated damages if applicable should be part of the checks.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 61

Expert Comment

by:btan
ID: 39676938
Always good to check out some policy from public but need to consider references accordingly. Copyright and intellectual property ownership is another agreement to be explicit in all deliverables
http://eurojust.europa.eu/procurement/Pages/procurement-policy-procedure.aspx
0
 
LVL 61

Expert Comment

by:btan
ID: 39676977
Not forgetting supply chain policy as there may be restricted based on countries..or even enterprises perspectives
http://www.casey.co.uk/supply-chain-policy
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 39677290
Procurement needs due diligence and full disclosure. You need to source any item from 2 or more vendors. You need each vendor to reveal any foreseen or unforeseen financial windfalls or upcoming litigation against themselves. Your suppliers aren't always the same as the vendor you bought from, vet them too.
http://www.hpw.qld.gov.au/SiteCollectionDocuments/MitigateRiskSupplyChainPresentation.pdf

http://www.business-anti-corruption.com/tools/due-diligence-tools/public-procurement-tool.aspx
-rich
0
 
LVL 25

Assisted Solution

by:nickg5
nickg5 earned 100 total points
ID: 39688447
You have been given some good ideas so far.

Procurement is the purchase of works, assets, goods and services for the organization.

In your case services, etc.


Here is an interesting article that outlines topics that may need to be considered by you.

1. Objectives of a procurement policy.
2. What are the different stages?
3. Who should be involved.
4. Ethical concerns.
5. Required Paperwork.

Many of the topics discussed can be applied to IT.

http://www.mango.org.uk/Guide/Procurement
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
The viewer will learn how to create multiple layers to apply various filters and how to delete areas from each layer’s filter.
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now