|Adm. – Grad.||2007 – 2009|
|Dir.; Codir.||Stéphane Gagnon|
Integrating Governance, Risk, and Compliance Management to Enhance Requirements Engineering in IT Projects
A typical Information Technology (IT) project involves several disciplines working concurrently throughout a Systems Development Lifecycle (SDLC). Requirements Engineering (RE) is one of the key project activities in the front-end of the lifecycle, generally performed jointly by Business and Systems Analysts.
Several studies of IT project failures have revealed that key factors include a lack of proper IT project management methods, and especially the absence of a well-defined RE process. While PM best practices, both generic and IT-focused, are highly evolved and sufficient to deal with the first factor, there is still a lack of standardized RE framework to serve as a guide for IT projects.
We propose to explore an opportunity to enhance the RE process by integrating emerging best practices in a related discipline, namely Governance, Risk, and Compliance Management (GRCM). Founded on the concepts of Strategic Management, Corporate Governance, and Policy Deployment, GRCM provides a framework for managing organization-wide risks, meet regularly compliance imposed by the organization’s environment, and establish a governance infrastructure to deploy risk management policies and ensuring compliance across multiple projects.
The objective of this thesis is to see if a new GRCM discipline could be integrated in a standard SDLC. It could provide a new basis to improve Software Engineering methods to ensure the organization has enterprise-wide coherence into performing RE activities in every IT projects.
The research methodology used in this paper is based on the academic journal entitled “Investigating Information Systems with Positivist Case Study Research” authored by Guy Paré.
We performed a comparative analysis of RE activities in four key enterprise-wide IT projects. Data analysis is performed to see if the two following objectives can be fulfilled.
a. Develop and validate a new GRCM and RE capability measurement framework
b. Explore to what extent GRCM capabilities are correlated with RE capabilities
We concluded with a future research section, where examples of moving the GRCM and RE disciplines forward in IT projects are given.