Prog.MSc PM
Adm. – Grad.2007 – 2009
Dir.; Codir.Stéphane Gagnon

Integrating Governance, Risk, and Compliance Management to Enhance Requirements Engineering in IT Projects

Bett, Richard

A typical Information Technology (IT) project involves several disciplines working concurrently throughout a Systems Development Lifecycle (SDLC). Requirements Engineering (RE) is one of the key project activities in the front-end of the lifecycle, generally performed jointly by Business and Systems Analysts.

Several studies of IT project failures have revealed that key factors include a lack of proper IT project management methods, and especially the absence of a well-defined RE process. While PM best practices, both generic and IT-focused, are highly evolved and sufficient to deal with the first factor, there is still a lack of standardized RE framework to serve as a guide for IT projects.

We propose to explore an opportunity to enhance the RE process by integrating emerging best practices in a related discipline, namely Governance, Risk, and Compliance Management (GRCM). Founded on the concepts of Strategic Management, Corporate Governance, and Policy Deployment, GRCM provides a framework for managing organization-wide risks, meet regularly compliance imposed by the organization’s environment, and establish a governance infrastructure to deploy risk management policies and ensuring compliance across multiple projects.

The objective of this thesis is to see if a new GRCM discipline could be integrated in a standard SDLC. It could provide a new basis to improve Software Engineering methods to ensure the organization has enterprise-wide coherence into performing RE activities in every IT projects.

The research methodology used in this paper is based on the academic journal entitled « Investigating Information Systems with Positivist Case Study Research » authored by Guy Paré.

We performed a comparative analysis of RE activities in four key enterprise-wide IT projects. Data analysis is performed to see if the two following objectives can be fulfilled.

a. Develop and validate a new GRCM and RE capability measurement framework

b. Explore to what extent GRCM capabilities are correlated with RE capabilities

We concluded with a future research section, where examples of moving the GRCM and RE disciplines forward in IT projects are given.