Project Management

Action Summary

Financial institutions should establish appropriate development, acquisition, and maintenance project management methodologies. The methodologies should match a project's characteristics and risks and include appropriate:

  • Project plans;
  • Definitions of project requirements and expectations;
  • Project management standards and procedures;
  • Quality assurance and risk management standards and procedures;
  • Definitions of project roles and responsibilities;
  • Involvement by all affected parties; and
  • Project communication techniques.


Project management in its basic form involves planning and completing a task. Technology-related tasks include ongoing operational activities and one-time projects. A project's impact on operations must be a key consideration when assessing development, acquisition, and maintenance activities.

Detailed project plans, clearly defined expectations, experienced project managers, realistic budgets, and effective communication significantly enhance an organization's ability to manage projects successfully. Ineffectively managed projects often result in late deliveries, cost overruns, or poor quality applications.

Inferior applications can result in underused, insecure, or unreliable systems. Retrofitting functional, security, or automated-control features into applications is expensive, time consuming, and often results in less effective features. Therefore organizations must manage projects carefully to ensure they obtain products that meet organizational needs on time and within budget.

Financial institutions use various methods to manage technology projects. The systems development life cycle (SDLC) is the primary project management methodology described in this booklet. The SDLC is used for illustrative purposes because it provides a systematic way to describe the numerous tasks associated with software development projects. Organizations may employ an SDLC model or alternative methodology when managing any project, including software development, or hardware, software, or service acquisition projects. Regardless of the method used, it should be tailored to match a project's characteristics and risks. Boards, or board-designated committees, should formally approve project methodologies, and management should approve and document significant deviations from approved procedures.


Previous Section
Information Security
Next Section
System Development Life Cycle