IT Management Best Practices Project

Islamic Development Bank

Dar Al-Hekma University

Reem Alashhab

Nemah Alsayed

Ferdous Mohammed

In order for MIS students to experience the role and responsibilities of an IT Manager, they were asked under the course of IT Management Best Practices to find a local organization and understand the role of the IT department there.

Chapter 1:

1. Overview about Islamic Development Bank:

The Islamic Development Bank is an international financial institution that was established in

1975 after the Conference of Finance Ministers of Muslims Countries in the city of Jeddah as the

main office. Other regional offices are in Rabat, Morocco(1994), Kuala Lumpur,

Malaysia(1994). Almaty, Kazakhstan(1997), and Dakar, Senegal (2008). The main purpose of

IDB is to help economic and social development of members countries including Muslim

communities under the principles of Islam. The ID Bank participates through different activities

such as providing grant loans for projects and enterprises. It also gives financial assistance for all

members countries under its supervision. The number of these member countries is 56 at the

present. To be part of the IDB, member countries must be also a member in the Organization of

Islamic Cooperation (OIC), which works to protect interests of Muslim world in addition to

promoting international peace between various people of the world. In addition, the members

country must contribute to the IDB capital financially and accept its terms and conditions.

2. Information Technology Department Position in IDB Organization Chart:

Information Technology Department is positioned under Corporate Services Complex that is

led by the Vice President for Corporate Services.

Figure 1: IDB’s Organization Chart.

3. Information Technology Staff:

Information Technology Department staff consist of direct IDB staff and outsourced resources.

The number of ITD. Staff is as follow:

Direct IDB staff are 47.

Outsourced resources are 29.

4. Education Background:

The education and background of ITD staff is varied and dependent on the position of the

staff and their roles. Emphasis is on hand on technical experience on the systems and solutions

that are deployed in IDB. The overall education requirement is:

Bachelor Degree in Computer Science/Engineering or equivalent.

Master Degree on computer Science /engineering.

Focused training on the Systems and Solutions deployed in IDB.

Certification on the technology deployed for example :

SAP solution Manager, SAP Security, SAP Finance and Controlling, SAP Business

Intelligence, Alfresco Enterprise Content Management.

Hand on experience on SAP ERP Solutions, Misys Treasury, Microsoft Products,

Alfresco Content Management, SAP Netweaver and SAP Process Integration.

Programming courses and direct experience in the relevant programming languages

(Java, Javascript, C#, .Net).

5. Hardware and Software:

The hardware in IDB consists mainly of users computing such as laptops and desktop

computer and servers that host the enterprise applications.

Business Users’ Computing Hardware:

Desktop Computers and Laptops with up to date technology specification.

Servers’ Hardware:

IBM Power Server: is built with a processer designed to handle big data workloads. In

fact, it combines the computing power1, memory bandwidth2 and I/O3 in an easy way that

helps to provide resiliency, availability and security for users ("IBM Power servers",

n.d.).

Intel Based Servers from HP and Dell: these servers fit any type of data center and can

handle workload for small business financial data management.

Intel Based Servers from Oracle (SUN).

Network Devices:

Cisco, Juniper and Fortinet.

Cisco Systems, Inc.: is a technology company that produces networking equipment; it is

considered to be the biggest networking company globally.

Juniper Networks Company: is a technology company that offers network solutions

with high performance to help service providers, enterprises and public sector to create

value and accelerate success (“Juniper Networks - Network Security & Performance",

n.d.).

Fortinet Company: is a global leader in network security; it provides the most

innovative and highest performing network security platform for IT infrastructure

("About FortinetFortinet | Network Security, Enterprise and Data-Center Firewall", n.d.).

Desktop Software:

Custom developed solution based on SAPUI5 for Operations Management.

SAPUI5: is a collection of libraries that used by developers to build desktop, mobile and

1 It refers to a high performing processer.2 “It is the rate at which data can be read from or stored into a semiconductor memory by a processor” ("Memory bandwidth”, n.d.). 3 It is short for input/output; this term is used to refer to transferring data to or from a computer and to or from a peripheral device ("What is Input/Output (I/O)? Webopedia Definition", n.d.).

web applications ("What is SAPUI5? - Definition from WhatIs.com", 2016).

Microsoft Windows 7.

Microsoft Office 2013.

Lotus Notes Client for email: it uses enterprise email to foster business connection by

integrating messaging, business applications and social collaboration into one workspace

("IBM Notes", n.d.).

Alfresco, Jira and Confluence for content, work management and collaboration :

Alfresco: it is an open platform that helps a business to control critical content, strength

compliance, optimize processes and ease collaboration ("Alfresco - ECM and BPM

Software | Alfresco", n.d.).

Jira and Confluence: software used to help agile teams to collaborate and develop a

software.

SharePoint for Intranet and some websites.

SharePoint: it is a platform that is consists of different types of products and

technologies. It allows individuals in an organization to design and manage their own

collaborative websites. In addition, it helps individuals to collaborate and share content in

a secure environment. It also allows to search for content using various searching criteria.

SharePoint also provides advanced solutions that help users to build dashboards and

Visio diagrams.

SAP Manager/Employee Self Service: it helps a business to ease and automate HR

processes in addition to reducing costs and lowering administrative work on the HR

department ("Employee & Manager Self-Service | Rapid Deployment Software | SAP",

n.d.).

SAP GUI to access SAP ERP.

6. List of Systems Maintained in the Organization

SAP ERP (FI, CO, MM, BCM, FM, AP/AR, TM, and CML)

SAP stands for system application and product in data processing. It is a market leader in providing ERP (Enterprise Resource and Planning) solutions and services. Enterprise Resource Planning (ERP) is a software that is designed to support and integrate almost every functional area of a business process such as procurement of goods and services, sale and distribution, finance and accountings. The SAP modules are SAP FI (Financial accounting), SAP CO (SAP controlling), SAP MM (Material management), SAP BCM (Business communication management), SAP (Funds management), SAP AP/AR (Account payable and account receivable), SAP TM (Transportation management) and SAP CML (consumer mortgage loans).

Custom developed solution based on SAPUI5 for Operations Management. Misys for Treasury, Investment and Risk Management.

o Misys is a financial software covering retail and corporate banking, lending, treasury, capital markets, investment

Lotus Notes Domino for eMail server. Alfresco for Enterprise Content Management. Jira and Confluence Wiki for Work Management and Collaboration Microsoft SharePoint

for Internet and some websites. These are used to discuss work with the team. Bitbucket for programs source control. Bit bucket is a website that is run by Atlassian and

offers free repositories. They also have database management systems such as SQL server, oracle and software

AG Adabas. Software AG is a vendor of the database management system; it was the first company non-US software company selling the ADABAS DBMS. Adabas database management system is optimized for large-scale transaction processing.

7. Operational and Development Categories

ITD provide several levels support to ensure business departments are receiving the required support. First, the help desk staff provide the first level of support. Second, technical administrators. Enterprise Application deployment requires two types of support configuration of the solutions by functional experts in different solutions and developers who support by enhancing the current solutions or develop new functionality. There is the functional Support Staff who provide specialized support and configuration for enterprise applications such as SAPERP and Misys. Also there are enterprise solutions programmers

who provide support by developing new systems, enhancing current solutions, and fixing issues/bugs in the current live enterprise applications.

8. Standards Used

ITD department in IDB has experience in the following standards and best practices:

The Open Group IT4IT and TOGAF for Enterprise Architecture. Exposure and use of ITIL Best Practices (ITIL stands for IT Infrastructure Library, it

focuses on focuses on the continual measurement and improvement of the quality of IT service delivered, from both a business and a customer perspective).

Use of SAP Standard ASAP Methodology to Deliver SAP Solutions. Agile Project Management Practices (SCRUM). Scrum is an agile methodology that can

be applied to nearly any project; however, the Scrum methodology is most commonly used in software development. The Scrum process is suited for projects with rapidly changing or highly emergent requirements.

Use of Project Management Institute (PMI) Best Practices for Project Management. They also have exposure to COBIT (Control Objectives for Information Technology) and

IT val it. Val IT complements COBIT and addresses assumptions, costs, risks and outcomes related to IT-enabled business investments.

9. Existing Problems in IT The three main factors that affect the deployment of IT solutions are processes, people, and

technology. It is possible to deploy IT solution, however the challenge is to foster changes in the processes and train people to properly utilize and maximize the benefits from the deployed solutions. Following are main challenges from the IT department point of view: first, changing and improving the business process to be more effective and efficient. Second, users’ management such as training, guidance to increase adoption of technology solutions, encouraging business users to properly utilize the solutions and tools that are available. Third, the number of deployed solutions may overwhelm the business users, which requires more training and guidance, and sometime due budget limitations, some requirements are either dropped or delayed to another phase of implementation.

Priorities on projects are assigned through approvals of top management which will be further explained in chapter 2. While in implementing the projects, usually the IT follows the projects’ plans and dates of finishing that is assigned by top management. The hiring and firing of the IT staff is done through organized professional methods by the HR department in coordination of IT department.

10. Satisfaction with IT Department Satisfaction of the business departments with the IT department is high. Several enterprise

solutions had been successfully deployed during the last 3 years. These solutions ensured that the business departments can deliver on their business targets and achieve the set key Performance Indicators (KPIs) and objectives.

Chapter 2:

1. Interviewing the HRWe interviewed the HR manager Mr. Hisham Wagih, who broke done the hiring process

and qualifications required by the bank while staffing IT. Their main emphasis is technical experience of the implemented IT solutions by the bank. Qualifications varies depending on the position they are hiring for. For example the requirements for positions that supports the infrastructure solutions will require expertise in AIX system administration, Oracle database administration, windows server administration, SQL database administration, Cisco, Juniper, and Fortinet network devices administration. Positions that supports Microsoft products requires expertise and experience in Net and C# programming, SharePoint configuration and programming. While positions in Enterprise Application’s Functional Configuration requires SAP ERP functional solution expertise (FI/CO, MM. CML, PS, HR), Misys Solution experience, Alfresco enterprise content management, enterprise solutions programming, SAP ABAP, JAVA, JavaScript (JOuery), HTML5, Java Spring and Hibernate Frameworks. Additional certification requirements are SAP related certification (FI/CO, SAP BI, Netweaver), MS related certification in administration and programming, Java related certification in programming, and certification in the relevant operating systems and networking devices (ADK, Linux, Cisco, Juniper, and Fortinet).

2. Role of IT under Organizational Chart The IT department has major role in the bank daily operations as they are mainly

dependent on the IT services. To ensure that all business units are receiving the support they need, they have a help desk with a staff who are willing to help and support. Their activities consist of answering users’ questions and requests related to desktop applications, network connections troubleshooting, installing desktop applications, and enterprise applications GUIs. Second category of IT personnel is technical administrators who provide support for technical infrastructure especially in SAP Netweaver, databases, internal network and eMail solution. Third type is staff who are responsible for deployment of enterprise application. They use two methods in- house and outsourcing of functional experts in different solutions (SAP FI/OC, FM, MM, HR) and developers who support by enhancing the current solutions or develop new functionality. In summary, they have functional support staff who provide specialized support and configuration for the Enterprise Applications (SAPERP, Misys, Alfresco, Jira, and Confluence), plus enterprise solutions programmers who provide support by developing new systems, enhancing current solutions, and fixing issues/bugs in the current live enterprise applications. Usually banks doesn’t do in house development of their own applications, they prefer off shelve sophisticated solutions as the case in our bank.

While for their fit under the organization chart, according to their current position, they are directly under Group Information Management & Technology Solutions Coordinator, which along the HR, Legal, Administrative Services, and Secretariat departments all under the Vice President directly. This division is due to the importance of those departments. However, the bank business structure is different than normal businesses, in the sense that they have high regulations from the government and the central bank due to the sensitive nature of their operations. So, the IT department along previous departments have very hierarchal reporting and decision making system. Everything goes to the president, then to the board of directors and governors to get approval. We think this position of IT in this organization is appropriate to fit their needs, also it shows how important they are. However, we suggest that they subdivide the IT department further. For example by assigning presidents for each main solution and its own staff. So there will be a manager responsible for SAP only and SAP staff. One for Databases and DBAS, one for the network, one for the help desk, one for the technical administrators, and so on. So staff reports to their assigned manager and those managers report to the coordinator. It is more practical because it is a huge organization and any mistake is very costly, it will help to divide the responsibility and load on many managers and expectantly minimize errors.

3. The Use of IT Standards ISO: It is an international organization that includes membership of 161 national

standards bodies. Its members include experts who share knowledge to develop market relevant international standards that support innovation and provide solutions to cope with global challenges. ISO International Standards are recommended to be used as these standards are made to ensure that products and services are safe, reliable and of good quality.

They also are considered as strategic tools that reduce costs by minimizing waste and errors and increasing productivity. IDB will benefit from using ISO in its IT operations as this standard will help to overcome global challenges that the ISO might face as it is an international bank. Also, it can help IDB to improve the quality of services they provide to customers. As a bank the IDB must make sure that customers are satisfied with the services they provide to keep their reputation as an international well known bank.

4. Selection of IT projects, Budgeting and Staffing The selection of IT projects is as follows: first the mangers or IT staff find a gap or

propose a project that they think is important to support the bank vision and missions. Then those proposal are directed to vice president, then to president, board of directors and governors. After they view the proposals, they vote on projects to be implemented. It is not one person decision but the president decides first whether the project is worth discussing and voting. The main criteria in approving IT projects is that it should primarily benefits the stakeholders, including customers, government, regulatory agencies, and financial institution. Moreover, it should increase profits and returns because at the end of the day bank is a business. Last, it should improve the customers’ information security and confidentiality. If the meets the previous criteria, it gets approval and funds. The bank allocate enough budget for IT projects annually and budget is most of the time covered. Depending on the scale and specialization of the project, the IT department hire both IT staff and outsource as well. However, many of the projects are outsourced because they mainly consists of implementing new solutions, so another IT banking specialized companies will do it for them in coordination with current IT managers.

5. Suggested Hardware and Software The three pillars of bank network security provided by COCC (Collaborative to the core)

company can help IDB to enhance security level. We also suggest using the followings: Firewalls: are used to block network and Internet traffic. Intrusion Detection System: is used to further verify restrictions implemented by Firewalls.

The system looks for intrusions such as accessing a forbidden website or attempting to control workstation by a Trojan. The IDS records dangerous patterns, and also alerts network security personnel.

Intrusion Prevention System: is used to supplement the IDS. The IPS assesses traffic patterns to evaluate the type of network access and to determine whether it should be permitted. In case of network attack, the IPS will stop the attack by blocking traffic immediately.

Customer Relationship Management System: which will help them to communicate with all members in the different countries.

Mobile Application: which will help in facilitating the services and communications with end users.

References:

http://www.simplilearn.com/sap-modules-sap-fi-sap-co-sap-sd-sap-hcm-and-more-rar111-article

http://www.softwarememories.com/category/companies/software-ag/

http://www.tutorialspoint.com/sap/sap_introduction.htm

http://searchcompliance.techtarget.com/definition/VAL-IT-value-from-IT-investments

Islamic Development Bank. Isdb.org. Retrieved 23 April 2016, from http://www.isdb.org/irj/portal/anonymous?NavigationTarget=navurl://24de0d5f10da906da85e96ac356b7af0

 History. Organization of Islamic Cooperation. Retrieved 23 April 2016, from http://www.oic-oci.org/oicv3/page/?p_id=52&p_ref=26&lan=en

 IBM Power servers. Www-03.ibm.com. Retrieved 24 April 2016, from http://www-03.ibm.com/systems/power/hardware/

 What is computing power?. (2010). HowStuffWorks. Retrieved 24 April 2016, from http://computer.howstuffworks.com/computing-power.htm

Memory bandwidth. Wikipedia. Retrieved 24 April 2016, from https://en.wikipedia.org/wiki/Memory_bandwidth

What is Input/Output (I/O)? Webopedia Definition. Webopedia.com. Retrieved 24 April 2016, from http://www.webopedia.com/TERM/I/I_O.html

 Intel® Server Products. Intel. Retrieved 24 April 2016, from http://www.intel.com/content/www/us/en/servers/server-products.html

Cisco Systems. Wikipedia. Retrieved 24 April 2016, from https://en.wikipedia.org/wiki/Cisco_Systems

 Juniper Networks - Network Security & Performance. Juniper.net. Retrieved 24 April 2016, from http://www.juniper.net/us/en/

About FortinetFortinet | Network Security, Enterprise and Data-Center Firewall. Fortinet.com. Retrieved 24 April 2016, from http://www.fortinet.com/aboutus/aboutus.html

What is SAPUI5? - Definition from WhatIs.com. (2016). SearchSAP. Retrieved 24 April 2016, from http://searchsap.techtarget.com/definition/SAPUI5

IBM Notes. Www-03.ibm.com. Retrieved 24 April 2016, from http://www-03.ibm.com/software/products/en/ibmnotes

Alfresco - ECM and BPM Software | Alfresco. Alfresco.com. Retrieved 25 April 2016, from https://www.alfresco.com/

JIRA Software - Issue & Project Tracking for Software Teams | Atlassian. Atlassian. Retrieved 25 April 2016, from https://www.atlassian.com/software/jira

 Lynda.com. (2010). What is SharePoint?. Retrieved from http://www.lynda.com/SharePoint-tutorials/What-SharePoint/65720/68886-4.html?org=dah.edu

Employee & Manager Self-Service | Rapid Deployment Software | SAP. Sap.com. Retrieved 25 April 2016, from http://www.sap.com/solution/rapid-deployment/software/employee-portal-erp-manager/index.html

 Three Pillars of Bank Network Security | COCC. Cocc.com. Retrieved 3 May 2016, from https://www.cocc.com/whitepaper/30/three-pillars-bank-network-security

About ISO - ISO. ISO. Retrieved 3 May 2016, from http://www.iso.org/iso/home/about.htm

 ISO Standards - ISO. ISO. Retrieved 3 May 2016, from http://www.iso.org/iso/home/standards.htm