1. What do we understand by Sourcing Strategy?

Please comment on the

Sourcing Strategy of DFID.

Answer

Sourcing Strategy

a) Systematic approach for optimizing an organizations supply base and improving the overall
value proposition
b) Focused on total cost of ownership
c) Incorporates all customer needs and market conditions
d) Getting the best product/services at best value
e) A continuous process

Advantages of a Sourcing Strategy

a) Cost saving approach

b) Improve operational efficiency
c) Increase quality
d) Create partnership with suppliers
e) Access to new suppliers
f) Leverage entire organizations spend

Sourcing Strategy of DFID

a) Focused to deliver lower costs while ensuring to meet DFIDs ICT needs
b) More in-house R&D to come up with inherent solutions and options
c) Strengthening supplier management to increase capability to adopt more commodity services
d) Continue to use Govt. framework contracts
e) All procurement to be done through BSD.

2. What is an IT Risk Mitigation Strategy? What is the IT Risk Mitigation

Strategy of DFID? Are there any risks which have been ignored or
downplayed in the case of DFID?

Answer

IT risk management strategy is the application of risk management methods to Information

technology in order to manage IT risks.

Risk Mitigation Strategy of DFID

All Information technology risks are identified and managed by Business Solution
Department (BSD)
a) All systems developed and operated in accordance with HMG information assurance
strategy, to ensure risks to information is managed.

b) The Board ensures that projects produce a robust Business Case including a cost benefit
analysis, whilst managing the Programme level Risks and Issues.
c) A separate governance structure for information assurance DG for corporate governance is
Senior Information Risk Owner (SIRO). CIO is Deputy SIRO
d) DFID's Information Security Management System is independently certified as compliant
with ISO 27001 and will be maintained to this standard.
e) The Change Agreement Board(CAB) approves the deployment of all systems into the live
environment. Its role is to ensure that the business is ready for the change and that the risk and
impact is acceptable.

Risks Downplayed by DFID

a) New technology implementation and the change in business practices are one of the
most risky areas in IT. Many projects turn up unsuccessful because of the lack of
Change management training and processes
b) Agile methodology is a tried and tested way of software development but its usage in
the real life projects are still in doubt. Professionals have not accepted the agile way,
this can be a risky strategy going forward and hence needs to be mitigated
appropriately