ITEC Policy 2510 A - IT Project Oversight Guidelines

The Independent Verification and Validation (IV&V) contractor will provide an IV&V assessment function for the design, development and implementation phases through the completion of the project. Contractor services shall be provided so the entity will comply with the provisions of Information Technology Policy 2510 - Oversight of Information Technology Projects.

The state expects an IV&V contractor for a project shall have technical, managerial, and financial independence relative to the project. We further expect that the IV&V contractor shall have a competence level on at least the same skill level as the prime contractor engaged for a project. Since IV&V activities are most often seen in projects that already are acknowledged to have high risk factors, it is imperative that the IV&V contractor be already recognized in the industry as possessing substantial IV&V credentials. References that demonstrate this exemplary level of capability for large (>$10,000,000) projects are critical. 

To mitigate some of the risk inherent in projects, the state has established a Project Management Methodology (PMM) and a reporting process for all projects in the state with any significance. The current project management methodology is documented at . The methodology, when properly executed, creates at least the following for each project: 

  1. Designated Project Team
  2. Designated Project Manager
  3. Designated Project Sponsor
  4. Project Steering Committee
  5. Configuration Management Function
  6. Internal Quality Assurance Function
  7. Risk Management Function
  8. Project Statement
  9. Project Plan
  10. Project Budget
  11. Project Estimate Summary
  12. Cost at Completion Report
  13. Project Schedule
  14. Activity Tracking Reports 
  15. Project Status Meetings
  16. Work Breakdown Structure
  17. Work Product Identification
  18. Configuration Management Plan
  19. Requirements Traceability Table
  20. Project Staffing Plan
  21. Resource Loading Profiles
  22. Project Organizational Chart
  23. Risk Management Plan
  24. Internal Quality Plan
  25. Issues Management Function
  26. Project Database
  27. Change Manager
  28. Change Control Board

A chosen IV&V Contractor shall at least review all the above and additional relevant information for a project on a continuous basis to produce independent reports about project status. These reports shall be delivered directly, independently, and simultaneously to the:

  • Project Sponsor
  • Chief Information Technology Office (of the appropriate branch)

Each report shall include at a minimum:

1. The Contractor submits reports directly and simultaneously to the Project Sponsor and the Chief Information Technology Officer for the Branch of the State of Kansas providing an independent assessment of the project health and vitality. The IV&V assessment will also be made available to the Legislative CITO, entity head and project manager. The Contractor makes associated recommendations for improving project operations and realizing benefit expectations.

2. The Contractor will review the risk and issue management process created for the project and the associated risk and issue list and 

1) identify any additional project risks and issues 

2) provide recommendations for mitigating such risks and issues

3) issue an opinion as to the sufficiency of the risk and issue management process and associated risk and issue list for the project.

3. Regularly monitor the project management mechanics and procedures and provide any recommendations for improvements. The Contractor will monitor plans and deliverables to validate reported project progress and the project’s likelihood of achieving project objectives within the allotted time and budget.

4. Monitor and review selected deliverables completed by the project team to verify they meet quality standards and contribute to the progression of the project. 

5. Monitor project plans, budgets, and schedules, in terms of resources and expenditures, and document any significant variances from the project plan. The Contractor will specifically report any conditions which a reasonable review would conclude have a significant risk of affecting the project’s successful completion. 

6. Meet with the Project Sponsor and any other project managers on a regular basis to discuss progress, and identify potential problems and issues. The Contractor will provide feedback and recommendations for process improvements to all the above staff.

7. Provide a regular written report directly and simultaneously to the Project Sponsor and the Chief Information Technology Officer for the Branch of the State of Kansas identifying potential risks, findings, issues, and any recommendations for improving project performance.

8. Review and evaluate the testing plans, processes, scripts and data, error correction procedures, and incident tracking methods used in the project. Provide reports relative to the above identifying any potential risks, findings, issues, and any recommendations for improvements in these areas. 

9. Monitor technical staff development, user training, and documentation to ensure that staff are prepared to operate and support the new system. 

10. Continuously gauge organizational readiness and management of change methods to ensure the Customer is able and willing to implement the product produced by the project. 

11. At the completion of the system rollout associated with each iteration, contribute to and review post implementation review report.

12. At the request of the Contract Administrator, entity head, Project Sponsor, Project Director, or the Chief Information Technology Officer for the Branch of the State of Kansas, Contractor shall meet with the above or other designated entities to explain any delivered reports.