By Group 7

Prem Kishore 1401095

Aniket Phadnis 1501068
Ankith Passi 1501069
Sabyasachi Sahu 1501100
Saurabh Bose 1501103

Contents
Company Profile.............................................................................................................. 3
Scope of Work................................................................................................................ 3
Project Plan.................................................................................................................... 4
7
Risk Analysis & Control.................................................................................................... 8
IT Governance Matrix....................................................................................................... 9
IT Strategic Impact Grid.................................................................................................. 11
Defining The IT Governance Structure................................................................................ 12
Need for Governance...................................................................................................... 12
................................................................................................................................. 15
................................................................................................................................. 15
Cost/Benefit analysis of Enterprise mobility management.........................................................15
Costs....................................................................................................................... 15
Benefits................................................................................................................... 16
Assumptions and data.................................................................................................. 16
Results..................................................................................................................... 17
Assumptions............................................................................................................. 18
Client Responsibilities............................................................................................... 19

Company Profile
Group 7 consulting limited was founded in 1990 and has established its brand image for more
than two decades in the domain of IT consultancy. It is spread across 5 locations worldwide with
an employee base of 35000. It is headquartered at Tiruchirappalli. Some of our prominent clients
include Swiss International Airlines, Air France, Indigo Airlines and AirAsia. Our solution in the
Mobile Device Management area has helped several clients improve the turnaround time, reduce
cost and process controls.

Scope of Work
To understand the scope better, it is imperative that we understand the IT & Business needs with
the help of following questions:
a)
b)
c)
d)
e)
f)

Which area of the business should be the focus?

What is the business transformation opportunity with mobility?
Can EMM be leveraged as a differentiator?
Type of devices that should be supported?
How to integrate all of these devices across the EIA?
What are the governance measures (including data governance) that should be defined

(Ex: Device, App and Communication security)

g) What are some use cases for EMM in the industry and what vendors have implemented
this?
h) What about BYOD?
Singapore Airlines Limited (SIA) is currently using a Mobile Device Management solution to
enable enterprise mobility. The MDM solution is used to manage corporate and BYOD mobile
devices, and primarily used for email access. SIA intends to expand its enterprise mobility
initiative, and is preparing to enable mobile applications, web applications and file sharing over
corporate and BYOD mobile devices. For this, we need to develop a design and implementation
plan for Enterprise Mobility Management (EMM) solution. Also, the solution should be able to
integrate with SIAs current infrastructure architecture and security framework.
For successful implementation of project, EMM shall satisfy the following critical requirements:
i.
ii.

Support all mainstream mobile & desktop Operating Systems.

Provide over-the-air device management capabilities.

iii.

The EMM solution must be able to segregate corporate data from personal data using a

iv.

secure container solution.

Implement and enforce all SIAs enterprise mobile security policy- Container level

v.

encryption.
The solution should be able to integrate with SIAs current infrastructure architecture and
security framework.
Integrate with enterprise document managing system for document sharing and

vi.
vii.
viii.
ix.
x.

synchronization.
Provide add-on plugins for PDF reader apps, Microsoft Word etc.
Provide self-support portal with self-help functionalities.
Provide secure tunneling access through App VPN.
Provide administration and reporting.

Project Plan
To develop an efficient project plan we first need to understand the key strategies involved in a
project plan.
1) Requirement Analysis
This would involve frequent communication with system users to determine specific feature
expectations, resolution of conflict or ambiguity in requirements as demanded by the various
users or groups of users, avoidance of feature creep and documentation of all aspects of the
project development process from start to finish. Energy should be directed towards ensuring that
the final system or product conforms to client needs rather than attempting to mold user
expectations to fit the requirements. It is important to understand implication of the new system
on SIAs process, technology and people.
2) Maturity Assessment & Gap Analysis
Assessment of SIAs current IT infrastructure is critical to extract information about the existing
infrastructure from members of project management community and evaluate that information to
draw meaningful conclusion. It will help in understanding, the gaps in the existing infrastructure,
process and its capabilities. Based on this a report on the current state of the existing
infrastructure and processes can be developed. This will further help in determining the desired
state for the new system to be implemented.

3) Understand Risk
Effective risk management strategies will help in identifying the projects strengths, weaknesses,
opportunities and threats. A detailed risk profiling with respect to implementation of the system
across various business value drivers is necessary to understand the type of exposure and impact
of such exposures on the efficiency of project.
4) Determine role of Mobile Device Management(MDM)
In order to successfully integrate the new system with existing MDM system, it is imperative to
understand what role MDM play in the existing IT infrastructure. This can be done by:
a) Understanding what is to be managed
b) Understanding how policies are defined across different device types.
c) Realizing what larger service strategy is MDM part of.
The project will be carried out in six phase right from analyzing the requirements to post
implementation evaluation of the EMM solution. The duration of the project will be 12 weeks
from approval of contract.
Phase I: Requirement Analysis- Requirements such as functional, technical and project will be
analyzed in this phase to understand critical aspects of the solution to be provided. The project
requirements will help in complying with the RFPs requirements.
Phase II: Gap Assessment- During this phase, a detailed assessment of existing IT infrastructure
will be carried out to understand the gaps in the current infrastructure. Also, this assessment will
help in understand the required fit between the current & proposed solution. Based on the
outcome of the assessment, a current state report will be prepared which will further be an input
to the design phase.
Phase III: Design- Based on the outcome of the gap assessment, a detailed design and
implementation plan will be prepared. This plan will help in understanding the To be state for
the new solution. Once the design is prepared, a review meeting shall be conducted with SIA to
review the design and take their approval.

Phase IV: Implementation- Once the designs are approved, the implementation of the solution
will be initiated. During this phase, the integration of current system with the new system will
also be carried out. On periodic intervals, review of the implementation will be done with SIA.
Phase V: Training- Post implementation and integration of the systems, trainings for staff &
managers will be carried out to help them get acquainted with the new system.
Phase V I: Evaluation- Once the new system is in use, its impact on existing processes will be
evaluated. If any issues are observed during the evaluation, a root cause analysis will be
performed to identify the cause of problem (if any) and appropriate measures will be taken to
address the same.

Figure: Project Timeline for EMM implementation

Figure: High Level Operating Model for EMM Implementation (above)

& Detailed Operating Model for EMM implementation (below)

Map output to predefned goals

Develop sourcing strategy

Understand & align

Incorporate
Incorporate
Monitor
Evaluate
Optimize
and
disaster
Security
Key
processes
Troubleshoot
Metrics
&Incorporate
Ensure
measures
risk
Ensure
mgmt.
Integration
content
Mobilise
EMM
Develop
is
throughout
and
platform
Content
& Test
Interoperability
agnostic
enterprise
Profle
Identify
Defne
Prepare
Systems
and
Governance
Optimized
Redefne
& Map
Workfow
measures
Workfows
Resources
Benchmark,
Assess
& Gap
Analysis

Risk Analysis & Control

Risk analysis is essential to identify and understand the risk that can occur during the course of
project. It also helps in managing such risk and minimizes the impact of it on the project.
For the EMM implementation, the risk analysis will be performed for parameters such as
Service Interruption, Data Integrity, and Content Management. The result of risk
analysis and control mechanism on these parameters is provided in the below table:
Impact

Service
Interruption

Data Integrity

Likelihood

Risk

Control Mechanism
Back up servers, Data orchestration,
Interoperability.

High

High

Low

Moderate

Moderate

High

Revamp Enterprise Information

Architecture, Ensure single entity view
of each device, Rules of Behavior, Asset
Classification.

Content
Management

Platform Agnostic content, View as per

role.
Medium

Medium

Moderate

Service Interruption
With the new system in place, the interruption of services is less likely to occur as the new
system provides better stability than the existing system. However, the interruption in service can
lead to high impact on various processes across organization. Hence control mechanisms such as
back up servers, data orchestration and interoperability shall be in place.
Data Integrity
Data is used to provide insights and for SIA to harness the full power of data, it must see
accuracy and integrity of data in similar lights. Incidents such as unauthorized data access and
unmanaged file sharing can cause data leakage. Hence it is crucial to maintain data integrity as it
can have huge impact on business. To address issues related to data integrity, control mechanisms
such as Revamping Enterprise Information Architecture, Ensuring single entity view of each
device, Rules of Behavior, and Asset Classification can be put in place.
Content Management
Effective governance of content management is critical to successful deployments and it requires
joint effort between IT and the business side. This will ensure that the expected benefits of
building and deploying a system are realized and without it, failure is inevitable. It largely
involves governance of the system infrastructure, security provisions and other technical aspects
of content management deployment. Content management also involves administrating websites
and updating text and other contents in a simple way. However, it often becomes focus point for
unauthorized users to gain access to web server and thereby compromising the security of entire
system. Hence it is imperative to have a strong content management system to deal with such
risk. To address such issues, control mechanisms such as Platform Agnostic content, and
View as per role can be implemented.

IT Governance Matrix
Existing IT Governance Matrix

Current IT governance shows that the entire decision making process rests with the CXOs of the
company with little decision making powers the IT heads of the company. This system is
hampering the companys IT future because it is the CIO is in a better position to judge the needs
and requirements of the organization in terms of domain knowledge and requirements of the IT
infrastructure.
Proposed IT Governance Matrix

IT principles-IT principles talks about the high level statement about how IT is used in the
business.
This need to be set for the entire company and all stakeholders of the company must be on board
with the decisions taken on IT principles. So both the decision and the inputs should be taken
from the IT executives as well as the business leaders.
IT executives will give a clear path about the needs and requirements of the company in terms of
IT, whereas the business leaders will give their insights about the business and alignment of IT
with that business goal.
IT architecture- This deals with organizing logic for data, applications, and infrastructure
captured in a set of policies, relationships, and technical choices to achieve desired business and
technical standardization and integration.
IT executives are in the best position to suggest changes in the IT architecture. And similarly the
decisions will be taken by the business leaders and well as the IT executives. Budget allocation
and budget priorities should determine the scale of IT architecture.
IT Infrastructure- Centrally coordinated, shared IT services which provide the foundations for
the enterprises IT capability.
IT heads of the company which strictly comprises of Chief Information officers and similar ranks
are in a position to understand the bigger position to give inputs as well as make decisions about
the scale of IT infrastructure.

Business application needs- Specifying the business need for purchased or internally developed
IT applications.
Business
or process
separate
decisions
on by the business inputs or
The
the
needs
inputsunit
ofregarding
their
entities
the leaders
businessmaking
application
needs
should based
be given
process leaders who make decisions based on the needs of their entities. However, the final
decision on the Business application needs must be taken by the IT executives along with the
business leaders who form the Duopoly.
IT investment- Decisions about how much and where to invest in IT including project
approvals and justification techniques.
Similar to the Business application needs, inputs must be given in a feudal manner and the
decisions will be taken by the IT duopoly.

IT Strategic Impact Grid

Defensive

Offensive

Factory Mode

Strategic Mode

Reliability
Low

Support Mode
High

Turnaround Mode
Aimed to manage the large number of corporate & BYOD devices
Allow SIA staff to access corporate email, mobile applications and web applications
Will help the company work with greater efficiency & coordination
These new system will promise major process and service transformation

Low to High need for new information technology

Defining The IT Governance Structure

Need for Governance
IT Governance is defined as having to do with specifying the decision rights and accountability
framework to encourage desirable behavior in using IT. Thus the basis of governance centers
around decision making rights i.e who should make what decisions and under what
circumstances while allowing for accountability such that the decisions made are in congruence
with corporate vision, values and strategy. IT governance provides a framework which ensures
IT related decisions are in tune with companywide objectives. Besides, it also supervises
performance of IT and sets up a framework so that IT risks are mitigated. Insofar as EMM
implementation by SIA is concerned, IT governance provides the process for decision making,
along with the appropriate transparency across all stakeholders and includes checks and
balances.
Decisions that SIA need to take:

Define Enterprise Information Architecture - Data Governance

Define security measures to check access to required stakeholder and prevent leakage of

data Security Governance

Define content management strategy to ensure platform agnostic content across devices
Business application requirements for EMM
Infrastructure decisions on delivery of shared services
Communication approaches to and from the vendors and also between vendors

Objectives of IT governance:

Alignment of EMM to support business operations and sustain advantages;

Ensure resource optimization

Ensure appropriate level of transparency and define points of contact during the service

Ensure appropriate level of engagement with all necessary stakeholders (SIA and the
Solution provider)

Appropriate identification and management of EMM related risks and other security risks

Facilitation of EMMs aid in exploiting opportunities and maximizing benefits.1

Defining the Governance Model

Meeting
Stakeholder
Needs

Separate
Governance
from
Management

End to End
EMM Figure: COBIT 5 principles for

EMM Governance

COBIT 5
principles

Holistic
Approach

Single
Integrated
Framework.

1 Board Briefing on IT Governance, 2nd edition, IT Governance Institute, 2003.

COBIT 5 is an IT governance framework and supporting toolset that allows managers to bridge
the gap between control requirements, technical issues and business risks2. Its principles are
based upon the following:
1. Meeting Stakeholder Needs: The governance framework must meet the stakeholder needs
in terms of IT Business Strategic Alignment, Stakeholder engagement and scope of
planned portfolio of EMM programmes and services.
2. End-end Enterprise Coverage: The governance framework must take into account the
entire enterprise. In this case, the framework should entail the scale and scope of the
EMM project, its viability, the Workflow redesigning, the realized benefits, mapping of
IT value drivers to business value drivers.
3. Single Integrated Framework for a Holistic Approach: The framework should maintain a
standard approach for programme management, in this case the EMM project. It should
engage all stakeholders, initiate the programme, secure budget for the programme
maintain the programme, source and divert resources, launch execute and track progress
of the EMM implementation, supervise the rollout of EMM services, monitor and
control the EMM solution outcome based on defined metrics and manage EMM
implementation risks.
4. Separate Governance from Management: The governance framework should differentiat
the functions of the management body who indulge in Strategic, Tactical and Operational
tasks from the governance part which handles Oversight responsibilities (Evaluate, Direct
and Monitor) (generally the responsibility of Board of Directors)

Structure
Org. Design & Reporting
Structure

Committee Structure &

Oversight responsibilities
Board Oversight

Mgmt. accountability

Committee authority
& responsibility

2 http://www.isaca.org/knowledge-center/cobit/pages/overview.aspx
Infrastructure

Policies

Reporting &
communication

Technology

Figure: Proposed Governance Structure

The proposed governance structure is divided into 3 parts viz. (a) Structure, (b) Oversight
Responsibilities and (c) Infrastructure with each having their own stake holders and their defined
functions/accountabilities. The hierarchy is as given in the figure above.

Governance for EMM Soln. Implementation

Align, Plan and

Organize for EMM

Build Acquire and

Implement

Manage alignment to
Business Objectives
Manage Workflow
Design
Manage Devices
Manage EIA
Manage Portfolio
Manage Budget and
Costs
Manage HR
Manage Service
Agreements
Manage Content
Manage Quality
Manage Vendors
Manage Security
Manage Risk

Analyze
Requirements
Identify Solutions
Manage Resource
Availability
Manage Capacity
Manage Change
Acceptance
Manage Knowledge
Sharing
Acquire additional
Assets
Align Configuration
Manage plugins
Manage portals

Deliver, Service
and Support
Manage Operations
Institutionalize Incident
Resolution
Manage Business
Process Controls
Manage Change
Requests
Manage Disaster
Recovery
Manage Business
Continuity
Processes
Manage Integration
Manage Orchestration
Manage
Interoperability
Manage Transition and
Upgrades
Manage administration
and reporting

Figure: Detailed Governance Definition for EMM Solution Implementation

Monitor, Evaluate
and Assess

Define Key
Performance
Indicators and
Metrics
Monitor, evaluate
and assess
performance based
on KPIs
Manage, Evaluate
and Assess Data
Governance
compliance
Manage, Evaluate
and Assess Internal
Control
Manage, Evaluate
and Assess
compliance with
External regulations

Cost/Benefit analysis of Enterprise mobility management

Costs
The calculated cost factors of implementation on an Enterprise Mobility Management solution is
calculated by Total cost of Ownership. This includes but not limited to

Capital cost on servers, routers and gateways

Hosting costs on cloud services
Software Licensing cost (zero if we implement cloud solution)
Installation & set-up cost
Training & development cost
Support/Update cost
Maintenance cost

While some of these costs are fixed one-time payment costs (Installation & set-up cost), others
are recurring/variable costs like the maintenance cost or support cost which is charged on an
annual basis.
Benefits
Some of the benefits of implementing the EMM solution is improving communication, increased
collaboration and also enhanced productivity. Listed below are the financial benefits in terms of
cost or revenues

Better IT control, remote monitoring, configuration and deployment of apps.

Enhanced security management
Decrease in the amount of data breaches
Enhanced data protection, back-up and restoring capability
Improved productivity

Assumptions and data

Pre-Implementation cost estimations

No of employees of the company is 14000 (SA annual report 2014-15). Out of these 7000
were BYOD devices and the rest were proprietary devices provided by the vendor
Average cost of the devices is estimated to be $500
Denial-of-access calls cost $40 each and the frequency of cost incurred is once every 2
months/employee
The cost on IT security projects is $3 million/year
The data breaches accounted for a loss of $5million/year

Post-Implementation cost estimations

Project cost included Infrastructure cost & services cost. This amounted to $3.9
million/year

We forecasted a 90% reduction in the denial-of-access (help desk) cost

35% decrease in the project spending for IT security
Ongoing costs included $7/employee/month, $100/year for maintenance of 7000 devices
and fixed cost of $120000 for the mobility management apps

The discount rate was assumed to be 8%

Results
Cash flows
There was a huge capital investment in the year 0 of the project of around $3.9 million post
which the reduction in costs in data security, data breaches and lost calls brought positive cash
flows.

NPV, IRR and payback period

The net present value of the project $7.6 million

Internal rate of return was 42%
Payback period or break even period ~ 34 months

Results
5-year Horizon
Discount rate = 8%
NPV = 7619485.4

Assumptions
a) The Vendor shall provide a detailed proposal for (including but not limited to) the design,
supply, installation, testing, commissioning, maintenance and operation of the Enterprise
Mobility Management solution for the SIA Group.
b) Any increase in costs of production or in any other aspect may not be passed on to SIA
and/or its subsidiaries by way of an increase in the awarded price or a change in the
products and/or services to be provided.
c) Vendors may be required to maintain and support the application/product for an initial
contract term one (1) year with an option to extend it annually for the next two (2) years.
d) The appointment of vendor is done on 24th Feb'14 and the project needs to be
completed in 12 weeks from this date.
e) All title, ownership and other intellectual property rights in any software customization
and related documentation created or otherwise developed pursuant to this Tender vest in
SIA.
f) All cost assumptions are made in Singapore Dollars.
g) Vendors must have Non-Disclosure Agreement(s) with their contractors.
h) Consultants will attend the meeting as and when required.

Client Responsibilities
A mutual understanding is necessary between the Client and Vendor in order to achieve
successful completion of the project. SIA should provide support to the Vendor whenever
required.
Responsibilities:
1. Prepare and conduct Vendor meetings.
2. Review and support decision for the project scope.

3. Ensure quality and timeliness for the services.

4. Monitor all work to make sure that its been carried out in accordance.
5. Ensure the timely payment in each step of work.