at the Department of Education. Welcome, Nathan. NATHAN MORELLI: Thanks for having me. ANTON JORDAAN: Pleasure. Maybe we could start by you giving us a bit of very brief background of your role in the ICT assurance area. NATHAN MORELLI: Yes. So our team's role is to help the Department of Education Child Develop manage ICT-related risk. That's risk for both our corporate teams and for our schools, and our preschool teams as well. ANTON JORDAAN: OK. So I guess you guys get involved in many projects within the schools and high schools, primary schools, and so forth. So if we bring it into a project context, when you set out with a new project, you're at the initiation stage of the project, you'd be involved in identifying risks, would you? You'd be part of a team or perhaps lead a team? NATHAN MORELLI: Yeah. Our team's role is to be part of that team from early on. We actually really engage with the biggest projects really early on in terms of helping them identify ICT-related risk and how we can help them track their risk registers and help them shape their risk management plans as well throughout the projects. ANTON JORDAAN: OK so let's zoom in to the risk identification stage, I think. So with our students, we've gone through risk identification as a concept and how to go about it. But I think what we'd like to hear from you is, practically, how do you guys go about ensuring that you pick a broad set of risks in your projects at the really early initiation stage of the project? NATHAN MORELLI: Yeah. I think it's really important for us to be involved almost during project scoping as well so we can help understand the purpose of the project and the deliverables it's trying to achieve for the business, and what the organisation is trying to achieve from the project. So then we can have a really good understanding of the goals of the project, so then we can understand the IT-related risks for them. So we may sit with the project teams in their scoping meetings or how they're dealing with the business. We might sit in those meetings so we've got that really good understanding so then we can start identifying the risks when we come down to meeting with the teams, and helping them set up their risk registers. So one of the ways that's worked really well at the department and in my previous work places is that we have risk workshops with, both the project and the business people involved, where we might take the lead on identifying risks associated with delivery of the project and what it's trying to deliver for the business, and those risk workshops, in being a risk specialist, you try and tease out of the business and the project team, how they're going to deliver the project, what they're trying to achieve, and then work out the risk areas that might impact the successful delivery of the project and the business objectives. You might use some frameworks and try and incorporate that into your conversations with the business. You might try and consider not only technology risks as well when you've got an IT-based project. There's a lot of technical people on the project, and they quite often only focus on technical risks and availability of servers or other IT resources. But there's more than that. There's the political, there's the economical, the social and the legal risks, so we will try and tease out of the business and the project representatives in a risk workshop. If you're talking about legal risks, you want to talk about some of the contractual risks that might be involved with the project, especially if you're procuring a software. You might try and talk about some of the security risks as well, from a technical perspective and the frameworks that they might align to throughout the project, and try and identify those risks that you need to make sure that you're managing throughout the project's lifecycle. ANTON JORDAAN: Just getting back to your risk workshops that you were holding, would you be involving the client in those workshops in terms of the risk identification? NATHAN MORELLI: Yeah, definitely. We try and include as many of the key stakeholders as possible, because that way we get as many perspectives on the project and the requirements for the project, and where it's trying to get to. So then we can identify as many risks as possible. The more people you have in the room that know about what's getting done and how it's going to be done, the better you are going to be at identifying the risks, and identifying potential management strategies for them, and also identifying the controls they have already thought of, they're already putting in place, so you can document them and help the team manage the risk. ANTON JORDAAN: So in this collective workshop, how do we ensure that we get a good spread of risks? And do you guys give consideration, perhaps, to bring people into the workshop which may not be involved in a particular project, but bringing them in purely to draw off their past experience, perhaps, of similar projects? So do you actually make a conscious point of doing that? NATHAN MORELLI: Yeah, we definitely have some of the most successful workshops that we've run have had representatives from our internal audit and risk team, our internal procurement team, and also anybody who's been involved in similar-sized projects before so they can impart those learnings to that project, and we can have the most effective risk management that we possibly could. Bringing in other internal resources that know how the department does things or how the business already does things really helps in identifying the existing risk management strategies and controls that we already have in place to manage a lot of the risks that you're talking about as a project and business team. Having those people involved is really critical to making sure that it's a successful workshop. ANTON JORDAAN: Good. OK. So you make sure you capture the learnings from previous projects, which is a weakness in many organisations that we don't see that being carried through... end up making the same sort of mistakes. So just to wrap up the bit around the identification of the risks, would you make use of brainstorming or this type of methodology during such a session to make sure you get a broad spectrum of risks represented? Or just, perhaps, share with us how you ensure, as you referenced, it's not just technical, which is the sort of game that you're in to make sure that the risks, beyond the technical risks, are identified as well. NATHAN MORELLI: So our approach probably depends a lot on the people in the room. We try and adapt that approach depending upon people in the room, but generally, being the risk professional in the room, you've kind of got to lead them a little bit. So you've really got to draw on that past experience and draw on those other people in the room to pull out examples from previous projects or examples that you already know of that can prompt that discussion and that thought about oh, how can I apply those risks to my own project? So you've really got to draw on that past experience... and that kind of creates that brainstorming-like discussion. ANTON JORDAAN: OK. That free environment for people to jump in... NATHAN MORELLI: ...to jump in. ANTON JORDAAN: Unstructured and it's... NATHAN MORELLI: Yeah. I think it's really important when you're having those conversations to let people have, either that time to think, or that time to talk through it in that open environment with people who understand where they are trying to go. And that really helps you understand the true risks, and not just the generic... I've picked that up, I've picked this up as I know this is a risk to major projects. You really start drawing upon the business-specific risks and the specific risks delivered to that project. ANTON JORDAAN: Right.
Civitas Academica of English Education and Stakeholders’ Un-derstanding of Vision, Missions, Goals, and Targets of English Education Department at IAIN Bukittinggi in Year 2018 by : Melyann Melani, Febria Sri Artika, Ayu Noviasari