©2004 - sogeti nederland b.v. beware … the controller is coming it-governance per unit? ton...

©2004 - Sogeti Nederland B.V.

Beware … The Controller is comingIT-Governance per unit?

Ton Dekkers

UKSMA October 2005, London

©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 2

Return on Investment

PROCESS outputinput

investment activitiesrequirements

return

€€ €


Business Case

Benefit Cost

• Cost Reduction

• Revenue up

• Effort [Size]

• Cost [Size]

• Performance

• New business

• Knowledge

• …

• Duration

• Software

• Risk


The Good News?

From the Standish report of 2003:

• Only 34% of software projects are successful

• 66% ended up in varying degrees of trouble

– 15% of projects are terminated

– 85% average over-run


Corporate Governance is a process,effected by an entity’s board of directors,management and others, applied in strategysetting and across the enterprise, designed toidentify potential events that may affect theentity, and manage risks to be within its riskappetite, to provide reasonable assuranceregarding the achievement of the objectives.

Corporate Governance


What Can Go Wrong?

© Ton Dekkers, 2004


A structure of relationships and processes

to direct and control the enterprise in order

to achieve the enterprise’s goals by adding value

while balancing risk versus return over

IT and its processes.

IT Governance

• Information Systems Audit and Control Association (ISACA)IT-Governance Institute

• Gartner

• …


CobiT©

Control

Objectives for

Information and related

Technology

business risks <> control needs <> technical issues

Guidance for:

• Management risks, budget

• Users security, control of “functionality”

• Auditors internal control, opinion / advise


Control Objectives

• Relation to peer group• Future position (Goals)

• Key Goal Indicators• Key Performance Indicators

• Goal Question Metrics (GQM)• Functional Size Measurement


CobiT© Framework


CobiT© Framework (detail) √√ √

software provision


Supported processes

N M N M

primary support secondary support

P05 manage investment √ √ PO09 assess risks √ √

P10 manage projects √ √ P011 manage quality √ √

AI02 acquire and maintain √ √ DS01 manage service levels √ √

AI06 manage changes √ √ M02 assess internal control √ √

DS02 manage third-party √ √ M04 provide for audit √ √

DS03 manage performance √ √

DS06 identify costs √ √

M01 monitor process √ √


Input – Process - Output

costs

effortmaterial

activities product

= price per unit x units

process outputinput


Metric “formula”

Project Delivery Rate (actual) effort / size

Speed of Delivery size / (actual) elapsed time

Defect Density number of defects (period) / size

Reliability hours fixing (period) / size

Price Performance costs / size

(Goal – Question) - Metric


Hours (& money)

The Measurement Model

size (risk) analysis

pdr

basic hours

influences+/- measures

Risks/opportunities

consequences

exp

internal

external


Risk Analysis / Mitigation

• Platform• Tools• Experience• Time pressure• Team Size• “Complexity”• “State of the Art”• …


ISO 14143 (1)

• Functional Size Measurement

The process of measuring Functional Size

• Functional Size

A size of the software derived by quantifying the Functional User Requirements

• Functional Size Measurement Method

A specific implementation of FSM defined by a set of rules, which conforms to

the mandatory features of ISO/IEC 14143 - part 1: A measure of the amount of

information processing required to be carried out by the software [‘what’ the

user wants the software to do, not ‘how’] and excludes the influence of

technical and quality requirements (ISO/IEC 9126).


ISO 14143 (2)

• Functional User Requirements

The representation of the ‘practices’ and ‘procedures’ the

software must support to fulfill user’s needs

• Base Functional Component

A defined category of elementary units recognized in FUR’s

defined and used by a FSM for measurement purposes


Certified Methods• Function Points Analysis - IFPUG

ISO 20926Counting Practices Manual 4.2 (January 2004)

• Function Points Analysis - NESMAISO 24570Counting Practices Manual 2.2 (November 2003)

• Mark II Function PointsISO 20968Counting Practices Manual 1.3.1 (September 1998)

• COSMIC Full Function PointsISO 19761Measurement Manual 2.2 (January 2003)


Function Point Analysis

Transactions

User

ei

eo

eq eif

ilf

Data


FPA: Rating (values)

Function points (fp) per component: • ILF 7, 10 or 15 fp• EIF 5, 7 or 10 fp• EI 3, 4 or 6 fp• EO 4, 5 or 7 fp

• EQ 3, 4 or 6 fp

Complexity types: Low, Average, High

FTR DET 1-5 6-19 >19 0-1 L(4) L(4) A(5) 2-3 L(4) A(5) H(7) >3 A(5) H(7) H(7)


FPA: counting example

Transaction TypeFTRDET

ComplexityScore

External Outputemployee, departmentd-name, e-name, e-dayofbirth

Low4 fp

Functional ProcessPrint birthday list (sorted by department)• Request HRM


Transactions

User

transient persistent

functional process

e w

x r

COSMIC Full Function Points

Data


CFFP: Rating (values)

All of the components are rated based upon:existence of (single) data groups

Scores per component:

• Entry 1 cfsu• eXit 1 cfsu • Read 1 cfsu• Write 1 cfsu

cfsu cosmic functional size unit


CFFP: counting example

Data Groupemployeedepartment

Data MovementsReadReadExitExitExit

Score

Data Elementse-name, e-dayofbirthd-name

employee [e-name, e-dayofbirth]department [d-name] employee [e-name, e-dayofbirth]department [d-name]messages

5 cfsu

Functional ProcessPrint birthday list (sorted by department)• Request HRM


Scope Management

• Fixed costs rather than fixed price

• Budget control: Price per unit

• Requirements (Functionality): expressed in units

• Priority: Units versus budget (in units)

• Scope creep: Scope {Manager / Surveyor / Consultant}

CobiT: PO05, PO10, AI02, AI06, DS02, DS03, DS06, M01

SouthernSCOPE, Evolutionary Project Management


Service Level Agreement

• Price agreements on service

• Service: some expressed in units or units related

• Budget: price per units (per service)

• Supplier selection: based on performance

CobiT: PO05, PO10, AI02, AI06, DS03, DS06, DS09, DS01


Outsourcing - Situation

• RelationCustomer (Utility Company) Supplier (Computer Services)

• Activities System support (enhancement / help desk)

• Object of interestContract (SLA)


Outsourcing - Benefits

• ControllabilitySize Prioritizing

• Value for moneyProductivity: transparent, consistent

• CostsMaintenance costs 10%

• (Customer) Satisfaction (Budget Functionality Delivery)

CobiT: PO05, PO10, AI02, AI06, DS02, DS06, PO09, DS01


Sizing, Estimating & Control

ManagedDelivery

Bidmgt

Contractmgt

ProjectOffice

SEC

Estimating & Performance measurement

‘E-street’Developm.Center(s)

GlobalSourcing


SIESTA 1.2

SIESTA (SIzing and ESTimating Application)

Current: version 1.2.2‘Freeware’: part of services / promotion

Multi-lingual:- Dutch- English- German- French- Italian- Spanish

Supports mostISO 14143 basedmethods


Conclusions

• Quantitative Project Management ≠ IT Governance

• Performance Measurement ≠ IT Governance

• CobiT® is a framework for IT Governance

• Performance Measurement supports CobiT

IT Governance requires Performance Measurement

The Controller will demand Performance Measurement


Q & A

Questions !!! & Answers ???

Q & A

[email protected] # www.sogeti.nl/sec-uk

Thank you for your attention

©2004 - sogeti nederland b.v. beware … the controller is coming it-governance per unit? ton...

Documents