©2004 - sogeti nederland b.v. beware … the controller is coming it-governance per unit? ton...
TRANSCRIPT
©2004 - Sogeti Nederland B.V.
Beware … The Controller is comingIT-Governance per unit?
Ton Dekkers
UKSMA October 2005, London
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 2
Return on Investment
PROCESS outputinput
investment activitiesrequirements
return
€€ €
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 3
Business Case
Benefit Cost
• Cost Reduction
• Revenue up
• Effort [Size]
• Cost [Size]
• Performance
• New business
• Knowledge
• …
• Duration
• Software
• Risk
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 4
The Good News?
From the Standish report of 2003:
• Only 34% of software projects are successful
• 66% ended up in varying degrees of trouble
– 15% of projects are terminated
– 85% average over-run
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 5
Corporate Governance is a process,effected by an entity’s board of directors,management and others, applied in strategysetting and across the enterprise, designed toidentify potential events that may affect theentity, and manage risks to be within its riskappetite, to provide reasonable assuranceregarding the achievement of the objectives.
Corporate Governance
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 6
What Can Go Wrong?
© Ton Dekkers, 2004
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 7
A structure of relationships and processes
to direct and control the enterprise in order
to achieve the enterprise’s goals by adding value
while balancing risk versus return over
IT and its processes.
IT Governance
• Information Systems Audit and Control Association (ISACA)IT-Governance Institute
• Gartner
• …
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 8
CobiT©
Control
Objectives for
Information and related
Technology
business risks <> control needs <> technical issues
Guidance for:
• Management risks, budget
• Users security, control of “functionality”
• Auditors internal control, opinion / advise
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 9
Control Objectives
• Relation to peer group• Future position (Goals)
• Key Goal Indicators• Key Performance Indicators
• Goal Question Metrics (GQM)• Functional Size Measurement
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 10
CobiT© Framework
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 11
CobiT© Framework (detail) √√ √
software provision
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 12
Supported processes
N M N M
primary support secondary support
P05 manage investment √ √ PO09 assess risks √ √
P10 manage projects √ √ P011 manage quality √ √
AI02 acquire and maintain √ √ DS01 manage service levels √ √
AI06 manage changes √ √ M02 assess internal control √ √
DS02 manage third-party √ √ M04 provide for audit √ √
DS03 manage performance √ √
DS06 identify costs √ √
M01 monitor process √ √
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 13
Input – Process - Output
costs
effortmaterial
activities product
= price per unit x units
process outputinput
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 14
Metric “formula”
Project Delivery Rate (actual) effort / size
Speed of Delivery size / (actual) elapsed time
Defect Density number of defects (period) / size
Reliability hours fixing (period) / size
Price Performance costs / size
(Goal – Question) - Metric
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 15
Hours (& money)
The Measurement Model
size (risk) analysis
pdr
basic hours
influences+/- measures
Risks/opportunities
consequences
exp
internal
external
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 16
Risk Analysis / Mitigation
• Platform• Tools• Experience• Time pressure• Team Size• “Complexity”• “State of the Art”• …
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 17
ISO 14143 (1)
• Functional Size Measurement
The process of measuring Functional Size
• Functional Size
A size of the software derived by quantifying the Functional User Requirements
• Functional Size Measurement Method
A specific implementation of FSM defined by a set of rules, which conforms to
the mandatory features of ISO/IEC 14143 - part 1: A measure of the amount of
information processing required to be carried out by the software [‘what’ the
user wants the software to do, not ‘how’] and excludes the influence of
technical and quality requirements (ISO/IEC 9126).
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 18
ISO 14143 (2)
• Functional User Requirements
The representation of the ‘practices’ and ‘procedures’ the
software must support to fulfill user’s needs
• Base Functional Component
A defined category of elementary units recognized in FUR’s
defined and used by a FSM for measurement purposes
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 19
Certified Methods• Function Points Analysis - IFPUG
ISO 20926Counting Practices Manual 4.2 (January 2004)
• Function Points Analysis - NESMAISO 24570Counting Practices Manual 2.2 (November 2003)
• Mark II Function PointsISO 20968Counting Practices Manual 1.3.1 (September 1998)
• COSMIC Full Function PointsISO 19761Measurement Manual 2.2 (January 2003)
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 20
Function Point Analysis
Transactions
User
ei
eo
eq eif
ilf
Data
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 21
FPA: Rating (values)
Function points (fp) per component: • ILF 7, 10 or 15 fp• EIF 5, 7 or 10 fp• EI 3, 4 or 6 fp• EO 4, 5 or 7 fp
• EQ 3, 4 or 6 fp
Complexity types: Low, Average, High
FTR DET 1-5 6-19 >19 0-1 L(4) L(4) A(5) 2-3 L(4) A(5) H(7) >3 A(5) H(7) H(7)
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 22
FPA: counting example
Transaction TypeFTRDET
ComplexityScore
External Outputemployee, departmentd-name, e-name, e-dayofbirth
Low4 fp
Functional ProcessPrint birthday list (sorted by department)• Request HRM
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 23
Transactions
User
transient persistent
functional process
e w
x r
COSMIC Full Function Points
Data
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 24
CFFP: Rating (values)
All of the components are rated based upon:existence of (single) data groups
Scores per component:
• Entry 1 cfsu• eXit 1 cfsu • Read 1 cfsu• Write 1 cfsu
cfsu cosmic functional size unit
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 25
CFFP: counting example
Data Groupemployeedepartment
Data MovementsReadReadExitExitExit
Score
Data Elementse-name, e-dayofbirthd-name
employee [e-name, e-dayofbirth]department [d-name] employee [e-name, e-dayofbirth]department [d-name]messages
5 cfsu
Functional ProcessPrint birthday list (sorted by department)• Request HRM
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 26
Scope Management
• Fixed costs rather than fixed price
• Budget control: Price per unit
• Requirements (Functionality): expressed in units
• Priority: Units versus budget (in units)
• Scope creep: Scope {Manager / Surveyor / Consultant}
CobiT: PO05, PO10, AI02, AI06, DS02, DS03, DS06, M01
SouthernSCOPE, Evolutionary Project Management
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 27
Service Level Agreement
• Price agreements on service
• Service: some expressed in units or units related
• Budget: price per units (per service)
• Supplier selection: based on performance
CobiT: PO05, PO10, AI02, AI06, DS03, DS06, DS09, DS01
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 28
Outsourcing - Situation
• RelationCustomer (Utility Company) Supplier (Computer Services)
• Activities System support (enhancement / help desk)
• Object of interestContract (SLA)
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 29
Outsourcing - Benefits
• ControllabilitySize Prioritizing
• Value for moneyProductivity: transparent, consistent
• CostsMaintenance costs 10%
• (Customer) Satisfaction (Budget Functionality Delivery)
CobiT: PO05, PO10, AI02, AI06, DS02, DS06, PO09, DS01
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 30
Sizing, Estimating & Control
ManagedDelivery
Bidmgt
Contractmgt
ProjectOffice
SEC
Estimating & Performance measurement
‘E-street’Developm.Center(s)
GlobalSourcing
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 31
SIESTA 1.2
SIESTA (SIzing and ESTimating Application)
Current: version 1.2.2‘Freeware’: part of services / promotion
Multi-lingual:- Dutch- English- German- French- Italian- Spanish
Supports mostISO 14143 basedmethods
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 32
Conclusions
• Quantitative Project Management ≠ IT Governance
• Performance Measurement ≠ IT Governance
• CobiT® is a framework for IT Governance
• Performance Measurement supports CobiT
IT Governance requires Performance Measurement
The Controller will demand Performance Measurement
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control 33
Q & A
Questions !!! & Answers ???
Q & A
[email protected] # www.sogeti.nl/sec-uk
Thank you for your attention