©2004 - sogeti nederland b.v. beware … the controller is coming it-governance per unit? ton...

Beware … The Controller is comingIT-Governance per unit?

Ton Dekkers

UKSMA October 2005, London

Return on Investment

PROCESS outputinput

investment activitiesrequirements

return

€€ €

Business Case

Benefit Cost

• Cost Reduction

• Revenue up

• Effort [Size]

• Cost [Size]

• Performance

• New business

• Knowledge

• …

• Duration

• Software

• Risk

The Good News?

From the Standish report of 2003:

• Only 34% of software projects are successful

• 66% ended up in varying degrees of trouble

– 15% of projects are terminated

– 85% average over-run

Corporate Governance is a process,effected by an entity’s board of directors,management and others, applied in strategysetting and across the enterprise, designed toidentify potential events that may affect theentity, and manage risks to be within its riskappetite, to provide reasonable assuranceregarding the achievement of the objectives.

Corporate Governance

What Can Go Wrong?

A structure of relationships and processes

to direct and control the enterprise in order

to achieve the enterprise’s goals by adding value

while balancing risk versus return over

IT and its processes.

IT Governance

• Information Systems Audit and Control Association (ISACA)IT-Governance Institute

• Gartner

• …

CobiT©

Control

Objectives for

Information and related

Technology

business risks <> control needs <> technical issues

Guidance for:

• Management risks, budget

• Users security, control of “functionality”

• Auditors internal control, opinion / advise

Control Objectives

• Relation to peer group• Future position (Goals)

• Key Goal Indicators• Key Performance Indicators

• Goal Question Metrics (GQM)• Functional Size Measurement

CobiT© Framework

CobiT© Framework (detail) √√ √

software provision

Supported processes

N M N M

primary support secondary support

P05 manage investment √ √ PO09 assess risks √ √

P10 manage projects √ √ P011 manage quality √ √

AI02 acquire and maintain √ √ DS01 manage service levels √ √

AI06 manage changes √ √ M02 assess internal control √ √

DS02 manage third-party √ √ M04 provide for audit √ √

DS03 manage performance √ √

DS06 identify costs √ √

M01 monitor process √ √

Input – Process - Output

effortmaterial

activities product

= price per unit x units

process outputinput

Metric “formula”

Project Delivery Rate (actual) effort / size

Speed of Delivery size / (actual) elapsed time

Defect Density number of defects (period) / size

Reliability hours fixing (period) / size

Price Performance costs / size

(Goal – Question) - Metric

Hours (& money)

The Measurement Model

size (risk) analysis

basic hours

influences+/- measures

Risks/opportunities

consequences

internal

external

Risk Analysis / Mitigation

• Platform• Tools• Experience• Time pressure• Team Size• “Complexity”• “State of the Art”• …

ISO 14143 (1)

• Functional Size Measurement

The process of measuring Functional Size

• Functional Size

A size of the software derived by quantifying the Functional User Requirements

• Functional Size Measurement Method

A specific implementation of FSM defined by a set of rules, which conforms to

the mandatory features of ISO/IEC 14143 - part 1: A measure of the amount of

information processing required to be carried out by the software [‘what’ the

user wants the software to do, not ‘how’] and excludes the influence of

technical and quality requirements (ISO/IEC 9126).

ISO 14143 (2)

• Functional User Requirements

The representation of the ‘practices’ and ‘procedures’ the

software must support to fulfill user’s needs

• Base Functional Component

A defined category of elementary units recognized in FUR’s

defined and used by a FSM for measurement purposes

Certified Methods• Function Points Analysis - IFPUG

ISO 20926Counting Practices Manual 4.2 (January 2004)

• Function Points Analysis - NESMAISO 24570Counting Practices Manual 2.2 (November 2003)

• Mark II Function PointsISO 20968Counting Practices Manual 1.3.1 (September 1998)

• COSMIC Full Function PointsISO 19761Measurement Manual 2.2 (January 2003)

Function Point Analysis

Transactions

eq eif

FPA: Rating (values)

Function points (fp) per component: • ILF 7, 10 or 15 fp• EIF 5, 7 or 10 fp• EI 3, 4 or 6 fp• EO 4, 5 or 7 fp

• EQ 3, 4 or 6 fp

Complexity types: Low, Average, High

FTR DET 1-5 6-19 >19 0-1 L(4) L(4) A(5) 2-3 L(4) A(5) H(7) >3 A(5) H(7) H(7)

FPA: counting example

Transaction TypeFTRDET

ComplexityScore

External Outputemployee, departmentd-name, e-name, e-dayofbirth

Low4 fp

Functional ProcessPrint birthday list (sorted by department)• Request HRM

Transactions

transient persistent

functional process

COSMIC Full Function Points

CFFP: Rating (values)

All of the components are rated based upon:existence of (single) data groups

Scores per component:

• Entry 1 cfsu• eXit 1 cfsu • Read 1 cfsu• Write 1 cfsu

cfsu cosmic functional size unit

CFFP: counting example

Data Groupemployeedepartment

Data MovementsReadReadExitExitExit

Data Elementse-name, e-dayofbirthd-name

employee [e-name, e-dayofbirth]department [d-name] employee [e-name, e-dayofbirth]department [d-name]messages

5 cfsu

Functional ProcessPrint birthday list (sorted by department)• Request HRM

Scope Management

• Fixed costs rather than fixed price

• Budget control: Price per unit

• Requirements (Functionality): expressed in units

• Priority: Units versus budget (in units)

• Scope creep: Scope {Manager / Surveyor / Consultant}

CobiT: PO05, PO10, AI02, AI06, DS02, DS03, DS06, M01

SouthernSCOPE, Evolutionary Project Management

Service Level Agreement

• Price agreements on service

• Service: some expressed in units or units related

• Budget: price per units (per service)

• Supplier selection: based on performance

CobiT: PO05, PO10, AI02, AI06, DS03, DS06, DS09, DS01

Outsourcing - Situation

• RelationCustomer (Utility Company) Supplier (Computer Services)

• Activities System support (enhancement / help desk)

• Object of interestContract (SLA)

Outsourcing - Benefits

• ControllabilitySize Prioritizing

• Value for moneyProductivity: transparent, consistent

• CostsMaintenance costs 10%

• (Customer) Satisfaction (Budget Functionality Delivery)

CobiT: PO05, PO10, AI02, AI06, DS02, DS06, PO09, DS01

Sizing, Estimating & Control

ManagedDelivery

Bidmgt

Contractmgt

ProjectOffice

Estimating & Performance measurement

‘E-street’Developm.Center(s)

GlobalSourcing

SIESTA 1.2

SIESTA (SIzing and ESTimating Application)

Current: version 1.2.2‘Freeware’: part of services / promotion

Multi-lingual:- Dutch- English- German- French- Italian- Spanish

Supports mostISO 14143 basedmethods

Conclusions

• Quantitative Project Management ≠ IT Governance

• Performance Measurement ≠ IT Governance

• CobiT® is a framework for IT Governance

• Performance Measurement supports CobiT

IT Governance requires Performance Measurement

The Controller will demand Performance Measurement

Questions !!! & Answers ???

ton.dekkers@sogeti.nl # www.sogeti.nl/sec-uk

Thank you for your attention

©2004 - sogeti nederland b.v. beware … the controller is coming it-governance per unit? ton...

Documents

infographic sogeti empatic things

paul dekkers m005

sogeti finances ii

© sogeti sogeti-microsoft alliance getting started with...

sogeti usa overview presentation

#dfb2b 2015 - marlene dekkers, thought leadership b2b...

merkanalyse marlies dekkers

gamification sogeti-toulouse

marlies dekkers vs sapph (-30 days)

sogeti on big data creating clarity - report 1-4 on big data...

sogeti week mobile

masterclass dr dekkers

gamification sogeti-workshop

sogeti brochure

marlies dekkers vs sapph

dekkers blup paper

sogeti altair user conf sogeti 20091102

jack c. m. dekkers - ans.iastate.edu vitae j.c.m. dekkers 1...

2014 sogeti netherlands - libreoffice community

dekkers, t. - software estimation – the next level