IT Governance
Download
Report
Transcript IT Governance
Beware … The Controller is coming
IT-Governance per unit?
Ton Dekkers
©2004 - Sogeti
Nederland
B.V.
UKSMA
October
2005,
London
Return on Investment
investment
input
activities
requirements
PROCESS
€
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
return
output
€€
2
Business Case
Benefit
Cost
• Cost Reduction
• Effort [Size]
• Revenue up
• Cost [Size]
• Performance
• Duration
• New business
• Software
• Knowledge
• Risk
•…
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
3
The Good News?
From the Standish report of 2003:
• Only 34% of software projects are successful
• 66% ended up in varying degrees of trouble
– 15% of projects are terminated
– 85% average over-run
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
4
Corporate Governance
Corporate Governance is a process,
effected by an entity’s board of directors,
management and others, applied in strategy
setting and across the enterprise, designed to
identify potential events that may affect the
entity, and manage risks to be within its risk
appetite, to provide reasonable assurance
regarding the achievement of the objectives.
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
5
What Can Go Wrong?
© Ton Dekkers, 2004
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
6
IT Governance
A structure of relationships and processes
to direct and control the enterprise in order
to achieve the enterprise’s goals by adding value
while balancing risk versus return over
IT and its processes.
• Information Systems Audit and Control Association (ISACA)
IT-Governance Institute
• Gartner
• …
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
7
CobiT©
Control
Objectives for
Information and related
Technology
business risks <> control needs <> technical issues
Guidance for:
• Management
risks, budget
• Users
security, control of “functionality”
• Auditors
internal control, opinion / advise
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
8
Control Objectives
• Relation to peer group
• Future position (Goals)
• Key Goal Indicators
• Key Performance Indicators
• Goal Question Metrics (GQM)
• Functional Size Measurement
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
9
CobiT© Framework
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
10
CobiT© Framework (detail)
√√
√
software provision
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
11
Supported processes
N M
primary support
N M
secondary support
P05
manage investment
√ √ PO09 assess risks
√ √
P10
manage projects
√ √ P011
√ √
AI02
acquire and maintain
√ √ DS01 manage service levels
√ √
AI06
manage changes
√ √ M02
assess internal control
√ √
DS02 manage third-party
√ √ M04
provide for audit
√ √
DS03 manage performance
√ √
DS06 identify costs
√ √
M01
√ √
monitor process
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
manage quality
12
Input – Process - Output
effort
material
activities
input
costs
product
process
=
price per unit
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
output
x
units
13
(Goal – Question) - Metric
Metric
“formula”
Project Delivery Rate (actual) effort / size
Speed of Delivery
size / (actual) elapsed time
Defect Density
number of defects (period) / size
Reliability
hours fixing (period) / size
Price Performance
costs / size
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
14
The Measurement Model
internal
size
exp
(risk) analysis
pdr
Risks/
opportunities
basic hours
external
+/-
measures
influences
consequences
Hours
(& money)
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
15
Risk Analysis / Mitigation
•
•
•
•
•
•
•
•
Platform
Tools
Experience
Time pressure
Team Size
“Complexity”
“State of the Art”
…
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
16
ISO 14143 (1)
• Functional Size Measurement
The process of measuring Functional Size
• Functional Size
A size of the software derived by quantifying the Functional
User Requirements
• Functional Size Measurement Method
A specific implementation of FSM defined by a set of rules,
which conforms to the mandatory features of ISO/IEC
14143 - part 1: A measure of the amount of information
processing required to be carried out by the software
[‘what’ the user wants the software to do, not ‘how’] and
excludes the influence of technical and quality
requirements (ISO/IEC 9126).
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
17
ISO 14143 (2)
• Functional User Requirements
The representation of the ‘practices’ and ‘procedures’ the
software must support to fulfill user’s needs
• Base Functional Component
A defined category of elementary units recognized in FUR’s
defined and used by a FSM for measurement purposes
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
18
Certified Methods
• Function Points Analysis - IFPUG
ISO 20926
Counting Practices Manual 4.2 (January 2004)
• Function Points Analysis - NESMA
ISO 24570
Counting Practices Manual 2.2 (November 2003)
• Mark II Function Points
ISO 20968
Counting Practices Manual 1.3.1 (September 1998)
• COSMIC Full Function Points
ISO 19761
Measurement Manual 2.2 (January 2003)
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
19
Function Point Analysis
User
Transactions
Data
ei
ilf
eo
eq
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
eif
20
FPA: Rating (values)
Complexity types:
Low, Average, High
Function points (fp) per component:
• ILF
7, 10 or 15 fp
• EIF
5, 7 or 10 fp
• EI
3, 4 or 6 fp
• EO
4, 5 or 7 fp
FTR
0-1
2-3
>3
•
EQ
DET
1-5
L(4)
L(4)
A(5)
6-19
L(4)
A(5)
H(7)
>19
A(5)
H(7)
H(7)
3, 4 or 6 fp
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
21
FPA: counting example
Functional Process
Print birthday list (sorted by department)
• Request HRM
Transaction Type
External Output
FTR
DET
employee, department
d-name, e-name, e-dayofbirth
Complexity
Score
Low
4 fp
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
22
COSMIC Full Function Points
User
Data
Transactions
e
transient
w
x
r
persistent
functional
process
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
23
CFFP: Rating (values)
All of the components are rated based upon:
existence of (single) data groups
Scores per component:
•
•
•
•
Entry
eXit
Read
Write
cfsu
1
1
1
1
cfsu
cfsu
cfsu
cfsu
cosmic functional size unit
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
24
CFFP: counting example
Functional Process
Print birthday list (sorted by department)
• Request HRM
Data Group
Data Elements
employee
department
e-name, e-dayofbirth
d-name
Data Movements
Read
Read
Exit
Exit
Exit
employee [e-name, e-dayofbirth]
department [d-name]
employee [e-name, e-dayofbirth]
department [d-name]
messages
Score
5 cfsu
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
25
Scope Management
• Fixed costs rather than fixed price
• Budget control: Price per unit
• Requirements (Functionality): expressed in units
• Priority: Units versus budget (in units)
• Scope creep: Scope {Manager / Surveyor /
Consultant}
CobiT: PO05, PO10, AI02, AI06, DS02, DS03, DS06, M01
SouthernSCOPE, Evolutionary Project Management
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
26
Service Level Agreement
• Price agreements on service
• Service: some expressed in units or units related
• Budget: price per units (per service)
• Supplier selection: based on performance
CobiT: PO05, PO10, AI02, AI06, DS03, DS06, DS09, DS01
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
27
Outsourcing - Situation
• Relation
Customer (Utility Company) Supplier
(Computer Services)
• Activities
System support (enhancement / help desk)
• Object of interest
Contract (SLA)
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
28
Outsourcing - Benefits
• Controllability
Size Prioritizing
• Value for money
Productivity: transparent, consistent
• Costs
Maintenance costs 10%
• (Customer) Satisfaction
(Budget Functionality Delivery)
CobiT: PO05, PO10, AI02, AI06, DS02, DS06, PO09, DS01
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
29
Sizing, Estimating & Control
Managed
Delivery
Global
Sourcing
Project
Office
Bid
mgt
SEC
Contract
mgt
Developm.
Center(s)
‘E-street’
Estimating & Performance measurement
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
30
SIESTA 1.2
SIESTA
(SIzing and ESTimating Application)
Multi-lingual:
- Dutch
- English
- German
- French
- Italian
- Spanish
Current: version 1.2.2
‘Freeware’: part of services / promotion
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
Supports most
ISO 14143 based
methods
31
Conclusions
• Quantitative Project Management ≠ IT Governance
• Performance Measurement ≠ IT Governance
• CobiT® is a framework for IT Governance
• Performance Measurement supports CobiT
IT Governance requires Performance Measurement
The Controller will demand Performance Measurement
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
32
Q&A
Q&A
Thank
you!!!
for& your
attention
Questions
Answers
???
[email protected] # www.sogeti.nl/sec-uk
©2005 - Sogeti Nederland B.V., Sizing Estimating & Control
33