cmmi « WordPress.com Tag Feed

Getting Started In Risk Management

zenkara — Wed, 23 Dec 2009 06:46:56 +0000

A client recently described an interesting situation – she had purchasing the new ISO31000 risk management standard, she had done the training with her team, conducted a risk identification and assessment workshop, and done the analysis and prioritization. Yet no one seemed to be managing risks – they were something off to the side that people occasionally looked at.

What else could she do?

Risk management is one of the more overused, misunderstood and abused terms in project management these day. There is a large body of work on risk management and a plethora of material available on the web to be used.

Yet many projects do not manage risk well. They record their risks, identify the mitigations/treatments and review them during the project. But for all of their planning, obvious risks seem to slip through the cracks.

Here are a few ideas that we can use:

Make sure everyone has a common understanding of what constitutes a risk, what constitutes an issue, and the difference between risks/issues and consequences/impacts. This may seem trivial but different organisations have difference definitions of risk e.g. “Only risks that we can influence”, “don’t include dependencies or constraints”, “the person who raises a risk deals with it”, ad infinitum

Keep it simple – have 3 ratings – negligible, moderate, project-killer – and review against schedule, scope, cost, technical and people. Don’t have 5 ratings as it doesn’t really add value. And don’t have percentages as they are disguising a subjective guess with a number that makes it look quantitatively managed.

When introducing risks, don’t argue over the wording or structure – just make it understandable to stakeholders

Focus on mitigation/treatment actions. These are the most critical component so you must make sure that every action has someone assigned and they understand the action and the deadline and that these actions are done just like any other project task. Very often risk mitigations are seen as distinct and are reported separately. No wonder they’re not afforded the appropriate focus. Out of sight, out of mind. Out of mind, out of time…

Set the bar lower to start, then as project management practices mature, you can be stricter when it comes to wording, ratings, severity etc.

Traceability: A Radical Approach Part 4

tcagley — Sun, 20 Dec 2009 00:29:02 +0000

Well as I noted I am catching up. I will have the rest of the article up then I will push a PDF version out.

Complexity:

The second component, complexity, is a measure of the number of properties of a project that are judged to be outside of the norm. The applicable norm is relative to the person or group making the judgment. Assessing the team’s understanding of complexity is important because when a person or group perceives something to be complex they act differently. The concept of complexity can be decomposed into many individual components, for this model the technical components of complexity will be appraised in this category. The people or team driven attributes of complexity are dealt with in the user involvement section (above). Higher levels of complexity are an important reason for pursuing traceability because complexity decreases the ability of a person to hold a consistent understanding of the problem and solution in their mind. There are just too many moving parts. The inability to develop and hold an understanding in the forefront of your mind increases the need to document understandings and issues to improve consistency.

The model assesses technical complexity by evaluating the following factors:

1.   The project is the size you are used to doing
2.   There is a single manager or right sized management
3.   The technology is well known to the team
4.   The business problem(s) is well understood
5.   The degree of technical difficulty is normal or less
6.   The requirements are stable (ish)
7.   The project management constraints are minor
8.   The architectural impact is minimal
9.   The IT Staff perceives the impact to be minimal

As with customer involvement, the assessment process for complexity uses a simple yes or no scale for rating each of the factors. Each factor will require some degree of discussion and introspection to arrive at an answer. An overall assessment tip: A maybe is equivalent to a ‘no’. Remember that there is no prize for under or over-estimating the impact of these variables, value is only gained through an honest self-evaluation.

Project is normal size: The size of the project is a direct contributor to complexity; all things being equal, a larger than usual project will require more coordination, communication and interaction than a smaller project. A common error when considering size of project is to use cost as a proxy. Size is not the same thing as cost. I suggest estimating the size of the project using standard functional size metrics. Assessment Tip: Organizations with a baseline will be able to statistically determine the point where size causes a shift in productivity. The shift is a sign post for where complexity begins to weigh on the processes being used. In organizations without a baseline, develop and use a rule of thumb. Consider using the rule that ‘if it is bigger than anything you have done before’ or the corollary ‘the same size as your biggest project’ as rules of thumb. These equate to an ‘N’ rating.

Single Manager/Right Sized Management: There is an old saying ‘too many cooks in the kitchen spoil the broth’. A cadre of managers supporting a single project can fit the ‘too many cooks’ bill. While it is equally true that a large project will require more than one manager or leader it is important to understand the implications that the number of managers and leaders will have on a project. Having the right number of managers and leaders can smooth out issues that are discovered, assemble and provide status without impacting the team dynamic while providing feedback to team members. Having the wrong number of managers will gum up the works of project (measure the ratio of meeting time to a standard eight hour day anything over 25% is sign to closely check the level of management communication overhead). The additional layers of communication and coordination are the downside of a project with multiple managers (it is easy for a single manager to communicate with himself or herself). One of the most important lessons to be gleaned from the agile movement is that communication is critical (and this leads to the conclusion that communication difficulties may trump benefits) and that any process that gets in the way of communication should be carefully evaluated before they are implemented. A larger communication web will need to be traversed with every manager added to the structure, which will require more formal techniques to ensure consistent and effective communication. Assessment Tip: Projects with more than five managers and leaders or a worker to manager ratio lower than 8 workers to one manager/leader (with more than one manager) should assess this attribute as an ‘N’.

Well Known Technology: The introduction of a technology that is unfamiliar to the project team will require more coordination and interaction. While the introduction of one or two hired guns into a group with experience is a good step to ameliorate the impact, it may not be sufficient (and may complicate communication in its own right). I would suggest that until all relevant team members surmounts the learning curve; new technologies will require more formal communication patterns. Assessment Tip: If less than 50% of the project team has not worked with a technology on previous projects, assess the attribute as an ‘N’.

Well Understood Business Problem: A project team that has access to understanding of the business problem being solved by project will have a higher chance at solving the problem. The amount of organizational knowledge the team has will dictate the level of analysis and communication required to find a solution. Assessment Tip: If the business problem is not well understood or has not been dealt with in the past this attribute should be assessed as a ‘N”.

Low Technical Difficultly: The term ‘technical difficulty’ has many definitions. The plethora of definitions means that measuring technical difficulty requires reflecting on many project attributes. The attributes that define technical difficulty can initially be seen when there are difficulties in describing the solutions and alternatives for solving the problem. Technical difficulty can include algorithms, hardware, software, data, logic or any combination of components. Assessment Tip: When assessing the level of technical difficulty, if it is difficult to frame the business problem in technical terms assess the level of complexity as ‘N’.

Stable Requirements: Requirements typically evolve as a project progresses (and that is a good thing). Capers Jones indicates that requirements grow approximately 2% per calendar month across the life of a project. Projects that are difficult to define or where project personnel or processes allow requirements to be amended or changed in an ad hoc manner should anticipate above average scope creep or churn. Assessment Tip: If historical data indicates that the project team, customer and application combination tends to have scope creep or churn above the norm assess this attribute as an ‘N’ unless there are procedural or methodological methods to control change. (Note: Control does not mean stop change, but rather that it happens in an understandable manner.)

Minor Project Management Constraints: Project managers have three macro levers (cost, scope and time) available to steer a project. When those levers are constrained or locked (by management, users or contract) any individual problem becomes more difficult to address. Formal communication becomes more important as options are constrained. Assessment Tip: If more than one of the legs of the project management iron triangle is fixed, assess this attribute as an ‘N’.

Minimal Architectural Impact: Changes to the standard architecture of the application(s) or organization will increase complexity on an exponential scale. This change of complexity will increase the amount of communication required to ensure a trouble free change. Assessment Tip: If you anticipate modifications (small or wholesale) to the standard architectural footprint of the application or organization, assess this attribute as an ‘N’.

Minimal IT Staff Impact: There are many ways a project can impact an IT staff ranging from process related changes (how work is done) to outcome related changes (employment or job duties). Negative impacts are most apt to require increased formal communication, therefore the use of traceability methods that are more highly documented and granular. Negative process impacts are those that are driven by the processes used or organizational constraints (e.g. death marches, poorly implemented processes, galloping requirements and resource constraints). Outcome related impacts are those driven by the solution delivered (e.g. outsourcing, downsizing, and new application/solutions). Assessment Tip: Any perceived negative impact on the team or to the organization that is closely associated with the team should viewed as not neutral (assess as an ‘N’), unless you are absolutely certain you can remediate the impact on the team doing the work. Reassess often to avoid surprises.

In preparation for scaling total the number of Y’s and N’s. Scaling will be discussed after all components are described.

How can we effectively automate M&A tasks on a CMMI implementation?

Vipin — Thu, 10 Dec 2009 09:17:07 +0000

Many organizations worldwide have very successfully implemented CMMI. As a part of process improvement, one has to identify the current status of process maturity and has to have a roadmap for higher maturity levels. In this process, Measurement & Analysis plays a big role.

In order to implement a good measurement practice, you need to know:

What is to be measured?
What data to be collected?
How to distill information from the collected Data?
What are the best practices to be followed? Etc.

This will vary from organization to organization, their current process maturity levels, size and complexity of the project, etc. But there are some common things:

Identification of the right techniques to be deployed
Automation of various tasks involved
Effective data collection with automation

Organizations with great effort implement a process improvement model. Once they successfully implement CMMI and get the assessment done, the first part is over. Maintaining the process improvement task continuously is another challenge. I feel at this area, the Measurement & Analysis plays the big role. We have to spend more time to analyze the right information, than collecting the same from different sources on a routine basis.

In this context, “IBM Rational Dashboard” comes very handy to automate various tasks in the Measurement & Analysis process area of CMMI. It helps you:

Improve analyses of strategic and operational decisions
Empower teams to make information-based decisions
Enable continual improvement using metrics and measurements
Implement best practices with guidance and compliance tracking

So let’s spend more time to take informed decisions, than just collecting the data.

Mixing CMMI and Scrum

methodsandtools — Thu, 03 Dec 2009 08:14:14 +0000

The Methods & Tools newsletter has just released in its html archive section the article “Mature Scrum at Systematic” written by Carsten Ruseng Jakobsen and Jeff Sutherland. This article presents an experience report about mixing CMMI and Scrum in the same company

IT Service CMM – IT Service Capability Maturity Model

CxO Channel — Sat, 28 Nov 2009 21:57:59 +0000

The IT Service Capability Maturity Model (CMM) is a five level scale which allows organisations to m

El Método SCAMPI

Héctor De Luna — Sat, 28 Nov 2009 19:13:47 +0000

El SCAMPI (Standard CMMI Appraisal Method for Process Improvement) es un método desarrollado por Instituto de Ingeniería de Software (SEI) para evaluar el estado de los procesos de software de una organización basado en los modelos CMMI. Existen tres tipos de SCAMPI: A, B, C, en donde la profundidad de la evaluación, la duración, costo y uso varían. Estas evaluaciones son hechas por un Asesor Líder acreditado por el SEI.

Un SCAMPI C es el de menor duración y alcance, y es utilizado para ver el uso de los procesos en la organización y de las iniciativas de mejora con relación al modelo CMMI. Al ser más breve los resultados permiten identificar una tendencia en el uso del proceso. No da un nivel de madurez.
Un SCAMPI B es de mayor duración que un C y su alcance permite identificar la implementación del proceso en la organización con una muestra más amplia de información. No da un nivel de madurez.
Un SCAMPI A es el de mayor duración y permite ver la institucionalización de los procesos en la organización. Es mas riguroso en cuanto a la muestra de proyectos a observar y da un nivel de madurez a la organización.

Un punto interesante del SCAMPI es que la evaluación la realiza un equipo de la misma organización, en donde también pueden participar personas externas si así lo desean, y son liderados por el Asesor Líder quién define las guías, que se cumplan lineamentos del método, y hace que el equipo trabaje. El tamaño del equipo varía según el tipo de SCAMPI y el alcance del mismo.

Los resultados de un SCAMPI permiten a la organización conocer la situación actual de sus procesos, establecer prioridades, enfocar las actividades de mejora, reforzar áreas de oportunidad, así como tener las bases sobre las cuales establecer el siguiente ciclo de mejora.

Las evaluaciones SCAMPI es un nuevo servicio que ofrece Allsoft.

Novos Links - Gerência de Projetos

gerenciamentoestrategico — Thu, 19 Nov 2009 22:30:04 +0000

Nossa sessão Links foi reestruturada e ampliada.

Sugestões e indicações são sempre bem vindas.

Obrigado,

Giovani Faria

Introduction to CMMI Processes and its Appraisal Methods

Pramesh Vaidya — Thu, 19 Nov 2009 11:34:55 +0000

Since there wasn’t any organization level training being conducted to introduce the aspects of

Survey Questionnaires

Pramesh Vaidya — Thu, 19 Nov 2009 08:11:13 +0000

Survey questionnaires to get the feedback from developers regarding CMMI Process Obstacles and Proce

Identificar processos num mundo 2.0

Pedro Tavares Silva — Wed, 18 Nov 2009 12:00:39 +0000

A gestão por processos pressupõe o conhecimento dos mesmos e a melhoria contínua requer frequentemente a modificação desses mesmos processos.

Para além de ser uma tarefa complexa, a implementação de processos redesenhados tem por vezes resultados inesperados e disruptivos, pois o que julgávamos ser feito afinal é apenas parte do “filme”.

Segundo o ITIL, um processo é um conjunto estruturado de actividades concebido para alcançar um objectivo específico, transformando um ou mais entradas definidas em saídas definidas.

Ainda segundo a mesma fonte, os processos são mensuráveis, proporcionam resultados específicos, têm clientes/intervenientes e respondem a eventos específicos.

…Mas em lado algum a definição diz que têm de estar no papel antes de serem realizados.

Dito isto, em terra com tradição de exploradores, há que reconhecer que a descoberta de processos é uma abordagem com enorme potencial.

A descoberta de processos consiste em mapear o tratamento dado às tais “entradas definidas” (um pedido de suporte, por exemplo) até que elas se transformem numa das saídas definidas (a colocação do registo do pedido no estado fechado, por exemplo).

Esta abordagem é particularmente interessante se for suportada por uma plataforma colaborativa, ao estilo Web 2.0, em que quem executa a tarefas indica o que faz, para quem envia o assunto em seguida e o que lhe solicita (autorizar, tratar, conhecer, etc.) Uma vez terminada a execução do processo, voilà! O processo está mapeado.

…Ou quase.

Para mapear o processo será necessário que o mesmo seja executado nas suas múltiplas variações, para se descobrir os diferentes percursos alternativos de tratamento. No entanto, se Pareto nos ensinou alguma coisa é que com 20% do esforço alcançaremos provavelmente 80% do resultado.

Fazer o levantamento do processo é a primeira parte.

Para “ITILizar” uma organização é necessário reformular os processos para introduzir boas práticas e melhorias continuadamente, o que será muito mais fácil se tivermos como ponto de partida a realidade, em vez de um conto bem contado.

¿Ya conoce su re-trabajo?

Héctor De Luna — Thu, 29 Oct 2009 18:27:59 +0000

Hacemos actividades para mejorar la calidad del software que generamos, sin embargo sobre el re-trabajo, el esfuerzo que le dedicamos a corregir errores, no hacemos mucho. El re-trabajo es uno de los mayores problemas del desarrollo de software y que consume mucho del presupuesto, pero la mayoría de las organizaciones no le pone atención. Una de las razones es que frecuentemente estos costos quedan mezclados entre todas las actividades de los proyectos, las agendas y los cambios.

Es común que las organizaciones de software no midan cual es su re-trabajo. El problema radica principalmente en que no tienen forma de conocer y controlar el esfuerzo que le dedica cada integrante al desarrollo o a las correcciones, ni tampoco el tipo de trabajo se esta haciendo, ambos necesarios para tener datos con los cuales trabajar.

¿Que cantidad de defectos inyectamos en el proceso de desarrollo y de que tipo?, ¿Cuándo se inyectaron?, ¿Cuál es el costo de estos defectos que estamos inyectando, en su identificación y corrección?, ¿Cuál es el costo de los defectos que aparecen en producción?, ¿Qué tantas liberaciones se hacen para corregir errores?

Si contáramos con información, podríamos tomar acciones encaminadas a disminuir los defectos, mejorar la calidad y la productividad, sin ellos, solo estamos trabajando a prueba y error, y muy probablemente, no usando los recursos eficientemente.

Software Development in a Recession – II

ramadvice — Wed, 28 Oct 2009 16:05:07 +0000

Introduction

As a global recession looms large over the sunshine industry of the last decade, there is a big question mark on where Software Development is headed in the midst of all these gloom. Cost Cutting and Increased Productivity have emerged as the two favorite mantras of the IT corporate, so what does all this mean to the software development industry. The current article is the second part in a series that looks at this aspect. Part 1 of the series dealt with an insight into the design/architecture costs. The second part takes a look at Standards and Processes in the industry.

Standards/Processes – Why?

Given the fact that IT has shaped itself into a reasonable industry only for around 2 decades or so, the number of Quality systems, processes and procedures that have been implemented, discussed and scratched are amazingly high. Standards such as ISO9000 series, CMMi, Six Sigma, TQM, Lean, TPM, JIT have all been lapped up by the software industry at an amazing speed. On the one hand while this is a good thing from the standardization and quality perspective, it poses the question of cost incurred in these processes and the benefit derived there-of.

The simplest way to start is to ask the basic question: “Why do I want to implement a Quality System?” If you are using the standard as a marketing gimmick (a plaque on the wall; a logo on a website), or just because a customer requires it, then the standard will be a burden, not a benefit. If the honest reason for implementing the standard is improvement, then it can truly help your organization become better. Again, if certification is the only goal then you may gain certification but miss the benefit of the standard. An organization can employ the standard, and benefit from it, without ever seeking certification.

The purpose of a Quality System is to create an internal control system through defining and documenting processes with well-written procedures so that a company can address a few key areas such as Compliance, Operational Needs, Manage Risks, Knowledge Sharing and Continuous Improvements. For e.g. complying with the law of the land is a basic function of an organization and so is ensuring that the activities fundamental to the organization’s success are properly guided by the management and are performed in a consistent way that meets the organization’s need. While processes and procedures themselves may not demonstrate compliance, well-defined and documented processes (i.e. procedures, training materials) along with records that demonstrate process capability can make evident an effective internal control system and compliance to regulations and standards.

Standards/Processes – How many?

The question that pops up is whether to adopt any specific Quality Standard or whether to adopt multiple standards. This is interesting as in the past decade companies have adopted more than one standard and have got themselves certified for these standards. Companies first comply themselves with one standard, then come up with a mapping strategy between this standard and the next standard that they want to get certified on and add more processes / procedures to fill the gaps. This mapping leads to making things a bit bulky for both standards. Things become even bulkier when the company tries to add another standard.

Creating dozens and dozens of procedures is usually not helpful. In fact, such an approach can create more problems than it resolves. They can’t be found, they aren’t used, they aren’t updated, and a glut of uncontrolled copies are scattered throughout the organization. This is exactly what happens when Quality Standards are imposed on businesses without due deligence.

The basic reasons for which Standards and Processes are defined are actually lost and questions like “What processes are required, which of these require high control and where is the improvement required?” are often lost in the rat race to acquire certifications. The futility of this whole cycle has been aptly demostrated by the Satyam fraud, where despite all the processes in place, the basic underlying deficiency could not be tracked, that too by highly experienced auditors.

On the other end of the spectrum are a set of companies, that have not gone for certifications, but instead have chosen to pick and choose the best of the processes from various standards based on their applicability to their businesses. E.g. of such companies are Oracle Corporation and Microsoft Corporation, both of which have stayed away from formal CMMi certification but do get an external auditor to benchmark once in a while how they are placed viz-a-viz the industry. Of course, such a strategy works well for product based companies rather than services company which needs to assure clients that it has the process to handle their requirements, but what this shows is that Quality Standards are not required for certification alone, but for a specific benefit. So what is the benefits that the organization plans to derive decides what Quality Standards are to be followed.

Standards/Processes – Lean Methodology

Lean thinking is an emerging methodology to reduce wasteful processes. It is more a mindset of viewing things in the right light, focussing, removing waste, and increasing customer value. It is predominantly another manufacturing concept that is slowly beginning to make an entry into the IT industry.

Lean processes tend to retain the processes that add value to the customer while cutting out those processes that do not. The simple fact is that if a process does not add value or generate revenue then it simply adds cost!! Lean Processes follow 5 basic steps:

Identify activities that create value.
Determine the sequence of activities.
Eliminate activities that do not add value.
Ensure that products/projects are available when the consumers want them.
Continuously improve processes.

So for e.g. suppose a company is providing an IT support to a customer and bills the company for the time and material spent on providing the support, then it might not require the overhead of a completly bulky project planning and tracking mechanism. Instead they might want to have a task tracking and issue tracking mechanism with minimal project planning aspects involved on a day-to-day basis.

Six Sigma on the other hand states:

Define
Measure
Analyze
Improve
Control

So while the former considers non-value addition as a waste, the later considers non-conformance to defined standards as a waste. Lean Operations redefines waste as anything the customer won’t pay for—everything from clerical errors to idle machine operators.

The process identifies seven types of waste:

Waiting—for products, personnel, parts, the availability of machines;
Transportation time—for equipment and parts needed for repairs;
Processes—duplicate data entry, inefficient stocking;
Excessive inventory;
Unnecessary motion by people and machines;
Overproduction;
Correction of defects or service errors.

Given this, it might be worthwhile to revisit the Quality Standards and apply Lean processes on them to prune out all those non-value adding activities. Note that not all of Lean processes might be applicable per se to the Software Industry, but those that do could result in significant benefits.

Standards/Processes – Documentation

The common belief seems to be that implementing Quality Standards can create a bureaucratic documentation nightmare with volumes of complicated procedures that require heavy oversight and manpower to create and maintain. That is not really the case. In fact, implementing Quality Standards can actually streamline and simplify your documentation/record creation and management. For e.g. suppose we consider ISO:9001, there are only 6 mandatory procedures for the same namely:

Record Control (per ISO 9001 clause 4.2.4)
Internal Audit (per ISO 9001 clause 8.2.2)
Control of Non-Conformities (per ISO 9001 clause 8.3)
Corrective Action (per ISO 9001 clause 8.5.2)
Preventive Action (per ISO 9001 clause 8.5.3)

As it is difficult for most organizations to get by with these six procedures alone, they add more procedures over and above these. But, the fact that these are the only required procedures should send a message that, despite the perception of the opposite, ISO 9001 is not about tons of procedures. The same generally holds good for other Quality Standards.

What actually creates the bulk is usually the records. For e.g. ISO 9001 has 21 mandatory records to go with the 6 procedures. All organizations going for the certification either have these records in place or are in the process of getting them in place. But, the key fact here is not having the records, but what is done with these records? The ultimate goal of a Quality Standard is improvement and one key to improvement is record keeping that captures important data related to performance metrics. So a simple question that any organization needs to ask is “What do we do with the records? What are the improvements that have been triggered by the metrics captured in these records?” If there is no visible or quantifiable improvement in the metrics, then these records and the process associated with these records need to be re-looked at both from their usability aspects as well as their capturing aspects.

Standards/Processes – Other Areas of Improvements

There are other problems that usually bloat up standards and processes. Simply put, they are hard to find, hard to read, not used, not followed, too long, poorly written, poorly formatted, out of date, and not accurate. Wow!! That’s a lot of baggage, but the truth is not all of the above said are simple ramblings or cribbings, but some of these are facts. Let’s examine some of the stark realities that lead to some of these.

Horses for Courses

Who would you get to frame the processes? Too often the task of developing and writing important organizational documentation falls to those who have little experience or training in this area. They may have extensive process and organizational knowledge, but without proper experience or training, this expertise gets translated very poorly into a document.

The end result is something that is hard to understand and implement and in some cases leading to the actual reason of the process being lost in translation. Identifying key resources like the Process Owner, the Technical Writer, Process User is the first step in ensuring to avoid thne same. You can not realistically expect the process expert or process owner to magically transform into a technical writer and expect positive results. It also results in reducing the cost incurred in maintaining of these processes, time spent on training and getting a buy-in on these procedures.

Proper Training

Most of the quality trainings are done in bulk and are more used by people for dozing off rather than to actually inculcate the processes mentioned. Usually hands-on training and training on the relevant pieces at appropriate times ensure that the processes are better understood. Guides and mentors to explain the usability and the benefit of the processes great enhance the valueadded by the processes.

One of the major irritants that I have faced with Quality Processes is when I am told to follow a process without knowing how it benefits me. It makes it all so easy when I know the value I get from following a process. Improper or Inadequate training has other drawbacks, as people in order to ensure that they are not flagged off for following processes tend to create records without following or understanding the actual process. This most of the times results in additional non-required records and documentation and again adds no real value at all.

Improper Generalization

Usually best practices from one area are tried to be generalized and pushed into other areas. While in some cases it is good, in most cases it just is there an overhead adding little if any value. For e.g. RCA is a great tool for finding long term solutions to recurring issues and issues which arise late in the product lifecycle. But then process organizations tend to push RCA into all stages including the design stage. Imagine in the design stage when teams are trying out the feasibility and benefits of different solutions and the process asks them to do an RCA to find out why the best design was not the first design to be tried out!!

Knee Jerk Reactions

Sometimes some gap in the process when highlighted as an audit finding or when is criticized by observers or stakeholders leads to knee jerk reactions from the organizations. They tend to have more processes in place to avoid this situation without completely weighing in the pros and cons of the same. Over a period of time such processes not only add costs to the organizations, they also tend to provide little or no value.

Audit Processes

With the advent of internal audits, the frequencies of these audits has been increased highly. Most organizations have quarterly audits and the emphasis of these audits has moved over from the actual improvement due to the process to the simple verification of records.

Part of the problem is due to the fact that the increased frequency means that more auditors have to be identified with little or no training which means that all they can do is follow instructions for verfication of records. Even for competent auditors the load of auditing projects frequently means that unless something is overtly out of place, they tend to just verify the existing records. Funnily enough, when it comes to verification of the records, the auditors approach it in a very hawkish manner as well. It must be understood that auditors have to perform serveral duties and have to act as “Watch Dogs” but not as “Blood Hounds”. Several enlightened firms of auditors have readily agreed to adopt ideas of process simplification, but some conservative members do not show the same willingness and need to be persuaded.

Summary

The Standards and Processes are the basic building blocks of the performance of an organization. Over a period of time, they tend to clutter and grow in size and actually become an overhead instead of a value-addition. Companies need to constantly prune and re-define them to be of maximum value and a recession gives an added incentive to cut through all the redundant and non-value adding processes and emerge out as a lean and mean organization ready to face the competition.

References

http://www.bain.com/management_tools/tools_lean_operations.asp?groupCode=2

http://www.bizmanualz.com/information/2007/11/05/policies-and-procedures-can-help-your-organization.html

http://www.bizmanualz.com/information/2008/05/05/why-implement-an-iso-9001-quality-management-system.html

http://www.bizmanualz.com/information/2008/08/29/avoid-poorly-written-procedures.html

http://www.bizmanualz.com/information/2005/07/14/lean-thinking-for-process-improvement.html

http://www.bizmanualz.com/information/2005/03/17/does-solving-problems-improve-the-process.html

The Paperwork Jungle – C. N. Parkinson/M.K. Rustomji/ A.V. Deshmane

España líder europeo en empresas certificadas en CMMI

tataki — Tue, 27 Oct 2009 08:05:19 +0000

La certificación de la calidad del software, entendida como la mejora de los procesos encaminados a obtener productos software, ha adquirido una gran importancia en el mundo durante los últimos años y España no es ajena a estos movimientos.

Las ayudas concedidas a las PYMES TIC para apoyar la certificación dentro del Plan Avanza 2006-2010, puesto en marcha por la Secretaria de Estado de Telecomunicaciones y para la Sociedad de la Información han jugado un papel importante en este resultado. Así lo atestigua el balance final de la convocatoria de ayudas del año 2008, que muestra una tendencia de consolidación en el interés de las PYMES en abordar la certificación, como un elemento no sólo de prestigio, sino de utilidad real a la hora de acometer sus procesos de negocio.

En la búsqueda de la certificación de la calidad, la empresa española apunta a CMMI (Capability Maturity Model Integration) como el modelo más valorado en la actualidad. Esta apuesta por CMMI se traduce en un incremento constante del número de organizaciones evaluadas en CMMI en España en los últimos años. Según el último informe publicado por el SEI (Software Engineering Institute) correspondiente a septiembre de 2009, contamos en nuestro país con 155 organizaciones evaluadas, frente a un número que no alcanzaba la decena a comienzos del 2005, fecha en la que el Plan Avanza comienza su andadura. España, de esta forma, se posiciona a la cabeza de Europa, superando a Francia (153 organizaciones evaluadas) que hasta la fecha ostentaba el liderazgo europeo. A nivel mundial, España ocupa la quinta posición, por detrás de Estados Unidos (1405), China (946), India (460) y Japón (290).

INTECO, y concretamente el Laboratorio Nacional de Calidad del Software, también pretende respaldar y contribuir a esta tendencia, con iniciativas como la colaboración en la traducción al castellano de CMMI o en la elaboración, junto con la Asociación Española para la Calidad, de una guía de gestión de proyectos basada en CMMI y adaptada a la pequeña empresa.

Driving the economy through ICT

Annette Thompson — Mon, 26 Oct 2009 08:43:15 +0000

Nearly a decade ago, the Department of Trade & Industry (DTI) began to actively engage in the development of the information communications technology and electronics sector (ICT&E). The broad objectives were to grow the ICT&E industry to increase employment, broaden participation, encourage exports and promote small business development in this important sector… (more)

Project Management in GIS – Part II

iamlaksh1 — Fri, 23 Oct 2009 15:16:06 +0000

In continuation with Part I , let us see what is project management all about. If we take 10 IT p

CMMI: Qual é a maturidade do seu processo produtivo?

flavioaf — Fri, 23 Oct 2009 01:01:10 +0000

Se você é da área de TI, Informática ou Computação, provavelmente já ouviu falar de CMMI. CMMI (Capability Maturity Model Integration) é um conjunto de boas práticas de gerenciamento e melhoria de qualidade a serem aplicadas no processo de desenvolvimento de software.
Ao contrário do que muitos pensam, o CMMI não é uma metodologia de desenvolvimento de software! O CCMI é um conjunto de boas práticas para o processo de desenvolvimento e não para os projetos em si. Nesse caso, o CMMI deve ser visto no processo de forma macro e suas regras podem ser aplicadas nos mais diversos tipos de metodologias de desenvolvimento.
O metamodelo define uma série de medidas para a maturidade do seu processo de produção e classifica os processos de software em 5 níveis, de acordo com sua maturidade:

Etapas do CMMI

1.Realizado: Todas as metas específicas da área de processo foram satisfeitas. Isso inclui: definição de escopo dos projetos, ciclo de vida do projeto, estimativa de custos, prazos e esforço demandado para cada módulo/funcionalidade.

2.Gerido: Todo trabalho associado à área de processo está de acordo com a política definida pela organização. Envolve práticas de gerenciamento mais sofisticadas, algumas semelhantes à práticas do PMBoK, tais como: Gestão de Riscos, Orçamentos, Cronogramas, Planejamento de Recursos, Project Charter etc.

3.Definido: Todos requisítos do nível 2 foram alcançados e a empresa está alinhada com as ferramentas e comprometida com o modelo. O processo é mapeado e documentado.

4.Quantitativamente Gerido: A área de processo é controlada e aperfeiçoada usando medições e avaliação quantitativa. Indicadores para avaliação do desempenho dos projetos são criados.

5.Otimizado: O processo entra em fase de melhoria contínua. A maturidade é tanta que não é necessário mais criar novos subprocessos, apenas refinar os já existentes através de métodos estatísticos, garantindo maior qualidade e maior satisfação do cliente.

Obs: Os processos que não alcançam nem o nível 1 são considerados como Incompletos, e classificados a parte como nível 0.

E aí, qual é o nível de maturidade do seu processo produtivo?

Modelo de gestión TI para organizaciones no TI

enfoqueit — Wed, 21 Oct 2009 08:59:00 +0000

Actualmente nos encontramos en un momento en que disponemos de estándares, marcos de trabajo y metodologías en el ámbito TI para cualquier trabajo del ámbito TI. Normalmente estas “normas” o “recomendaciones” están orientadas a ayudar a aquellas organizaciones especializadas en producir, mantener o explotar los sistemas TI. De un tiempo a esta parte, la externalización de los servicios de TI ha sido cada vez más habitual, y no existía un marco orientado específicamente a ayudar a las organizaciones no TI a gestionar y controlar la calidad del trabajo realizado por las empresas especializadas. Este es justamente el objetivo de CMMI-ACQ.

Este modelo ha sufrido pocas evoluciones, de hecho actualmente se encuentra en la versión 1.2 y fue liberado en noviembre de 2007. La documentación es de libre disposición en la página web del SEI.

La siguiente imagen permite situar los tres modelos CMMI según su ámbito. Como se puede observar, existen ciertas áreas de proceso que son comunes, no sólo entre dos modelos, sino para los tres, lo que facilita la comunicación cliente-proveedor y proveedor-proveedor. Estos procesos comunes están orientados a estandarizar, principalmente la gestión de los proyectos, procesos organizativos y elementos de soporte para toda organización.

CMMI-ACQ-DEV-SVC

El punto fuerte de este marco se centra en los procesos de adquisición, es decir, conocer qué externalizar, a quién hacerlo y si el resultado obtenido es el esperado. Dada la especialización, paso a exponer el propósito de cada uno de sus procesos:

Desarrollar los requisitos de la adquisición (ARD) – Nivel 2: Analizar y desarrollar los requisitos del cliente y contractuales.
Solicitar y desarrollar acuerdos con proveedores (SSAD) – Nivel 2: Preparar una solicitud, seleccionar uno o más proveedores que suministren el producto o servicio, y establecer y mantener el acuerdo con el proveedor.
Gestionar el acuerdo (AM) – Nivel 2: Asegurar que tanto el proveedor como el demandante trabajan bajo los términos del acuerdo.
Gestionar las soluciones técnicas (ATM) – Nivel 3: Evaluar la solución técnica del proveedor y gestionar las interfaces seleccionados para esta solución.
Verificar las adquisiciones (AVER) – Nivel 3: Asegurarse que los productos cumplen con las especificaciones.
Validar las adquisiciones (AVAL) – Nivel 3: Demostrar que el producto adquirido o servicio cumple con su uso previsto cuando se coloca en su entorno previsto.

Como se puede observar, estos procesos son claves para que una organización gestione la capacidad atendiendo a la demanda solicitada por su organización. Si añadimos aquellos procesos que garantizan el control de los proyectos externalizados, y además incluimos aquellos procesos de soporte básicos para disponer de la información necesaria en cada momento, tenemos un conjunto de procesos básicos para cualquier organización cliente que externalice la realización de los mismos. Este subconjunto, junto con sus interrelaciones entre procesos, está representado mediante el siguiente gráfico.

CMMI-ACQ-MarcoBasico

En en siguiente archivo pdf CMMI-ACQ-MarcoBasico (no permite incluir ficheros Excel), he listado todos los procesos clave incluidos en CMMI-ACQ, y si están o no incluidos en los otros marcos, cada proceso tiene además una ficha con su descripción, propósito y objetivos específicos.

La parte más dura, y en la que se centra el proceso de consultoría, es en la particularización de los procesos, la selección de técnicas y la particularización de las herramientas.

Espero que este post sea de vuestro interés y vuestros comentarios al respecto para seguir por este camino.

Introducción a CMMi

hnzekto — Tue, 20 Oct 2009 10:06:01 +0000

CMMI son las siglas de ~~Content~~ Capability Maturity Model Integration, y viene a ser los estándares de mejora y ~~procesos~~ buenas prácticas que tienen que cumplir las empresas que se dediquen al desarrollo, mantenimiento y operación de software, definido por el Software Engineering Institute de la Carnegie Mellon University.

La última versión disponible es la v1.2, y se puede descargar en tres bloques (DEV; SVC y ACQ) desde:

Conferinta CEE-SPI 2009, 21-22 octombrie, Golden Tulip Times Hotel

Valerica Dragomir — Fri, 16 Oct 2009 17:37:45 +0000

Va reamintesc ca saptamana viitoare are loc Conferinta CEE-SPI 2009 organizata de Kugler Maag in col

A “Sopa de letrinhas” do Gerenciamento de Projetos

gerenciamentoestrategico — Fri, 02 Oct 2009 03:30:16 +0000

Aproveitando um pouco da idéia do post anterior (sobre melhoria de processos), comecei a analisar a “sopa de letrinhas” relacionada a este tema. Esta sopa de letras inclui algumas das metodologias e técnicas que visam garantir eficiência e qualidade dos projetos com que tenho trabalhado nos últimos anos no ambiente de Desenvolvimento de Software para Telecomunicações.

Dentre elas, selecionei uma pequena amostra, as minhas Top 3, que são: PMBoK®, Scrum (Agile) e CMMi®.

O PMBoK® (Project Management Book of Knowledge), do PMI® (Project Management Institute), tem uma posição de destaque na lista por ser considerado um guia de referência em gerenciamento de projetos. Nele, existem vários grupos de processo e áreas de conhecimento (com entradas e saídas bem definidas) que auxiliam na condução do projeto.
Seguindo minha lista temos o SCRUM, que não descreve um processo ou técnica, mas uma metodologia de trabalho que na qual você pode empregar vários processos e técnicas no desenvolvimento. Este é voltado principalmente para atividades de gerenciamento (monitoramento e controle) e incentiva a criação de uma estrutura dinâmica de desenvolvimento que regularmente faz entregas de partes do produto.
E então, o CMMi® (Capability Maturity Model Integration), que é um modelo de melhoria que visa proporcionar às organizações elementos necessários (ou essenciais) para a maturidade em disciplinas (Áreas de Processo) relacionadas a melhoria da performance organizacional. Com CMMi® procura-se estabeler, documentar, institucionalizar e aprimorar um processo eficaz de desenvolvimento de software.

O desafio

Informações sobre estes três elementos podem facilmente ser encontradas na internet e em livros de referência, entretanto, transformar toda esta Informação em Conhecimento exige bastante estudo, dedicação e, principalmente, experiência prática.

Olhando para o grande volume de informações disponíveis, creio que alguns questionamentos sejam bastante comuns:

Por onde começar?
Qual metodologia, técnica ou prática se adequa melhor aos requisitos e características do meu projeto?

A prática

As respostas a estas questões não são triviais e requerem, além do entendimento das metodologias, um conhecimento mais profundo do tipo de projeto onde se deseja aplicá-las. Assim, para entender este universo e produzir bons resultados, pode-se desenvolver algumas atividades:

- Analisar o seu processo de desenvolvimento

- Identificar os pontos principais (eg. documentação, qualidade, ‘burocracia’, etc.)

- Determinar os tipos de controles necessários (eg. custos, esforço, estimativas, etc.)

- Avaliar os aspectos característicos de cada metodologia

- Selecionar os mais aderentes às suas necessidades

- Praticar, Otimizar e Melhorar = Inovar.

Afinal de contas, não existe a metodologia perfeita, e sim, a metodologia mais adequada a realidade da sua organização e dos tipos de projetos que ela desenvolve.

Abraço, Giovani Faria

Project Performance KPIs – PMO Effectiveness

zenkara — Thu, 01 Oct 2009 02:10:52 +0000

Rather than some tirade on why metrics are so great for projects, let’s just list some critical ones:

Schedule – Planned vrs Actual – preferably via Earned Value

Functional – % designed, implemented, tested, released

Delivery on Time – Milestones Planned vrs Actual

Cost – Planned vrs Actual to date

Cost – Planned Total at Completion vrs Revised/Re-estimate at Completion

Critical & Other Defects – Planned vrs Actual conducted + Trend

Resources (people, hardware, etc) – Planned vrs Actual

Resources (people, hardware, etc) – Planned At Completion vrs Revised/Re-estimate at Completion

Risks – New, Closed, Open + Trend

Issues – New, Closed, Open + Trend

Deliverables – Planned vrs Actual to date

Tests – Planned vrs Actual Conducted + Trend

Naturally all of these metrics are quantifiable. Qualitative information can be useful when prepared in conduction with the above metrics.

Problems start to happen when people start wordsmithing their qualitative statements and start to leave out some of the quantitative stuff from reports. That’s a BIG RED flag and caution should be taken.

Industrializar las TI

Felix Serrano — Mon, 28 Sep 2009 10:01:02 +0000

Industrializar las Tecnologías de la información no es labor de un día. Ni hemos empezado ayer ni vamos a terminar mañana. En un reciente curso de ITIL, el profesor empezaba comentando cómo la aviación, una de las tecnologías e industrias recientes, tiene ya casi cien años. En comparación, las TI vienen a tener ahora unos treinta o cuarenta. Por lo tanto, estamos aún en la infancia: mucho por aprender, mucho por experimentar, pero muchos fallos todavía.

Efectivamente, en muchas empresas, al igual que en las Administraciones, las TI juegan un papel muy importante, pero al mismo tiempo se implantan y gestionan de forma muy artesanal. ¿Qué supone eso?.

Supone que, en primer lugar, su funcionamiento es irregular. La percepción del usuario, del utilizador, es que aquello puede fallar en cualquier momento. En mi opinión, ese es uno de los grandes obstáculos para la tecnificación y automatización de procedimientos, y por lo tanto de la optimización de los mismos. Sabemos que en esta fase final de la implantación del Acceso electrónico a los Servicios Públicos en la AGE, a la que obliga la Ley 11/2007, se van a poner muchos trámites en Internet, pero en la inmensa mayoría de los casos, si no en todos, seguiremos manteniendo la vía de entrada manual “por si acaso”.

Esto nos lleva al segundo problema: el coste. La inseguridad hace que se mantenga la segunda vía, y ello en si mismo es un coste importante, al tener que mantener varias formas distintas de hacer lo mismo. Y no es eso sólo: se achaca a muchos proyectos informáticos altas inversiones asociadas a fracasos. La percepción general es que, en plazos o en coste (que tienen efectos equivalentes), más de la mitad de los proyectos informáticos fallan.

Y ya sabemos que en una época de ajuste como la actual, en la que no sólo no podremos aumentar los presupuestos TI, sino que probablemente habrá que reducirlos, lo que sucederá es que, o bien se aumentarán los plazos, o bien, cuando eso no se pueda hacer, pues se trate de plazos improrrogables, el efecto será la disminución de la calidad de los proyectos y servicios TI asociados, contribuyendo más a la leyenda negra de las TI.

Así, el proceso de industrialización de las TI es necesario e inevitable, pero ¿cómo?

La respuesta corta es: aplica metodologías, estándares, catálogos de buenas prácticas como ITIL, CMMI, PMBOK, COBIT, … hay mucha información en la red. Asociado a ello, hay muchos movimientos en boga: IT Governance (Gobierno de las TI), Lean IT (TI delgadas), etc.

La respuesta larga es: todo ello será inútil si no implicas a toda la Organización. Especialmente importante es ser consciente de que la efectividad de todas estas acciones está supeditada a los cambios organizativos pertinentes, dentro y fuera del Departamento TI.

Y en el caso particular de las Administraciones, por su tamaño e idiosincrasia, sabemos que los cambios organizativos se llevan tiempo, MUCHO tiempo. ¿Quiere ésto decir que no debemos abordarlos?. No. Quiere decir que hay que planificar con plazos suficientes, si queremos ser eficaces, a pesar de que la presión diaria nos empuje a pensar sólo en lo inmediato.

Y con esto basta para iniciar éste extenso y recurrente tema. Terminaré con una cita encontrada en IT Cortex:

“Errar es humano, pero para conseguir líos verdaderamente monumentales, necesitamos ordenadores”