Application Management Framework


Published on

Simplified application management framework created taking information from PMBOK, ITIL, COBIT5, CMMI, ASL and Microsoft compliance. This aims at putting the first steps in place to be able to understand and manage an applications life cycle.

The project was undertaken to try and identify how to reduce risk associated with the applications that the department create, implement and manage. It dovetailed into an audit of the applications that the department use and have implemented in the past 5 years.

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Application Management Framework

  1. 1. Framework Application Management Framework DEDTA 29/10/2012 Version Number: 1
  2. 2. Contents Project Information ............................................................................................................................ 2 The Framework .................................................................................................................................. 3 Business Relationship Management .................................................................................................. 6 Application Development/ Acquisition ............................................................................................. 8 Compliance ...................................................................................................................................... 10 Governance ...................................................................................................................................... 13 Environment ..................................................................................................................................... 14 Documentation ................................................................................................................................. 14 Conclusion ....................................................................................................................................... 18 Project Information Application Management FrameworkTitle: Create a suggested framework of how Business ICT Services canPurpose/Objective: structure application development and application lifecycle management into the future. Business ICT Services don’t have a complete view of all the applicationsProblem Statement: developed or in use by the business. This exposes the unit to unseen risks and an inability to implement continuous improvements to the business and applications. An Application Management registration program has been created but has notBackground: been completed. This project is part of the completion of that project. This project aims to gather as much information as possible about as many applications as identified. The project then aims to build a roadmap for key applications based on a suggested application management framework and best practises for that application. This document articulates the framework to be used in application management for the business ICT services unit. A Framework does not contain answers; rather it is a source of guidance thatFramework: encourages thought in a certain way. A framework encourages a step back and helps the thought process cover all bases. Frameworks help ask the tough questions. In building this framework a number of highly regarded management frameworksResearch: were investigated. They included PMBOK, ITIL, ASL, COBIT5, Microsoft compliance, CMMI. Tools investigated to help drive continuous improvement of applications and application management included Six Sigma, TQM and Balanced score card. Page 2 of 18
  3. 3. The FrameworkApplication management is not just about managing the software it is also about managing therelationships and expectations of those that use, deliver and are involved with the software and theproblems which the software is designed to address.In building an applications management framework that considers the application software as well asexpectations that stakeholders have of the application, six areas of significance are suggested.These six key areas of impact are 1. Business Relationship Management 2. Application Development 3. Compliance of the application to standards, policies and legal requirements 4. Governance of the application and any development work 5. Environment which includes the tools, skills and resources in delivering an application 6. DocumentationAs the ICT services unit manages these six areas over an applications life cycle the unit will be ableto create a platform in order to drive an increase of business value to the agency.When a customer (business unit) first puts forward the request for help with a business problem, it isimportant from the outset to understand the business needs. From this starting point working with thecustomer is essential. This working relationship should continue through application developmentand should not end once the application is delivered but continue until that application is farewelledinto the sun set.Achieving this culture of ongoing improvement and partnership with those that use an application isnot easy as there are so many demands on the ICT Services units’ time and resources. Often thepressing nature of current projects drowns out the follow up and ongoing management of pastprojects and applications that have been developed.With new projects constantly being worked on and changes in staff assignment the ICT Services unitstruggles to keep ahead and have a full understanding of all the applications being used by thebusiness. During this project 63 applications and systems were identified. 67 Questions were asked tohelp understand these applications and their usage, compliance, management and cost better. Whilemany of the questions could be answered these answers often resided at an operational level withinindividuals heads.There are many factors that contribute to an incomplete picture of a particular application. It is theaim of this framework to help create a fuller picture of each application from its inception through tosun setting.Factors that contribute to an incomplete picture leading to poor support of an application are; not allprocedures are followed correctly, poor documentation, changes in staff and end users adaptation ofthe system or changes in business requirements. This in turn leads to dissonance in those that use theapplication. Page 3 of 18
  4. 4. Combating this dissonance is what continuous improvement and relationship building tries toaccomplish. To implement continuous improvement it is important to understand the landscape foreach application and make sure that each application is standing on a solid foundation of correctapplication development that it complies with all needed policies, legal requirements and is correctlygoverned through its life cycle. Once this base foundation is in place and understood it is easier toallocate time to reviewing, managing and improving application offerings. This will translate intoclearer vision of current applications and more flexibility and speed in delivering new applicationsthat meet business needs.As part of this framework each key area is broken down into more manageable chunks that explainwhat the key area encompasses.A set of questions to help crystallise the intent within a key area is proposed. These questions will notby themselves create an effective base foundation for an application but are the prompts to make surethat the work conducted in delivering an application are sound and cover all needed steps. Page 4 of 18
  5. 5. Application Management Framework diagram Business Relationship Management Tools Understand Formalise Champion Resources Governance Application Environment Development/Acquisition Compliance Review/ Continual Improvement Unit Goals Practices/ Policies DocumentationFigure 1 Page 5 of 18
  6. 6. Business Relationship ManagementBusiness relationship management taken from the ITIL body of knowledge helps understand businessrequests and requirements, formalise and agree with business on deliverables, champion businessrequirements through the development/acquisition process and review the delivered product in orderto take advantage of opportunities for improvement.Business relationship management is the process of delivering real business value while managingexpectation.Business Relations Management follows the path of 1. Understand the business needs and requirements surrounding a request of service or application software 2. Formalise the needs into a specific request that is agreed to 3. Championing the business needs and requirements during the application life cycle 4. Reviewing the deliverables to achieve continual improvement and identify opportunities.Overview QuestionsIn this section of the framework 10 questions are suggested to help improve Business RelationshipManagement in the delivery of services and applications. 1 Why does the business want to develop/change this system? 2 What business need will this system fill? What does the system look like and do you have all the information needed to 3 deliver the end result? 4 Do all the stakeholders agree as to what will be delivered? 5 Do you have sign off from all needed stakeholders? 6 Is the Customer happy right now? 7 Will the Customer be happy in the future? 8 Have/Are we provided/ing the Customer with value? 9 Is the system meeting Customer expectations? 10 What more can we do to improve the Customer experience?These questions are not part of the business analysis process that will be undertaken when identifyingbusiness needs and drawing up business requirements documentation. What these questions aim atachieving is verifying that the business analysis work under taken has answered questions with thecustomers end goal in mind.Service PortfoliosA service’s portfolio is a needed input into managing business relations. A service’s portfolio is aninformation repository of all information relating to current applications and services. This portfolioshould include a number of distinct catalogues 1. Current supported applications and related information 2. Environment information of resources, skills and tools available 3. Current commitments 4. Learning’s from past developments 5. Policies and proceduresThese catalogues will be usedduring the assessment of business needs. The catalogues will helpdetermine ICT Services capacity to accomplish the business request or to identify overlapping Page 6 of 18
  7. 7. services or applications that might suit business needs reducing time and effort in meeting thebusiness demands.Areas in more detail and suggested toolsUnderstand Business needs and requirementsThis is a business analyst activity and should be conducted using business analyst skills and tools.Documentation that should be produced because of this activity include Project initiation document Current state documentation Project vision documentation Business requirements documentation Business process design documentationThis information helps in deciding on project feasibility refining the requirements of what is needed as opposed to what is expected what will be delivered what resources will be neededFormalise the needs into a requestBefore a project starts it is important to make sure that stakeholders’ and sponsors understand all theinformation and the impacts of a project. These elements need to be agreed to before the project workis started.Champion the business needs and requirements when working on the requestThis is an ongoing process and is “Customer Centric”. It stems from the requirements and is amindset of making sure that what is being produced or worked on is meeting the Customers’Requirements.Is the Customer happy right now?Will the Customer be happy in the future?Review Application for continual improvementThere are two points to application review 1. At completion of the development or project work or an element thereof 2. As a matter of continuous improvementIn carrying out application review to make sure that the application is meeting business demands abalanced score card reviewed on a yearly basis is proposed. The balanced score cardsobjectives areset when the application is initially launched.It is suggested that each Application use a Balanced score card approach. This will help highlightproblems with applications opportunities to deliver better services to the business. Page 7 of 18
  8. 8. Balanced score card template for application review tool USER ORIENTATION BUSINESS CONTRIBUTIONHow do users view the Application? How does business owner view the Application?Mission: Mission:To be the preferred Application for performing the To obtain a reasonable business outcome from ITtask Investments.Objectives: Objectives: User satisfaction Control of Application Expenses Partnership with users Business Value of ApplicationMeasure/Response: Measure/Response:Initiatives/Fixes: Initiatives/Fixes: OPERATIONAL EXCELLENCE FUTURE ORIENTATIONDoes Application meet standards and How well is the Application Positioned to meetrequirements? future needs? How well is ICT situated to deliver new application needs?Mission:To maintain standards, connectivity, version Mission:control, security and business objectives To develop opportunities to answer future challenges.Objectives: Efficient and Effective Developments Objectives: Efficient and Effective Operations Meet changing business needs Application Compliance Expertise of IT StaffMeasure/Response: Research into emerging technologies Age of ApplicationInitiatives/Fixes: Measure/Response: Initiatives/Fixes:Figure 2 Application Development/ AcquisitionThe development or acquisition of an application should be conducted in such a way that “bestpractise” processes are used in making sure that the application delivered meets the formalised needs Page 8 of 18
  9. 9. agreed to. This development cycle taken from PMBOK (project management body of knowledge)and the Tasmanian Government project management framework is the suggested way in whichapplication development/acquisition is conducted and the following areas of project managementhave been singled out as things to concentrate onApplication development / acquisition core areas include o Scope management o Time management o Risk management o Procurement management o Cost management o Communications o Development qualityOverview QuestionsThere are 13 top level questions that can be asked. These questions help determine the robustness ofwork done in running a development project for an application. 1 Do you have an agreed scope statement? 2 Do you know what activities you will be expected to do to achieve the scope? 3 Do you have the needed resources, People, Time, and Money? 4 Are you able to tell people when things will happen by referring to a time line estimate? 5 Have you been able to identify risks to the project and risk mitigation plans? Have you created the appropriate procurement documentation, including requests and 6 responses? 7 Have you planned for the procurement selection process? 8 Do you have a budget? 9 Who needs information and status updates? 10 How will people get the updates or information that they need? 11 Is there a place where all the documentation is stored that is safe and central? 12 Do you know what you will need to test? 13 Do you have a test plan for testing?Areas in more detail and suggested toolsScope managementMake sure that all required work is understood. Make sure that only required work is undertaken tocomplete the project and avoid scope creep through clear documentation and communication. Create an agreed and signed scope statement Create a list of task categories to help understand requirements of the agreed scopeTime managementManage the time taken in completing the project Schedule resources Create an estimated timelineRisk managementIdentification, analysing and response planning to risks or opportunities that occur as a result of theproject Page 9 of 18
  10. 10. Create a project risk register. Suggested format below Risk Progress Consequence Vulnerability Trigger Actions Statement Report Cost/Time/ What will descriptio What will What can What is being Quality cause the n of risk happen being done done Benefit/ problemIt is suggested that a spread sheet be populated with information as the result of a brain storm sessionfrom those involved in the project.Procurement managementManagement of the process to purchase or acquire products or services Create appropriate RFQ documentation Get appropriate responses Conduct selection and appointment processThis must be completed so that it meets department rules and requirements.Cost managementManagement to keep costs within agreed limits Create a budgetCommunicationsManagement of project information making sure that stakeholders are informed and information iscorrectly captured Identify who needs information Plan how information will be communicated Create a central communication repository especially for documentation, maybe for team member collaborationDevelopment qualityManaging the quality of the delivered service or product Create a list of deliverable features Create a test plan of the deliverablesCompliance Page 10 of 18
  11. 11. Adapted from Microsoft’s compliance framework this part of the framework clarifies the steps thatmust be taken to make sure that an application meets laws, regulations and policies.Compliance has six areas to consider. Each application or subsystem should be considered inconjunction with each of these areas. o Information Security / Access o Business Continuity management o Risk Management o Legal compliance o Business aligned (strategy) o ProcurementOverview QuestionsTo help manage compliance eight top level questions can be asked. 1 Does the application meet information security needs? 2 Is the system able to withstand a disaster? 3 Have you identified all possible risks and opportunities? 4 Do you have a plan in place regarding the risks and opportunities? 5 Does the application meet all legal requirements? 6 Does the application adhere to all policies that impact the application? 7 Does the application meet strategic business goals? 8 Have all procurements and contractual arrangements been carried out correctly?A suggested tool to help tease out all the compliance issues for an application could be somethingalong the following lines. Here an application is rated against each area of compliance, withquestions being asked about the expected compliance or the goal. What would constitute complianceor what test applied would allow a positive rating. And then what actions need to be taken to makethe application compliant?Application Name : RecommendedCompliant Domain Expected/Goal Test Compliant Y/N Remedy ActionInformationsecurityBusiness continuityRiskLegalBusiness alignedProcurementAreas in more detail and suggested toolsInformation security / accessMaking sure that information is securely housed and that all reasonable steps have been taken to safeguard private and confidential information is an important compliance goal.Business continuity management Page 11 of 18
  12. 12. Can the business continue working in the case of a disaster? Under what circumstances can anapplication recovery take place? How long will it take to recover all the data? Who is the first pointof call in a disaster?These questions are an example of the type of questions that should be asked when ascertainingwether business continuity needs have been met.The Good Practice Guidelines for business continuity should be reviewed for information whenimplementing business continuity practises.Risk managementMany of the compliance areas for consideration if not managed correctly will impose risks.“Risk management is the identification, assessment, and prioritization of risks followed bycoordinated and economical application of resources to minimize, monitor, and control theprobability and/or impact of unfortunate events or to maximize the realization of opportunities.” -Wikipedia“If it can’t be identified, it can’t be managed”. In dealing with risks that are inherent in themanagement of applications the following is important that a sufficiently robust risk analysis beconducted that uncovers any risks that need to be managed. Tools in accessing and managing risk are Risk impact assessment matrix Risk registerRisk Impact matrixCatastrophic 5 High risks Significant risks Moderate risks Low risks 4 Consequence 3 2 1 4 5 Rare 2 3 Almost Certain LikelihoodFigure 3 Page 12 of 18
  13. 13. Raw risks identified as high or significant should receive further attention. Current risk mitigationplans should be considered to ascertain if the application risk is within a tolerant range of if furtherrisk management plans need to be looked at.Legal complianceMaking sure that an application development meets all legal standards and that IP and other suchlegal matters are not compromised is important. When in doubt crown legal should be contacted forsupport and information.Business aligned (strategy)The business goals and objectives while not being a legal requirement are extremely important tomake sure that they are implemented correctly. In doing this for each application it ensures thatapplication development and services time is not spent in areas that do not contribute to the overallidentified business goals and objectivesProcurementThere are procurement guidelines and policies and these need to be followed making sure that allinteraction between the agency and external suppliers is conducted correctly and according to the laidout guidelines and directions.GovernanceGovernance is normally something that applies to a government body or organisation as a whole. Inproviding value to stakeholders when delivering application development services it is useful intaking the concept of governance that is used at a helicopter view for an entire organisation or even alarge project and refining this to simple statements that help drive real value in the correct directionkeeping the correct focus (priority) of the applications business value.Governance taken from COBIT5 works towards making sure benefits, risks and opportunities aremanaged in a manner that provides comfort to all stakeholdersGovernance talked about in this documentis concerned with governance of the application and theapplications life cycle only. Correct governance translates into consistent management, effectiveguidance and granted power in achieving application value.In viewing an applications life cycle there are three areas of governance thatneed to be controlled 1. Resources and how they are used during the application life cycle 2. Risks that are associated with an application and its life cycle 3. Benefits that can be realised because of an application through its life cycleThese areas of governance are driven by the governance scope and who is responsible forgovernance.Governance should not hinder management but rather assist management in achieving the desiredoutcomes. What governance does do is make sure that allocated resources, risks and benefits arebalanced responsibly.Overview QuestionsTo allow correct governance the following governance questions help clarify if governance is beingconducted appropriately. Page 13 of 18
  14. 14. 1 Who is responsible for the governance decision? 2 Is there a defined capacity for action? 3 Do they have enough information to provide guidance? 4 What are the interactions points between governance and management?EnvironmentA factor with significant impact is the environment within which an application will be developed.The environment captures tools, resources, unit goals and process & practices. All of these impact anapplications development and life cycle.The Environment is all of those elements that form part of the way in which the unit delivers itsservices. This includes Tools used Resources of time, money and skill The Units strategic goals as they relate to the agency goals Practices, policies and culture of the unitAll of these things will impact the delivery of services and the unit’s outputs. A number ofmanagement frameworks or methodologies can be used in managing these elements.DocumentationDocumentation is a constant and a very important part of every effort that is undertaken in deliveringan outcome. There is documentation in all aspects of the suggested activities in this framework.Documentation is part of the expected activities of Business Analysis, Project management,Governance, Compliance and Unit management. What happens to this documentation and theongoing need to make the information available is an important element of this framework.A gooddocumentation foundation enhances an applications ability to meet business needs throughout its lifecycle and especially looking into the future.The documentation of an application should be maintained with consideration for staticdocumentation or documentation that is rarely changed and live documentation which is updatedregularly.Archive Documentation 1. Development or implementation documentation including compliance and governance setup 2. Technical and end user documentation 3. Learning’s from project implementation (can be part of implementation documentation)Live Documentation 4. Quick – Key application and management information 5. Issues tracking and resolution information Page 14 of 18
  15. 15. Development or implementation documentationDocumentation that is generated during the analysis and implementation of an application should bestored. This should be stored somewhere that is accessible and easy to find and link to otherdocumentation relating to an application. It will be infrequently accessed but will be of great help ifthat type of information is needed e.g. a review of business analysis as to why an application waschosen or procurement documentation.The TRIM system should be considered as the best place for this type of information. This type ofdocumentation should be expected to be versioned and easily referenced. It will be the baseline andinclude changes and enhancements that happen to an application over time.Technical and end user documentationTechnical and end – user documentation should also be stored in a secure and accessible place.Technical documentation gives developers, support staff and users the information that they needwhen working with the application. It is important that this documentation be maintained up to dateas un-maintained documentation is frustrating and reflects badly on the application. Technicaldocumentation includes diagrams, interactive flow diagrams and written information.This documentations accessibility is important especially for new users.Application Management Matrix: Quick – Key application and management informationThe ICT Business Services unit deals with many applications. It is important to be able to understandan applications basic structure.Areas of knowledge that enhance managements knowledge of an application are as follows Business unit information - Information relating to the business unit that initiated and use the application Hardware infrastructure – What hardware is the application using Software Infrastructure – Warranty, versioning, upgrade strategy Application Management – Application interconnectivity, Dealing with the application internal to ICT business system Software Information – Proprietor information, contact details Software usage and maintenance – Upgrade strategy, issues management Skills and People – Skills needed, who has the skills Cost of Ownership – What cost is there for running the applicationAll this information should be easily available in a database that is maintained allowing informationto improve management of applications. A software project has been started with the creation of theApplication Management Database as its goal. It is suggested that a database like this should beexpanded to house all of the relevant application management information pertaining to anapplications life cycle.Information that should form part of this database would include user perception and balanced scorecard information relevant to each application.This information is live or active information and needs to be searchable and allow the manager tocreate dynamic reports. Page 15 of 18
  16. 16. In providing a database of this capacity one of the below alternatives will need to be adopted 1. The current application management database could be enhanced 2. A SharePoint solution could be investigated using SharePoint 2013 and many of the enhancements within this system especially if SharePoint is to be relaunched and made the central point of agency user knowledge and connectivity. 3. Look for an off the shelf application management software that will allow the above information to be captured.In considering what the application management software should achieve the following should beconsidered General application knowledge Accessibility to the information Ability to store external documentation e.g. .doc .vsd .xls and other files not just field entered information Ability to search the information Easy and intuitive information maintenance Easy to use interface paying attention to usabilityBugtracker/IT Helpdesk: Issues tracking and resolution informationThis documentation really is part of the ongoing documentation that should be kept and is importantin understanding an applications usefulness, struggle points and cost of maintenance. There are twosystems being used at the moment The TT system used by infrastructure help desk for support tickets BugnetQuerying issue tracking information and making this available as part of a management tool, allows aclearer understanding of trends and future requirements that an application will need. Often thisinformation is used during the issue resolution by the technical support but not as a whole ofapplication overview. Drawing intelligence from what users are reporting can be very beneficialwhen considering an application as a whole and should feed into the balanced score card suggestedearlier.Bugnet at the moment is used only during application development. The TT system is used for userincoming requests and raised problems. There may be the possibility to somehow integrate theinformation from these systems. It may also be decided that having different systems is working wellat the moment. The struggle is that the more systems there are to maintain the less chance that thesystems or applications get usedeffectively.Key questions to be asked when managing documentation 1 Do we have all the Key application information for ongoing management? 2 Have we captured and stored all generated documentation during implementation? 3 Are we recording all issues and problems effectively? Page 16 of 18
  17. 17. Documentation and Storage for Static and Live InformationFigure 4 Page 17 of 18
  18. 18. ConclusionThis framework is not a definitive structure for managing applications but is a suggestion of how itcan be approached. It has strived to make the management of an application as simple as possible. Allalong the way it has strived to put forward a group of questions that stimulate thoroughness, out ofthe box thinking and accountability.It has considered frameworks from a number of disciplines and selected elements that make sense foruse by DEDTA ICT Business Services application framework.It is anticipated that elements of this framework if implemented will grow and be refined aslearning’s occur. When implementing this framework it is suggested that the Deming cycle of PDCA(Plan, Do, Check, Act) be adopted. This paper should be considered as the first element in the cyclebeing a plan of what could be implemented to improve application management. The ideas here needto be implemented and tested to see if they are producing the desired results. Following this areplanning covering shortfalls and gaps and ways to improve should then be undertaken making surethat the unit is not burdened down with tasks that produce no value.Figure 5 Page 18 of 18