Pmi, Opm3 And Cmmi Assessment Overview


Published on

Published in: Technology, Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Pmi, Opm3 And Cmmi Assessment Overview

  1. 1. PMI/OPM3 and CMMI Assessment Alan McSweeney
  2. 2. Objectives <ul><li>Provide customer with an understanding of the approach to using PMI project methodology to use to implement IT quality management </li></ul>
  3. 3. Agenda <ul><li>PMI/OPM3 and CMMI in the context of COBIT </li></ul><ul><li>Assessing PMI/OPM3 and CMMI </li></ul><ul><li>Approach </li></ul><ul><li>Indicative financial analysis </li></ul><ul><li>Next steps </li></ul>
  4. 4. Background <ul><li>Maturity models allow organisations to identify and assess areas in need of process improvement </li></ul><ul><li>IT Controls </li></ul><ul><ul><li>IT must implement internal controls around how it operates </li></ul></ul><ul><ul><li>The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT </li></ul></ul><ul><li>CMMI and OPM3 are two such maturity models </li></ul><ul><ul><li>CMMI focuses on software engineering </li></ul></ul><ul><ul><li>OPM3 focuses on project management across any project based activity </li></ul></ul><ul><li>The de-facto standard for IT governance is COBIT </li></ul><ul><ul><li>C ontrol Ob jectives for I nformation and related T echnology </li></ul></ul>
  5. 5. IT Service Delivery Issues and Challenges <ul><li>Keeping up with business needs </li></ul><ul><li>User and IT dissatisfaction with products and services </li></ul><ul><li>High costs of delivery </li></ul><ul><li>Delivery cycles too long </li></ul><ul><li>Technology infrastructure out-dated </li></ul><ul><li>Projects late and over budget </li></ul><ul><li>Meeting service levels </li></ul><ul><li>Regulatory requirements </li></ul>
  6. 6. OPM3 <ul><li>OPM3 </li></ul><ul><ul><li>O rganizational P roject M anagement M aturity M ode (OPMMM or OPM3) </li></ul></ul><ul><ul><li>Part of PMI – project maturity standard for organisations </li></ul></ul><ul><li>OPM3 focuses on knowledge, assessment and improvement </li></ul><ul><ul><li>Knowledge - why organisational project management and maturity are important and how to recognise enterprise competency </li></ul></ul><ul><ul><li>Assessment - the procedure an organisation uses to determine its maturity </li></ul></ul><ul><ul><li>Improvement - provides information on how an organisation can increase its organisational project management maturity </li></ul></ul>
  7. 7. PMI – Project Management Areas Project Integration Management Project Scope Management Project Time Management Project Cost Management Project Quality Management Project Human Resource Management Project Communications Management Project Risk Management Project Procurement Management
  8. 8. Many Quality Management Frameworks Baldridge QAI/QM COSO COBIT COQ SIX SIGMA ISO ITIL CMMI V-Model
  9. 9. SEI Capability Maturity Model Integrated (CMMI) Initial Repeatable Defined Managed Optimising Ad Hoc Disciplined Processes (Project) Standard Disciplined Processes (Organisation) Predictable Processes Continuous Improvement
  10. 10. Comparison of Standards
  11. 11. What is COBIT? <ul><li>The de-facto industry framework for the management of Information Technology standards and processes </li></ul><ul><li>All other frameworks and standards are a sub set of the COBIT framework </li></ul><ul><li>COBIT comprises </li></ul><ul><ul><li>4 Domains </li></ul></ul><ul><ul><li>34 Processes </li></ul></ul><ul><ul><li>318 Control Objectives </li></ul></ul>
  12. 12. COBIT <ul><li>COBIT aims to be different from other quality and governance approaches in two ways </li></ul><ul><ul><li>It is an IT governance framework and supporting set of tools that IT can use to bridge the gap between control requirements, technical issues and business risks </li></ul></ul><ul><ul><li>It provides a detailed implementation structure and toolset that translates the framework theory into a practical and achievable deliverables </li></ul></ul>
  13. 13. COBIT and Other Standards <ul><li>COBIT provides a framework and an associated toolset that allow IT implement controls and address technical issues and business risks and communicate that level of control to IT business stakeholders </li></ul><ul><ul><li>By providing a toolset COBIT enables the development of policy and practice for IT control throughout the enterprise. </li></ul></ul><ul><li>COBIT is integrated with other standards and thus can become an umbrella framework for IT governance </li></ul><ul><ul><li>It assists in understanding and managing the risks and benefits associated with IT </li></ul></ul><ul><ul><li>The process structure of COBIT and its business-oriented approach provides an end-to-end view of IT </li></ul></ul>
  14. 14. COBIT Domain and Process Structure
  15. 15. COBIT Structure
  16. 16. Maturity Models and COBIT <ul><li>Typically when an organisation undertakes a maturity assessment, it achieves a single (scored) rating that summarizes appraisal results and makes comparisons among the projects and processes via a staged representation format </li></ul><ul><li>Each stage indicates the level of maturity in a graded scale of process improvement </li></ul><ul><li>The model starts with basic management practices and progresses through a path of successive levels. No stages can be skipped </li></ul><ul><li>To fully map and understand a maturity model, you must place the model in an IT governance context hence the COBIT framework </li></ul>
  17. 17. COBIT Process Domains and The Delivery of Information to Meet Objectives `` Monitor and Evaluate Plan and Organise Deliver and Support Acquire and Implement Information Governance Objectives Business Objectives
  18. 18. COBIT Domains and Processes
  19. 19. COBIT Information Measurement Criteria <ul><li>COBIT defines seven measurement criteria: </li></ul><ul><ul><li>Effectiveness - Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner </li></ul></ul><ul><ul><li>Efficiency - Concerned with the provision of the information through the optimal use of resources </li></ul></ul><ul><ul><li>Confidentiality - Concerned with the protection of sensitive information from unauthorised disclosure </li></ul></ul><ul><ul><li>Integrity - Relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations </li></ul></ul><ul><ul><li>Availability - Relates to the information being available when required by the business process now and in the future </li></ul></ul><ul><ul><li>Compliance - Deals with complying with laws, regulations and contractual arrangements </li></ul></ul><ul><ul><li>Reliability - Relates to the provision of appropriate information for the workforce of the organisation </li></ul></ul>
  20. 20. COBIT Process Goals and Metrics <ul><li>Goal </li></ul><ul><li>Activity Goals </li></ul><ul><li>Process Goals </li></ul><ul><li>IT Goals </li></ul><ul><li>Metric </li></ul><ul><li>Key Performance Indicators </li></ul><ul><li>Process Key Goal Indicators </li></ul><ul><li>IT Key Goal Indicators </li></ul>
  21. 21. Sample G oals and Metrics for the COBIT Process PO1 Define a Strategic IT Plan
  22. 22. COBIT Generic Process Controls <ul><li>In addition to the process-specific control objectives, COBIT includes a set of generic process controls that are applied to all processes </li></ul><ul><ul><li>PC1 Process Owner - Assign an owner for each COBIT process such that responsibility is clear </li></ul></ul><ul><ul><li>PC2 Repeatability - Define each COBIT process such that it is repeatable </li></ul></ul><ul><ul><li>PC3 Goals and Objectives - Establish clear goals and objectives for each COBIT process for effective execution </li></ul></ul><ul><ul><li>PC4 Roles and Responsibilities - Define unambiguous roles, activities and responsibilities for each COBIT process for efficient execution </li></ul></ul><ul><ul><li>PC5 Process Performance - Measure the performance of each COBIT process against its goals </li></ul></ul><ul><ul><li>PC6 Policy, Plans and Procedures - Document, review, keep up to date, sign off on and communicate to all involved parties any policy, plan or procedure that drives a COBIT process </li></ul></ul>
  23. 23. COBIT Generic Application Controls <ul><li>As with the generic process controls, COBIT includes a set of generic application controls that are applied to all processes </li></ul><ul><ul><li>Data Origination/Authorisation Controls </li></ul></ul><ul><ul><ul><li>AC1 Data Preparation Procedures </li></ul></ul></ul><ul><ul><ul><li>AC2 Source Document Authorisation Procedures </li></ul></ul></ul><ul><ul><ul><li>AC3 Source Document Data Collection </li></ul></ul></ul><ul><ul><ul><li>AC4 Source Document Error Handling </li></ul></ul></ul><ul><ul><ul><li>AC5 Source Document Retention </li></ul></ul></ul><ul><ul><li>Data Input Controls </li></ul></ul><ul><ul><ul><li>AC6 Data Input Authorisation Procedures </li></ul></ul></ul><ul><ul><ul><li>AC7 Accuracy, Completeness and Authorisation Checks </li></ul></ul></ul><ul><ul><ul><li>AC8 Data Input Error Handling </li></ul></ul></ul><ul><ul><ul><li>Data Processing Controls </li></ul></ul></ul><ul><ul><ul><li>AC9 Data Processing Integrity </li></ul></ul></ul><ul><ul><ul><li>AC10 Data Processing Validation and Editing </li></ul></ul></ul><ul><ul><ul><li>AC11 Data Processing Error Handling </li></ul></ul></ul><ul><ul><li>Data Output Controls </li></ul></ul><ul><ul><ul><li>AC12 Output Handling and Retention </li></ul></ul></ul><ul><ul><ul><li>AC13 Output Distribution </li></ul></ul></ul><ul><ul><ul><li>AC14 Output Balancing and Reconciliation </li></ul></ul></ul><ul><ul><ul><li>AC15 Output Review and Error Handling </li></ul></ul></ul><ul><ul><ul><li>AC16 Security Provision for Output Reports </li></ul></ul></ul><ul><ul><li>Boundary Controls </li></ul></ul><ul><ul><ul><li>AC17 Authenticity and Integrity </li></ul></ul></ul><ul><ul><ul><li>AC18 Protection of Sensitive Information During Transmission and Transport </li></ul></ul></ul>
  24. 24. Current Situation <ul><li>As CMMI came first (published in 1991), many organisations have implemented CMMI and have developed processes and standards to support this framework </li></ul><ul><li>With the later arrival of OPM3 , many organisations are trying to establish where it fits, and whether and how a software engineering maturity model works in conjunction with a project management maturity model </li></ul>
  25. 25. Benefits of Implementing IT Control Framework <ul><li>Better IT to business alignment built on a business focus </li></ul><ul><li>Management view of what IT does </li></ul><ul><li>Clear ownership and responsibilities, based on process orientation </li></ul><ul><li>General acceptability with third parties and regulators </li></ul><ul><li>Shared understanding amongst all stakeholders, based on a common language </li></ul><ul><li>Fulfillment of the governance requirements for the IT control environment </li></ul>
  26. 26. Approach Analyse Assess and Identify Gaps Recommend and Quantify Next Steps Step 1 Step 2 Step 3
  27. 27. Step 1: Analyse <ul><li>Establish scope of assessment within Customer using COBIT framework and domains </li></ul><ul><li>Identify overlaps, differences and gaps between the two frameworks using COBIT’s domains within this scope </li></ul>
  28. 28. Example Comparison of CMMI and OMP3 Assessment Domain Processes are moderately addressed by CMMI and rarely addressed or none at all by ITIL and PMBOK. Keep in mind a domain ranking for the three compared frameworks is a summary of rankings for each process in the domain ME Processes are frequently addressed by ITIL and rarely addressed or none at all by OPM3 and CMMI DS Processes are frequently addressed by CMMI, moderately addressed by ITIL and none at all by PMBOK AI Processes are moderately addressed by both ITIL and PMBOK and rarely addressed or none at all by CMMI PO
  29. 29. Step 2: Assess and Identify Gaps <ul><li>What is the impact of gaps in CMMI coverage in Customer’s environment? </li></ul><ul><li>Will OPM3 bridge these gaps? </li></ul><ul><li>Can the gap closure requirement be clearly stated in a specific recommendation? </li></ul><ul><li>What benefit would be derived from closing the gap? </li></ul>
  30. 30. Step 3: Recommend and Quantify Next Steps <ul><li>Are the benefits of the recommendations clearly quantified? </li></ul><ul><li>Can they be delivered within a realistic timetable? </li></ul>
  31. 31. Conclusions <ul><li>OPM3 and CMMI are not exclusive standards, and can be used together </li></ul><ul><li>A practical, benefits-driven approach is required to assess the benefit of combining OPM3 with CMMI </li></ul><ul><li>This must be considered within an overall framework (COBIT) if the two maturity models are not to be seen to compete </li></ul><ul><li>To do this successfully, the following factors also need to be assessed </li></ul><ul><ul><li>The level of compliance the business is currently subject to </li></ul></ul><ul><ul><li>The amount of software engineering and project based activity being undertaken </li></ul></ul><ul><ul><li>The Project management skills and experience currently within the organisation </li></ul></ul>
  32. 32. More Information <ul><ul><ul><li>Alan McSweeney </li></ul></ul></ul><ul><ul><ul><li>[email_address] </li></ul></ul></ul>