SlideShare a Scribd company logo

entrust-it - Seminar ULG 290416 v1.0

G
Geert Janssen
1 of 36
Download to read offline
The value of your ‘software and IT’-quality: what about the investor’s point of view Geert Janssen 29/4/2016 26/04/16 1
Today’s question: what about the quality of your software and your IT organization? 26/04/16 2 Does it affect the value of your company/ investment? Should you worry about it?
We will cover the following aspects ...   the need for a consistent approach and tooling to assess the maturity of the company from an IT perspective   the added value of quality assurance throughout the investment lifecycle   IT risk assurance dimensions and approach   expressing risk responses in terms of IT objectives   the use of software quality assurance in practice (examples). 26/04/16 3
WHO ARE WE? A Quick Introduction 26/04/16 4
My background 26/04/16 5 [founder & managing partner] [partner] [senior manager] [associate partner] [Master Applied Economics] ‘95 ‘95 ‘07 ‘08 ‘10
26/04/16 6 Strategy & Innovation IT & Project Management Governance, Risk & Quality Assurance •  CIO-As-A-Service (IT Management) •  PQA-As-A-Service (Project Management) •  Advisory Services (Transformation Planning) (Business Model Design) (Value Proposition Design) (Capability Modeling) (Package Selection) •  IT Risk & Assurance Services (Quick Scan / Due Diligence) (Capabilty Maturity Assessment) (Software Quality Audit) (Usabilty reviews) •  PQA-As-A-Service (Solution & Delivery Excellence) IT-driven Business Transformation
THE NEED FOR A CONSISTENT APPROACH AND TOOLING TO ASSESS THE MATURITY OF THE COMPANY FROM AN IT PERSPECTIVE Why should I worry? 26/04/16 7
The Problem – Technical Debt 26/04/16 8
The Solution – Holistic Approach 26/04/16 9 Industry benchmarks / Roadmap reviews Landscape analysis Function Point / Feature Analysis Maturity Assessments Application Audits Skill Assessments
QUALITY ASSURANCE THROUGHOUT THE INVESTMENT LIFECYCLE A continuous exercise 26/04/16 10
IT Risk & Assurance - Approach 11 What price should we pay? > focus: value for money Should we invest? > focus: value assessment, risk mitigation Assure IT is managed well! > focus: continuous improvement / quality control, value augmentation Provide transparancy! > focus: safeguard value Similar process across the investment lifecycle however focus differs! Dealflow phase (1) IT Quick Scan Due Diligence phase (2) IT Due Diligence Nurturing phase (3) IT Risk Assessments Divestment (Exit) phase (4) IT Vendor Due Diligence
IT Risk & Assurance – 4-Step Process Scoping Preparation & Identification Research & Analysis Report & Remedy 26/04/16 12 -  Lifecycle status -  Investor focus -  Assess IT Resources & gather evidence -  Perform a scenario analysis -  Assess IT Control Areas -  Generate health factors -  Identify threats / risks -  Analyze frequency & impact in terms of Risk Appetite/Tolerance -  Analyze technical metrics -  Express Risk Responses in terms of IT Objectives (business terms) -  Define remediation plan
IT RISK ASSURANCE DIMENSIONS What should we be looking at? 26/04/16 13
IT Risk & Assurance - Dimensions 26 April 2016 14 Value Maturity Risk •  Balance IT risks versus risk tolerance (continuity, compliance, …) •  Value to the Company •  Technical Debt •  Organization •  Process •  Product •  Which risks are acceptable? •  To what extend does IT contribute to the overall business objectives? •  What hidden costs are present? •  Where are we today and where should we be?
EXPRESSING RISK RESPONSES IN TERMS OF IT OBJECTIVES How to communicate? 26/04/16 15
IT Resources 26 April 2016 16 Strategy Organization Processes Applications Data Infrastructure
Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 17 Agility Accuracy Access Availability
Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 18 AccuracyAvailabilityAgility Possess the capability to change with managed cost and speed
Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 19 Agility AccuracyAvailabilityAccuracy Provide correct, timely and complete information that meets the requirements of management, staff, customers, suppliers and regulators.
Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 20 Agility Accuracy AvailabilityAccess Ensure appropriate access to data and systems, so that the right people have the access they need and the wrong people do not.
Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 21 AvailabilityAvailability Keep the systems (and their business processes) running, and recover from interruptions Agility Accuracy Access
THE USE OF SOFTWARE QUALITY ASSURANCE IN PRACTICE Examples 26/04/16 22
Software Quality Audit Process 26/04/16 23   We follow a 4-step process.   Continuous improvement is key.   A typical exercise requires between 5 and 10 man days of work.   Maximum 2 à 3 iterations per year, mostly only 1 per year!
Opening IT assurance discussions 26/04/16 24   Developers –  Most developers have limited ideas on the quality of their code. –  Hence, a typical eye-opener.   Management –  Easy to interpret quality dashboard, also for IT illiterate resources. –  Sound basis for enabling discussions on the value of IT assurance, which are typically neglected as focus is on creating marketshare.
Linking payment milestones to improvements 26/04/16 25   A basis for the investment manager to manage the investment based on facts & figures.   A means to agree upon improvement actions and potentially linking those to payment milestones.
Mitigating Investment Risk 26/04/16 26   One should typically run the application audit on a dedicated machine forcing the development team to handover all required source code items (dll’s, certificates, …).   In most cases compilation is an issue in terms of missing components, hardcoding, …   In one case it took us 2 weeks to get the platform compiled correctly!
Assuring minimum level of documentation 26/04/16 27   Code documentation is important as change of ownership during startup years is likely to happen more often than within mature/stable environments.   Additionally, lack of documentation ‘outside’ the code (e.g. functional design) is typically higher in startups than in more mature organizations.
Assuring minimum level of documentation 26/04/16 28   Our focus on improving code documentation is especially important for the complex (McCabe Cyclomatic Complexity) code areas.
Identifying organization weaknesses 26/04/16 29   Code audits often identify weaknesses in the organization.   As a consequence we agree with the organization to focus on improving their weaknesses through hiring/training.
Assuring continuous improvement 26/04/16 30   Health factor ‘scores’ as such are relative and often result in discussions.   More important is to agree upon continued positive evolution and link commitment of continued evolution into a contractual agreement. !
Being transparent is key 26/04/16 31   Having ‘red’ scores is not a shame.   Knowing where to focus on and having insight into areas for improvement is more important.   Being transparent on weak spots during exit discussions is more important than not knowing where you stand. ! => Any weak spot identified during due diligence will jeopardize your negotiation position.
A trigger for re-engineering   Assessing application quality – as opposed to code quality only – allows to discover a potential ‘spaghetti’ architecture.   Resulting in revising the entire architecture and identifying modules / components for renewal. 26/04/16 32
Agreeing upon corrective actions   Added value of having end-to-end view in limited time compared to manual audits.   Limited involvement required from development team.   Final presentation to present / discuss the results during a half / one day workshop.   Goal is to confirm / agree upon corrective actions. 26/04/16 33
IS SOFTWARE AND IT QUALITY IMPORTANT FOR AN INVESTOR? In Synopsis 26/04/16 34
... Yes, it is!   If you don’t measure you don’t know   One reaps what one sows   Moving in the right direction as of day 1 is key   A means to professionalize the organization   ‘Conditio sine qua non’ during exit discussions 26/04/16 35
Q&A 26/04/16 36

Recommended

Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016
Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016
Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016Interface ULg, LIEGE science park
 
Introduction_Kishore Sundararaman
Introduction_Kishore SundararamanIntroduction_Kishore Sundararaman
Introduction_Kishore SundararamanKishore Sundararaman
 
Outsourcing Life Cycle: Assessment / Business Case
Outsourcing Life Cycle: Assessment / Business CaseOutsourcing Life Cycle: Assessment / Business Case
Outsourcing Life Cycle: Assessment / Business CaseAltoros
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
GAP Analysis
GAP AnalysisGAP Analysis
GAP AnalysisLakshmi-BA
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideCenapSerdarolu
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideAstalapulosListestos
 
Business Alignment
Business AlignmentBusiness Alignment
Business AlignmentMichael Galo
 

Recommended

Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016
Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016
Value of 'software and IT' Quality-Le Point du LIEGE science park-29 avril 2016Interface ULg, LIEGE science park
 
Introduction_Kishore Sundararaman
Introduction_Kishore SundararamanIntroduction_Kishore Sundararaman
Introduction_Kishore SundararamanKishore Sundararaman
 
Outsourcing Life Cycle: Assessment / Business Case
Outsourcing Life Cycle: Assessment / Business CaseOutsourcing Life Cycle: Assessment / Business Case
Outsourcing Life Cycle: Assessment / Business CaseAltoros
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
GAP Analysis
GAP AnalysisGAP Analysis
GAP AnalysisLakshmi-BA
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideCenapSerdarolu
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideAstalapulosListestos
 
Business Alignment
Business AlignmentBusiness Alignment
Business AlignmentMichael Galo
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2Ahmad Ammari
 
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018International Federation of Accountants
 
Developing Retained Organization to Support Outsourcing
Developing Retained Organization to Support OutsourcingDeveloping Retained Organization to Support Outsourcing
Developing Retained Organization to Support OutsourcingMark Peacock
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIABCM Institute
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit ReportingSALIH AHMED ISLAM
 
Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Security Executive Council
 
Project Auditing
Project AuditingProject Auditing
Project AuditingSALIH AHMED ISLAM
 
Critical Success Factors in Software Projects
Critical Success Factors in Software ProjectsCritical Success Factors in Software Projects
Critical Success Factors in Software ProjectsShelley Keith, MSIQ
 
Asset Management Presentation
Asset Management PresentationAsset Management Presentation
Asset Management PresentationNeeraj Kumar
 
BIS11 ERP
BIS11 ERPBIS11 ERP
BIS11 ERPPrithwis Mukerjee
 
A process maturity model for requirements engineering
A process maturity model for requirements engineeringA process maturity model for requirements engineering
A process maturity model for requirements engineeringIan Sommerville
 
Technology audit by Magdy El messiry
Technology audit by Magdy El messiryTechnology audit by Magdy El messiry
Technology audit by Magdy El messiryMagdy El Messiry
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricPECB
 
BTABOK / ITABOK
BTABOK / ITABOKBTABOK / ITABOK
BTABOK / ITABOKMaganathin Veeraragaloo
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing functionDebashis Gupta
 
YP-Week
YP-WeekYP-Week
YP-WeekMichael Sapiro
 
Development pro forma
Development pro formaDevelopment pro forma
Development pro formaAlessandro Delrio
 
управління житловим будинком
управління житловим будинкомуправління житловим будинком
управління житловим будинкомБахмутська міська рада
 

More Related Content

What's hot

CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2Ahmad Ammari
 
Developing Retained Organization to Support Outsourcing
Developing Retained Organization to Support OutsourcingDeveloping Retained Organization to Support Outsourcing
Developing Retained Organization to Support OutsourcingMark Peacock
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIABCM Institute
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Critical Success Factors in Software Projects
Critical Success Factors in Software ProjectsCritical Success Factors in Software Projects
Critical Success Factors in Software ProjectsShelley Keith, MSIQ
 
Asset Management Presentation
Asset Management PresentationAsset Management Presentation
Asset Management PresentationNeeraj Kumar
 
A process maturity model for requirements engineering
A process maturity model for requirements engineeringA process maturity model for requirements engineering
A process maturity model for requirements engineeringIan Sommerville
 
Technology audit by Magdy El messiry
Technology audit by Magdy El messiryTechnology audit by Magdy El messiry
Technology audit by Magdy El messiryMagdy El Messiry
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricPECB
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing functionDebashis Gupta
 

What's hot (19)

CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
 
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
 
Developing Retained Organization to Support Outsourcing
Developing Retained Organization to Support OutsourcingDeveloping Retained Organization to Support Outsourcing
Developing Retained Organization to Support Outsourcing
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysis
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
 
Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2
 
Project Auditing
Project AuditingProject Auditing
Project Auditing
 
Critical Success Factors in Software Projects
Critical Success Factors in Software ProjectsCritical Success Factors in Software Projects
Critical Success Factors in Software Projects
 
Asset Management Presentation
Asset Management PresentationAsset Management Presentation
Asset Management Presentation
 
BIS11 ERP
BIS11 ERPBIS11 ERP
BIS11 ERP
 
A process maturity model for requirements engineering
A process maturity model for requirements engineeringA process maturity model for requirements engineering
A process maturity model for requirements engineering
 
Technology audit by Magdy El messiry
Technology audit by Magdy El messiryTechnology audit by Magdy El messiry
Technology audit by Magdy El messiry
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance Metric
 
BTABOK / ITABOK
BTABOK / ITABOKBTABOK / ITABOK
BTABOK / ITABOK
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRM
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 

Viewers also liked

Presentacion tipos de lineas electricas
Presentacion tipos de lineas electricasPresentacion tipos de lineas electricas
Presentacion tipos de lineas electricasKmilo Jimenez
 
Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020CEW Georgetown
 
Digitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityDigitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityPaul Brown
 
The Online College Labor Market
The Online College Labor MarketThe Online College Labor Market
The Online College Labor MarketCEW Georgetown
 
Parts of speech menu project complete packet
Parts of speech menu project complete packetParts of speech menu project complete packet
Parts of speech menu project complete packetcbalsamo
 
The Future Of Work & The Work Of The Future
The Future Of Work & The Work Of The FutureThe Future Of Work & The Work Of The Future
The Future Of Work & The Work Of The FutureArturo Pelayo
 
Responding to Academically Distressed Students
Responding to Academically Distressed StudentsResponding to Academically Distressed Students
Responding to Academically Distressed StudentsMr. Ronald Quileste, PhD
 
Routes of drug administration
Routes of drug administration Routes of drug administration
Routes of drug administration Namdeo Shinde
 
Route of Drug Administration
Route of Drug AdministrationRoute of Drug Administration
Route of Drug AdministrationAbubakar Fago
 
Routes of drug administration
Routes of drug administrationRoutes of drug administration
Routes of drug administrationamitgajjar85
 
Routes of drug administration
Routes of drug administrationRoutes of drug administration
Routes of drug administrationraj kumar
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksSlideShare
 
Liquid Dosage Form
Liquid Dosage FormLiquid Dosage Form
Liquid Dosage Formphmosarrof
 
Drug Dosage Forms
Drug Dosage FormsDrug Dosage Forms
Drug Dosage FormsOsama Zahid
 

Viewers also liked (19)

YP-Week
YP-WeekYP-Week
YP-Week
 
Development pro forma
Development pro formaDevelopment pro forma
Development pro forma
 
управління житловим будинком
управління житловим будинкомуправління житловим будинком
управління житловим будинком
 
Presentacion tipos de lineas electricas
Presentacion tipos de lineas electricasPresentacion tipos de lineas electricas
Presentacion tipos de lineas electricas
 
Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020
 
Digitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityDigitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and Identity
 
The Online College Labor Market
The Online College Labor MarketThe Online College Labor Market
The Online College Labor Market
 
Parts of speech menu project complete packet
Parts of speech menu project complete packetParts of speech menu project complete packet
Parts of speech menu project complete packet
 
The Future Of Work & The Work Of The Future
The Future Of Work & The Work Of The FutureThe Future Of Work & The Work Of The Future
The Future Of Work & The Work Of The Future
 
Responding to Academically Distressed Students
Responding to Academically Distressed StudentsResponding to Academically Distressed Students
Responding to Academically Distressed Students
 
Routes of drug administration
Routes of drug administration Routes of drug administration
Routes of drug administration
 
Route of Drug Administration
Route of Drug AdministrationRoute of Drug Administration
Route of Drug Administration
 
Routes of drug administration
Routes of drug administrationRoutes of drug administration
Routes of drug administration
 
Routes of drug administration
Routes of drug administrationRoutes of drug administration
Routes of drug administration
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & Tricks
 
Dosage form design
Dosage form designDosage form design
Dosage form design
 
Types of dosage forms lecture2,2
Types of dosage forms lecture2,2Types of dosage forms lecture2,2
Types of dosage forms lecture2,2
 
Liquid Dosage Form
Liquid Dosage FormLiquid Dosage Form
Liquid Dosage Form
 
Drug Dosage Forms
Drug Dosage FormsDrug Dosage Forms
Drug Dosage Forms
 

Similar to entrust-it - Seminar ULG 290416 v1.0

Preparing Detailed Project Report and Presenting Business Plan to Investors
Preparing Detailed Project Report and Presenting Business Plan to InvestorsPreparing Detailed Project Report and Presenting Business Plan to Investors
Preparing Detailed Project Report and Presenting Business Plan to InvestorsRahul Sharma
 
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...Audrey Reynolds
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"David Pedreno
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"David Pedreno
 
IT Professionals – Transform your Company and Career using Advanced Business ...
IT Professionals – Transform your Company and Career using Advanced Business ...IT Professionals – Transform your Company and Career using Advanced Business ...
IT Professionals – Transform your Company and Career using Advanced Business ...Fast Lane Consulting and Education, Inc.
 
CRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docx
CRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docxCRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docx
CRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docxfaithxdunce63732
 
A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022chinuroula
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk managementInfosys
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringEmma Kelly
 
How to assess projects using the VCR framework
How to assess projects using the VCR frameworkHow to assess projects using the VCR framework
How to assess projects using the VCR frameworkPete Hidalgo
 
Achieving IT Strategic Directives When Evaluating a New Promotional Content E...
Achieving IT Strategic Directives When Evaluating a New Promotional Content E...Achieving IT Strategic Directives When Evaluating a New Promotional Content E...
Achieving IT Strategic Directives When Evaluating a New Promotional Content E...Cognizant
 
RATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIA
RATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIARATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIA
RATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIAAshish Aayush
 
The weekly written exercises collectively comprise the Strategic Inf.docx
The weekly written exercises collectively comprise the Strategic Inf.docxThe weekly written exercises collectively comprise the Strategic Inf.docx
The weekly written exercises collectively comprise the Strategic Inf.docxcroftsshanon
 
Techedge Solution for Procurement - One View
Techedge Solution for Procurement - One ViewTechedge Solution for Procurement - One View
Techedge Solution for Procurement - One ViewTechedge Group
 
Framing the business case service provider v1 2
Framing the business case service provider v1 2Framing the business case service provider v1 2
Framing the business case service provider v1 2pskoularikos
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Benchmarking Basic.pdf
Benchmarking Basic.pdfBenchmarking Basic.pdf
Benchmarking Basic.pdfR Borres
 
Project Reviews 20100414 1 0
Project Reviews 20100414 1 0Project Reviews 20100414 1 0
Project Reviews 20100414 1 0Gavin Berry
 

Similar to entrust-it - Seminar ULG 290416 v1.0 (20)

Preparing Detailed Project Report and Presenting Business Plan to Investors
Preparing Detailed Project Report and Presenting Business Plan to InvestorsPreparing Detailed Project Report and Presenting Business Plan to Investors
Preparing Detailed Project Report and Presenting Business Plan to Investors
 
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"
 
IT Professionals – Transform your Company and Career using Advanced Business ...
IT Professionals – Transform your Company and Career using Advanced Business ...IT Professionals – Transform your Company and Career using Advanced Business ...
IT Professionals – Transform your Company and Career using Advanced Business ...
 
Project Planning & Feasibility Study
Project Planning & Feasibility StudyProject Planning & Feasibility Study
Project Planning & Feasibility Study
 
JohanCVJuly2015
JohanCVJuly2015JohanCVJuly2015
JohanCVJuly2015
 
CRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docx
CRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docxCRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docx
CRJS466 – Psychopathology and CriminalityUnit 5 Individual Proje.docx
 
A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
How to assess projects using the VCR framework
How to assess projects using the VCR frameworkHow to assess projects using the VCR framework
How to assess projects using the VCR framework
 
Achieving IT Strategic Directives When Evaluating a New Promotional Content E...
Achieving IT Strategic Directives When Evaluating a New Promotional Content E...Achieving IT Strategic Directives When Evaluating a New Promotional Content E...
Achieving IT Strategic Directives When Evaluating a New Promotional Content E...
 
RATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIA
RATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIARATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIA
RATION ANALYSIS OF UNITECH TECHNOLOGY IN INDIA
 
The weekly written exercises collectively comprise the Strategic Inf.docx
The weekly written exercises collectively comprise the Strategic Inf.docxThe weekly written exercises collectively comprise the Strategic Inf.docx
The weekly written exercises collectively comprise the Strategic Inf.docx
 
Techedge Solution for Procurement - One View
Techedge Solution for Procurement - One ViewTechedge Solution for Procurement - One View
Techedge Solution for Procurement - One View
 
Framing the business case service provider v1 2
Framing the business case service provider v1 2Framing the business case service provider v1 2
Framing the business case service provider v1 2
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Benchmarking Basic.pdf
Benchmarking Basic.pdfBenchmarking Basic.pdf
Benchmarking Basic.pdf
 
Project Reviews 20100414 1 0
Project Reviews 20100414 1 0Project Reviews 20100414 1 0
Project Reviews 20100414 1 0
 

entrust-it - Seminar ULG 290416 v1.0

  • 1. The value of your ‘software and IT’-quality: what about the investor’s point of view Geert Janssen 29/4/2016 26/04/16 1
  • 2. Today’s question: what about the quality of your software and your IT organization? 26/04/16 2 Does it affect the value of your company/ investment? Should you worry about it?
  • 3. We will cover the following aspects ...   the need for a consistent approach and tooling to assess the maturity of the company from an IT perspective   the added value of quality assurance throughout the investment lifecycle   IT risk assurance dimensions and approach   expressing risk responses in terms of IT objectives   the use of software quality assurance in practice (examples). 26/04/16 3
  • 4. WHO ARE WE? A Quick Introduction 26/04/16 4
  • 5. My background 26/04/16 5 [founder & managing partner] [partner] [senior manager] [associate partner] [Master Applied Economics] ‘95 ‘95 ‘07 ‘08 ‘10
  • 6. 26/04/16 6 Strategy & Innovation IT & Project Management Governance, Risk & Quality Assurance •  CIO-As-A-Service (IT Management) •  PQA-As-A-Service (Project Management) •  Advisory Services (Transformation Planning) (Business Model Design) (Value Proposition Design) (Capability Modeling) (Package Selection) •  IT Risk & Assurance Services (Quick Scan / Due Diligence) (Capabilty Maturity Assessment) (Software Quality Audit) (Usabilty reviews) •  PQA-As-A-Service (Solution & Delivery Excellence) IT-driven Business Transformation
  • 7. THE NEED FOR A CONSISTENT APPROACH AND TOOLING TO ASSESS THE MATURITY OF THE COMPANY FROM AN IT PERSPECTIVE Why should I worry? 26/04/16 7
  • 8. The Problem – Technical Debt 26/04/16 8
  • 9. The Solution – Holistic Approach 26/04/16 9 Industry benchmarks / Roadmap reviews Landscape analysis Function Point / Feature Analysis Maturity Assessments Application Audits Skill Assessments
  • 10. QUALITY ASSURANCE THROUGHOUT THE INVESTMENT LIFECYCLE A continuous exercise 26/04/16 10
  • 11. IT Risk & Assurance - Approach 11 What price should we pay? > focus: value for money Should we invest? > focus: value assessment, risk mitigation Assure IT is managed well! > focus: continuous improvement / quality control, value augmentation Provide transparancy! > focus: safeguard value Similar process across the investment lifecycle however focus differs! Dealflow phase (1) IT Quick Scan Due Diligence phase (2) IT Due Diligence Nurturing phase (3) IT Risk Assessments Divestment (Exit) phase (4) IT Vendor Due Diligence
  • 12. IT Risk & Assurance – 4-Step Process Scoping Preparation & Identification Research & Analysis Report & Remedy 26/04/16 12 -  Lifecycle status -  Investor focus -  Assess IT Resources & gather evidence -  Perform a scenario analysis -  Assess IT Control Areas -  Generate health factors -  Identify threats / risks -  Analyze frequency & impact in terms of Risk Appetite/Tolerance -  Analyze technical metrics -  Express Risk Responses in terms of IT Objectives (business terms) -  Define remediation plan
  • 13. IT RISK ASSURANCE DIMENSIONS What should we be looking at? 26/04/16 13
  • 14. IT Risk & Assurance - Dimensions 26 April 2016 14 Value Maturity Risk •  Balance IT risks versus risk tolerance (continuity, compliance, …) •  Value to the Company •  Technical Debt •  Organization •  Process •  Product •  Which risks are acceptable? •  To what extend does IT contribute to the overall business objectives? •  What hidden costs are present? •  Where are we today and where should we be?
  • 15. EXPRESSING RISK RESPONSES IN TERMS OF IT OBJECTIVES How to communicate? 26/04/16 15
  • 16. IT Resources 26 April 2016 16 Strategy Organization Processes Applications Data Infrastructure
  • 17. Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 17 Agility Accuracy Access Availability
  • 18. Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 18 AccuracyAvailabilityAgility Possess the capability to change with managed cost and speed
  • 19. Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 19 Agility AccuracyAvailabilityAccuracy Provide correct, timely and complete information that meets the requirements of management, staff, customers, suppliers and regulators.
  • 20. Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 20 Agility Accuracy AvailabilityAccess Ensure appropriate access to data and systems, so that the right people have the access they need and the wrong people do not.
  • 21. Strategy Organization Processes Applications Data Infrastructure IT Resources vs IT Objectives (4 A’s) 26 April 2016 21 AvailabilityAvailability Keep the systems (and their business processes) running, and recover from interruptions Agility Accuracy Access
  • 22. THE USE OF SOFTWARE QUALITY ASSURANCE IN PRACTICE Examples 26/04/16 22
  • 23. Software Quality Audit Process 26/04/16 23   We follow a 4-step process.   Continuous improvement is key.   A typical exercise requires between 5 and 10 man days of work.   Maximum 2 à 3 iterations per year, mostly only 1 per year!
  • 24. Opening IT assurance discussions 26/04/16 24   Developers –  Most developers have limited ideas on the quality of their code. –  Hence, a typical eye-opener.   Management –  Easy to interpret quality dashboard, also for IT illiterate resources. –  Sound basis for enabling discussions on the value of IT assurance, which are typically neglected as focus is on creating marketshare.
  • 25. Linking payment milestones to improvements 26/04/16 25   A basis for the investment manager to manage the investment based on facts & figures.   A means to agree upon improvement actions and potentially linking those to payment milestones.
  • 26. Mitigating Investment Risk 26/04/16 26   One should typically run the application audit on a dedicated machine forcing the development team to handover all required source code items (dll’s, certificates, …).   In most cases compilation is an issue in terms of missing components, hardcoding, …   In one case it took us 2 weeks to get the platform compiled correctly!
  • 27. Assuring minimum level of documentation 26/04/16 27   Code documentation is important as change of ownership during startup years is likely to happen more often than within mature/stable environments.   Additionally, lack of documentation ‘outside’ the code (e.g. functional design) is typically higher in startups than in more mature organizations.
  • 28. Assuring minimum level of documentation 26/04/16 28   Our focus on improving code documentation is especially important for the complex (McCabe Cyclomatic Complexity) code areas.
  • 29. Identifying organization weaknesses 26/04/16 29   Code audits often identify weaknesses in the organization.   As a consequence we agree with the organization to focus on improving their weaknesses through hiring/training.
  • 30. Assuring continuous improvement 26/04/16 30   Health factor ‘scores’ as such are relative and often result in discussions.   More important is to agree upon continued positive evolution and link commitment of continued evolution into a contractual agreement. !
  • 31. Being transparent is key 26/04/16 31   Having ‘red’ scores is not a shame.   Knowing where to focus on and having insight into areas for improvement is more important.   Being transparent on weak spots during exit discussions is more important than not knowing where you stand. ! => Any weak spot identified during due diligence will jeopardize your negotiation position.
  • 32. A trigger for re-engineering   Assessing application quality – as opposed to code quality only – allows to discover a potential ‘spaghetti’ architecture.   Resulting in revising the entire architecture and identifying modules / components for renewal. 26/04/16 32
  • 33. Agreeing upon corrective actions   Added value of having end-to-end view in limited time compared to manual audits.   Limited involvement required from development team.   Final presentation to present / discuss the results during a half / one day workshop.   Goal is to confirm / agree upon corrective actions. 26/04/16 33
  • 34. IS SOFTWARE AND IT QUALITY IMPORTANT FOR AN INVESTOR? In Synopsis 26/04/16 34
  • 35. ... Yes, it is!   If you don’t measure you don’t know   One reaps what one sows   Moving in the right direction as of day 1 is key   A means to professionalize the organization   ‘Conditio sine qua non’ during exit discussions 26/04/16 35