logging in or signing up PMI OPM3 and CMMI Assessment Overview alanmcsweeney Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 336 Category: Science & Tech.. License: Some Rights Reserved Like it (0) Dislike it (0) Added: January 10, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript PMI/OPM3 and CMMI Assessment: PMI/OPM3 and CMMI Assessment Alan McSweeneyObjectives: January 10, 2011 2 Objectives Provide customer with an understanding of the approach to using PMI project methodology to use to implement IT quality managementAgenda : January 10, 2011 3 Agenda PMI/OPM3 and CMMI in the context of COBIT Assessing PMI/OPM3 and CMMI Approach Indicative financial analysis Next stepsBackground: January 10, 2011 4 Background Maturity models allow organisations to identify and assess areas in need of process improvement IT Controls IT must implement internal controls around how it operates The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT CMMI and OPM3 are two such maturity models CMMI focuses on software engineering OPM3 focuses on project management across any project based activity The de-facto standard for IT governance is COBIT C ontrol Ob jectives for I nformation and related T echnologyIT Service Delivery Issues and Challenges: January 10, 2011 5 IT Service Delivery Issues and Challenges Keeping up with business needs User and IT dissatisfaction with products and services High costs of delivery Delivery cycles too long Technology infrastructure out-dated Projects late and over budget Meeting service levels Regulatory requirementsOPM3: January 10, 2011 6 OPM3 OPM3 O rganizational P roject M anagement M aturity M ode (OPMMM or OPM3) Part of PMI – project maturity standard for organisations OPM3 focuses on knowledge, assessment and improvement Knowledge - why organisational project management and maturity are important and how to recognise enterprise competency Assessment - the procedure an organisation uses to determine its maturity Improvement - provides information on how an organisation can increase its organisational project management maturityPMI – Project Management Areas: January 10, 2011 7 PMI – Project Management Areas Project Integration Management Project Scope Management Project Time Management Project Cost Management Project Quality Management Project Human Resource Management Project Communications Management Project Risk Management Project Procurement ManagementMany Quality Management Frameworks: January 10, 2011 8 Many Quality Management Frameworks Baldridge QAI/QM COSO COBIT COQ SIX SIGMA ISO ITIL CMMI V-ModelSEI Capability Maturity Model Integrated (CMMI): January 10, 2011 9 SEI Capability Maturity Model Integrated (CMMI) Initial Repeatable Defined Managed Optimising Ad Hoc Disciplined Processes (Project) Standard Disciplined Processes (Organisation) Predictable Processes Continuous ImprovementComparison of Standards: January 10, 2011 10 Comparison of StandardsWhat is COBIT?: January 10, 2011 11 What is COBIT? The de-facto industry framework for the management of Information Technology standards and processes All other frameworks and standards are a sub set of the COBIT framework COBIT comprises 4 Domains 34 Processes 318 Control ObjectivesCOBIT: January 10, 2011 12 COBIT COBIT aims to be different from other quality and governance approaches in two ways It is an IT governance framework and supporting set of tools that IT can use to bridge the gap between control requirements, technical issues and business risks It provides a detailed implementation structure and toolset that translates the framework theory into a practical and achievable deliverablesCOBIT and Other Standards: January 10, 2011 13 COBIT and Other Standards COBIT provides a framework and an associated toolset that allow IT implement controls and address technical issues and business risks and communicate that level of control to IT business stakeholders By providing a toolset COBIT enables the development of policy and practice for IT control throughout the enterprise. COBIT is integrated with other standards and thus can become an umbrella framework for IT governance It assists in understanding and managing the risks and benefits associated with IT The process structure of COBIT and its business-oriented approach provides an end-to-end view of ITCOBIT Domain and Process Structure: January 10, 2011 14 COBIT Domain and Process StructureCOBIT Structure: January 10, 2011 15 COBIT StructureMaturity Models and COBIT: January 10, 2011 16 Maturity Models and COBIT Typically when an organisation undertakes a maturity assessment, it achieves a single (scored) rating that summarizes appraisal results and makes comparisons among the projects and processes via a staged representation format Each stage indicates the level of maturity in a graded scale of process improvement The model starts with basic management practices and progresses through a path of successive levels. No stages can be skipped To fully map and understand a maturity model, you must place the model in an IT governance context hence the COBIT frameworkCOBIT Process Domains and The Delivery of Information to Meet Objectives: January 10, 2011 17 COBIT Process Domains and The Delivery of Information to Meet Objectives `` Monitor and Evaluate Plan and Organise Deliver and Support Acquire and Implement Information Governance Objectives Business ObjectivesCOBIT Domains and Processes: January 10, 2011 18 COBIT Domains and ProcessesCOBIT Information Measurement Criteria: January 10, 2011 19 COBIT Information Measurement Criteria COBIT defines seven measurement criteria: Effectiveness - Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner Efficiency - Concerned with the provision of the information through the optimal use of resources Confidentiality - Concerned with the protection of sensitive information from unauthorised disclosure Integrity - Relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations Availability - Relates to the information being available when required by the business process now and in the future Compliance - Deals with complying with laws, regulations and contractual arrangements Reliability - Relates to the provision of appropriate information for the workforce of the organisationCOBIT Process Goals and Metrics: January 10, 2011 20 COBIT Process Goals and Metrics Goal Activity Goals Process Goals IT Goals Metric Key Performance Indicators Process Key Goal Indicators IT Key Goal IndicatorsSample Goals and Metrics for the COBIT Process PO1 Define a Strategic IT Plan: January 10, 2011 21 Sample G oals and Metrics for the COBIT Process PO1 Define a Strategic IT PlanCOBIT Generic Process Controls: January 10, 2011 22 COBIT Generic Process Controls In addition to the process-specific control objectives, COBIT includes a set of generic process controls that are applied to all processes PC1 Process Owner - Assign an owner for each COBIT process such that responsibility is clear PC2 Repeatability - Define each COBIT process such that it is repeatable PC3 Goals and Objectives - Establish clear goals and objectives for each COBIT process for effective execution PC4 Roles and Responsibilities - Define unambiguous roles, activities and responsibilities for each COBIT process for efficient execution PC5 Process Performance - Measure the performance of each COBIT process against its goals PC6 Policy, Plans and Procedures - Document, review, keep up to date, sign off on and communicate to all involved parties any policy, plan or procedure that drives a COBIT processCOBIT Generic Application Controls: January 10, 2011 23 COBIT Generic Application Controls As with the generic process controls, COBIT includes a set of generic application controls that are applied to all processes Data Origination/Authorisation Controls AC1 Data Preparation Procedures AC2 Source Document Authorisation Procedures AC3 Source Document Data Collection AC4 Source Document Error Handling AC5 Source Document Retention Data Input Controls AC6 Data Input Authorisation Procedures AC7 Accuracy, Completeness and Authorisation Checks AC8 Data Input Error Handling Data Processing Controls AC9 Data Processing Integrity AC10 Data Processing Validation and Editing AC11 Data Processing Error Handling Data Output Controls AC12 Output Handling and Retention AC13 Output Distribution AC14 Output Balancing and Reconciliation AC15 Output Review and Error Handling AC16 Security Provision for Output Reports Boundary Controls AC17 Authenticity and Integrity AC18 Protection of Sensitive Information During Transmission and TransportCurrent Situation: January 10, 2011 24 Current Situation As CMMI came first (published in 1991), many organisations have implemented CMMI and have developed processes and standards to support this framework With the later arrival of OPM3 , many organisations are trying to establish where it fits, and whether and how a software engineering maturity model works in conjunction with a project management maturity modelBenefits of Implementing IT Control Framework: January 10, 2011 25 Benefits of Implementing IT Control Framework Better IT to business alignment built on a business focus Management view of what IT does Clear ownership and responsibilities, based on process orientation General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language Fulfillment of the governance requirements for the IT control environmentApproach: January 10, 2011 26 Approach Analyse Assess and Identify Gaps Recommend and Quantify Next Steps Step 1 Step 2 Step 3Step 1: Analyse: January 10, 2011 27 Step 1: Analyse Establish scope of assessment within Customer using COBIT framework and domains Identify overlaps, differences and gaps between the two frameworks using COBIT’s domains within this scopeExample Comparison of CMMI and OMP3: January 10, 2011 28 Example Comparison of CMMI and OMP3 Domain Assessment PO Processes are moderately addressed by both ITIL and PMBOK and rarely addressed or none at all by CMMI AI Processes are frequently addressed by CMMI, moderately addressed by ITIL and none at all by PMBOK DS Processes are frequently addressed by ITIL and rarely addressed or none at all by OPM3 and CMMI ME Processes are moderately addressed by CMMI and rarely addressed or none at all by ITIL and PMBOK. Keep in mind a domain ranking for the three compared frameworks is a summary of rankings for each process in the domainStep 2: Assess and Identify Gaps: January 10, 2011 29 Step 2: Assess and Identify Gaps What is the impact of gaps in CMMI coverage in Customer’s environment? Will OPM3 bridge these gaps? Can the gap closure requirement be clearly stated in a specific recommendation? What benefit would be derived from closing the gap?Step 3: Recommend and Quantify Next Steps: January 10, 2011 30 Step 3: Recommend and Quantify Next Steps Are the benefits of the recommendations clearly quantified? Can they be delivered within a realistic timetable?Conclusions: January 10, 2011 31 Conclusions OPM3 and CMMI are not exclusive standards, and can be used together A practical, benefits-driven approach is required to assess the benefit of combining OPM3 with CMMI This must be considered within an overall framework (COBIT) if the two maturity models are not to be seen to compete To do this successfully, the following factors also need to be assessed The level of compliance the business is currently subject to The amount of software engineering and project based activity being undertaken The Project management skills and experience currently within the organisationMore Information: January 10, 2011 32 More Information Alan McSweeney alan@alanmcsweeney.com You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
PMI OPM3 and CMMI Assessment Overview alanmcsweeney Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 336 Category: Science & Tech.. License: Some Rights Reserved Like it (0) Dislike it (0) Added: January 10, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript PMI/OPM3 and CMMI Assessment: PMI/OPM3 and CMMI Assessment Alan McSweeneyObjectives: January 10, 2011 2 Objectives Provide customer with an understanding of the approach to using PMI project methodology to use to implement IT quality managementAgenda : January 10, 2011 3 Agenda PMI/OPM3 and CMMI in the context of COBIT Assessing PMI/OPM3 and CMMI Approach Indicative financial analysis Next stepsBackground: January 10, 2011 4 Background Maturity models allow organisations to identify and assess areas in need of process improvement IT Controls IT must implement internal controls around how it operates The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT CMMI and OPM3 are two such maturity models CMMI focuses on software engineering OPM3 focuses on project management across any project based activity The de-facto standard for IT governance is COBIT C ontrol Ob jectives for I nformation and related T echnologyIT Service Delivery Issues and Challenges: January 10, 2011 5 IT Service Delivery Issues and Challenges Keeping up with business needs User and IT dissatisfaction with products and services High costs of delivery Delivery cycles too long Technology infrastructure out-dated Projects late and over budget Meeting service levels Regulatory requirementsOPM3: January 10, 2011 6 OPM3 OPM3 O rganizational P roject M anagement M aturity M ode (OPMMM or OPM3) Part of PMI – project maturity standard for organisations OPM3 focuses on knowledge, assessment and improvement Knowledge - why organisational project management and maturity are important and how to recognise enterprise competency Assessment - the procedure an organisation uses to determine its maturity Improvement - provides information on how an organisation can increase its organisational project management maturityPMI – Project Management Areas: January 10, 2011 7 PMI – Project Management Areas Project Integration Management Project Scope Management Project Time Management Project Cost Management Project Quality Management Project Human Resource Management Project Communications Management Project Risk Management Project Procurement ManagementMany Quality Management Frameworks: January 10, 2011 8 Many Quality Management Frameworks Baldridge QAI/QM COSO COBIT COQ SIX SIGMA ISO ITIL CMMI V-ModelSEI Capability Maturity Model Integrated (CMMI): January 10, 2011 9 SEI Capability Maturity Model Integrated (CMMI) Initial Repeatable Defined Managed Optimising Ad Hoc Disciplined Processes (Project) Standard Disciplined Processes (Organisation) Predictable Processes Continuous ImprovementComparison of Standards: January 10, 2011 10 Comparison of StandardsWhat is COBIT?: January 10, 2011 11 What is COBIT? The de-facto industry framework for the management of Information Technology standards and processes All other frameworks and standards are a sub set of the COBIT framework COBIT comprises 4 Domains 34 Processes 318 Control ObjectivesCOBIT: January 10, 2011 12 COBIT COBIT aims to be different from other quality and governance approaches in two ways It is an IT governance framework and supporting set of tools that IT can use to bridge the gap between control requirements, technical issues and business risks It provides a detailed implementation structure and toolset that translates the framework theory into a practical and achievable deliverablesCOBIT and Other Standards: January 10, 2011 13 COBIT and Other Standards COBIT provides a framework and an associated toolset that allow IT implement controls and address technical issues and business risks and communicate that level of control to IT business stakeholders By providing a toolset COBIT enables the development of policy and practice for IT control throughout the enterprise. COBIT is integrated with other standards and thus can become an umbrella framework for IT governance It assists in understanding and managing the risks and benefits associated with IT The process structure of COBIT and its business-oriented approach provides an end-to-end view of ITCOBIT Domain and Process Structure: January 10, 2011 14 COBIT Domain and Process StructureCOBIT Structure: January 10, 2011 15 COBIT StructureMaturity Models and COBIT: January 10, 2011 16 Maturity Models and COBIT Typically when an organisation undertakes a maturity assessment, it achieves a single (scored) rating that summarizes appraisal results and makes comparisons among the projects and processes via a staged representation format Each stage indicates the level of maturity in a graded scale of process improvement The model starts with basic management practices and progresses through a path of successive levels. No stages can be skipped To fully map and understand a maturity model, you must place the model in an IT governance context hence the COBIT frameworkCOBIT Process Domains and The Delivery of Information to Meet Objectives: January 10, 2011 17 COBIT Process Domains and The Delivery of Information to Meet Objectives `` Monitor and Evaluate Plan and Organise Deliver and Support Acquire and Implement Information Governance Objectives Business ObjectivesCOBIT Domains and Processes: January 10, 2011 18 COBIT Domains and ProcessesCOBIT Information Measurement Criteria: January 10, 2011 19 COBIT Information Measurement Criteria COBIT defines seven measurement criteria: Effectiveness - Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner Efficiency - Concerned with the provision of the information through the optimal use of resources Confidentiality - Concerned with the protection of sensitive information from unauthorised disclosure Integrity - Relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations Availability - Relates to the information being available when required by the business process now and in the future Compliance - Deals with complying with laws, regulations and contractual arrangements Reliability - Relates to the provision of appropriate information for the workforce of the organisationCOBIT Process Goals and Metrics: January 10, 2011 20 COBIT Process Goals and Metrics Goal Activity Goals Process Goals IT Goals Metric Key Performance Indicators Process Key Goal Indicators IT Key Goal IndicatorsSample Goals and Metrics for the COBIT Process PO1 Define a Strategic IT Plan: January 10, 2011 21 Sample G oals and Metrics for the COBIT Process PO1 Define a Strategic IT PlanCOBIT Generic Process Controls: January 10, 2011 22 COBIT Generic Process Controls In addition to the process-specific control objectives, COBIT includes a set of generic process controls that are applied to all processes PC1 Process Owner - Assign an owner for each COBIT process such that responsibility is clear PC2 Repeatability - Define each COBIT process such that it is repeatable PC3 Goals and Objectives - Establish clear goals and objectives for each COBIT process for effective execution PC4 Roles and Responsibilities - Define unambiguous roles, activities and responsibilities for each COBIT process for efficient execution PC5 Process Performance - Measure the performance of each COBIT process against its goals PC6 Policy, Plans and Procedures - Document, review, keep up to date, sign off on and communicate to all involved parties any policy, plan or procedure that drives a COBIT processCOBIT Generic Application Controls: January 10, 2011 23 COBIT Generic Application Controls As with the generic process controls, COBIT includes a set of generic application controls that are applied to all processes Data Origination/Authorisation Controls AC1 Data Preparation Procedures AC2 Source Document Authorisation Procedures AC3 Source Document Data Collection AC4 Source Document Error Handling AC5 Source Document Retention Data Input Controls AC6 Data Input Authorisation Procedures AC7 Accuracy, Completeness and Authorisation Checks AC8 Data Input Error Handling Data Processing Controls AC9 Data Processing Integrity AC10 Data Processing Validation and Editing AC11 Data Processing Error Handling Data Output Controls AC12 Output Handling and Retention AC13 Output Distribution AC14 Output Balancing and Reconciliation AC15 Output Review and Error Handling AC16 Security Provision for Output Reports Boundary Controls AC17 Authenticity and Integrity AC18 Protection of Sensitive Information During Transmission and TransportCurrent Situation: January 10, 2011 24 Current Situation As CMMI came first (published in 1991), many organisations have implemented CMMI and have developed processes and standards to support this framework With the later arrival of OPM3 , many organisations are trying to establish where it fits, and whether and how a software engineering maturity model works in conjunction with a project management maturity modelBenefits of Implementing IT Control Framework: January 10, 2011 25 Benefits of Implementing IT Control Framework Better IT to business alignment built on a business focus Management view of what IT does Clear ownership and responsibilities, based on process orientation General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language Fulfillment of the governance requirements for the IT control environmentApproach: January 10, 2011 26 Approach Analyse Assess and Identify Gaps Recommend and Quantify Next Steps Step 1 Step 2 Step 3Step 1: Analyse: January 10, 2011 27 Step 1: Analyse Establish scope of assessment within Customer using COBIT framework and domains Identify overlaps, differences and gaps between the two frameworks using COBIT’s domains within this scopeExample Comparison of CMMI and OMP3: January 10, 2011 28 Example Comparison of CMMI and OMP3 Domain Assessment PO Processes are moderately addressed by both ITIL and PMBOK and rarely addressed or none at all by CMMI AI Processes are frequently addressed by CMMI, moderately addressed by ITIL and none at all by PMBOK DS Processes are frequently addressed by ITIL and rarely addressed or none at all by OPM3 and CMMI ME Processes are moderately addressed by CMMI and rarely addressed or none at all by ITIL and PMBOK. Keep in mind a domain ranking for the three compared frameworks is a summary of rankings for each process in the domainStep 2: Assess and Identify Gaps: January 10, 2011 29 Step 2: Assess and Identify Gaps What is the impact of gaps in CMMI coverage in Customer’s environment? Will OPM3 bridge these gaps? Can the gap closure requirement be clearly stated in a specific recommendation? What benefit would be derived from closing the gap?Step 3: Recommend and Quantify Next Steps: January 10, 2011 30 Step 3: Recommend and Quantify Next Steps Are the benefits of the recommendations clearly quantified? Can they be delivered within a realistic timetable?Conclusions: January 10, 2011 31 Conclusions OPM3 and CMMI are not exclusive standards, and can be used together A practical, benefits-driven approach is required to assess the benefit of combining OPM3 with CMMI This must be considered within an overall framework (COBIT) if the two maturity models are not to be seen to compete To do this successfully, the following factors also need to be assessed The level of compliance the business is currently subject to The amount of software engineering and project based activity being undertaken The Project management skills and experience currently within the organisationMore Information: January 10, 2011 32 More Information Alan McSweeney alan@alanmcsweeney.com