ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

Size: px
Start display at page:

Download "ISO, CMMI and PMBOK Risk Management: a Comparative Analysis"

Transcription

1 ISO, CMMI and PMBOK Risk Management: a Comparative Analysis Cristine Martins Gomes de Gusmão Federal University of Pernambuco / Informatics Center Hermano Perrelli de Moura Federal University of Pernambuco / Informatics Center Abstract All sectors of society are worried about quality, either of product or service quality. In the software industry is not different, the need to manage risk, has a strong relation with quality and increases with system complexity. Unanticipated problems frequently cause major problems to projects, such as cost overruns, schedule delays, quality problems, and missing functionality. Making informed decisions by consciously assessing what can go wrong, as well as the likelihood and severity of the impact, is at the heart of risk management. This paper presents a comparative analysis of quality approaches to risk management. It has the purpose to provide a general overview of all the risks aspects treated in ISO standards, CMMI model version 1.1 and PMBOK. Keywords Risk management, risk assessment, risk control, ISO, Capability Maturity Model Integrated, CMMI, project management body of knowledge, PMBOK. Introduction Risk management can be traced to the eighteenth century Era of Enlightenment, a time of searching for knowledge and exploring the unknown. Today risk management is a general procedure for resolving risks. In Hall (1998), risk management is said to resolve a risk if, when it is applied to any instance, the possible consequences are all acceptable. Software development is often plagued with unanticipated problems that cause projects to miss deadlines, exceed budgets, or deliver less than satisfactory products. While these

2 problems cannot be eliminated totally, some of them can be controlled well by taking appropriate preventive action. As Pressman (1995) said, risk management deals with these problems before they occur. Organizations may be able to avoid a large number of problems if they use systematic risk management procedures and techniques early in projects. Risk Management is generally one of the main topics of interest for researchers and practitioner s working in the area of project management. Several risk management approaches have been proposed and used by SEI (1990), Charette (1990), Fairley (1994) since Boehm (1991), but it still has a long way to go. While some organizations defined their own risk management approaches others do not manage their risks explicitly and systematically. Risk management based on intuition and individual efforts alone is rarely effective and consistent. Risk Management From an overall business perspective, the success of many organizations is becoming increasingly dependent on the success or failure of the software they build. In this environment, managing risk is not only a sound development practice, but also a vital business practice (Hall, 1998). Risk Management is generally one of the main topics of interest for researchers and practitioner s working in the area of project management: SEI Software Engineering Institute (1990) defines the risk management process through the Continuous Risk Management Model that includes five distinct phases: Risk Identification, Risk Analysis, Risk Track, Risk Control and Risk Monitor connecting by an ongoing risk communication effort. Charette (1990) defined the Risk Software Engineering including two phases: Risk Evaluation (Risk Identification, Risk Estimative and Risk Evaluation) and Risk Management (Risk Planning, Risk Control and Risk Monitoring). Boehm (1991) presents a process with two main phases: Risk Assessment (Risk Identification, Risk Analysis and Risk Prioritization), and Controlling Risk (Risk Management Planning, Risk Resolution and Risk Monitoring). Fairley (1994) presents the project risk management with seven steps: (1) Identify risk factors; (2) Assess risk probabilities and effects; (3) Develop strategies to mitigate identified risks; (4) Monitor risk factors; (5) Invoke a contingency plan; (6) Manage the crisis; (7) Recover from the crisis. Kleim and Ludin (1997) proposed a four-phase process: Identification, Analysis, Control and Reporting based on PDCA Plan Do Act Check for software quality. Chapman and Ward (1997) describe a generic risk management process consisting of nine steps: (1) Define the key aspects of the project; (2) Focus on a strategic approach to risk management; (3) Identify where risks might arise; (4) Structure the information about risk assumptions and relationships; (5) Assign ownership of risks and responses; (6) Estimate the extent of uncertainty; (7) Evaluate the relative magnitude of the various risks; (8) Plan responses; and (9) Manage by monitoring and controlling execution. The PMI Project Management Institute (2000) presents six phases for risk management: Risk Management Planning, Risk Identification, Qualitative Analysis Risk, Quantitative Risk Analysis, Risk response Planning and Risk Monitoring and Control (PMI, 2000).

3 The CMMI (2001) Capability Maturity Model Integration defines risk management process with three phases: Risk Assessment, Risk Control and Risk Reporting. These representative backgrounds for risk management processes present a general agreement regarding what is included in the process with the differences depending on variation in the level of detail and on the assignment of activities to steps and phases. When risk management methods are used, they are often simplistic and users have little trust in the results of their risk analysis results. Given the increasing interest in risk management in the software industry, for applying risk management more widely, is necessary to provide comprehensive support for risk management, guidelines for application, support communications between the stakeholders and be credible. Risks The common definition of risks, either by dictionaries or usages of the term risk, associates several different meanings. It can refer to a possibility of loss, injury, or destruction. Knight (1921) in his dissertation said that risk is an exposure to uncertain events with well-known probabilities, while uncertainty is the exposure to events with unknown or less well-determined probabilities. The math definitions for risk is a random variable, describing the financial exposure of an economic entity to uncertain events and dictionary definitions for risk are so broad that it is far to define risk as anything that is related to the possibility of loss. Clearly, there is some value in having such an extended and encompassing concept to facilitate initial discussion about risk. However, there is this wide range of meanings associated to the word risk can also prevent adequate precision in more detailed analysis or risks unless this ambiguity is explicitly addressed and removed, as Humphrey (1990) said. Risk Management Process Definition The application of concepts and principles of risk management in software development has required adaptation. This section presents the analysis of the different perspectives of the activities that compose the risk management process in the standards and models. The standards and models treated in this paper are: SEI Software Engineering Institute (Higuerag, 1994), PMBOK Project Management Body of Knowledge (PMI, 2000), CMMI Capability Maturity Model Integrated (2001), ISO/IEC (2002), ISO/IEC (1999) and ISO/IEC (1991). SEI Risk Management The Software Engineering Institute, a leading source of methodologies for managing software projects, develops a Continuous Risk Management (CRM) paradigm that consists of five distinct phases (identification, analysis, response planning, tracking, and control) linked by an ongoing risk communications efforts (Higuerag, 1994). The CRM icon is illustrated in Figure 1.

4 Control Track Identify Communicate Plan Analyze Figure 1. Continuous Risk Management paradigm. The risk identification involves determining what risks might affect the project development though brainstorming and interviewing among developers, subject matters experts, customers, stakeholders, and outside experts. It is commonly accepted that risk categories helps to systematically organize and identify possible risks. Then, the risk list must be analyzed in such a way to determine the probability of it occurrence. One of the tasks of the planning is to establish a set of risk-control functions to bring the risks items under control (e.g. software metrics). Finally, the last cited activity: communication. Provide information and feedback internal and external to the project on the risk activities, current risks, and emerging risks. Each risk nominally goes through these functions sequentially, but the activity occurs continuously, concurrently (e.g., risks are tracked in parallel while new risks are identified and analyzed), and iteratively (e.g., the mitigation plan for one risk may yield another risk) throughout the project life cycle (Higuerag, 1994). ISO/IEC Risk Management ISO/IEC (1991) is an application guide of ISO 9001 for the development, supply and maintenance of software. ISO 9001 is part of the series of norms ISO These norms specify the minimum requirements, so that the companies can assure the quality of its products and services. In June of 1993 Norm ISO/IEC with lines of direction for application of ISO 9001 to the development was created, supply and maintenance of software. For each item of ISO 9001 a correspondent in ISO/IEC exists that details it and adjusts to software. The lines of direction proposals in ISO cover questions as the common agreement between the parts (contracting and contracted) of functional requirements and the use of consistent methodologies for the software development and project management as a whole, of the conception until the maintenance. All the orientations of ISO/IEC address to the contractual situation, where one another Company contracts the Company in question to develop a Product of Software. ISO/IEC does not possess a specific process for risk management, but it presents the activity of controlling risks in acquisition management.

5 ISO/IEC and ISO/IEC Risk Management The ISO/IEC (2002) is the first international norm that describes in details the processes, activities and tasks that involve the supply, development, operation and maintenance of software products. The main purpose of this norm is to serve of reference for the too much standards that come to appear. Launched in August of 1995, it is cited in almost all the works related to the Software Engineering since then, also to those relative ones to the quality. The standard is voluntary; that is, it does not in itself impose any obligation upon anyone to follow it. Yet, it may be imposed by an organization through internal policy directive or by individual parties through contractual agreements. ISO/IEC is being modified to be in accordance with ISO/IEC (1999) (SPICE - Software Process Improvement and Capability determination) Part 5: An Assessment Model and Guidance Pointer. As a result of this alteration, ISO/IEC will go to substitute the dimension of processes of ISO/IEC Part 5, or either, the existing processes currently in ISO will be enclosed in ISO/IEC through its annex ISO/IEC PDAM Amendment the ISO/IEC (2002). Project SPICE objectified the creation of norms for the evaluation of processes and the continuous improvement of these processes, being based on the best characteristics of evaluation models as CMM - Capability Maturity Model (ISO/IEC 15504, 1999). The improvement of processes is carried through evaluations, that they describe practical usual of the organization, an organizational unit or a project. The analysis of the results is made in relation to the necessities of the business of the organization, having raised negative and positive aspects, as also the involved risks in the process. The best practices for managing risk, in accordance with ISO/IEC (1999), are the following ones: Establishing the target of risk management: to determine the target of risk management that will be used by the project, in accordance with the politics of organizational risk management. Risk Identification: identifying risks in the beginning and during projects execution. Analyze and prioritize risks: to evaluate the probability of occurrence, the impact, the time of occurrence, the cause and the relations between the risks, determining the priorities. Defining the strategy for risk management: to define a strategy appropriate to managing risk or a set of risks, in a project level and organizational level. Defining metrics for risks: for each risk or set of risks, to define the metric ones for gauging of the change in the situation of the risk and the progress of the activities of reduction. Implementing strategy of risk management: to execute the strategy defined for managing risk. Evaluating the results of the strategy of risk management: in daily paydefinitive points of control, to apply metric the definite ones to evaluate the waited progress and the level of success of the strategy of risk management.

6 Executing the corrective actions: when the progress waited in the reduction of the risk is not reached, to execute corrective actions to correct or to prevent the impact of risks. CMMI Risk Management SEI - Software Engineering Institute, under the coordination of Humphrey (1987), generated the first version of model CMM - Capability Maturity Model. In 1991, SEI evolved the structure of maturity of process for the SW-CMM - Capability Maturity Model for Software. As result of the evolution of model SW-CMM, in 2000 was launched model CMMI - Capability Maturity Model Integrated, which adds, beyond the representation for periods of training (SW-CMM), the continuous representation. In the continuous representation six levels of capacity exist, assigned for the numbers of 0 the 5 that they correspond: level 0 - Incomplete, level 1 - Executed, level 2 - Managed, level 3 - Defined, level 4 - Managed Quantitatively and level 5 Optimized. The components of model CMMI can be grouped in three categories: SG - Specific Goals and GG - Generic Goals component is required and considered essential so that the organization reaches the improvement of the process; SP - Specific Practices and GP - Generic Practices component is waited and can help to reach the specific and generic objectives; Sub-practical, extension of disciplines, elaboration of generic practices, headings of practices and objectives helps to understand the model. Risk management process in CMMI (2001) included three phases, as shown in Figure 2: Risk Assessment Identification Risk Management Risk Control Planning Risk Reporting Figure 2. CMMI Risk Management Process. Risk Assessment: Identification - Listing the risks; Analysis - Determining the probabilities and impacts and Prioritization - Ranking the risks for action. Risk Control: Planning - Determining how and when to take action; Resolution - Taking risk mitigation action and Monitoring - Measuring the outcome. PMBOK Risk Management The PMI - Project Management Institute is an association of professionals of projects management that exists since This association created in 1986 the first version of the PMBOK - Project Management Body of Knowledge. The PMBOK is a

7 guide who inside describes the set of knowledge and best the practical ones of the profession of projects management. It is a generic material that serves for all the knowledge areas (PMI, 2000). The PMBOK (PMI, 2000) organizes the processes of management in five groups, as presented in Figure 3: initiating processes, planning processes, executing processes, controlling processes and closing processes. The PMBOK processes are organized by knowledge areas that if they inside relate to an aspect to be considered of the projects management. Inside of these areas of knowledge the five groups of the above-described processes can occur (PMI, 2000). Figure 3. Processes group in a Phase. In the 2000 edition, PMBOK (PMI, 2000) presents six processes in risk management, as follow: Risk Management Planning: deciding how to approach and plan the project s risk management activities. Risk Identification: determining the risks that might affect the project and documenting their characteristics. Qualitative Risk Analysis: analyzing conditions and risks qualitatively to determine and prioritize their impact on project objectives. Quantitative Risk Analysis: determining the probability and consequences of risks and estimating their impact on objectives. Risk Response Planning: determining how to enhance opportunities and minimize threats to objectives. Risk Monitoring and Control: executing risk response plans, monitoring risks, identifying new risks and evaluating the effectiveness of responses. The PMBOK stresses that attention to risk management will contribute to project success and to be successful, organizations must address risk management throughout the life of the project. This requires gathering data on project risks and their characteristics. Comparative Analysis After the introduction of several approaches of risk management, this section presents the results of a comparative study, based in a comparative analysis among the activities of SEI Continuous Risk Management and the ISO standards, CMMI and PMBOK, as illustrated in table 1.

8 Continuous Risk Management Paradigm was chosen for being a reference, always constant in the literature of Software Engineering, a model boarded since 1990 and used by great governmental institutions. The definitions of the processes are differentiated in relation to the nomenclature used for the description of the activities, to the subdivision of these activities in tasks and the definition of the target of determined activities. Differently of the approach presented for CMMI model (2001) and PMBOK (PMI, 2000), the model of SEI Risk Management, does not present a specific concern in defining a Risk Management Planning. ISO/IEC (2002) and ISO/IEC (1999) standards also define this activity, but they do not determine the method to be used for execution process. ISO/IEC (1991) standard only presents the necessity of definition of a planning of the development of the project to transform the specification of the requirements of the purchaser into a software product. Of this form, it is implicit the necessity of survey of the resources for risk management. Risk Identification produces lists of the project-specific risk items likely to compromise a project s success. It has the same objective in all the studied approaches. Perhaps the most important aspect of this activity is the requirements of formal documentation. The documentation has the purpose to facilitate the reuse of information of previous projects in new projects. It is important to remember that risk identification is an activity that must be carried throughout project execution. After the risks identification the next activity is the analysis of the same ones, which it has as objective the prioritized and cataloging. Risks Analysis assesses the loss probability and the loss magnitude for each identified risk item, and it assesses compound risks in risk-item interactions. It only appears as the same activity in all the approaches with exception of the PMBOK, where this technique can be divided into two major categories: qualitative and quantitative analysis. It is important to point out that all the approach define the necessity to measure the risks, but do not make reference to qualitative or quantitative analysis. After the analysis of the aspects of the identified risks, one lists classified for the importance of the risks can be elaborated to optimize the performance efforts. Risk prioritization produces a ranked ordering of the risk items identified and analyzed.

9 Table 1. Risk Management approaches: comparative analysis. Response Planning helps to prepare mitigation and contingency plans. This activity appears in all studied approaches. The CMMI (2001) establishes as development of reply to risk its reduction. One of the most important aspects of planning risk management is to become the possible use of resources most efficient to maximize the potential of performance of the project. The risk most important must has its action planned initially while the too much risks must have the cost of comparative mitigation to its impact, for the evaluation of the benefits of the effort to be unfastened. After the definition of mitigation and contingency plans, becomes necessary to monitoring risks. Risk monitoring involves tracking the project s progress toward resolving its risk items and taking corrective action when appropriate. This activity is the most different in all studied approaches. The PMBOK (PMI, 2000) approach says that corrective actions are necessary to controlling risk. The others like ISO standards are based in a PDCA Plan- Do-Check-Act cycle, than means a worried quality assurance. Through this comparative study we can observe that, the main involved stages in the risk management in projects, can be summarized as follows: Risks evaluation: the activity to evaluate contemplates the activities of risks identification that is no more then the classification as Boehm (1991) and Charette (1990), the risks analysis that evaluate the probability of occurrence and the impact of the risk and the prioritized that has the purpose to generate an ordinance of the risks, in accordance with the carried through analysis previously. Risk Control: controlling risks is formed by planning, or either, definition of strategies to control the identified risks, for the resolution of the risks that has the objective to simulate situations where the risks are decided and by the monitoring risks that involves the accompaniment of the progress of the project and when the exactly necessary taking of corrective actions, like PMBOK (PMI, 2000) and CMMI (2001).

10 Conclusion Risk management adds to project management a structural approach for risk identification and risk analysis to initiate the response planning. The risk planning creates the perspective of getting alternatives and contingencies to risk mitigation, while the functions of monitoring and controlling risk management combine with the function of control of project management. This paper presents an overview of risk management approaches since Discusses risk management processes in standards and models of quality, based in a comparative analysis of their activities. We analyzed the granularity and coverage of five processes as shown in table 1. From this comparative study it is clear that there is not a process standard to risk management, what exist are best practices consolidated in the project management: risk identification, analysis, prioritizing and controlling. In none of the approaches, treated here, exists the indication of processes and methods that can be used. The choice is of the organization, which in the reality adjusts its existing processes already to the activities of risk management and this can be a serious problem. Each organization has particularities and is essential to treat the organization as one to define the better risk management process. Finally, the definition of a plan to managing risk in an adequate manner is not an easy task, but it is essential for the improvement of the process of software development and therefore the guarantee of the quality. References Hall, E. M. (1998). Managing Risk. 2 nd Ed. USA: Addison Wesley. Pressman, R. S. (1995). Software Engineering: A practitioner s approach. 4 th Ed. McGraw- Hill. Charette, R. (1990). Application strategies for risk analysis. New York: MultiScience Press Boehm, B. W. (1991). Software Risk Management: principles and practices, IEEE Software, Volume 8. No1. Fairley, R. (1994). Risk Management For Software s Projects. IEEE Software. Kleim, R.L. and Ludin, S. (1997). Reducing Project Risk. Gower. Chapman, C. and Ward, S. (1997). Project Risk Management: Processes, Techniques and Insights. John Wiley & Sons. ISO (1991). Guidelines for the application of ISO 9001 to the development, supply and maintenance of software. International Standard Organization. ISO/IEC (1999). ISO Part 5: An Assessment Model and Indicator Guidance. ISO/IEC JTC1 SC7. International Standard Organization.

11 ISO/IEC (2002). ISO/IEC Information Technology. Amendment to ISO/IEC ISO/IEC JTC1 SC7. International Standard Organization. Humphrey, W. (1987). Characterizing the software process: a maturity framework, Technical Report. Software Engineering Institute SEI, Carnegie Mellon University, USA. Available on the World Wide Web: PMI - Project Management Institute. (2000). A Guide to the Project Management Body of Knowledge. Available on the World Wide Web: Knight, F.H. (1921). Risk, uncertainty and profit. Houghton Mifflin, Boston. Humphrey, W.S. (1990) Managing the Software Process. Addison Wesley. CMMI - Capability Maturity Model Integration (2001), version 1.1 Pittsburgh, PA. Software Engineering Institute, Carnegie Mellon University. USA. Higuerag, P.R. (1994). An Introduction to Team Risk Management, Technical Report. Software Engineering Institute, Carnegie Mellon University, USA. Available on the World Wide Web:

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504 Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504 Dipak Surie, Email : ens03dse@cs.umu.se Computing Science Department Umea University, Umea, Sweden Abstract. During software development,

More information

Risk Knowledge Capture in the Riskit Method

Risk Knowledge Capture in the Riskit Method Risk Knowledge Capture in the Riskit Method Jyrki Kontio and Victor R. Basili jyrki.kontio@ntc.nokia.com / basili@cs.umd.edu University of Maryland Department of Computer Science A.V.Williams Building

More information

Project Risk Management

Project Risk Management Project Risk Management Study Notes PMI, PMP, CAPM, PMBOK, PM Network and the PMI Registered Education Provider logo are registered marks of the Project Management Institute, Inc. Points to Note Risk Management

More information

SW Process Improvement and CMMI. Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor

SW Process Improvement and CMMI. Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor SW Process Improvement and CMMI Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor Topics of Presentation Why improvement? What is CMMI? Process Areas and Practices in CMMI

More information

Capability Maturity Model Integration (CMMI SM ) Fundamentals

Capability Maturity Model Integration (CMMI SM ) Fundamentals Capability Maturity Model Integration (CMMI SM ) Fundamentals Capability Maturity Model Integration and CMMI are are service marks of Carnegie Mellon University 2008, GRafP Technologies inc. 1 What is

More information

A Report on The Capability Maturity Model

A Report on The Capability Maturity Model A Report on The Capability Maturity Model Hakan Bayraksan hxb07u 29 November 2009 G53QAT Table of Contents Introduction...2 The evolution of CMMI...3 CMM... 3 CMMI... 3 The definition of CMMI... 4 Level

More information

Software Quality. Process Quality " Martin Glinz. Chapter 5. Department of Informatics!

Software Quality. Process Quality  Martin Glinz. Chapter 5. Department of Informatics! Department of Informatics! Martin Glinz Software Quality Chapter 5 Process Quality " 2014 Martin Glinz. All rights reserved. Making digital or hard copies of all or part of this work for educational, non-commercial

More information

Developing CMMI in IT Projects with Considering other Development Models

Developing CMMI in IT Projects with Considering other Development Models Developing CMMI in IT Projects with Considering other Development Models Anahita Ahmadi* MSc in Socio Economic Systems Engineering Organizational Process Development Engineer, International Systems Engineering

More information

SOFTWARE QUALITY MANAGEMENT THROUGH IMPLEMENTATION OF SOFTWARE STANDARDS

SOFTWARE QUALITY MANAGEMENT THROUGH IMPLEMENTATION OF SOFTWARE STANDARDS 4 th Int. Conf. CiiT, Molika, Dec.11-14, 2003 61 SOFTWARE QUALITY MANAGEMENT THROUGH IMPLEMENTATION OF SOFTWARE STANDARDS S. Grceva, Z. Zdravev Faculty for Education Goce Delcev, University of Sts. Cyril

More information

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS MEHARI 2007 Overview Methods Commission Mehari is a trademark registered by the Clusif CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS 30, rue Pierre Semard, 75009 PARIS Tél.: +33 153 25 08 80 - Fax: +33

More information

Measurement Information Model

Measurement Information Model mcgarry02.qxd 9/7/01 1:27 PM Page 13 2 Information Model This chapter describes one of the fundamental measurement concepts of Practical Software, the Information Model. The Information Model provides

More information

Defining Indicators for Risk Assessment in Software Development Projects

Defining Indicators for Risk Assessment in Software Development Projects Defining Indicators for Risk Assessment in Software Development Projects Júlio Menezes Jr. Centro de Informática, Universidade Federal de Pernambuco, Recife, Brazil, 50740-560 jvmj@cin.ufpe.br Cristine

More information

An Approach to Proactive Risk Classification

An Approach to Proactive Risk Classification An Approach to Proactive Risk Classification M.S. Rojabanu 1, Dr. K. Alagarsamy 2 1 Research Scholar, Madurai Kamaraj Universtiy, Madurai,India. 2 Associate Professor, Computer Centre, Madurai Kamaraj

More information

Application of software product quality international standards through software development life cycle

Application of software product quality international standards through software development life cycle Central Page 284 of 296 Application of software product quality international standards through software development life cycle Mladen Hosni, Valentina Kirinić Faculty of Organization and Informatics University

More information

Software Risk Management: a Process Model and a Tool

Software Risk Management: a Process Model and a Tool Software Risk Management: a Process Model and a Tool Tereza G. Kirner 1, Lourdes E. Gonçalves 1 1 Graduate Program in Computer Science Methodist University of Piracicaba SP, Brasil tgkirner@unimep.br;

More information

CPM -100: Principles of Project Management

CPM -100: Principles of Project Management CPM -100: Principles of Project Management Lesson E: Risk and Procurement Management Presented by Sam Lane samlane@aol.com Ph: 703-883-7149 Presented at the IPM 2002 Fall Conference Prepared by the Washington,

More information

Leveraging CMMI framework for Engineering Services

Leveraging CMMI framework for Engineering Services Leveraging CMMI framework for Engineering Services Regu Ayyaswamy, Mala Murugappan Tata Consultancy Services Ltd. Introduction In response to Global market demand, several OEMs adopt Global Engineering

More information

Software Quality Assurance: VI Standards

Software Quality Assurance: VI Standards Software Quality Assurance: VI Standards Room E 3.165 Tel. 60-3321 Email: hg@upb.de Outline I Introduction II Software Life Cycle III Quality Control IV Infrastructure V Management VI Standards VII Conclusion

More information

Software Process Improvement Framework for Software Outsourcing Based On CMMI Master of Science Thesis in Software Engineering and Management

Software Process Improvement Framework for Software Outsourcing Based On CMMI Master of Science Thesis in Software Engineering and Management Software Process Improvement Framework for Software Outsourcing Based On CMMI Master of Science Thesis in Software Engineering and Management ZAHOOR UL ISLAM XIANZHONG ZHOU University of Gothenburg Chalmers

More information

Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation

Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation Anju Saxena John Maher IT Process and Service Management Global Consulting Practice ITIL is a Registered Trade Mark,

More information

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva SMEF 10-11 June, 2010 Software Quality Standards and Approaches from Ontological Point of View Konstantina Georgieva Otto-von-Guericke University Magdeburg Department of Computer Science, Software Engineering

More information

Jason Bennett Thatcher Clemson University, 101 Sirrine Hall, Clemson, SC 29634 U.S.A. {jthatch@clemson.edu}

Jason Bennett Thatcher Clemson University, 101 Sirrine Hall, Clemson, SC 29634 U.S.A. {jthatch@clemson.edu} RESEARCH ARTICLE IS EMPLOYEE ATTITUDES AND PERCEPTIONS AT VARYING LEVELS OF SOFTWARE PROCESS MATURITY Janet K. Ply Pendére, Inc., 1805 S. 9 th Street, Waco, TX 76706 U.S.A. {janet.ply@pendere.com} Jo Ellen

More information

A Risk Based Thinking Model for ISO 9001:2015

A Risk Based Thinking Model for ISO 9001:2015 A Risk Based Thinking Model for ISO 9001:2015 Bob Deysher Senior Consultant 2014 QSG, Inc. Agenda Why implement Risk Based Thinking? What does ISO 9001:2015 require? What is Risk Based Thinking? What is

More information

Engineering Standards in Support of

Engineering Standards in Support of The Application of IEEE Software and System Engineering Standards in Support of Software Process Improvement Susan K. (Kathy) Land Northrop Grumman IT Huntsville, AL susan.land@ngc.com In Other Words Using

More information

Nydia González 1, Franck Marle 1 and Jean-Claude Bocquet 1. Ecole Centrale Paris, FRANCE

Nydia González 1, Franck Marle 1 and Jean-Claude Bocquet 1. Ecole Centrale Paris, FRANCE INTERNATIONAL CONFERENCE ON ENGINEERING DESIGN, ICED 07 28-31 AUGUST 2007, CITE DES SCIENCES ET DE L'INDUSTRIE, PARIS, FRANCE Nydia González 1, Franck Marle 1 and Jean-Claude Bocquet 1 1 Ecole Centrale

More information

Towards a new approach of continuous process improvement based on CMMI and PMBOK

Towards a new approach of continuous process improvement based on CMMI and PMBOK www.ijcsi.org 160 Towards a new approach of continuous process improvement based on CMMI and PMBOK Yassine Rdiouat 1, Naima Nakabi 2, Khadija Kahtani 3 and Alami Semma 4 1 Department of Mathematics and

More information

Partnering for Project Success: Project Manager and Business Analyst Collaboration

Partnering for Project Success: Project Manager and Business Analyst Collaboration Partnering for Project Success: Project Manager and Business Analyst Collaboration By Barbara Carkenord, CBAP, Chris Cartwright, PMP, Robin Grace, CBAP, Larry Goldsmith, PMP, Elizabeth Larson, PMP, CBAP,

More information

[project.headway] Integrating Project HEADWAY And CMMI

[project.headway] Integrating Project HEADWAY And CMMI [project.headway] I N T E G R A T I O N S E R I E S Integrating Project HEADWAY And CMMI P R O J E C T H E A D W A Y W H I T E P A P E R Integrating Project HEADWAY And CMMI Introduction This white paper

More information

A managerial framework for an Electronic Government Procurement Project: Complex software projects management fundamentals

A managerial framework for an Electronic Government Procurement Project: Complex software projects management fundamentals A managerial framework for an Electronic Government Procurement Project: Complex software projects management fundamentals Abstract R. Uzal (*) (**), G. Montejano (*), D. Riesco (*), J. Uzal (**) (*) Universidad

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Introduction and Overview

Introduction and Overview 1 Introduction and Overview INTRODUCTION Many companies, in their push to complete successful Level 2 Capability Maturity Model (CMM ) 1 or Capability Maturity Model Integration (CMMI ) 2 appraisals, have

More information

Managing Process Architecture and Requirements in a CMMI based SPI project 1

Managing Process Architecture and Requirements in a CMMI based SPI project 1 Managing Process Architecture and Requirements in a CMMI based SPI project 1 Author: Filippo Vitiello Abstract When developing or changing a process, and all its related assets, often the process engineers

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Christopher J. Alberts Audrey J. Dorofee August 2010 TECHNICAL REPORT CMU/SEI-2010-TR-017 ESC-TR-2010-017 Acquisition Support Program Unlimited distribution subject to the copyright.

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

Using Rational Software Solutions to Achieve CMMI Level 2

Using Rational Software Solutions to Achieve CMMI Level 2 Copyright Rational Software 2003 http://www.therationaledge.com/content/jan_03/f_cmmi_rr.jsp Using Rational Software Solutions to Achieve CMMI Level 2 by Rolf W. Reitzig Founder, Cognence, Inc. Over the

More information

Managing Software Quality

Managing Software Quality Managing Software Quality Main Issues Quality cannot be added as an afterthought Metrics for measuring quality are necessary Quality can mean different things Quality needs to be implemented both in the

More information

Role of Software Quality Assurance in Capability Maturity Model Integration

Role of Software Quality Assurance in Capability Maturity Model Integration Role of Software Quality Assurance in Capability Maturity Model Integration Rekha Chouhan 1 Dr.Rajeev Mathur 2 1 Research Scholar, Jodhpur National University, JODHPUR 2 Director, CS, Lachoo Memorial College

More information

Lecture Slides for Managing and Leading Software Projects. Chapter 1: Introduction

Lecture Slides for Managing and Leading Software Projects. Chapter 1: Introduction Lecture Slides for Managing and Leading Software Projects Chapter 1: Introduction developed by Richard E. (Dick) Fairley, Ph.D. to accompany the text Managing and Leading Software Projects published by

More information

Principled Performance & GRC

Principled Performance & GRC part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management

More information

Software Process Improvement CMM

Software Process Improvement CMM Software Process Improvement CMM Marcello Visconti Departamento de Informática Universidad Técnica Federico Santa María Valparaíso, Chile Software Engineering Institute Founded by the Department of Defense

More information

IEEE 1540 - Software Engineering Risk Management: Measurement-Based Life Cycle Risk Management PSM 2001 Aspen, Colorado

IEEE 1540 - Software Engineering Risk Management: Measurement-Based Life Cycle Risk Management PSM 2001 Aspen, Colorado Paul R. Croll Chair, IEEE SESC Computer Sciences Corporation pcroll@csc.com IEEE 1540 - Software Engineering Risk : Measurement-Based Life Cycle Risk PSM 2001 Aspen, Colorado Objectives Describe Risk in

More information

FUNBIO PROJECT RISK MANAGEMENT GUIDELINES

FUNBIO PROJECT RISK MANAGEMENT GUIDELINES FUNBIO PROJECT RISK MANAGEMENT GUIDELINES OP-09/2013 Responsible Unit: PMO Focal Point OBJECTIVE: This Operational Procedures presents the guidelines for the risk assessment and allocation process in projects.

More information

CMMI KEY PROCESS AREAS

CMMI KEY PROCESS AREAS CMMI KEY PROCESS AREAS http://www.tutorialspoint.com/cmmi/cmmi-process-areas.htm Copyright tutorialspoint.com A Process Area is a cluster of related practices in an area that, when implemented collectively,

More information

SECURE SOFTWARE DEVELOPMENT PROCESS FOR EMBEDDED SYSTEMS CONTROL

SECURE SOFTWARE DEVELOPMENT PROCESS FOR EMBEDDED SYSTEMS CONTROL SECURE SOFTWARE DEVELOPMENT PROCESS FOR EMBEDDED SYSTEMS CONTROL Sanjai Gupta 1, Md Faisal 2, Mohammed Hussain 3 1 Department of Computer Science & Engineering, CMJ University, Meghalaya, India 1 guptasanjay3@gmail.com

More information

The purpose of Capacity and Availability Management (CAM) is to plan and monitor the effective provision of resources to support service requirements.

The purpose of Capacity and Availability Management (CAM) is to plan and monitor the effective provision of resources to support service requirements. CAPACITY AND AVAILABILITY MANAGEMENT A Project Management Process Area at Maturity Level 3 Purpose The purpose of Capacity and Availability Management (CAM) is to plan and monitor the effective provision

More information

Reflective Summary Project Risk Management. Anthony Bowen. Northcentral University

Reflective Summary Project Risk Management. Anthony Bowen. Northcentral University Northcentral University Spring 2010 - BowenAPM7004-7 1 Reflective Summary Project Risk Management Anthony Bowen Northcentral University March 20, 2010 Northcentral University Spring 2010 - BowenAPM7004-7

More information

Software Configuration Management. Wingsze Seaman COMP250SA February 27, 2008

Software Configuration Management. Wingsze Seaman COMP250SA February 27, 2008 Software Configuration Management Wingsze Seaman COMP250SA February 27, 2008 Outline CM and SCM Definitions SCM History CMMI and SCM SCM Tools SCM/Dynamic Systems SCM/Software Architecture Resources 2

More information

Risk Analysis: a Key Success Factor for Complex System Development

Risk Analysis: a Key Success Factor for Complex System Development Risk Analysis: a Key Success Factor for Complex System Development MÁRCIO DE O. BARROS CLÁUDIA M. L. WERNER GUILHERME H. TRAVASSOS COPPE / UFRJ Computer Science Department Caixa Postal: 68511 - CEP 21945-970

More information

Software Maintenance Capability Maturity Model (SM-CMM): Process Performance Measurement

Software Maintenance Capability Maturity Model (SM-CMM): Process Performance Measurement Software Maintenance Capability Maturity Model 311 Software Maintenance Capability Maturity Model (SM-CMM): Process Performance Measurement Alain April 1, Alain Abran 2, Reiner R. Dumke 3 1 Bahrain telecommunications

More information

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering Distributed and Outsourced Software Engineering The CMMI Model Peter Kolb Software Engineering SEI Trademarks and Service Marks SM CMM Integration SCAMPI are service marks of Carnegie Mellon University

More information

Risk Management (3C05/D22) Unit 3: Risk Management. What is risk?

Risk Management (3C05/D22) Unit 3: Risk Management. What is risk? Risk Management (3C05/D22) Unit 3: Risk Management Objectives To explain the concept of risk & to develop its role within the software development process To introduce the use of risk management as a means

More information

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Engineering, Business and Enterprise

More information

CMMI for Development Quick Reference

CMMI for Development Quick Reference CAUSAL ANALYSIS AND RESOLUTION SUPPORT (ML5) The purpose of Causal Analysis and Resolution (CAR) is to identify causes of selected outcomes and take action to improve process performance. SG 1 Root causes

More information

The 10 Knowledge Areas & ITTOs

The 10 Knowledge Areas & ITTOs This document is part of a series that explain the newly released PMBOK 5th edition. These documents provide simple explanation and summary of the book. However they do not replace the necessity of reading

More information

Risk Management Framework for IT-Centric Micro and Small Companies

Risk Management Framework for IT-Centric Micro and Small Companies Risk Management Framework for IT-Centric Micro and Small Companies Jasmina Trajkovski 1, Ljupcho Antovski 2 1 Trajkovski & Partners Management Consulting Sveti Kliment Ohridski 24/2/1, 1000 Skopje, Macedonia

More information

Relationship to Software Engineering Standards

Relationship to Software Engineering Standards Chapter3 Relationship to Software Engineering Standards STANDARDS ORGANIZATIONS Standards organizations are bodies, organizations, and institutions that produce standards. These organizations develop standards

More information

Interpreting the Management Process in IEEE/EIA 12207 with the Help of PMBOK

Interpreting the Management Process in IEEE/EIA 12207 with the Help of PMBOK Interpreting the Management Process in IEEE/EIA 12207 with the Help of PMBOK Lewis Gray, Ph.D., PMP Abelia Fairfax, Virginia USA www.abelia.com Copyright 2002 by Abelia Corporation. All rights reserved

More information

Risk Identification in Project Management

Risk Identification in Project Management Available online at www.icesba.eu Procedia of Economics and Business Administration ISSN: 2392-8174, ISSN-L: 2392-8166 Risk Identification in Project Management Ungureanu Anca, Braicu Cezar, Ungureanu

More information

Negative Risk. Risk Can Be Positive. The Importance of Project Risk Management

Negative Risk. Risk Can Be Positive. The Importance of Project Risk Management The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests t of

More information

Appendix V Risk Management Plan Template

Appendix V Risk Management Plan Template Appendix V Risk Management Plan Template Version 2 March 7, 2005 This page is intentionally left blank. Version 2 March 7, 2005 Title Page Document Control Panel Table of Contents List of Acronyms Definitions

More information

Information technology Security techniques Information security management systems Overview and vocabulary

Information technology Security techniques Information security management systems Overview and vocabulary INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques

More information

Continuous Risk Management Guidebook

Continuous Risk Management Guidebook Carnegie Mellon Software Engineering Institute Continuous Guidebook Audrey J. Dorofee Julie A. Walker Christopher J. Alberts Ronald P. Higuera Richard L. Murphy Ray C. Williams The ideas and findings in

More information

DRAFT TABLE OF CONTENTS 1. Software Quality Assurance By Dr. Claude Y Laporte and Dr. Alain April

DRAFT TABLE OF CONTENTS 1. Software Quality Assurance By Dr. Claude Y Laporte and Dr. Alain April DRAFT TABLE OF CONTENTS 1 Software Quality Assurance By Dr. Claude Y Laporte and Dr. Alain April Foreword This book introduces the basic concepts of software quality assurance. The book illustrates how

More information

Software Process Maturity Model Study

Software Process Maturity Model Study IST-1999-55017 Software Process Maturity Model Study Deliverable A.3 Owner Michael Grottke Approvers Eric David Klaudia Dussa-Zieger Status Approved Date 02/07/01 Contents 1 Introduction 3 1.1 Project

More information

Motivations. spm - 2014 adolfo villafiorita - introduction to software project management

Motivations. spm - 2014 adolfo villafiorita - introduction to software project management Risk Management Motivations When we looked at project selection we just took into account financial data In the scope management document we emphasized the importance of making our goals achievable, i.e.

More information

Mahmoud Khraiwesh Faculty of Science and Information Technology Zarqa University Zarqa - Jordan mahmoud@zpu.edu.jo

Mahmoud Khraiwesh Faculty of Science and Information Technology Zarqa University Zarqa - Jordan mahmoud@zpu.edu.jo World of Computer Science and Information Technology Journal (WCSIT) ISSN: 2221-0741 Vol. 1, No. 2, 26-33, 2011 Validation Measures in CMMI Mahmoud Khraiwesh Faculty of Science and Information Technology

More information

Process Improvement -CMMI. Xin Feng

Process Improvement -CMMI. Xin Feng Process Improvement -CMMI Xin Feng Objectives History CMMI Why CMMI CMMI representations 4/11/2011 Software Engineering 2 Process Improvement Achieve both qualityand productivity ( 生 产 力 ) It is not necessary

More information

CMMI for Development, Version 1.3

CMMI for Development, Version 1.3 CMMI for Development, Version 1.3 CMMI-DEV, V1.3 CMMI Product Team Improving processes for developing better products and services November 2010 TECHNICAL REPORT CMU/SEI-2010-TR-033 ESC-TR-2010-033 Software

More information

THE SOFTWARE QUALITY ENGINEER SOLUTIONS TEXT

THE SOFTWARE QUALITY ENGINEER SOLUTIONS TEXT THE SOFTWARE QUALITY ENGINEER SOLUTIONS TEXT 2016 by Quality Council of Indiana - All rights reserved 5th Edition - January, 2016 2.1. The benefits of software quality include: a. Satisfied customers,

More information

An Introduction to the PRINCE2 project methodology by Ruth Court from FTC Kaplan

An Introduction to the PRINCE2 project methodology by Ruth Court from FTC Kaplan An Introduction to the PRINCE2 project methodology by Ruth Court from FTC Kaplan Of interest to students of Paper P5 Integrated Management. Increasingly, there seems to be a greater recognition of the

More information

UML Modeling of Five Process Maturity Models

UML Modeling of Five Process Maturity Models UML Modeling of Five Process Maturity Models 1 UML Modeling of Five Process Maturity Models Version 1 LQL-2003-TR-02 2003 Simon Alexandre Naji Habra CETIC - FUNDP 2003 UML Modeling of Five Process Maturity

More information

National Commission for Academic Accreditation & Assessment. Handbook for Quality Assurance and Accreditation in Saudi Arabia PART 1

National Commission for Academic Accreditation & Assessment. Handbook for Quality Assurance and Accreditation in Saudi Arabia PART 1 National Commission for Academic Accreditation & Assessment Handbook for Quality Assurance and Accreditation in Saudi Arabia PART 1 THE SYSTEM FOR QUALITY ASSURANCE AND ACCREDITATION Ver. 2.0 THE SYSTEM

More information

Risk. Risk Categories. Project Risk (aka Development Risk) Technical Risk Business Risk. Lecture 5, Part 1: Risk

Risk. Risk Categories. Project Risk (aka Development Risk) Technical Risk Business Risk. Lecture 5, Part 1: Risk Risk Lecture 5, Part 1: Risk Jennifer Campbell CSC340 - Winter 2007 The possibility of suffering loss Risk involves uncertainty and loss: Uncertainty: The degree of certainty about whether the risk will

More information

Concept of Operations for the Capability Maturity Model Integration (CMMI SM )

Concept of Operations for the Capability Maturity Model Integration (CMMI SM ) Concept of Operations for the Capability Maturity Model Integration (CMMI SM ) August 11, 1999 Contents: Introduction CMMI Overview Concept for Operational Use of the CMMI Migration to CMMI Models Concept

More information

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge 1 Extreme Heritage, 2007 Australia, 19-21 July 2007, James Cook University, Cairns, Australia Theme 6: Heritage disasters and risk preparedness approach for Cultural Heritage Projects Based on Project

More information

Process Improvement. Objectives

Process Improvement. Objectives Process Improvement Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 28 Slide 1 Objectives To explain the principles of software process improvement To explain how software process factors

More information

RISK MANAGEMENT IN DISTRIBUTED SOFTWARE DEVELOPMENT: A PROCESS INTEGRATION PROPOSAL i

RISK MANAGEMENT IN DISTRIBUTED SOFTWARE DEVELOPMENT: A PROCESS INTEGRATION PROPOSAL i 01 RISK MANAGEMENT IN DISTRIBUTED SOFTWARE DEVELOPMENT: A PROCESS INTEGRATION PROPOSAL i Rafael Prikladnicki School of Computer Science, PUCRS, rafael@inf.pucrs.br Marcelo Hideki Yamaguti School of Computer

More information

Presented by Frank V. Payne, PMP

Presented by Frank V. Payne, PMP Presented by Frank V. Payne, PMP 1 Meet Your Speaker Frank V. Payne, PMP MBA/HRM, MBA/TM, CPME, CFPM Project Management Evangelist TM 2 Learning Objectives By the end of this presentation, you will be

More information

SOFTWARE RISK MANAGEMENT

SOFTWARE RISK MANAGEMENT SOFTWARE RISK MANAGEMENT Linda Westfall The Westfall Team westfall@idt.net PMB 383, 3000 Custer Road, Suite 270 Plano, TX 75075 972-867-1172 (voice) 972-943-1484 (fax) SUMMARY This paper reviews the basic

More information

The Software Process. The Unified Process (Cont.) The Unified Process (Cont.)

The Software Process. The Unified Process (Cont.) The Unified Process (Cont.) The Software Process Xiaojun Qi 1 The Unified Process Until recently, three of the most successful object-oriented methodologies were Booch smethod Jacobson s Objectory Rumbaugh s OMT (Object Modeling

More information

Making Process Improvement Work

Making Process Improvement Work Making Process Improvement Work A Concise Action Guide for Software Managers and Practitioners Neil Potter Mary Sakry The Process Group help@processgroup.com www.processgroup.com Version 2.3 1 Session

More information

8. Master Test Plan (MTP)

8. Master Test Plan (MTP) 8. Master Test Plan (MTP) The purpose of the Master Test Plan (MTP) is to provide an overall test planning and test management document for multiple levels of test (either within one project or across

More information

Project Management Guidelines

Project Management Guidelines Project Management Guidelines Overview Section 86-1506 (5) directs the NITC to adopt guidelines regarding project planning and management. The goal of project management is to achieve the objectives of

More information

Modellistica Medica. Maria Grazia Pia, INFN Genova. Scuola di Specializzazione in Fisica Sanitaria Genova Anno Accademico 2002-2003

Modellistica Medica. Maria Grazia Pia, INFN Genova. Scuola di Specializzazione in Fisica Sanitaria Genova Anno Accademico 2002-2003 Modellistica Medica Maria Grazia Pia INFN Genova Scuola di Specializzazione in Fisica Sanitaria Genova Anno Accademico 2002-2003 Lezione 16-17 Introduction to software process Software process models,

More information

Measuring the level of quality of IT Service Management

Measuring the level of quality of IT Service Management Central Page 176 of 344 Measuring the level of quality of IT Service Management Melita Kozina, Lucija Horvat Faculty of Organization and Informatics University of Zagreb Pavlinska 2, 42000 {melita.kozina,

More information

Incorporating Risk Assessment into Project Forecasting

Incorporating Risk Assessment into Project Forecasting Incorporating Risk Assessment into Project Forecasting Author: Dione Palomino Conde Laratta, PMP Company: ICF International - USA Phone: +1 (858) 444-3969 Dione.laratta@icfi.com Subject Category: Project

More information

Risk Workshop Overview. MOX Safety Fuels the Future

Risk Workshop Overview. MOX Safety Fuels the Future Risk Workshop Overview RISK MANAGEMENT PROGRAM SUMMARY CONTENTS: Control Account Element Definition ESUA Form Basis of Estimate Uncertainty Calculation Management Reserve 1. Overview 2. ESUA Qualification

More information

Capability Maturity Model Integration (CMMI ) Overview

Capability Maturity Model Integration (CMMI ) Overview Pittsburgh, PA 15213-3890 Capability Maturity Model Integration ( ) Overview SM CMM Integration, SCAMPI, SCAMPI Lead Appraiser, and SEI are service marks of Carnegie Mellon University., Capability Maturity

More information

Software Risk Management Practice: Evidence From Thai Software Firms

Software Risk Management Practice: Evidence From Thai Software Firms , March 12-14, 2014, Hong Kong Software Management Practice: Evidence From Thai Software Firms Tharwon Arnuphaptrairong Abstract Software risk management has been around at least since it was introduced

More information

Case Study of CMMI implementation at Bank of Montreal (BMO) Financial Group

Case Study of CMMI implementation at Bank of Montreal (BMO) Financial Group Case Study of CMMI implementation at Bank of Montreal (BMO) Financial Group Background Started in 1817, Bank of Montreal - BMO Financial Group (NYSE, TSX: BMO) is a highly diversified financial services

More information

ISMS Implementation Guide

ISMS Implementation Guide atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation

More information

Reprisal: Types of Requirements

Reprisal: Types of Requirements Standards, d Certification and Regulations Reprisal: Types of Requirements Functional requirements: requirements that specify a function that a system or system component must be able to perform The watch

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

CAPABILITY MATURITY MODEL INTEGRATION

CAPABILITY MATURITY MODEL INTEGRATION CAPABILITY MATURITY MODEL INTEGRATION Radu CONSTANTINESCU PhD Candidate, University Assistant Academy of Economic Studies, Bucharest, Romania E-mail: radu.constantinescu@ie.ase.ro Web page: http:// www.raduconstantinescu.ase.ro

More information

White Paper from Global Process Innovation. Fourteen Metrics for a BPM Program

White Paper from Global Process Innovation. Fourteen Metrics for a BPM Program White Paper from Global Process Innovation by Jim Boots Fourteen Metrics for a BPM Program This white paper presents 14 metrics which may be useful for monitoring progress on a BPM program or initiative.

More information

CMMI for Development, Version 1.3

CMMI for Development, Version 1.3 Carnegie Mellon University Research Showcase @ CMU Software Engineering Institute 11-2010 CMMI for Development, Version 1.3 CMMI Product Team Follow this and additional works at: http://repository.cmu.edu/sei

More information

Optimizing Organizational Measurement and Analysis ROI for Small Diverse Projects. Susanna Schwab July 2007

Optimizing Organizational Measurement and Analysis ROI for Small Diverse Projects. Susanna Schwab July 2007 Optimizing Organizational Measurement and Analysis ROI for Small Diverse Projects Susanna Schwab July 2007 Introduction EITS Measurement Program Objective: Define and deploy an integrated cost effective

More information

V. Phani Krishna et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 2 (6), 2011, 2915-2919

V. Phani Krishna et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 2 (6), 2011, 2915-2919 Software Quality Assurance in CMM and XP- A Comparative Study CH.V. Phani Krishna and Dr. K.Rajasekhara Rao CSE Department, KL University, Guntur dt., India. Abstract Software Quality Assurance is a planned

More information

Preliminary Reference Guide for Software as a Service (SaaS)

Preliminary Reference Guide for Software as a Service (SaaS) Preliminary Reference Guide for Software as a Service (SaaS) for the evaluation of the service providers' software development process Maiara Heil Cancian Florianópolis, March/2009 About the author Maiara

More information