How To Know If A Project Is Safe

Similar documents
Two-Tier ERP Strategy: First Steps

ICD-10 Advantages Require Advanced Analytics

Transform Customer Experience through Contact Center Modernization

Cognizant Insights. Executive Summary. Overview

How To Choose A Test Maturity Assessment Model

How Healthy Is Your SaaS Business?

Maximizing Business Value Through Effective IT Governance

Agile Planning in a Multi-project, Multi-team Environment

Driving Innovation Through Business Relationship Management

Extending Function Point Estimation for Testing MDM Applications

The Impact of RTCA DO-178C on Software Development

Creating Competitive Advantage with Strategic Execution Capability

Complaints Management: Integrating and Automating the Process

> Cognizant Analytics for Banking & Financial Services Firms

Cognizant assetserv Digital Experience Management Solutions

Credit Decision Indices: A Flexible Tool for Both Credit Consumers and Providers

Cognizant Mobile Risk Assessment Solution

LifeEngage : The Life Insurance Platform for the Digital-Age Insurer

Agile/Scrum Implemented in Large-Scale Distributed Program

Granular Pricing of Workers Compensation Risk in Excess Layers

Open Source Testing Tools: The Paradigm Shift

Key Indicators: An Early Warning System for Multichannel Campaign Management

> Solution Overview COGNIZANT CLOUD STEPS TRANSFORMATION FRAMEWORK THE PATH TO GROWTH

A Tag Management Systems Primer

DevOps Best Practices: Combine Coding with Collaboration

Virtual Brand Management: Optimizing Brand Contribution

Cloud Brokers Can Help ISVs Move to SaaS

Improve Sourcing and Contract Management for better Supplier Relationship

Migration Decoded. Cognizant Insights

POS Data Quality: Overcoming a Lingering Retail Nightmare

Building a Collaborative Multichannel Insurance Distribution Strategy

Optimizing Agile with Global Software Development and Delivery

Cognizant Mobility Testing Lab. The faster, easier, more cost-effective way to test enterprise mobile apps.

Virtual Clinical Organization: The New Clinical Development Operating Model

Making Multicloud Application Integration More Efficient

Cognizant Mobility Testing Lab A state of the art Integrated platform for Mobility QA

Mortgage LOS Platform Evaluation and Selection

Retail Analytics: Game Changer for Customer Loyalty

Integrated Market Research: The Intelligence Behind Commercial Transformation

Business-Focused Objectives Key to a Winning MDM Implementation

Talent as a Service: Enabling Employee Engagement While Boosting Efficiencies

Strategic Cost Optimization: Driving Business Innovation While Reducing IT Costs

Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitability

Solving Storage Headaches: Assessing and Benchmarking for Best Practices

Knowledge Management in Agile Projects

Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Industry

Transforming the Business with Outcome-Oriented IT Infrastructure Services Delivery

HIX 2.0: New Alternatives for State Participation in Health Insurance Exchanges

A Next-Generation Approach to Integrated Warranty Management

Reducing Costs, Increasing Choice: Private Health Insurance Exchanges

Don t Let Your Data Get SMACked: Introducing 3-D Data Management

Moving Beyond Social CRM with the Customer Brand Score

How To Understand The Financial Impact Of Icd-10

Cognizant White Paper. > Casual Dining vs. Quick Service. Key differences from a Process-IT standpoint

Meeting the Pegasystems BPM Testing Challenge

Two-Tier ERP: Enabling the Future-Ready Global Enterprise with Better Innovation, Customer Experience and Agility

Integrated Approach to Build Patient Adherence: Helping Pharmaceutical Companies to Enhance Growth

Fortifying Retailing from Online Fraud

Predictive Response to Combat Retail Shrink

Strategic Intraday Liquidity Monitoring Solution for Banks: Looking Beyond Regulatory Compliance

Online Capabilities of UAE Insurance Carriers: The Road to Customer Satisfaction

Siebel Test Automation

Emerging Differentiators of a Successful Wealth Management Platform

PBM Compliance with Medicare Part D

The Business Case for On-Demand Test Services

Transcription:

Cognizant 20-20 Insights Risk Mitigation: Fixing a Project Before It Is Broken A comprehensive assessment of unforeseen risks in the project lifecycle can prevent costly breakdowns at the testing stage. Executive Summary Many IT projects have a reputation for exceeding budgets, missing deadlines, failing to realize expectations and/or delivering sub-par return on investment. Surveys and reports on the acceptability of new IT systems reinforce the same problems and probable causes of failure; yet businesses, large and small, continually make mistakes when attempting to improve information systems, particularly investing in inappropriate or unworkable changes without proper consideration of the likely risks. Planning projects, establishing requirements for change, selecting, implementing and testing suitable systems are important components of a superior business management process. Companies, however, often do not take adequate precautions during the project lifecycle to minimize failures at the testing stage. Consider the following: Our assessment of 134 publicly traded companies reveals that over half admitted to suffering a failed IT project in the past 12 months due to issues encountered during the testing stage. Such failures come at an extremely high cost. According to the Royal Academy of Engineering and the British Computer Society, 3.5 billion are wasted every year on badly managed IT system deployments, only discovered during 1 the testing stage. Only about 16% of overall IT projects can be considered successful; even conservative estimates put the costs of failure into the 20 billion range across the European Union (EU), in IT software development projects. 2 As seen in Figure 1 (next page), the peak expenditure of both time and money on IT support and development occurs at the testing stage. The costs of failure are not limited to the narrow considerations of budget and schedule. Companies do not pay adequate attention to conducting a proactive risk assessment of all projects during their entire lifecycle in an effort to mitigate and minimize the risk of failure at the testing stage. Identifying and analyzing potential risks of failure during the project lifecycle is fundamental to avoiding issues at the testing stage, as well as massive rework. To do this, it is vital to set up an early-stage diagnosis. This approach includes analyzing projects throughout the entire lifecycle, from the requirements gathering stage through verification, when all potential variables and intermediate process steps are weighed in terms of risk. Taking this approach can help IT organizations understand and minimize the potential impact on testing activities. cognizant 20-20 insights july 2012

Project Costs Increase at Testing Stage Rate of Cost Investment During Projected Lifecycle New Defect Prevention Late Defect Discovery Results in Significant Rework Requirements Design and Build Release to Test Time Release to Field 100x Increase in Cost of Removing Defects Sources: Barry Boehm, Software Engineering Economics, Prentice Hall, Inc., 1981. Basili Boehm, Software Management, IEEE Computer, January 2001. Figure 1 In this whitepaper, we spell out our rigorous process for identifying and avoiding project issues that undermine many applications development projects. It also offers proven ways for organizations to minimize development delays and costs, while building systems that deliver exceptional business benefits. Test Risk Assessment Process Cognizant Business Consulting developed a structured, proprietary process called the Test Risk Assessment for Project Improvement (TeRAPI), with the main objective of identifying and minimizing risks that can occur at the testing stage across the entire product lifecycle. The process consists of three main phases: 1. Measure the business criticality. 2. Profile the risk level of projects. 3. Design a risk mitigation plan. The purpose of measuring business criticality is to determine the importance of each business function. After all the business processes are evaluated to determine their criticality to the project, business functions can be prioritized to determine which ones require a contingency plan and which can be ignored and eliminated. Each function, system, interface and third party can and should receive a risk rating. Probabilities are assigned to each failure that can occur for each of these items. This means that an order function (risk rating = 5) could be impaired because of a business partner failure (probability of 60%) or could fail due to a system failure (probability of ). The same function would have a different criticality/probability score (see below), based on the fact that two different failures could hit that business function. The business criticality evaluation process is strictly related to the risk management process and is useful for any project stakeholder, at any project stage. Measuring Business Criticality To be successful, any test risk assessment has to concentrate on the local identifiable issues related to the business. During the test risk assessment process, risks to business functions will be identified and evaluated. The vulnerability of the business to these risks will be rated. Main actions to perform in a test risk assessment include: Alignment of testing with business requirements. Test strategy and test environment preparation. Test resourcing. Test environment. Test execution. Production readiness preparation. cognizant 20-20 insights 2

Each of these business functions represents a dimension to be analyzed in setting up a risk management process. Profiling Risk Level of Projects After having defined main dimensions and subdimensions as a core part of the TeRAPI methodology, each project must be assessed to weigh the risk associated with each sub-dimension in each stage of the project lifecycle. A business criticality score is determined based on the business purpose of the project. The result is a business risk index (BRI), which offers a composite view and comparison of risks based on the business criticality of the projects that require immediate management attention, as well as the priorities of these projects. All dimensions are quantitatively determined, from business requirements alignment, to test result analysis and mitigation plan design and a qualitative index is assigned. Frequency of risk across each action step must be determined and graphed. For each dimension and its specific sub-dimensions, a qualitative measure of risk importance needs to be identified and quantified. This must be done across all projects where TeRAPI is applied. This data is placed in a qualitative table that summarizes all quantified risk-level results for each assessed project in an effective way and in relation to each dimension and relative subdimensions (see Figure 2). The TeRAPI risk assessment identifies two types of risks for testing: High-level risks: Risks that are likely to impact the schedule or the quality of the deliverable. The root causes for these risks need to be identified and addressed through initiatives at the higher level. Medium-level risks: Risks that can be addressed by the testing team with minimal impact on schedule or quality. These risks can be addressed by project managers through tactical initiatives. Once the test risk assessment is completed, the next step is to analyze and present the results so that executive management can get the most use from the data. Data analysis will be the foundation for planning actions to mitigate risk impact and provide recommendations. The recovery strategies that need to be developed should be based on the findings of the risk assessment survey and interviews, as well as the business impact analysis. Designing the Risk Mitigation Plan Each TeRAPI dimension must be developed and risk causes determined and analyzed to create TeRAPI: Project Test Risk Evaluation Projects 2456 2620 2566 2761 2281 2881 2681 2847 2673 2710 2776c 2776b 2815 2912 2817 Frequency of Risk for Individual Projects 15 4 11 6 7 10 6 9 9 2 2 8 1 8 4 5 2 6 2 1 1 7 1 5 1 4 4 TeRAPI DIMENSIONS PROJECTS Dimensions #1 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15 Sub-dimension #1 H M H H H M M M M Sub-dimension #2 H H H M H M M Sub-dimension #3 H H M H Sub-dimension #4 H M M M M M Sub-dimension #5 M M M M M M Sub-dimension #6 M M Sub-dimension #1 4 5 Sub-dimension #2 3 3 Sub-dimension #3 3 1 Sub-dimension #4 Sub-dimension #5 1 5 6 Sub-dimension #6 2 High Medium High (H) Risks that are likely to impact the schedule or quality of the deliverable Medium (M) Risks that can be addressed by the project manager with minimal impact on schedule and quality 10 0 5 10 15 20 0 2 4 6 8 10 Figure 2 cognizant 20-20 insights 3

a mitigation plan that addresses them. The mitigation plan, or risk response plan, provides options to reduce the likelihood that identified risks will occur. Options and actions are developed in a mitigation plan to enhance project opportunities and reduce threats to project objectives to below an acceptable threshold. Typically, every testing team maintains a mitigation plan, which consists of an Excel file containing different columns, including risk description, date, category, impact areas, root cause, priority, contingency, action plan, mitigation action plan, risk status and risk close date. Each mitigation action is related to the corresponding identified risk. Each action must be planned and time-lined in order to track it and update the probability that the corresponding risk will occur. The mitigation plan is managed by a supervisor team belonging to the testing organization and responsible for developing mitigation actions that will address all identified risks. To facilitate workload assignments, various workstreams can be created and assigned to different execution teams. If ranked risks are not mitigated properly, they will occur at certain points in time during testing activities. In that case, the risks become issues, and the supervisor team is responsible for identifying viable countermeasures and action plans to resolve them. TeRAPI Process Implementation: Business Case A continuous risk management process is a necessary part of any approach to software security. In particular, at the testing stage, the primary objective is to improve the understanding of the major risks, in order to ensure stable and reliable testing. The TeRAPI approach can help test managers increase confidence in the tests of security function behaviors. Risk assessment is widely applied in all market industries and large organizations, but it is particularly important in banking and financial services. Run-the-bank projects implement a well-structured risk assessment process in order to manage all approved change requests by minimizing the risks during code testing. This process is set up at the scope identification stage. The supervisor team, which includes the sponsor, project manager, solution lead engineer, requirements engineer and test manager, is responsible for gathering the requests coming from the business and setting up an implementation plan in order to get them deployed according to the project plan. During the evaluation of the project scope, the team sets up a risk plan to evaluate potential constraints during solution implementation that would potentially occur during the requirements definition, solution development and code testing stages. For a tier one financial institution in Europe, two run-the-bank projects are considered, one without a risk management application, and the other with the TeRAPI application (see Figures 3 and 4). The project scope is to implement several change requests (CRs) for online private banking services. Both projects have a similar normalized initial budget estimated at CHF 400,000. The implementation of a structured risk assessment process, based on TeRAPI principles, has produced a cost savings of 19%, or around CHF 76,000, and reduced identified defects from 17 to 10 (about 60% less). Before and After TeRAPI Project 1 % Difference Initial budget Number of defects at testing stage Additional budget allocation to fix testing bugs CHF 400,000 17 CHF 55,000 13.8% Cost savings CHF 55,000-13.8% Project 2 % Difference Initial budget Number of defects at testing stage Additional budget allocation to fix testing bugs CHF 400,000 10-58.8% CHF 0 Cost savings CHF 20,000 5.0% Net cost savings CHF 75,000 18.8% Figure 3 cognizant 20-20 insights 4

TeRAPI Implementation: Project Advantages 80 60 40 20 0-20 Number of defects at testing stage Additional budget allocation Cost savings Net cost savings Project 1 Project 2-40 -60 Figure 4 Project 1 has managed about 12 CRs without a risk management plan. It experienced 17 issues at the unit test stage, mainly related to not meeting requirements in code development. This resulted in a large amount of rework and the need for additional resources to cope with unexpected issues, increasing the project budget to CHF 55,000. In Project 2, the sponsor decided to use TeRAPI principles in an effort to reduce project expenditures, particularly during the testing stage. The supervisor team was established, and risks were identified. At the beginning, the risk was very large, with 50 identified risks. For each risk, a set of mitigation actions were established, with a proper due date and responsibility assigned to members of the team. Prior to unit testing, the number of unaddressed risks was reduced to 10. During testing for the first release of the year, the number of issues to be addressed dropped by 60%, producing savings of CHF 20,000 compared with Project 1. The net savings obtained by Project 2 was about CHF 75,000. All identified risks were properly weighted to define risk relevance. The impact on the project implementation strategy, schedule, functionality, costs and quality were weighed, and each value concurred to define the risk probability. TeRAPI: Risk Assessment Landscape Top 15 Risks 100 Risk Type 75 Probability 50 25 60% Project Risk IT Risk Operational Risk 0 Low Middle Impact High Risk Type (Open Risks) Project Risk 3 IT Risk 1 Operational Risk 1 Risk Category (Open Risks) Project Management 1 Product Development 2 Product (procured, operational) 1 Sponsorship and Budget 1 External Risks 0 Risk Category Project Management Product Development Sponsorship and Budget External Risks 40% Figure 5 cognizant 20-20 insights 5

TeRAPI: Risk Assessment Statement Risk ID Keyword: (Release Aug 12) - Unit tests execution warning 49 Description: Due to the project s dependencies on external parties, there s a threat that release CRs testing could be delayed, which will result into overall timeline shift Cause/Origin : Project organizational structure involving multiple external parties Identification Date: 07-Jan-12 Test Manager Probability Risk (%) Consequences: Overall delay on release timeline Agreed functionalities during scope definition could not be delivered 100% Impact on Program Strategy Impact on Project Schedule Functionality Costs Quality 30 3 (1-9) 7 (1-9) 7 (1-9) 5 (1-9) 3 (1-9) Response Planning: Status: Open Closed on: Reason for Closure Response Action Cost Responsibility Type 1 Close coordination and weekly tracking with testing team and external support to verify and address identified test risks. 1'500 Test Manager Mitigation 05-Mar-12 G 2 Unit test execution planning reviewed daily with external resources responsible. 500 Project and Test Managers Mitigation 05-Mar-12 A 3 Regular followup with release management team and timely escalations. 1'000 Lead Engineer Mitigation 05-Mar-12 A 4 Pre-release testing to increase test coverage. 1000 Project Manager Mitigation 05-Mar-12 A Due Date Response Effectiveness Risk Type: IT Risk Project Risk Category: Product Development Area: Project Management Risk Owner: Last updated by: Last update on: Project Manager Costs: 10'000 3 Risk Grade Risk Grade Project Manager (Risk) Project: 2.10 Program: 0.90 27-Mar-12 Risk Exposure: 3000.00 Figure 6 The higher ranked risks were shown in a context that summarized all major risk properties, such as the probability to occur, risk type and category. Each risk was given a set of mitigation actions, with a relative supervisor team member assigned as risk owner and responsible for putting into practice all identified mitigation actions and tracking risk addressing. A risk assessment statement form (see Figure 6) collects all information concerning identified risk and is the kernel source for the final report. TeRAPI Final Report The risk landscape and mitigation plan will show a clear overview of risks, root causes and action agenda to resolve all challenges. The findings from TeRAPI will form the basis for the final report. A risk assessment outcome is the starting point for building the TeRAPI final report. The risk landscape shows the status of major risks to be tracked and reviewed periodically, trends across different reviews and the main categories to which the risks belong. The final report will take the following into consideration: Previous disruption history. Risks and vulnerabilities. Preventative measures. Test risk assessment. Mitigation plan. The risk assessment process is an essential activity of continuity planning, in particular during the testing phase. Catching errors prior to testing the developed solution helps save time, money and effort and will result in cleaner, better performing and more business-aligned code. The TeRAPI process can enable agile and effective IT systems to support a more effective business. The purpose of the TeRAPI methodology during software testing is to identify high-risk applications that must be tested more thoroughly, as well as identifying error-prone components within specific applications that must be tested cognizant 20-20 insights 6

more rigorously. The results of the analysis can be used to determine the testing objectives for the application during test planning. Conclusion Companies have always had to prioritize their testing efforts, but figuring out how to do it properly with the right approach and methodology has not always been clear. To compete, enterprises must reduce testing costs as low as possible without sacrificing application quality or delaying critical application launch time. TeRAPI can help in this regard. It is backed by statistical techniques and proven best practices gleaned from many years of experience with testing code of enterprises worldwide. Our approach ensures the appropriate amount of input from business and technical experts, as well as the proper level of detail in prioritizing risks, at each stage of the project lifecycle. In order to implement this assessment process effectively, we estimate a team of three or four experts is needed to implement the process and prepare it for practical application for all involved projects. Our TeRAPI methodology is an effective way of minimizing risks during the testing stage, with the objective of minimizing delays and costs, and ensuring the highest business benefits. This approach provides companies with a consistent, business-based methodology for determining the level of risk present at the testing stage and how to mitigate it in order to deliver business value and the highest possible customer satisfaction. About the Authors Simon Erdmann is a Director at Cognizant Business Consulting (CBC) in Frankfurt, Germany. He has over 15 years of experience in operations, management and consulting for the retail, consumer goods and transportation logistics industry, and is head of Germany, Austria and Switzerland for CBC Strategic Services. Simon has studied at German Armed Forces University and VWA Essen. He can be reached at Simon.Erdmann@cognizant.com. Giuseppe L. Pannisco is a Consultant at Cognizant Business Consulting. He has six-plus years of consulting experience with global clients on supply chain management, IT strategy and management issues, working with companies in the automotive, aviation and aerospace, transportation and logistics service provider fields. Giuseppe holds a master s degree in aerospace engineering (aeronautical business management specialization) from Universita degli Studi di Napoli FEDERICO II. He can be reached at Giuseppe.Pannisco@cognizant.com. cognizant 20-20 insights 7

About Cognizant Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the world s leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50 delivery centers worldwide and approximately 140,500 employees as of March 31, 2012, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant. World Headquarters 500 Frank W. Burr Blvd. Teaneck, NJ 07666 USA Phone: +1 201 801 0233 Fax: +1 201 801 0243 Toll Free: +1 888 937 3277 Email: inquiry@cognizant.com European Headquarters 1 Kingdom Street Paddington Central London W2 6BD Phone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102 Email: infouk@cognizant.com India Operations Headquarters #5/535, Old Mahabalipuram Road Okkiyam Pettai, Thoraipakkam Chennai, 600 096 India Phone: +91 (0) 44 4209 6000 Fax: +91 (0) 44 4209 6060 Email: inquiryindia@cognizant.com Copyright 2012, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information