Professional Documents
Culture Documents
Agenda
Part I System Development Life Cycle (SDLC)
Definition SDLC Phases SDLC Models Risks and Points of Control The Need for Project Management
Part I
Definition
System Development Life Cycle (SDLC):
Definition
Defining, acquiring and implementing application systems. This includes all stages of activity from requirements identification through implementation of the application system.
Overview
SDLC: Provides a framework to convert management and/or business need into an application system. Can be applied to custom development, vendor purchased or combination.
Overview
Establishes procedures, practices, and guidelines governing the system development and maintenance activities. Consists of documented and undocumented methods, tools and guidelines. Typical SDLC phases: Initiation, Analysis, Design, Development, Testing, Implementation, and Maintenance. Typical SDLC models: Waterfall, Incremental, RAD, Hybrid and others.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
SDLC Phases
Project Management
Phases
Initiation
Analysis
Design
Develop
Test
Implement Maintain
Gain understanding of problem or business need Develop project objectives and scope Gather high-level user requirements Conduct feasibility analysis Conduct cost/benefit analysis Scope project size, schedule and budget Obtain stakeholder approvals
Project Charter Feasibility Study Results Cost/benefit results System features Project Approval
Key Roles
Executive Management Project Sponsor/Business Champion Project Manager Business Analyst System Analyst System Architect Users
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
Gain understanding of current system functionality Meet with users to gather business and functional requirements Develop business and functional process flows Analyze requirements and develop alternative design solutions Compare alternatives or perform vendor/tool evaluation Develop user prototype
Business Requirements Functional Specifications Alternate Design Solutions Vendor/Tool analysis User Prototype
Key Roles
Business Analyst System Analyst Users Enterprise/Technical Architects Database Architects Quality Assurance Specialist Change Management Specialist
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
Develop process flows & data flows Develop database design & data models Develop high-level system function design Develop system architecture design Develop system function design Develop interface and conversion requirements design Develop infrastructure design Develop training and testing requirements Develop deployment strategy
Logical Design Specifications - process models, data models, database design Physical Design Specifications system, architecture, infrastructure, conversion, interface
Key Roles
System Analyst System Architects Technical Architects Database Architects Quality Assurance Specialist Change Management Specialist
Develop program specifications Develop software code: System Database Interface Infrastructure Conversion Conduct unit testing Conduct code reviews and walkthroughs
Key Roles
System Analyst Software Programmer/Developers Database/Technical Architects Enterprise Architects Quality Assurance Specialist Change Management Specialist
Develop test strategy and plan Develop test cases Develop test environment and data Conduct System Testing Conduct Integration Testing Conduct User Acceptance Testing Conduct stress/performance testing Track and resolve system defects and issues Report test results
Test strategy and plan Test Case Specifications Test Environment & Data Test Results Test defects and issues log Test Signoffs
Key Roles
System and Business Analyst Test Manager Functional Test Specialist Performance Test Specialist Users QA & Change Management Specialist
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
10
Develop deployment/cutover plan Develop contingency plan Conduct user and operations training Perform data conversion Deploy software/application Cutover to production Go-live Decommission old system
Deployment plan User Training Manuals Operation Manual Production system/code Contingency Plan
Key Roles
System and Business Analyst System Architect Test Manager Test Specialists Operations/Help Desk Users QA & Change Management Specialist
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
11
Perform day-to-day support & operations Support system users Correct system defects Perform system enhancements Update system documents
System defects logs Operations and Maintenance logs Updated documentation System enhancements logs
Key Roles
Users Operations & Help Desk System Administrator Database Administrator Technology Support QA & Change Management Specialist
12
SDLC Models
Common SDLC Models
Waterfall Traditional model. Each phase completed before the next phase started. Incremental development over several iterations. Each iteration is a short Waterfall model. Incorporates principals of Waterfall model in a continuous flow. Prototyping frequently conducted. Rational Unified Process (RUP). Others Spiral. Extreme Programming. Object-oriented Development.
Iterative
RAD
Hybrid
13
Develop
Test
Implement
Maintain
Key Points Also called Traditional or Big-Bang model. Each phase needs to be complete before start of next phase. Requirements are defined in Analysis phase and all subsequent phase activities are based on those requirements. Each step has a clear cut off before proceeding to next phase. Well suited when there is: Limited Constraints on time, budget and resources. Scope for the work is complete, correct, un-ambiguous. Limited possibility of scope, requirements or design changes. Not suited for software development projects due to their complexity and constant changes
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
14
Go-Live
Increment 1
Increment 2
Increment 3
Maintain
Key Points Also called Incremental model. Emphasizes need to go back and reiterate earlier stages. Each incremental stage is a waterfall model. Allows for demonstrated proof of concept early in the development cycle. Enables larger problems to be tacked in small chunks. Allows for change. Allows for testing to occur earlier faults found earlier. Well suited for most software development projects.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
15
Prototype
Key Points RAD stands for Rapid Application Development. Makes it possible to develop systems faster, especially where the user interface is an important component of application. Incorporates the principles of Waterfall SDLC but in a continuous flow. Prototyping is frequently conducted as part of requirements development. Design and testing activities are conducted as requirements are completed. Testing activities maybe conducted as part of the implementation. Implementation leads to changes that start the system development process all over.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
16
Key Points RUP stands for Rational Unified Process. Develop by Rational Software (now part of IBM). RUP is a comprehensive and a practical process with specific advice on activities, when to do each activity and how much, has integrated tool support and has document templates. RUP is based on traditional software engineering methods, UML and iterative concept. Key practices: Develop software iteratively, manage requirements, use component based architecture, visually model software, continuously verify software quality, control changes to software. Key concepts: Worker, Activity, Artifact, Workflow, Iteration, Phase, Development cycle. 4 RUP Phases: Inception, Elaboration, Construction and Transition.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
17
4. Design Phase 4.1 Functional Design Phase Overview Roles & Responsibilities Tools Policies and Procedures Process flows Functional Process description Logical data models Inputs/Outputs description User Interface descriptions Regulatory/Compliance specs Conversion specifications Testing requirements Training requirements Control specifications Privacy and Security specs Key Deliverables/Templates
SA M PL E
18
SDLC Risks
Initiation Analysis Design Develop Test Implement Maintain Examples of SDLC Risks Adoption of inappropriate SDLC for the application system. Inadequate controls in the SDLC process User requirements and objectives not being met. Inadequate stakeholder involvement. Lack of management support. Inadequate project management. Inappropriate technology and architecture. Scope variations. Time over-runs. Cost over-runs. Inadequate quality of the application system. Insufficient attention to security and controls. Performance criteria not being met. Inappropriate resourcing/staffing. Inadequate staffing skills. Insufficient documentation. Inadequate contractual protection. Inadequate adherence to chosen SDLC and/or development methodologies. Insufficient attention to interdependencies on other applications and processes. Inadequate configuration management. Insufficient planning for data conversion/migration and cutover.
19
20
21
22
1994 53%
Opportunity Two-thirds of projects are still unsuccessful! Significant room for improvement persists. Reason Methodologies warrant further improvement and better execution.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
23
Summary
Key Messages SDLC has multiple phases such as Analysis, Design, Develop, Implement, etc. SDLC methodologies can be either custom or vendor developed. There are several SDLC approaches or models such as Waterfall, Iterative, RAD, etc. SDLC consists of documented and undocumented methods, tools and techniques. SDLC processes should be developed, documented, and deployed with consideration to their affect on and fit into the overall organizations processes. Responsibility for SDLC processes and procedures lies throughout the organization. SDLC processes must be aligned with technology standards as well as current and planned systems architecture. SDLC risks are present in all phases. An effective SDLC process is important to support business processes.
24
25
Definition
PMI PMBOK
Project Management Institute Project Management Body of Knowledge A project is a temporary endeavour undertaken to create a unique service, product, or result. - PMBOK Project Management is the application of knowledge, skills, tools and techniques to project activities to meet project requirements. - PMBOK
Project
Project Management
26
Project Components
Goal
Deliver on time, on budget and per specifications (quality) Manage business expectations, human resources and project cost (time, money and business needs) Identify, quantify and control risk
Project Manager
Ensures all activities occur according to plan Manages stakeholders, clients, budget, schedule, providers, product, etc.
Key Message Formal project management significantly increases the likelihood of success. A simple view of project management and actual project performance generally underlie the significance and materiality of project failures, especially in information technology.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
27
Project Controls
Risk can be significantly mitigated through a series of well thought out controls. The controls lifecycle in an IT project should:
Define key control objectives Map existing control activities against control objectives Identify areas where required controls are absent and remediate Perform ongoing tests, validate, remediate and monitor
Key Message
4 4
Factor into your business model the cost of developing sound internal controls in the IT project. Internal controls should be part of the overall requirements.
28
Key Message
4 4
Completion and approval of one or more deliverables are designed to ensure proper control of project. Sign-off is normally sacrificed to speed up project execution
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
29
30
Planning
Determine steps required to meet project needs throughout project lifecycle
Executing
Manage resources required to carry out plan
Closing
Accept project or phase and bring project or phase to ordered end
31
Initiate
Close
Execute
Key Messages
4
The project management lifecycle contains integrated and re-iterative components that are continuously applied to each knowledge area and phase of the project as appropriate. The project manager is responsible for ensuring that all activities occur according to plan.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
32
33
Integration Management
Includes processes and activities to identify, define, combine, unify and coordinate processes & project management activities Concept
Involves making trade-offs among competing objectives to meet stakeholder expectations
Integration Management Activities 4 Develop Project Charter 4 Develop Preliminary Project Scope Statement 4 Develop Project Management Plan 4 Direct and Manage Project Execution 4 Monitor & Control Project Work 4 Integrated Change Control 4 Close Project Integration Management Deliverables
4 4 4 4 4 4 4 4 4
Project Charter Preliminary Project Scope Statement Project Management Plan Deliverables Work Performance Information Requested Changes Forecasts Administrative Closure Procedures Final Product, Service or Result
Key Messages
4 4
Project needs will change; the project is a living object. Unification, articulation & integrative actions are crucial for successful project completion.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
34
Scope Management
Includes processes required to ensure project includes all/only work required and to complete project successfully Concept
Product Scope features and functions that characterize product, service or result Project Scope work required to deliver product, service or result with the specified features and functions
Scope Management Activities 4 Scope Planning 4 Scope Definition 4 Create WBS 4 Scope Verification 4 Scope Control Scope Management Deliverables 4 Scope Statement 4 Scope Management Plan 4 Work Breakdown Structure (WBS) 4 WBS Dictionary 4 Scope Baseline
Key Message
4 4
The primary concern is defining and controlling what is and is not included in the project. It is the best place to start when reviewing a project. Poorly defined scope/scope creep are common weaknesses of challenged/failed projects.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
35
Time Management
Includes processes required to accomplish timely completion of the project Concept:
Specific time definition, sequencing and estimating activities are identified and controlled in project schedule
Time Management Activities 4 Activity Definition 4 Activity Sequencing 4 Activity Resource Estimating 4 Activity Duration Estimating 4 Schedule Development 4 Schedule Control Time Management Deliverables 4 Activity List & Attributes 4 Project Schedule Network Diagram 4 Milestone List 4 Activity Resource Requirements 4 Resource Breakdown Structure 4 Activity Duration Estimates 4 Project Schedule (Gantt, CPM, etc)
Key Message
4 4
Estimation is one area that is weak across the projects. Normally effort is underestimated. Milestones are normally poorly defined or not defined at all.
36
Consider what can be done concurrently vs. what must be done sequentially
Inter-relationships and dependencies Resource usage and availability Tolerance for risk Phasing the go-live
Time is normally underestimated because necessary activities are not included (i.e. quality reviews, retesting).
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
37
Cost Management
Concept:
Processes required to ensure that project is completed within approved budget
Cost Management Activities 4 Cost Estimating 4 Cost Budgeting 4 Cost Control Cost Management Deliverables 4 Activity Cost Estimates 4 Project Funding Requirements 4 Cost Baseline (updates) 4 Performance Measurements 4 Forecasted Completion
Key Message
4
Cost management is concerned with both the approved budget as well as the actual lifecycle costs (e.g trade-offs). Cost reporting is normally done on past events and do not include projections based on project variances.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
38
Duration can be better guide to resource cost than total personhours required to complete tasks Include anticipated expenses such as travel, living, team lunches, etc. Any scope change should include a budget impact analysis Estimate based on individual tasks, not based on task groupings Try to find records of previous work performed of a similar nature
Personnel rates can change through the course of a project Include project performance as part of annual performance evaluation Project Risk Management has a cost (just as car insurance!) Beware the strong tendency to underestimate time required
Key Message
4 Cost
management addresses general management techniques like return on investment, discounted cash flow, and investment payback analysis. conclusions from past phases/projects, industry or your own experience.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
4 Draw
39
Quality Management
Includes all activities to determine and implement quality policy, objectives and responsibilities so project will satisfy needs for which it was undertaken
Quality Management Activities 4 Quality Planning 4 Perform Quality Assurance 4 Perform Quality Control Quality Management Deliverables 4 Quality Management Plan 4 Quality Metrics/ Checklists/ Policy 4 Process Improvement Plan 4 Quality Baseline 4 Quality Control Measurements 4 Recommended Defect Repair 4 Validated Deliverables
Key Messages
4 4 4
Quality assurance in concerned with prevention and process. Quality control is concerned with monitoring and product. Quality should be planned in not inspected in.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
40
Key Messages
4 4
The best resources you have for the project are the resources you have. Human resource management is the project universe not just the project team.
41
Good processes will not replace the need for good people. Requiring technical staff to work overtime wont make up for management mistakes. Look for the training plan and for team members relevant experience
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
42
Communications Management
Includes processes for timely, appropriate generation, collection, distribution, storage, retrieval and ultimate disposition of project information Concept: Provides critical links between personnel, ideas and information necessary for project success
Communications Management Activities 4 Communications Planning 4 Information Distribution 4 Performance Reporting 4 Managing Stakeholders Communications Management Deliverables 4 Communications Management Plan 4 Performance Reports 4 Resolved Issues 4 Approved Change Requests 4 Approved Corrective Actions
Key Message
4
Communications management is the internal and external view of the success of the project, and must ensure that all applicable internal and external compliance regulations are adhered to. Project documentation must be managed properly. Look for documentation management roles. Analyze stakeholders needs to effectively communicate project information at the right time in the right manner.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
4 4
43
Risk Management
Includes processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project Concept:
Seeks to maximize probability and impact of positive events and minimize consequence of adverse events
Risk Management Activities 4 Risk Management Planning 4 Risk Identification 4 Qualitative Risk Analysis 4 Quantitative Risk Analysis 4 Risk Response Planning 4 Risk Monitoring & Control Risk Management Deliverables 4 Risk Management Plan 4 Risk Register 4 Risk Related Contractual Agreements 4 Recommended Preventive/ Corrective Actions
Key Messages
4 4
Every project has risk, and every project should maintain a risk management plan. Risk quantification includes risk control.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
44
Project Risk Management logs should be kept current Risk impact should be assessed from qualitative and quantitative perspective Vendors/Integrators should have input on project risks A clear definition of escalation procedures is required
Key Message
4 4 4
Project Risk Management is not a one time event. Assessing the impact is as important as identifying the risk. The project manager is not the only responsible party when it comes to risk identification.
45
Procurement Management
Includes processes to purchase or acquire products, services needed from outside the project team to perform the work Concept:
Seeks to maximize results of internal and external sourcing of goods and services
Procurement Management Activities 4 Plan Purchases and Acquisitions 4 Plan Contracting 4 Request Seller Responses 4 Select Sellers 4 Contract Administration 4 Contract Closure Procurement Management Deliverables 4 Procurement Management Plan 4 Make or Buy Decisions 4 Contract Statement of Work (SOW) 4 Procurement Documentation Package 4 Qualified Sellers List 4 Evaluation Criteria 4 Contract 4 Contract Management Plan
Key Messages
4 4 4 4
Procurement risk includes fraud, litigation, service delivery failure, solicitation failure, etc. Procurement planning and documentation are keys to effectively obtaining the required services. Fixed price is not always the best contracting strategy RFIs are a good option to better define scope and pre-select vendors.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
46
Key Message
4
EVT provides project metrics. EVT compares the cumulative value of budgeted cost of work performed to both budgeted cost for work scheduled and to the actual cost of work performed. It can be used as a quick hit when reviewing the project. Key tool to manage vendors. A well used EVT can become a tactical and strategic tool for the project leadership.
4 4 4
47
Estimated to Completion
Budget at Completion
Actual Cost
PV = Planned Value = Budgeted Cost of project at date AC = Actual Cost = Cost of work performed EV = Earned Value = % Completed X Budget at Completion CV = Cost Variance = EV - AC SV = Schedule Variance = EV - PV CPI = Cost Performance Index = EV / AC SPI = Schedule Performance Index = EV / PV BAC = Budget at Completion = Approved Budget EAC = Estimated at Completion = BAC / CPI VAC = Variance at Completion = BAC - EAC ETC = Estimated to Completion = EAC - AC
Time of Report
Time
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
48
49
50
Rk is Id n a n e tific tio
P je t R k ro c is s P cs ro e s
e o ll eop Pe
R kR s o s is e p n e
R kA a s is n ly is
Understand and anticipate the potential failure points. Build a success charter to mitigate the potential failure points.
Copyright 2006 Deloitte Development LLC. All Rights Reserved.
51
Understanding the early warning signs may prevent the cost of failure from rising, and enhance the likelihood the project can be recovered.
52
Additional Resources
Project Risk Management
www.pmi.org www.isaca.org www.sei.cmu.edu/cmmi www.risksig.com
(PMI Risk Special Interest Group)
SDLC
www.ibm.com/software/rational www.extremeprogramming.org www.agilealliance.org www.wikipedia.org
(Agile, Cleanroom, Iterative, RAD, RUP, Spiral, Waterfall, XP)
53
Questions
Steve Wakefield Senior Manager Deloitte & Touche 50 Fremont Street, 33rd Floor San Francisco, CA 94105 415-783-6384 slwakefield@deloitte.com Surinder Thind Manager Deloitte & Touche 50 Fremont Street, 33rd Floor San Francisco, CA 94105 415-783-4741 sthind@deloitte.com
54