1. Presentation by, Chandrima Das (07030241006) Raveesh Goswami (07030241024) Sampreeth Agara (07030241029) Sourabh Soni (07030241032) Surbhit Bansal (07030241033) Vijay Chakule (07030241035)

2. What is CMMI?? 3. IT Governance & Benefits: 4. How CMMI bridges gap 5. Decision Rights, Communication and Accountability:

IT Governance at its essence is about decision-making and communications.

The need stems from need of organizations to make good decisions and communicate them effectively.

Poor outcomes force org. to review the decisions made and place structures supporting better decisions.

The decisions can be: -

• Whether to invest in a new initiative.

• Approve an annual report

• Provide access to sensitive data

• Include software code in a release .

• Project funding, project content management, architecture content.

• Quality management that are made in the course of executing the processes.

6. How CMMI helps:

Possible to establish enforceable governance decisions within the processes of an organization.

Helps in demonstrating to the business what is working and what is not,

How those processes may be changed to create greater benefit to the business.

Briefly, we say the governance process is applied to the governed processes.

Example : - Operation metrics specifications daily basis for exerting control on the business processes.

An example: - daily average response time. For the developing organizations, code churn -- the frequency of changes in program source code -- would be an operational measure but without proper methods that would lead to improper decision making about companys growth.

7. Benefits to the Organization:

Process Improvement-monitored against historical data, creation of a viable, improvable process infrastructure, focus on defining and following its processes.

Quality products/Services-Quality products are a result of quality processes.

Value for Stakeholders-Quality products, predictable schedules, and effective measures to support management in making accurate and defensible forecasts.

Employer of Choice-Emphasizes training, both in disciplines and in process, Engg. Comfortable.

Enhanced Customer Satisfaction-Meeting cost and schedule targets with high-quality products.

Increase in market share- Improves estimation reducing variability to enable better & accurate bids. Meeting of quality goals.

Cost Savings-Historical data collected to support project estimation

8. Examples of CMMI impact-ROI

Accenture-5:1 ROI for quality activities.

Raytheon:Avoided $3.72M in costs due to better cost performance.

Siemens:2:1 ROI over 3 years with benefits amortized over less than 6 months.

Northrop Grumann:

13:1 for defects avoided per hour spent in training and defect prevention. $3.9 B Estimated 2003 Sales after CMMI 5 certification.

Northrop Grumman Mission Systems focused on the long-term culture change: -

• More data-driven decision making

• Identifying and meeting the customers needs

• Disciplined project management

• Improved engineering first-time quality to reduce re-work

• Efficient organizational infrastructure

• Use of industry best-practices

• Capturing of internal best-practices

9. Costs and Benefits of CMMI: 10. 11. CMMI and COBIT:

CMMI is the perfect complement to COBIT.

COBIT pinpoints the need for certain controls and CMMI puts them into place.

CMMI is very detailed and geared mostly to software development.

• Focuses on continuous improvement.

• Can be used for self-assessment.

12. COBIT and CMMI: contd..

COBIT Processes addressed by CMMI are

Plan and Organize (3 out of 10 C Objectives)

Acquire and Implement (3 out of 7 C Objectives)

Deliver and Support (4 out of 13 C Objectives)

Monitor and Evaluate (1 out of 4 C Objectives)

COBIT Relationship with CMMI Plan and Organize Provides better support for objectives with greater project focus such as requirements, risks, quality and project Management Acquire and Implement Provides excellent coverage for achieving and implementation objectives Delivery and Support Project Management processes can be translated to support management of service levels, third parties, capacity, problems and data Continuous operation and user support services are not well coveredMonitor Provides for monitoring functions at the project level. Does not involve audit controls at the organization level 13. 10 Threats to Sarbanes-Oxley Compliance ( * According to Deloitte) :

1.Lack of an enterprise-wide, executive-driven internal control management program

2. Lack of a formal enterprise risk management program

3. Inadequate controls associated with the recording of non-routine, complex, and unusual transactions

4. Ineffectively controlled post-merger integration

5. Lack of effective controls over the IT environment

6.Ineffective financial reporting and disclosure preparation process

7. Lack of formal controls over the financial closing processes

8. Lack of current, consistent, complete and documented accounting policies and procedures

9. Inability to evaluate and test controls over outsourced processes

10. Inadequate board and audit committee understanding of risk andControl

14. How CMMi helps in the aligning of business goals and IT goals:

WhereRM, PP, PMC, SAM, M&A, PPQA, OT, DAR, OID, CM, RD, TS, PI, Ver, Val, IPM, OPP, OID, CAR are the process areas of CMMi.

15. CMMI and ITIL:

Implementing CMMI and ITIL improves the Software Development Process and Software Quality and reduces the Cost Of Quality (COQ).

Time to market reduced and precision in estimation of effort and cost enhanced.

CMMi is the de facto quality standard for SDLC.

ITIL for many is the tool of choice for the operations and infrastructure side of IT

CMMI doesn't address IT operations issues (security, change and configuration management, capacity planning, troubleshooting and service desk functions). This is why ITIL is used.

16.

Digites case:

With their CMMI implementation, they also answered the questions regarding the scope of mapping between ITIL & CMMI practices.

Thus ,CMMI to ITIL is a obvious graduation.

CMMI and ITIL : A case CMMI processes areas ITIL processes that CMMI maps

Project Planning

Project Monitoring and Control

Integrated ProjectManagement

Measurement & Analysis

Configuration Management

Requirement Management/Development

Risk Management

Validation

Product Integration etc

Problem Management

Helpdesk

Incident Management

Change Management

Configuration Management

Service Level Management

Planning and Control

Contingency Planning

Security Management

17. Synergy b/w ITIL CMMi & 6 sigma: 18. CMMI Vs ISO 27000 CMMI ISO 27000

Organizations cannot be CMMI certified.

An organization is appraised and is awarded a 1-5 level rating.

(CMMI) is a process improvementapproach.

Covers practices for planning, engineering, and managing software development and maintenance

CMMI best practices are published in documents called models.

Each model address a different area of interest.

These key practices improve the ability of organizations to meet goals for cost, schedule, functionality, and product quality.

Adapted to each individual organization according to its business objectives.

Organizations can be ISO 27000 certified.

It is for a family of information security management standards.

In series of 27001 27000+.

Provides uniformity and consistency throughout the ISMS family.

Provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS.

19. Gap still prevails even after applying standards like CMMI

Process :

• Process inconsistency is the key driver of waste in development.

• CMMI do not address other sources of waste such as availability of right resources at right time and complexity of architecture.

Metrics :

• Focuses on measuring key performance indicators in development same as business measure productivity.

• Helpful in environments with mature and well documented frameworks.

• Do not measure the waste that may occur in early stages of development.

Technology :

• Technology used in development primarily focuses on automation such as code generation, documentation and version control.

• Does not address the fundamental behavioral and cultural aspects that are necessary to improve the productivity.

20.

THANK YOU