Software Risk Management for IT Execs CAST

  • View

  • Download

Embed Size (px)

Text of Software Risk Management for IT Execs CAST

  1. 1. S f r R s Ma a e n: ot e ik wa n g me tAP i r o I E e uie rme fr T x c t s v
  2. 2. Software Risk Management:A Primer for IT ExecutivesControlling the Structural Drivers of Business RiskFeaturing research from
  3. 3. Excerpt from:Predicts 2010: Agile and Cloud ImpactApplication Development Directions2 The following section is excerpted from Predicts 2010: Agile and CloudPredicts 2010: Agile and Cloud Impact Impact Application Development Directions. To view the full note, clickApplication Development Directionsanywhere in the section.4 Strategic Planning Assumption: Through 2015, the shift towardSoftware Risk Managementcloud architecture will create demand for new skills, practices andobjectives for software quality.6About CASTAnalysis By: Thomas MurphyKey Findings: Software quality is often a poor misnomer for thecurrent practice of risk management applied by most companieswhen it comes to practices and scheduling in software projects. Thefocus is not to drive quality, but to mitigate risk. While this is a viableapproach, it also goes together with a concept that quality equals theabsence of defects. Although this is theoretically true, the applicationis often too narrow to say that from this, quality software is delivered.The International Organization for Standardization (ISO) produced astandard (9126) that is generally ignored, because quality costs, andoften is not seen as providing a return on investment.However, as organizations seek to drive down maintenance costs andadapt to the shorter project life cycles found in agile practices, thereis a need to focus efforts on a broader quality definition. In addition,organizations will need to invest in additional tools and skills to dealwith increasingly complex distributed applications. Developmentframeworks may hide some of the complexity of creating theseapplications, but it wont help with the testing of applications.We are seeing strong growth now in tools that support a moreautomated test lab environment. This includes: Virtual lab management Virtualization of servicesApplication Structural Quality is the Key to Software Risk Management is published by CAST Inc. Editorial supplied by CAST Inc. is independent of Gartner analysis. All Gartner research is 2010 by Gartner, Inc. and/orits Affiliates. All rights reserved. All Gartner materials are used with Gartners permission and in no way does the use or publication of Gartner research indicate Gartners endorsement of Casts Software products and/or strategies. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartnerdisclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretationsthereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. 2
  4. 4. 3 Improved tools for test data management, including subsetting Market Implications: The shift first toward SOA, then to rich Internet and data maskingapplications has stressed the ability of testing tools to keep up with technology shifts, and for testing teams to keep up with the pace Integration into life cycle tools to improve traceability and of technology and application changes. The complexity of testing automation of workflow, and to close gaps in the common bugsscenarios requires vendors to also deliver a broader spectrum of that cannot be reproduced in tester/developer interaction tools. This is resulting in a number of new companies and products coming to market, and will also result in increased acquisition activityHowever, these are all just improvements to business as usual. as existing market leaders look to fill out their solutions.While ALM tools provide better accountability to requirements, qualitysoftware has a variety of attributes not directly connected to normalWhile many organizations will be attracted to the promise of reuserequirements, including: from SOA, success will be limited because of the lack of skills and structure to support reusable assets. Reuse requires a view toward Understandability governance, ownership and quality. CompletenessBecause software quality cant be tested at the end, organizations will need to look at facilities and practices that drive quality through Conciseness the development life cycle. This will include using practices from agile, such as TDD, and using tools that drive repeatable processes, such as Portability continuous integration (CI). This will also create a continued drive for the use of ALM solutions that provide integration across the life cycle. Consistency A great challenge will be dealing with development that happens Maintainability outside the traditional IT process. Simplified business process management (BPM) and mashup tools make it easy for business Testability analysts and end users to quickly assemble new solutions. However, this requires that the underlying components are stable, secure and Usability scalable. It also requires that organizations are consistent. These requirements will continue to drive the market for static analysis tools Reliability and service registries and repositories. Structure Recommendations: Develop testing practices and expertise in security, scalability and Efficiency automation. Security Drive practices that drive quality from start to finish on a project.This includes shoring up weak requirements practices.The ongoing promise of evolving Web application architectures is todeliver applications and services that are customizable by business Establish quality career path and standard definitions to setanalysts and end users. Just as many organizations have moved expectations and drive consistency.more than 50% of their development budgets into packagedimplementations, we believe that this trend will continue withincreased capabilities for non-developer-targeted development.However, companies that seek to utilize technology to drive business Source: Gartnerinnovation will evolve a more holistic view of software quality,because without it, they will not be able to support the ever-increasingmaintenance burden.3
  5. 5. Software Risk ManagementThe process by which IT business software isHowever, as Thomas Murphy points out in managing delivery risk alone only addressesbuilt and the resulting software product itself the excerpt above, software quality is oftena part of the problem. Its like addressing theare to some extent intertwined. Its tempting erroneously equated with mitigating risksymptoms of a disease rather than takingthen to think that when we have reliable, in practices and scheduling in softwareaim at curing its cause. To get to the rootrepeatable processes for building the projects. There is much more to software causes, we have to define, analyze, andsoftware product, the quality of the resultingrisk than that. The main, if not only, reason measure software product quality.product will be equally good. for building and maintaining applications isfor the business value they generate. With2. Three Kinds of Software ProductDespite that temptation, we have all knownthis in mind, lets distinguish three kinds ofQuality and the Importance of Structuralfirst hand that an application delivered on business risk from software applications. Qualitytime, on budget, and even on scope cannot Lets begin by distinguishing three basicachieve its business goals if it is slow, 1. Delivery Derailment Risk risks that add types of software product quality.behaves unpredictably, or compromises IT cost or stop business revenue due toprivacy. Moreover, a poorly built application delayed launch or cancellation. 1. Functional Quality a measure ofis expensive and slow to respond to what the software does versus what itsbusiness, further eroding present and 2. Business Case Risk risks that affect thesupposed to do.future business value. Nonetheless, mostquality of a delivered application; evendiscussions of managing software risk though the application works, it doesnt2. Non-Functional Quality a measure ofcontinue to equate the quality of the process work as well as it should. The number how well it does it versus how well itswith the quality of the resulting product.of successful transactions per unit timesupposed to do it.cannot be completed to fulfill the benefitsTo truly manage the business risk ofarticulated in the business case. 3. Structural Quality a measure of howapplications, we must move beyond the well it will continue to perform as it isquality of the process to the quality of the3. Business Opportunity Risk risks thatmeant to in the future.product itself. The main aim of this articlemake the application hard to maintainis to distinguish three kinds of software and change in the face of pressingWhen it comes to the quality of the softwareproduct quality: functional, non-functional,business demand. The resulting loss ofproduct, functional quality alone is notand structural quality and explain whyagility damages future business revenue.enough. If all that matters is having the rightstructural quality is essential for managingfunctionality, then every car that lines up onthe root drivers of IT costs and business Managing delivery derailment risk alone isthe NASCAR starting grid would win the race!risks in your mission-critical applications.insufficient for generating business value. But of course, winning the race takes moreStructural quality metrics enables us toReliable project management processes than satisfying the functional specification itunderstand, predict, and control the keyand the right functionality are nothing if thetakes superior performance in the real world.drivers of software cost