Upload
kory-shields
View
223
Download
0
Embed Size (px)
Citation preview
1
Standards Affecting IT
— ITIL and CMM
Aimee Labounty
Ziyong Li Yunlin Lu
2
Objectives and Structure
• Highlights to IT standards and regulations
• Several IT Standards (ISO,CoBIT,ITIL,CMM)
• ITIL(concepts,structure, benefits and drawbacks etc.)
• ITIL and HP case study
• CMM(overview, CMM maturity levels, its benefits and limitations etc.)
• CMM and Raytheon case study
• Conclusions
3
Highlights on IT standards----Process improvement is important
•“Business processes – from making a mousetrap to hiring a CEO – are being analyzed, standardized, and quality
checked.” (Davenport, 2005, pp. 100).
4
The Standish Group publishes findings from their Chaos surveys taken by government and commercial organizations. According to the Chaos 2004 Survey Results project failure has gone down 13% and project success has come up 13% while challenged projects stay the same when looking at 1994 compared to 2004.
Source: InfoQ website: http://www.infoq.com/articles/Interview-Johnson-Standish-CHAOS
5
Overall, the average percent of cost and time overrun have come down from 19
94 to 2004.
Charts from InfoQ.com website :http://www.infoq.com/articles/Interview-Johnson-Standish-CHAOS
6
Process improvement by IT standards can help
managers: • Meet their deadlines with processes that function correctly the first time. • Prevent last minute pinches• Decrease over budget projects, customer complaints, and rework due to quality failures.
“The quality of software, human resources, project management and many other areas of IT can be improved by applying regulations and standards.” (Source: Hartmann, 2006 )
7
ISO & CoBit
ISO(International Organization for Standardization)• www.iso.org• 157 countries• Geneva, Switzerland • 15,000 published standards• ISO 9000 and ISO 14000 families
8
ISO covers many sectors of the business world with over 15,000 published standards, enabling businesses to compete worldwide.
Chart source from:http://www.iso.org/iso/en/aboutiso/annualreports/pdf/chapter2.pdf
9
CoBIT
CoBIT(The Control Objectives for Information and related Technology )• Created by the IT Governance (ITGI) and Information Systems Audit and Con
trol Association (ISACA) in 1992 • www.isaca.org • First copyrighted in 1996 and is now in its 4th edition • “achieving recognition worldwide as the authoritative source on IT Governan
ce, IT Control Objectives, and IT Audit.” (Lainhart, 2000)• Used by CIOS, accounting agencies, governmental agencies, information syste
ms auditors, and others.
Sources: IT Goveranance Institute, 2005, COBIT 4.0 & Curtis, et al, 2000.
10
CoBIT• Aids businesses with four control areas:
• Its framework allows management to “bridge the gap between control requirements, technical issues and business risks.” (IT Governance Institute, 2005 )
Plan(Planning & O
ganization)
Correct(Monitoring)
Check(Delievery & Su
rpport)
Do(Acquistion & Implementation)
11
ITIL
• ITIL background
• Who uses ITIL?
• ITIL structure
• The core of ITIL
• Five success characteristics
• ITIL best practices
• Benefits & drawbacks
12
• ITIL(Information Technology Infrastructure Library )
• www.itil.org
• A series of documents which emerged in the 1980’s in British.
• Developed by the Central Computer and Telecommunications Agency(CCTA).
• Not widely adopted until the 1990’s.
“In 2001, version 2 of ITIL was released. The Service Support and Service Delivery books were redeveloped into more concise usable volumes.” (ITIL Central, 2006)
Sources: Worthen, 2005 & ITIL Central, 2006
ITIL background
13
Who uses ITIL?
• It has over 100,000 certified professionals and consultants.
• Europe, Australia and Canada
• More popular than before in USA(ITIL Survival,2006)
• Typical organizations in USA that are implementing ITIL:
Sources: ITIL Survival, 2006 & Ball, 2005
14
List taken directly from (Ball, 2005) http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_ITIL.pdf
Who uses ITIL?
15
Structure of ITIL
ITIL is an integrated set of best practice recommendations with common definitions and terminology used to assist organizations in developing a quality framework which is divided into a series of books, sometimes referred to as sets.
The structure of ITIL is represented in the following diagram showing each of the ITIL books:(source from (Lloyd, et al, 2002) http://www.tso.co.uk/pism/app/frames.htm )
Sources: Lloyd, et al, 2002 & Worthen, 2005
16
Structure of ITILPractice areas with the related processes are detailed in the following:(ITIL Central, 2006)
The structure of ITIL
Service Support Service DeliveryInfrastructure Management
Application Management
Business Perspective
Security Management
Change Management
Release Management
Problem Management
Incident Management
Configuration Management
Service Desk
IT Financial Management
IT Continuity Management
Capacity Management
Availability Management
Service Level Management
Design & Planning
Deployment
Operations
Technical Support
Managing BusinessValue
Aligning Business Strategy
With its Driver
Application ManagementLife Cycle
Organizing Roles & Functions
Control Methods &Techniques
Business RelationshipManagement
Supplier relationshipManagement
Liaison, Education &Communication
Planning, Review &Development
A process in itself Which includes
Subprocesses such As control, plan, ImplementationEvaluation andmaintenance
Sources: Ko, n.d., ITIL Central, 2006, & TeamQuest, 2006
17
The core of ITIL
Service Management’s primary objective is to ensure the IT services and business needs are aligned.
Service Support and Service Delivery are the two sections of Service Management.
Source: Lloyd, et al, 2002
18
The core of ITIL—Service support
Service Support’s goal is to ensure business needs are met cost effectively through continuous improvement of service while keeping up with the ever changing business demands. Source: (Lloyd, et al, 2002).
19
Service Delivery’s goal is the management of the services themselves and ensuring the services are provided as agreed upon . Source: (Lloyd, et al, 2002).
The core of ITIL—Service Delivery
20
Five Characteristics
There are five factors to help use ITIL successfully for its takers.
Public domain framework itSMF
Quality approach andstandards
De facto standardBest practice framework
Sources: Lloyd, et al, 2002 & itsmf.com
21
ITIL is publicly available. (11,700,000 )
The framework can be implemented by any organization.
Sources: Lloyd, et al, 2002 & itsmf.com
Public domain framework itSMF
Quality approach andstandards
De facto standardBest practice framework
Five Characteristics
22
Focuses on best practice framework that may be modified to fit the organization’s needs. o “The models show the goals, general activities, inputs and outputs of the various
processes, which can be incorporated within IT organizations.” (Lloyd, et al, 2002 )o Provides framework to structure existing methods and activities within an organization
Public domain framework itSMF
Quality approach andstandards
De facto standardBest practice framework
Five Characteristics
23
ITIL recognized as the De facto standard by the mid-1990’s. A common language is used between business personnel and the IT staff. This provides a communication link that does not exist at every organization. A road block can occur when the business personnel and the IT staff believe the other speaks a different language. ITIL provides terms that can help the divisions of the business communicate effectively.
Source : Lloyd, et al, 2002
Public domain framework itSMF
Quality approach andstandards
De facto standardBest practice framework
Five Characteristics
24
High quality services and cost are two important issues.
ITIL’s Service Delivery includes setting up service agreements and overseeing the details within to insure the agreement is met.
Source : Lloyd, et al, 2002
Public domain framework itSMF
Quality approach andstandards
De facto standardBest practice framework
Five Characteristics
25
itSMF (IT Service Management Forum) formed in 1991 has chapters in many countries. itSMF develops and promotes best practices in service management. It is a major influence on and contributor to standards. Members of the forum are able to communicate with peers to discuss issues, exchange ideas, and obtain information.
itSMF’s website in USA: itSMF’s website in USA: http://www.itsmfusa.org/mc/page.dohttp://www.itsmfusa.org/mc/page.do
Source : Lloyd, et al, 2002
Public domain framework itSMF
Quality approach andstandards
De facto standardBest practice framework
Five Characteristics
26
Benefits of ITIL
Cost savings are a big benefit of ITIL. “Gartner measurements show that the overall results of moving from no ad
option of IT Service Management to full adoption can reduce an organization’s Total Cost of Ownership by as much as 48%.”
“Procter and Gamble publicly attributes nearly $125 million in IT cost savings per year to the adoption of ITIL, constituting nearly 10% of their annual IT budget”, thus improve ROI of IT. ( ITIL Survival, 2006)
ITIL improves efficiency and extends business by improving process flow thus enhancing a company’s competitive capability.
“Shell Oil utilized ITIL best practices when they overhauled their global desktop PC consolidation project, encompassing 80,000 desktops. After this project was completed, they can now do software upgrades in less than 72 hours, potentially saving 6000 man-days working days and 5 million dollars.” (ITIL Survival, 2006)
Source: techrepublic.com, 2005
27
Benefits of ITIL
ITIL can improve internal and external customer satisfaction with the services and products provided by the company.
ITIL makes regulations consistent by establishing controllable standards that are customized to the company’s operations.
The coordinating function of ITIL plays a vital role for a company
For example, suppliers, customers, and internal staff are brought together using the common terminology of ITIL enabling the company to meet their business goals. At the same time stakeholders including customers, users, and outsourcers can be integrated into the company’s value chain by ITIL.
Source: techrepublic.com, 2005
28
Drawbacks of ITIL
ITIL does not detail how to implement the best practices. It simply states what businesses should do and leaves them to design their own processes based on the best practice principles.
“`You don’t implement ITIL,’ says Johnson, the member of the original ITIL team. ‘You use it to help create organizational change.’” (Worthen, 2005)
Change is hard for many employees.
Basically, employees fall into habits and when the process or procedure changes employees may not follow through. Some employees cannot adapt to the new processes and turnover may rise. (Worthen, 2005)
ITIL can become a long project. Interest and momentum may slow down as time goes by.
Source: Worthen, 2005
29
HP Case Study
• HP Backgrounds
• ITIL(ITSM) in HP
30
HP Backgrounds• HP (Hewlett-Packard; www.hp.com ) was incorporated in 1939. • Its headquarters are in Palo Alto, California.• HP,a Fortune 11 company, covers more than 170 countries around the world. • They had $86 billion in revenue, generating $7 million in organic growth for fiscal year 2005. HP had
gross profit of $20,256 million in 2005. Figure A: 10years HP stock chart
HP case study
source from: HP, 2006, Stock charts, http://h30261.www3.hp.com/phoenix.zhtml?c=71087&p=irol-stockchart&control_javaupperindicator=&control_javauf=&control_javatype=&control_javascale=&control_javanumberperiods=&control_javamovingaverage=&control_javalowerindicator2=&control_javalowerindicator1=&control_javachartfunctions=&control_javaapplet= =
31
HP case studyBackgrounds
Figure B: Annual financial report from 2003~2005 (source from www.hp.com)
32
Backgrounds• HP ’s customers:HP is a leading global provider of products, technologies, solutions and services to individua
l consumers, small and medium sized businesses (“SMBs”) and large enterprises. Their main customer groups :Consumers(handhelds, notebooks, printers, digital cameras and accessories),Small and medium-size businesses(specialized advice, technology and services through their Smart Office Portfolio ), Enterprise and public sector customers(help them manage and transform their IT systems and achieve greater agility, simplicity and value )( Source: HP Global Citizenship Report: Customers, 2006 )
HP case study
As we can see from the chart above, the revenue of services plays an important role in HP (18%+).
In 2005, HP shipped more than 50 million printers, 30 million PCs and 2 million industry-standard servers. (Source from: HP, 2005 annual report; http://library.corporate-ir.net/library/71/710/71087/items/188195/05ar-graphics.pdf))
33
Backgrounds
HP’s CIO & employees:In HP, there are more than 150,000 employees and 69,000 professionals. CIO should report to the CEO directly according to the following words.
HP case study
“…….if you think back to what I said we started with in 1999, I mean, we didn't even have a company CIO in 1999 - we had 87 of them. Yes, it has changed. It has become a more important job. It has become a direct reporting job. Three years ago, it wasn't a direct reporting job, even though we had a single CIO for the company. It's as critical a part of our business success and how we operate the business as a CFO, a business head, or anyone else. And that absolutely is different over the last several years.” Former CEO: Carly Fiorina: (HP, 2003, A conversation, http://www.hp.com/hpinfo/execteam/speeches/fiorina/forbes04.html?jumpid=reg_R1002_USEN )
source from HP, 2006 Global Citizenship Report, http://www.hp.com/hpinfo/globalcitizenship/gcreport/pdf/summary_data.pdf
34
Strength in numbers on IT “Complemented by a global network of partners, HP Services helps bolster your business
agility with an experienced team of more than 69,000 professionals that includes: 23,000 Microsoft specialists 18,000 UNIX specialists 4,500 Cisco specialists 3,000 Linux specialists 7,500 network & systems management specialists 5,000 storage specialists 6,300 OpenVMS engineers”
Source from: HP, About HP Services, http://h20247.www2.hp.com/services/cache/13424-0-0-98-121.html
HP case study
35
ITIL in HP• An active supporter of ITIL since 1995
• The first major corporate sponsor of the IT Service Management Forum in the United States.
• The first major vendor to adopt and the highest number of ITIL-certified consultants across the globe of the ITIL standard since 1996.
• HP built ITIL standards into HP OpenView software and ITSM enables organizations to improve IT at different levels- from problem management to change management to service level management. (www.itsmf.com)
HP case study
36
HP case study HP OpenView software
HP OpenView Service Desk is software based on ITIL standards. The software helps organizations “manage crucial support and service processes by implementing help desk, problem, change, configuration, and service level agreement (SLA) management into a single workflow.” (IDC, 2004, https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/HP_https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/HP_Service_Desk.pdf)Service_Desk.pdf)
“HP OpenView’s integrated service management solution covers all aspects of service management for all types of IT and service provider organizations. HP has brought HP OpenView Service Desk and the HP OpenView technology service management solutions to a level of integration that is unparalleled in the industry.”
In addition, the solutions leverage ITIL best practices. Features include:
A documented audit for ongoing monitoring of controls Automatic incident notification controls
Proactive problem identification and resolution controls Controls to collect, process and act
Investigative controls
Controls to quickly understand impacted services and determine incident root cause
Predefined application controls and documented procedures and instructions for actions
Controls to correlate performance metrics across layers of IT services
Controls to monitor and measure transactions running on the infrastructure
(HP, Approach to Sarbanes, https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5983-1462Ehttps://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5983-1462ENA1_lowres.pdfNA1_lowres.pdf))
37
HP OpenView softwareHP OpenView automates and reinforces the change management process so you have com
plete control over auditing. (Source from:http://www.itsmfusa.org/mc/page.do)
HP case study
38
Benefits from OpenView Service Desk. According to the IDC report the surveyed companies with employee ranges
of 28 to 140,000 reported the following results after deploying HP OpenView
Service Desk. The survey asked questions about cost and processes before
and after using the HP software. (Source: IDC, 2004)
“IT productivity increased by an average 14%.
The average cost savings over three years of almost $4.2 million annually. When normalized for company size, these savings amounted to $17,235 per use.(see the following figure)
An average of 75.5% less staff time to identify and fix problem.
An average 20% reduction in the staff time for service level management and a 20.8% reduction for managing the internet/transactional customer experience.
Reducing IT staff by an average of 7.5% over three years.
ROI increased 411% according to ROI analysis for deploying HP OpenView Service Desk(see table)”
HP case study
39
HP case study
Figure:Average Annual Savings per 100 users from Deploying HP OpenView Service Desk
Table :ROI analysis for deploying HP OpenView Service Desk
Source from: (IDC, 2004, https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/HP_Service_Desk.pdf))
40
ITSM enables HP to meet changing business initiatives, and it also provides:
The ability to reach lowest cost ownership
a common understanding of technology and its lifecycle
a process-based IT value chain
the basis for enterprise-wide, best-in-class, and quality management
guidance for organizational improvement
the ability to create a sourcing portfolio with clients and suppliers
rapid integration of acquired infrastructure (HP, 2004, Castles in the sand, ,
https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5982-8763EN_lowres.pdf)
HP case studyITSM in HP
“ITSM is a business-driven approach to IT management that specifically addresses the strategic business value generated by IT organizations and the need to deliver superior IT service. HP’s approach to ITSM is based on industry
best practices of the IT Infrastructure Library (ITIL) and is designed to address the people, processes and technology issues that all IT organizations face.”
HP, 2006, ISTM Curriculum, http://www-europe.hp.com/educeu/itsm.htmhttp://www-europe.hp.com/educeu/itsm.html)l)
41
Who cares about ITSM?
“CEOs who are driving business initiatives that require IT support
COOs and CFOs who are interested in increasing ROI and reducing the cost in IT
CIOs who need to adopt to business change and prove IT’s business value
Business unit managers who depend on IT performance for revenues and results”(HP, 2004, Castles in the sand, https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5982-8763EN_lowres.pdf)
HP case study
ITSM
CEOs
COOs & CFOs
CIOs
BUSINESS UNIT MANAGERS
42
HP case study
HP “realized ITIL is the building block for ITSM framework and architecture, and beyond that, it’s a map for how to operate as an Adaptive Enterprise.” ITIL processes offered the proven, best-practice standards HP desired, so they put them into a linked model. The reference model below provided a picture for HP.
Source from (HP, 2004, Castles in the sand, https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5982-8763EN_lowres.pdf))
Voice from:Mike Bentley,the Audit and Compliance manager for HP Americas. Mr. Bentley has over 25 years of progressive security, operational risk management, audit, regulatory management and consulting experience in the financial sector, specializing in information technology, and electronic banking. Source from: http://www.accelacast.com/webcasts/hpsox_gain/
43
• Comments on ITSM reference:The HP ITSM reference model is based on the premise that IT should be run “like a business” rather than merely running IT “within a business”. For this reason, the HP model includes processes to ensure IT-business alignment. The model combines the best experience offerings of both ITIL and industry experience. (Source: HP's Approch to Sarbanes-Oxley, 2005)
HP case study
Source from: HP Business Blueprint, HP IT service management solutions for better control and lower costs. tp://h20229.www2.hp.com/solutions/itsm/itsm_bb.pdf
• HP’s ongoing results from ITSM:
“Improve IT management by 50%
Cut service and storage costs in half[1]
Achieve 82% higher productivity in operations1
Provide market-beating total customer experience (HP is #1 world worldwide in outsourcing.)
Provide ultra- high-availability solutions
Notes:[1] Compared to reference group, 2001, compass study
Source from (HP, 2004, Castles in the sand, https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5982-8763EN_lowres.pdf
44
Conclusions from HP case study:
• ITIL does not give instructions for application, it only gives guidance through best practices.
• ITIL is a long time process, but setting small achievable goals will help keep interest at a high level.
• ITIL aligns IT with business and runs IT as a business thus cater for CEO’s needs.
• ITIL should take more time to train the employees and develop change management.
• ITIL is a best tool for CIO to use to meet the goals of the organization
HP case study
45
CMM
•Overview of CMM
•History of CMM
•CMM Maturity Levels
•Maturity Profile
•Adopters Worldwide
•Promised Benefits of CMM
•Limitations of CMM & Appraisals
46
CMM is
• A structured approach to process improvement. “A process model is a structured collection of practices that describes the characteristics of effectiv
e processes; the practices included are those proven by experience to be effective.” (Carnegie, 200
6, slide 10).
• Guidance for what organizations should do to improve processes. CMM is not only for large organizations. Small organizations can benefit from the model also. T
he use of CMM by small organizations has increased 54% from 1999 to 2003 according to the SEI. (Guerrero & Eterovic, 2004) (Wall et al, 2005).
• CMM was originally developed for the area of software development and is now being used as a model of maturity processes for many different areas of a business. (Carnegie, 2006).
The Capability Maturity Model for Software (SW-CMM)
Systems Engineering Capability Maturity Model (SE-CMM)
Integrated Product Development Capability Maturity Model (IPD-CMM)
Overview of CMM
CMM CMMI
47
History of CMM
1986 1989 1992 1995 1998 2001 2003 2004
1993 SW-CMM v1.1, relea
sed
1989 CMM first published as “Managing the Software Proces
s”1986 CMM development began
1987 Questionnaire released to help define best software practices within a com
pany
2006 CMMI v1.2, released
1991 SW-CMM 1.0, released, SEI added group of lead appraisers, trained and authorized, to verify that companies were actually doin
g as they said
2000 CMMI v1.02, released
2003 Updates for CMM halted by SE
I
1997 SW-CMM revisions halted in support for CMMI
2002 CMMI v1.1, release
d
Capability Maturity Model Integration (CMMI) is used for many disciplines by integrating many different models. Created by members of industry, government, and SEI; CMMI includes the process of CMM and “takes into consideration other key factors critical to the development of quality software, such as standards for measuring risk and selecting vendors.” (King, Sidebar, 2003).
Timeline adapted from (Wikipedia, CMM, 2006, pp. 4) (King, Sidebar, 2003) (Gainer, 1998) (Kock, 2004).
48
CMM Maturity Levels
CMM has a hierarchy of five levels referred to as maturity levels. There are Key Process Areas (KPAs) within each level of maturity. The organization is rated based on the KPAs. Mastering the key process area of each level enables the organization to move up among the levels. Each level of KPAs requires the definition of processes, recording of results, and evidence of achieving that KPA. (Dangle, et al, 2005).
“Predictability, effectiveness, and control of an organization’s software processes are believed to improve as the organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief.” according to the SEI.
The following chart details each level by key process areas the organization must achieve to reach the level, characteristics of the level, and estimated time to move from one maturity level to the next.
Chart adapted from information in (Dangle, 2005) (Gainer, 1998) (Wikipedia, 2006) (SEI, 2006)
49
Maturity KPAs must achieve to claim level Characteristics typical of levelMonths to move to next
levelLevel 5 All of the KPAs below plus Organization considered matureOptimized Defect Prevention Software processes fully defined & communicatedContinuously Technology Change Management to employees improving Process Change Management Usually achieve expectations in relation to estimated
costs, time, and functionality of softwareFocus on continuous process improvement
Level 4 All of the KPAs below plus Formalize process for collection and analysis of Managed Quantitative Process Management statisticsPredicatable Software Quality Management Processes are understood 13
Concerned with finding reasons for any variations from standardized processCapable of finding ways to adapt process without deviating too far from standardized processPerformance is predictable
Level 3 All of the KPAs below plus Technical quality and content reviewed by peersDefined Organization Process Focus Quality control activities defined and practiced such as 25Standard Organization Process Definition walkthroughs, and formal testingConsistent Training Program Use of measurement data to control quality such as
Integrated Software Management defect levels & productivitySoftware Product Engineering Consistency established by using defined, Intergroup Coordination documented & standardized processesPeer Reveiws
Level 2 Requirements Management Track cost, schedule, and functionality of projects 20Repeatable Software Project Planning Processes used over again to repeat past successDisciplined Software Project Tracking & Oversight Risk of over budget and beyond schedule still an issue
Software Subcontract ManagementSoftware Quality ManagementSoftware Configuration Management
Level 1 None of the KPAs are accomplished Chaotic environmentInitial Processes, if in existence, are not defined 19
Processes are improvisedProjects often over budget and schedule“Project success depends on individual heroics and more often than not, sheer good fortune. But when the heroes leave the organization, their history of success leaves with them.” (Gainer, 1998, pp. 1).
50
The 1994 chart shows the maturity profile of organizations assessed and reported to SEI from 1992 through December 1993 based on
• 156 organizations• 58 participating companies• 685 projects• 16.0% offshore organizationsThe 2005 chart shows the maturity profiles from 2001 through December 2005 from appraisals conducted and reported to the SEI based on
• 1,804 organizations• 996 participating companies• 8,897 projects• 66.6% Non US organizations
CMM Maturity Profile
5.70%
71.20%
39.60%
18.60%
37.40%
9.60%7.60%
0%9.80%
0.60%0.00%
10.00%
20.00%30.00%
40.00%50.00%60.00%
70.00%80.00%
Initial Repeatable Defined Managed Optimizing
1994 compared to 2006 Maturity Levels
2005
1994
It is interesting to look at the differences in the maturity profiles from 1994 to 2006. The number of participating organizations has increased significantly from the 1994 to the 2006 report by 1,648 organizations. The number of projects has also increased significantly by 8,212 projects involved in the profile.
A maturity profile shows how an improvement process such as CMM(since 1994) or CMMI(in 2003) is “being adopted worldwide based on appraisal results reported by SEI-authorized Lead Appraisers.” (SEI, FAQ, pp. 2).
Adapted from the 1994 and 2005 Maturity Profile by All Reporting Organizations charts located at the SEI website. 1994 chart http://www.sei.cmu.edu/appraisal-program/profile/pdf/SW-CMM/1994apr.pdf. . 2005 chart http://www.sei.cmu.edu/appraisal-program/profile/pdf/SW-CMM/2006marSwCMM.pdf
51
CMM Adopters Word-wide
Maturity Level by Country
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
Austra
ilia
Brazil
Canad
aChi
le
China
Franc
e
Ger
man
yIn
dia
Italy
Japa
n
Korea
, Repu
blic o
f
Mex
ico
Nethe
rland
s
Singa
pore
Spain
Thaila
nd
Unite
d Kin
gdom
Unite
d Sta
tes
Level 5 Level 4 Level 3 Level 2 Level 1
Chart adapted from SEI website Interactive Maturity Profile by All Report Organizations September 2005 Release. https://seir.sei.cmu.edu/seir/domains/CMMspi/Benefit/imp/frmset.Prof_All.asp?REL=IMPSEP05&VER=September&YR=2005.. Results based on 18 countries and 1,528 organizations based on most recent appraisal of organizations reporting a maturity level rating.
52
CMM Adopters Word-wide
Source from:September 2005 Release at http://seir.sei.cmu.edu/seir/domains/CMMspi/Benefit/imp/body.enlarge.asp?ID=./latest_profile_images/TheWorld&VER=September&YR=2005
53
• CMM can save money.
Promised Benefits of CMM
The chart shows the five CMM levels along with the related hypothetical costs along the side. Level 1 has quality costs around 60% while level five’s costs are around 20%. The cost of quality should go down as the company matures toward level 5. (Eickelmann, 2004)
Source from:Eickelmann, 2004, http://www.umsl.edu:2263/iel5/52/29063/01309639.pdf?isnumber=29063&prod=JNL&arnumber=1309639&arSt=+12&ared=+13&arAuthor=Eickelmann%2C+N. .
• CMM can be combined with other models such as the ISO 9001 standard, ITIL, Six Sigma, and various others.
• Improves software product quality and the predictability of quality in future products. (Gainer, 1998)
54
• Helps organizations catch defects before they are too far along. Saves money as rework is less expensive and less time consuming the earlier it is caught. (Smith, 1998)
• Improves cost and productivity levels (Paulk, et al, 1993)• Improves cycle time (time to market or time to release software), on time delivery,
accuracy of estimations, and the morale of the staff (Eickelmann, 2003)• Allows organization to assess processes and see where improvements can be made
(Wall et al, 2005) (Smith, 1998)• Allows organizations to measure the capability of software subcontractors to provi
de products with acceptable functionality, on time, and within budget.• Based on small steps instead of large leaps with many changes all at once. (Wall e
t al, 2005)• Allows many countries to compete in the world market on even ground. (Wikipedi
a, CMM, 2006)• Enables organizations to develop repeatable processes that can be reused. The poi
nt of processes is “Basically, so we don’t reinvent the wheel.” (Dewar, n.d.)
Promised Benefits of CMM
55
Limitations of CMM & Appraisals
Accuracy of CMM levels
•The SEI does not report information on organizations’ appraisals without their permission nor do they have information on every organization using CMM. Therefore, the results of the available information are based on companies that volunteer their CMM information to be published. This may not give a completely accurate picture of organizations using CMM.
•Organizations assessed at a level 3 may fall back to a level 1, but one may never know this. The SEI is not responsible for ensuring organizations are compliant. (Wikipedia, 2006).
•May be based on organization’s self assessment. Not all organizations are honest.
•Level achieved may apply to one project and not entire organization
•SEI does not release information about organization’s assessment level nor will they verify it
Sources: Wikipedia, CMM, 2006 & www.sei.cmu.edu
56
Focus of organization
• CMM may cause the organization to focus on “perfectly completed forms rather than application development, client needs or the marketplace.” (Wikipedia, CMM, 2006, pp. 11).
• The process and forms of CMM may cause the business to put the project deadline before the importance of quality and functionality.
Organization may place process over substance (Wikipedia, CMM, 2006)
Limitations of CMM & Appraisals
57
Different levels of companies
Having standardized processes can help keep costs down, but there may not be much of an advantage for a company at a CMM level 2 to hire a software company at a CMM level 5. The client company “doesn’t have the internal discipline to take advantage of the Level 5 provider’s standardized routines.” They will pay a higher price and not be able to take advantage of all the provider can offer them. “It’s like being a car salesman in Alaska touting a car’s great air conditioning. It may be great, but you can’t take advantage of it,” says Bill Peterson, program director for software engineering process management at the SEI. (King, Pros & Cons, 2003).
Initial funds
It may be hard for small companies to obtain a CMM level assessment due to costs. “The expense of building a really robust, repeatable software development process with project and metric tracking is many times the cost of a CMM assessment (which alone costs about $100,000). (Koch, 2004).
Limitations of CMM & Appraisals
58
Dishonest appraisers
Appraisers may sell their assessment rating to the company they are appraising. There is not an easy way to determine this is happening. (Koch, 2004)
Internal appraisers
Businesses can appraise themselves by using an inside appraiser. The inside appraiser will have more riding on the decision and be under more pressure to assess the company at a higher level than an outside one. Asking the questions below will aid in determining how honest the company is about their rating and whether or not to use the company. (Koch, 2004).
Limitations of CMM & Appraisals
59
CIOs can ask questions to help determine if the company is exaggerating their CMM rating or if they are truly using the model as intended, for continuous improvement. Among the questions are :
• Who was the appraiser and how many assessments of this level has he/she completed? • What part of the company was tested? Only one segment may have been assessed and the company is claiming t
heir maturity level for the whole company. • How long ago was the assessment completed? If the assessment was years ago it is of little use as things change
rapidly. • Where is the evidence of continuous improvement? Make the company provide documentation detailing its imp
rovement history such as improvements in customer delivery time, defects, and productivity. • Was the appraiser from inside or outside of the company? Inside appraiser will not be as objective to those from
the outside. • Where are the reports? The assessor will provide documentation to the company such as the Final Findings Rep
ort which discusses the strengths and weaknesses of the company. (Koch, 2004).
Limitations of CMM & Appraisals
60
• Company overview
• Raytheon Electonics Systems (RES)
• Raytheon Electonics Centric Systems (RECS)
• Best Practices
CMM case study--Raytheon Electonics Systems (RES) Software Engineering Laboratory
61
Company overview Raytheon Company• An industry leader in defense and government electronics, space, information technolog
y, technical services, and business aviation and special mission aircraft.
• An international, high technology company.
• Its Business divisions including:
Integrated Defense (U.S. Missile Defense Agency, the U.S. Armed Forces and the Department of Homeland Security. Intelligence and Information Systems (IIS) delivers proven intelligence and information solutions to customers in four
primary markets: Intelligence, Surveillance and Reconnaissance, DoD and Civil Space Systems, Federal IT, and Homeland Security.
Network Centric Systems (NCS) has been developing optical phased-arrays (OPAs) over the past 20 years. These optical components enable computer-programmable, all-electronic steering and focusing of laser beams – with no moving parts. Raytheon is using this technology to leverage its development of advanced laser communications systems.”
The world leader in design, development and production of missile systems. Missile Systems designs, develops, and produces missile systems for critical requirements, including air-to-air, strike, surface Navy air defense, land combat missiles, guided projectiles, exoatmospheric kill vehicles, and directed energy weapons.
Providing critical technical services and innovative solutions RTSC provides technical, scientific and professional services for defense, federal and commercial customers on all seven continents. (Raytheon, 2006).
62 Source from:Raytheon http://media.corporate-ir.net/media_files/irol/84/84193/corporate_overview_0806.pdf
Company overview
63
Raytheon CIO---Rebecca R. Rhoads
“ ….chief information officer of Raytheon Company, is “responsible for developing and implementing companywide information systems and policies, as well as overseeing the technical direction the company is pursuing in the area of information technologies and systems.”
(Raytheon, http://www.raytheon.com/newsroom/stellent/groups/public/documents/legacy_site/cms01_047247.pdf
Company overview
Source from:Raytheon http://media.corporate-ir.net/media_files/irol/84/84193/corporate_overview_0806.pdf
64
The processes of developing RES• Raytheon Electronics Systems (RES), a division of Raytheon Company focuses on commercial
and defense electronics; such as air traffic control, vessel traffic management and transportation systems, digital communications systems, ground-based and shipboard radar systems, satellite communications systems, undersea warfare systems, command control systems, and combat training systems. RES also has missile product lines including the PATRIOT missile deployed in the Gulf War. (Haley, 1995).
• Software Systems Laboratory (SSL) & Software Engineering Laboratory (SEL).
• SEL began the software process development by following the Capability Maturity Model which left them sitting at a Level 1 in 1987
Raythoen Electonics Systems (RES)
65
The processes of developing RES• In 1988 they officially started what they called the Software Engineering Initiative based
partly on CMM.
Raytheon spends around $1 million per year on this. Raytheon chose CMM because “it made sense and customers supported this approach.” They feel the most important effect of the software process development is the predictability of the process, which in turn leads to project completion within acceptable delivery times and at acceptable operation levels. (Haley, 1995).
• Support and commitment were important to the success of the improvement process.
• SEL addressed cultural issues and made a part of the line managers job to spend time on process improvement." (Source: Haley 1995 )
• SEL used peer-review inspections to find defect early and avoid more expensive rework at later stages during defining requirements of the software process .
• SEL’s approach was implemented as an automated system to track project details such as manpower, defects, root cause analysis, and feedback to help future projects
Raythoen Electonics Systems (RES)
66
Raytheon’s software process improvement strategies are detailed in the following table. Raythoen Electonics Systems (RES)
Strategy Method Technique
Infrastructure
Policy and Procedures Working Group
Software Engineering Policy ,Software Engineering Practices Detailed Procedures and Guidelines
Training Working GroupTrain Everyone ,Training During Work Hours Overview and Detailed Courses
Tools and Methods Working Group
Tool Selection and Evaluation ,Commercial-Off-The-Shelf (COTS) ,Rapid Pathfinding Tool Laboratory
Process Database Working GroupSoftware Engineering Processes ,Project and Project Kickoff Data Software Quality Data
MeasurementData Measurement Definitions Process, Project, and Product Metrics
Data Analysis Earned Value Management
Focus PointsProduct Improvement
System and Requirements Definition ,Software Inspection Process Integration and Qualification Testing
Process Improvement Software Development Planning ,Training ,Pathfinding
Metrics Focus
Product Quality Defense Density Metrics
Cost of Quality Appraisal to Failure Ratios
Predictability and Productivity Cost Performance Indices and Coding
Source from:Rico, 2000, http://www.dacs.dtic.mil/techs/RICO/2-3haley.shtml
67
These areas are necessarily assessed when Raytheon measure the impact of the Software Engineering Initiative:
Raythoen Electonics Systems (RES)
•Cost of quality – the cost incurred because it was not done right the first time. Two years prior to the Initiative rework costs averaged about 41% of project costs. In the next two years this had dropped to 20%. The initial assessment was based on six projects because these projects were using 80-90% of the software engineers. •Software productivity – data was collected from 24 individual projects and productivity was calculated by using staff size as the weighing function. Software development productivity increased by a factor of 170% from 1988 to 1994. •Cost performance index – data was collected on the budgeted cost and the actual cost of the project. Prior to the start of the initiative project ran over about 40% compared to the +/- 3% range in 1991 and through 1995. CAC/Budget% is the Completion Actual Cost. The line represents the percentage over or under the budgeted cost.
From: Haley, 1995, http://www.sei.cmu.edu/pub/documents/95.reports/pdf/tr017.95.pdf
68
• Overall product quality – Defect density in the final product is used to assess overall product quality. This is measured by the “number of software trouble reports (STRs) per thousand lines of delivered source code (STRs/KDSI) on an individual project basis.” The data collected shows an initial average of 17.2 STRs/KDSI compared to the improved level of 4.0 STRs/KDSI.
From: Haley, 1995, http://www.sei.cmu.edu/pub/documents/95.reports/pdf/tr017.95.pdf • Benefit to other organizations – training materials are shared with other division and with Raytheon custo
mers, including the Air Force Electronic Systems Center’s PRISM program and the FAA. They have shared their experience with “the software community and SEI affiliates in a number of forums, including advisory boards, workshops, briefings, and correspondence groups. (Source: Haley, 1995)
• Benefits to personnel – Raytheon hopes that less tangible benefits are also realized in the area of personnel, such as job satisfaction and career enhancement.
Raythoen Electonics Systems (RES)
69
Over the course of the CMM improvement process in Raythoen
“rework involved in building software has undergone a reduction of about 40% of the development cost to about 10%,
productivity of the development staff has increased by a factor of almost 170%
predictability of their development budget and schedule have been reduced to a range of +/- 3% from 40% overrun
CMM level 3 was reached in 1991 CMM level 4 was reached in 1995 Raytheon is working towards reaching level 5”(Haley, 1995).
Raythoen Electonics Systems (RES)
70
Raytheon credits their success to: • The software manager committed more than just funding, the manager was “the focal
point and actively drove the effort.”
• General managers become active sponsors by committing funding and requiring all business areas to adhere to the process
• “Process improvements clearly and continually demonstrated business benefits to projects”
• The corporate culture of Raytheon was taken into consideration as part of the process improvement
• The initiative was run through the ranks of the organization. Line engineers and task managers did the majority of the work and thus felt a sense of ownership. They did not feel as if this was forced upon them, because they were a part of it.
• Raytheon realizes their Software Engineering Initiative will continue to grow and change as the software industry changes. (Haley, 1995).
Raythoen Electonics Systems (RES)
71
Raytheon Network Centric Systems(NCS), McKinney, Texas
• Network Centric Systems (NCS) is another example to identify that Raytheon Company did not stop with the SEL process improvement.They have since been assessed at many divisions at various CMM levels.
• Network Centric Systems (NCS) develops and produces mission solutions for networking, command and control, battlespace awareness, and air traffic management.
• NCS began working on CMM process improvement in 1989. The company achieved level 2 in 1992, level 3 in 1994, and level 4 in 2001. NCS was the first division of Raytheon and the fifth organization in the world to be assessed at CMMI level 5 in 2003.
• NCS uses CMMI to characterize the organizational performance in terms of goals and opportunities of improvement. Change management was an important factor in achieving level 5. Continuous improvement is a characteristic of level 5. (Freed, 2004) (Gibson, 2006)
• Cost performance index (CPI) and schedule performance index (SPI) are two main measures for NCS to measure cost and schedule objectives. Measurable results between June 2001 at CMM level 4 and September 2003 at CMMI Level 5.
Improved CPI (cost) by 5%
Improved SPI (schedule) by 8%
Defect density improved 44% Achieved an overall ROI of 3:1 from organization improvements reducing costs (Freed, 200
4)
72
Best Practices • Management Commitment and Guidance --Management must be behind CMM for it to truly be successful. --Raytheon management supports the CMM process improvement.• Training --Employees should be fully trained not only on the processes they are responsible fo
r, but they should be aware of all of the processes used by others also. --Working groups were developed at Raytheon including a training working group.• Employee involvement --The employees involved in the processes should be involved in the improvement pla
n. --Raytheon employees were very involved in the improvement process. • Communication --Feedback is important. --Communication of the change and using CMM is very important --Raytheon managers were kept informed of the improvement process developments,
especially those that directly affected their areas. This reinforced support and commitment.
Sources: Hardgrave, 2004, Guerrero, & Eterovic, 2004, Dangle, et al, 2005, & Wall et al, 2005
73
• Little steps, not giant leaps Little steps, not giant leaps --Take the process improvement one step at a time. (Hardgave, 2004) (Dangle, et al, 2
005). --Raytheon started on the CMM improvement process in 1987. They did not reach l
evel 4 until eight years later in 1995. The project was broken into stages and processes were developed for each level’s success.
• Measurements --Measures of quality, estimated delivery dates, estimated costs, customer satisfactio
n and such should be taken at the beginning to allow comparisons as the organization moves among the levels. (Guerrero, & Eterovic, 2004) (Hardgrave, 2004).
--Raytheon used several different measurements to show their progress such as rework reduction, productivity levels, predictability of budget and schedule, and ROI.
• Be aware of the organization’s culture --The culture of the organization is very important as it can affect compliance of C
MM. ( Guerrero, & Eterovic, 2004) (Ngwenyama & Nielse, 2003). --Raytheon was aware of their culture.
Best Practices
74
Conclusions
1. Standards and regulations can bring many benefits to users. They should be customized by the adapter and follower to bring profits, if not; the adapter may pay high costs. (Dangle, et al, 2005) (Hardgrave, 2005)
• 2. ITIL is a set of best practices applied to business processes. CMM is a maturity model used to improve processes. “CMM focuses more on what an organization should implement to mature, while ITIL focuses more on the how of IT service processes.” (Clerc & Niessink, 2004).
• 3. ITIL and CMM compliment each other throughout the ITIL processes and CMM key process areas. The two structures can be used together to focus on IT service management. (Clerc & Niessink, 2004)
• 4. Each standard and regulations should be taken as its intrinsic rule except for its similarities. For example(see figure)
Source from: http://www3.ca.com/Files/Presentations/impact_of_itil_pres.pdf
75
• 5.The CIO should ensure all IT activities focus on customer service and IT service quality no matter what standards are in place.
• “Software process improvement is a journey, not a destination.” (Hardgrave, 2005). Continuous improvement is necessary. Learning from their own mistakes will make a company stronger. Each issue that comes along is a chance for an organization to reflect, learn, and improve.
Voice from:French Caldwell, vice president in Gartner Research, where he focuses on the k
nowledge management practice. His research includes analysis of knowledge management services and technologies, user strategies and performance support, public technology policy and government strategies.
Source from:http://www.accelacast.com/webcasts/hpsox_gain/
76
77
QuestionsQuestions??
79
• • Ball, Eugene S, PhD, ITIL Certified Service Manager. (2005). ITIL: What it is and Why You • Should Care. Global Knowledge Network. Retrieved October 29, 2006, from http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_ITIL.pdf. • • Bowers, Pam. (2001). Raytheon Stands Firm on Benefits of Process Improvement . Crosstalk, • March 2001 Issue. Retrieved October 26, 2006, from http://www.stsc.hill.af.mil/crosstalk/2001/03/bowers.html. • • Carnegie Mellon University. (2006). Capability Maturity Model Integration (CMMI) Version 1.2 • Overview. Retrieved October 14, 2006, from http://www.sei.cmu.edu/cmmi/adoption/pdf/cmmi-overview06.pdf. • • Clark, Joseph, Mark Tasky, & Robert Stroud. (2005). The Impact of ITIL. ITSM: A Best • Practices Framework for Government Agencies . Retrieved November 2, 2006, from http://www3.ca.com/Files/Presentations/impact_of_ itil_pres.pdf.• • Clerc, Viktor & Frank Niessink. (2004). IT Service CMM, a pocket guide . Van Haren • Publishing. Retrieved October 28, 2006, from https://outlook.umsl.edu/exchange/alr2f/Inbox/%E7%AD%94%E5%A4%8D:%20Group%20Project-19.EML/www. itgovernance.co.uk.pdf/C58EA28C-18C0-4a97-9AF2-036E93DDAFB3/www. itgovernance.co.uk.pdf?attach=1. • • Curtis, Mary B., Fredrick H. Wu, & James L. Craig Jr. (2000). The Components of a • Comprehensive Framework of Internal Control. CPA Journal, Mar2000, Vol. 70, Issue 3, pp. 64. Retrieved November 4, 2006, from http://www.umsl.edu:3417/ehost/detail?vid=46&hid=14&sid=41f75afc-bf0a-43c9-925a-99d5864ca4b0%40sessionmgr7 . • • Dangle, Kathleen Coleman, Patricia Larsen, Michele Shaw, & Marvin V. Zelkowitz. (2005). • Software Process Improvement in Small Organizations: A Case Study . IEEE Software, Volume 22, Issue 6, pp. 68-75. Retrieved October 3, 2006, from http://www.umsl.edu:2263/iel5/52/32609/01524917. pdf?isnumber=32609&prod=JNL&arnumber=1524917&arSt=+68&ared=+75&arAuthor=Dangle%2C+K.C.%3B+Larsen%2C+P.%3B+Shaw%2C+M.%3B+ Zelkowitz%2C+M.V. • • Davenport, Thomas H. (2005 June). The Coming of Commoditization of Processes. Harvard • Business Review, 83(6), pp. 100-108.• • Dewar, Dr. Rick. (n.d.) Software Process Improvement Models: Capability Maturity Model • (CMM). Retrieved October 23, 2006, from http://www.cee.hw.ac.uk/~lachlan/ismlectures/powerpoint/cmm1.ppt. • • Eickelman, Nancy. (2003). An Insider’s View of CMM Level 5. IEEE Software, Volume 20, • Issue 4, pp. 79-81 . Retrieved October 3, 2006, from http://www.umsl.edu:2263/iel5/52/27180/01207461. pdf?isnumber=27180&prod=JNL&arnumber=1207461&arSt=+79&ared=+81&arAuthor=Eickelman%2C+N.• • Eickelmann, Nancy. (2004). Measuring Maturity Goes beyond Process . IEEE Software, Volume • 21, Issue 4. Retrieved October 2, 2006, from http://www.umsl.edu:2263/iel5/52/29063/01309639. pdf?isnumber=29063&prod=JNL&arnumber=1309639&arSt=+12&ared=+13&arAuthor=Eickelmann%2C+N.• • Freed, Donna. (2004). CMMI Level 5: Return on Investment for Raytheon N TX . Retrieved • October 23, 2006, from http://www.sei.cmu.edu/activities/cmmi/results/pdfs/2004-CMMI-006.pdf. • • Gainer, Jeff. (1998). Process Improvement: The Capability Maturity Model . Retrieved October • 1, 2006, from http://www.itmweb.com/f051098.htm. • • Gibson, Diane L.; Dennis R. Goldenson, & Keith Kost. (2006). Performance Results of CMMI • Based Processes Improvement . Retrieved October 23, 2006, from http://www.sei.cmu.edu/publications/documents/06.reports/06tr004.html . • • Guerrero, Felipe & Yadran Eterovic. (2004). Adopting the SW-CMM in a Small IT • Organization. IEEE Software, Volume 21, Issue 4 . Retrieved October 2, 2006, from http://www.umsl.edu:2263/iel5/52/29063/01309644. pdf?isnumber=29063&prod=JNL&arnumber=1309644&arSt=+29&ared=+35&arAuthor=Guerrero%2C+F.%3B+Eterovic%2C+Y .• • Haley, Tom, Blake, Ireland, Ed Wojtaszek, Dan Nash, and Ray Dio. (1995). Raytheon • Electronics Systems Experience in Software Process Improvement. Technical Report . Retrieved October 22, 2006, from http://www.sei.cmu.edu/pub/documents/95.reports/pdf/tr017.95.pdf.• • Hardgrave, Bill C. (2005). Software Process Improvement: It’s a Journey, Not a Destination. • Communications of the ACM, Volume 48, Issue 11, pp. 93-96 . Retrieved October 3, 2006, from http://www.umsl.edu:3417/ehost/pdf?vid=76&hid=7&sid=f847b107-95a8-499b-a4de-10ab4546ba6b%40SRCSM1 . • • Hartmann, Deborah. (Aug 2006). Interview: Jim Johnson of the Standish Group . Retrieved • October 26, 2006, from http://www.infoq.com/articles/Interview-Johnson-Standish-CHAOS . • • Hawkins, Kyleen W., Stephany Alhajjaj, & Sharon S Kelley. (2003). Using COBIT to Secure • Information Assets. The Journal of Government Financial Management; Summer 2003; 52, 2; ABI/INFORM Global . Retrieved November 4, 2006, from http://www.umsl.edu:2099/pqdlink?vinst=PROD&fmt=6&startpage=-1&ver=1&clientid=45249&vname=PQD&RQT=309&did=353250971&exp=11-03-2011&scaling=FULL& ts=1162662528&vtype=PQD&rqt=309&TS=1162673260&clientId=45249. • • Hewlett Packard. (2005). 2005 Annual Report. Retrieved November 3, 2006, from • http://library.corporate-ir.net/library/71/710/71087/items/188195/05ar-graphics. pdf. • • Hewlett Packard. (2006). 2006 Global Citizenship Report. Retrieved November 3, 2006, from • http://www.hp.com/hpinfo/globalcitizenship/gcreport/pdf/summary_data.pdf.• • Hewlett Packard. (2003). A Conversation With Carly Fiorina – Forbes 5 th Annual Cio Forum. • Retrieved November 3, 2006, from http://www.hp.com/hpinfo/execteam/speeches/fiorina/forbes04.html?jumpid=reg_R1002_USEN.• • Hewlett Packard. (2004). Castles in the Sand. Learning to Embrace Change: The HP Story . • Retrieved November 3, 2006, from https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5982-8763EN_ lowres.pdf. • • Hewlett Packard. (2005). HP’s Approach to Sarbanes-Oxley Requirements. Retrieved • November 3, 2006, from https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/5983-1462ENA1_ lowres.pdf.• • Hewlett Packard. (2006). HP Global Citizenship Report: Customers . Retrieved November 3, • 2006, from http://library.corporate-ir.net/library/71/710/71087/items/188195/05ar-graphics. pdf.• • Hewlett Packard. (2006). ITSM Curriculum . Retrieved November 3, 2006, from • http://www-europe.hp.com/educeu/itsm.html. • • Hewlett Packard. (2006). Stock charts. Retrieved November 3, 2006, from • http://h30261.www3.hp.com/phoenix. zhtml?c=71087&p=irol-stockchart&control_javaupperindicator=&control_javauf=&control_javatype=&control_javascale=&control_javanumberperiods=&control_javamovingaverage=&control_javalowerindicator2=&co . • • IDC. (2004). Quantifying the Business Benefits of IT Service Management . Retrieved • November 3, 2006, from https://h30046.www3.hp.com/campaigns/2005/promo/1-XEAN/images/HP_Service_Desk. pdf. • • ISO. (2006). Overview of the ISO System . Retrieved October 29, 2006, from • http://www.iso.org/iso/en/aboutiso/introduction/index.html. • • IT Governance Institute. (2005). COBIT 4.0. Retrieved November 4, 2006, from • http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/MembersOnly.cfm&ContentID=23325. • • IT Governance Institute. (2005). COBIT 4.0 brochure. Retrieved November 4, 2006, from • http://www.isaca.org/Content/NavigationMenu/Members_and_Leaders/COBIT6/Obtain_COBIT/COBIT40-Brochure. pdf. • • ITIL Central. (2006). What is ITIL? Retrieved October 28, 2006, from http://itsm.fwtk.org/. • • ITIL Survival. (2006). ITIL, Keep at it. Retrieved November 2, 2006, from • http://itilsurvival.com/.• • itSMF. (2006). (http://www.itsmf.com/) • • King, Julia. (2003). The Pros & Cons of CMM . Computerworld . Retrieved October 21, 2006, • from http://www.computerworld.com/action/article.do?command= viewArticleBasic&articleId=87882&intsrc=article_pots_side. • • King, Julia. (2003). Sidebar: From CMM to CMMI . Computerworld. Retrieved October 21, • 2006, from http://www.computerworld.com/action/article.do?command= viewArticleBasic&articleId=87910&intsrc=article_pots_side. • • Ko, Roy. (n.d.). Future of CMM and Quality Improvement . Retrieved October 28, 2006, from • https://outlook.umsl.edu/exchange/alr2f/Inbox/%E7%AD%94%E5%A4%8D:%20Group%20Project-19.EML/www. hkitf.org.pdf/C58EA28C-18C0-4a97-9AF2-036E93DDAFB3/www. hkitf.org.pdf?attach=1. • • Koch, Christopher. (2004). Bursting the CMM Hype . CIO Magazine. Retrieved October 21, • 2006, from http://www.cio.com/archive/030104/cmm.html. • • Lainhart IV, John W. (2000). COBIT: A Methodology for Managing and Controlling • Information and Information Technology Risks and Vulnerabilities. Journal of Information Systems, 2000 Supplement, Vol. 14, Issue 1, pp. 21 . Retrieved November 4, 2006, from http://www.umsl.edu:3417/ehost/detail?vid=16&hid=14&sid=41f75afc-bf0a-43c9-925a-99d5864ca4b0%40sessionmgr7 . • • Lloyd, Vernon; Louk Peters; Kathryn Rupchock, et al. (2002). Planning to Implement Service • Management. Retrieved October 28, 2006, from http://www.tso.co.uk/pism/app/frames.htm. • • Marquis, Hank. (2006). 10 Traits of Successful ITIL Adopters . ItSM Solutions DITY Newsletter. • Retrieved October 23, 2006, from http://www.itsmsolutions.com/newsletters/DITYvol2iss18. htm. • • Ngwenyama, Ojelanki and Peter Axel Nielsen. (2001). Competing Values in Software Process • Improvement: An Assumption Analysis of CMM From an Organizational Culture Perspective. IEEE Transactions on Engineering Management, Volume 50, Issue 1, pp. 100-112. Retrieved October 2, 2006, from http://www.umsl.edu:2263/iel5/17/26846/01193771. pdf?isnumber=26846&prod=JNL&arnumber=1193771&arSt=+100&ared=+112&arAuthor=Ngwenyama%2C+O.%3B+Nielsen%2C+P.A .. • • O’Neill, Don. (2001). Software Inspections: Software Technology Roadmap . Retrieved October • 15, 2006, from http://www.sei.cmu.edu/str/descriptions/inspections_body.html . • • Paulk, Mark, C., Bill Curtis, Mary Beth Chrissis, & Charles V. Weber. (1993). Capability • Maturity Model for Software, Version 1.1 . Retrieved October 15, 2006, from http://www.sei.cmu.edu/pub/documents/93.reports/pdf/tr24.93.pdf. • • Perlini, Patricia. (2003). Raytheon Unit Attains Software Engineering Institute Level 5 • Certification. Raytheon Company press release. Retrieved October 28, 2006, from • http://investor.raytheon.com/phoenix.zhtml?c=84193&p=irol-newsArticle&ID=373575&highlight=. • • Raytheon. (2006). http://www.raytheon.com/. • • Rico, David F. (2000). Using Cost Benefit Analyses to Develop Software Process Improvement • (SPI) Strategies. Data & Analysis Center for Software. Retrieved October 15, 2006, from http://www.dacs.dtic.mil/techs/RICO/toc.shtml. • • SEI – Carnegie Mellon University. (2006). SEI Appraisal Program . Retrieved October 5, 2006, • from http://www.sei.cmu.edu/appraisal-program/index.html . • • SEI. (2006). FAQ: Reporting Appraisal Results . Retrieved October 1, 2006, from • http://www.sei/cmu.edu/cmmi/faq/ares-faq.html#RATE03.• • SEI. (2006). FAQ: History of CMMI . Retrieved October 14, 2006, from • http://www.sei.cmu.edu/cmmi/faq/his-faq.html.• • Smith, Bob. (1998). Introduction to Using the CMM for Software Process Improvement . • European Software Institute. Presented at the European SEPG Conference. Retrieved October 25, 2006, from https://seir.sei.cmu.edu/seir/domains/frmset.documents.asp?ACTION=view&DOMAIN= CMMspi&SECTION=General&SUBSECTION=References&SUBSUBSECTION=NONE&DOC=EuroSEPG98esi&MEDIA=Presentation&IMG=GIF&MAX=83&LIMIT=All . • • TeamQuest. (2006). ITIL Business Perspective . Retrieved October 28, 2006, from • http://www.teamquest.com/solutions-products/solutions/ itil/business-perspective/index. htm.• • Techrepublic.com. ITIL Common Questions and Answers - Organization Department Holds • Press Conference. Retrieved October 30, 2006, from http://translate.google.com/translate?u=http%3A%2F%2Fwww. zdnet.com.cn%2Ftechupdate%2Fsoftware%2Fskill%2Fstory%2F0%2C3800080971%2C39430453%2C00. htm&langpair=zh-CN%7Cen&hl=zh-CN&ie=UTF8.• • Wall, Daniel S; James McHale; & Marsha Porneroy-Huff. (2005). Case Study: Accelerating • Process Improvement by Integrating the TSP and CMMI . Retrieved October 1, 2006, from http://www.sei.cmu.edu/pub/documents/05.reports/pdf/05sr012.pdf. • • Wikipedia. (2006). Capability Maturity Model. Retrieved October 1, 2006, from • http://en.wikipedia.org/wiki/Capability_Maturity_Model. • • Wikipedia. (2006) COBIT. Retrieved November 4, 2006, from • http://en.wikipedia.org/wiki/COBIT. • • Worthen, Ben. (2005). ITIL Power . CIO Magazine. Retrieved October 28, 2006, from • http://www.cio.com/archive/090105/itil_frameworks.html?page=1 . • • Worthen, Ben. (2005). Watch for Pitfalls When Applying IT Infrastructure Library . CIO • Magazine. Retrieved October 29, 2006, from http://www.cio.com/archive/090105/tl_it_management.html. (2)