EuroSPI99

Learn from the Past - Experience the Future

European Software Process Improvement SPI and Assessments

Category Index

Rated Newspaper Supported by EU Project

SPI Risk Assessment

Allan Baktoft Jakobsen
Delta, Denmark, baktoft@mindmate.com
 

Abstract

The assessment will take 1-2 hours to complete and the aim is to obtain enough information about the project during the meeting to be able to list a few but precise bullets of feedback at the end. It should be emphasized that the assessment is not meant to give an objective or scientific measurement of the risks. The purpose is to facilitate a systematic discussion with the project in order to successfully address the risks and to reduce the resistance against improvements.
 

PIE project and Baseline project

In most projects, in particularly software projects, two fundamental processes can be recognized:

• The Create project, which eventually produces the final product of the project.
• The Control project, which controls and manages the Create project.

For a PIE i.e. a Process Improvement Experiment (an ESSI term for a project working with software process improvements), we have

• Create project - Baseline project
• Control project - Improvement project

Assessing the Baseline project using the TPR diagram

Examining the following generic process model, three different points of view can be identified:

These are:

The Task: This point of view focuses on the concrete inputs and outputs of the project. The ultimate output of the project is usually the product itself, but during the development a lot of sub-inputs and sub-outputs or internal deliveries are present. The Task often have primary interest of the management and sales people since the (external) inputs and outputs usually involves interacting with customers. Questions about the task are usually What-questions.

The Process. This point of view focuses on the transformations of inputs to outputs. If the transformations can be generalized and described in an abstract form independent of the concrete input and output in order to be reused we have the concept of a process. If the task focused on the starting point A and goal B of the projects, the process is about the map of the way from A to B. Questions about the process are usually How-questions.

The Resources: This point of view sees the project in terms of the people of flesh and blood who play the roles defined in the process. Questions about the resources are usually Who-questions.

A baseline project can be systematically examined in the frame of these three points of view.
 

The TPR assessment process

Input: Documents and people from the project.

Transformation: Questions in the frame of the TPR model. Evaluations of answers.

Output:

• Timeline of the project.
• Organization diagram.
• TPR-diagram.

When the questions for a given area are asked and discussed, the assessor makes for himself a quick decision regarding the following question:

• Is there anything in this area that is an obvious risk and how critical is it?
• If there are many critical risks, a mark should be plotted close to the center of the TPR kiviat diagram (Short radius.)
• If there are no major risk or they are under control, a mark should be plotted close to the periphery of the kiviat diagram (Large radius.)

Figure: TPR diagram for assessing the baseline project.

When the 9 marks have been plotted into the TPR diagram, they are connected to a polygon. A discussion of the findings can now begin:

• If the polygon is smooth, round and large there are no critical risks.
• If the polygon has bumps, potential risk areas are visualized.

• Describe the products of the project.
• Describe the vision and goals.
• Describe the customers and the market.

• Describe the requirements to the project in terms of: Documentation, level of details, completion, consistence, and correctness.
• What is your relation to the customers?
• What is your company's background in the technical domain?
• Describe the internal documentation in terms of level of details, completion, consistence, and correctness.

• What is the complexity of the product?
• What is the size of the product?
• What technology is used in the product? How well-known is it? How advanced is it?

• What is the importance of the product compared to the other products from the company?
• If the product is successful on the market how significant will it be to the company?
• If the product fails what does it then mean?
• How prestigious is the project?

• Describe the mission of the project.
• Draw a time line of the project.

• How is the work break-down in the project?
• Is it documented?
• How detailed is it?

• How is the work in the project coordinated? Are there any defined processes?
• How does the organization support the coordination?
• How is the planning?
• Is there a documented project plan? (Let us see it, please!)

• How do you intent to go from A: The requirements to B: The product
• How is it ensured that the goals of the project are reached?
• Are there any defined processes for the transformation?
• How does the organization support?

• Draw an organization diagram of the project. Don’t forget the names of the persons involved.

• Are the persons involved aware of their specific role in the project? (as analyst, designer, programmer, tester, etc.)
• What is the process competence/skills of the various persons involved? (Do they know how to analyze, structure, plan, design, produce, check and test?)
• What is the social competence of the various persons involved?
• How precise is the match between process and people in the above areas?

• What is the motivation of the persons involved?
• Who is taking the initiative in the project?
• Does anyone come up with new ideas?
• Does people work on overtime?
• How is the work atmosphere?
• How is the work environment?

• Are the persons involved delivering the output they are supposed to? At the right time?
• What is the technical competence of the persons involved?
• How is the performance of the people?

The faces of the TPR triangle, that is, the relations between T-P, T-R, and R-P, are sometimes called the dimensions of Management, Leadership, and Dedication, respectively. How does the company value these dimensions when decisions are to be made?
 

Assessing the Improvement project using the PIF diagram

Improving processes and changing in general has little to do with technology but a lot to do with human beings. So the PIF diagram is about them. People in relation to change can be assessed from three different points of view: As individuals, as groups, and as organizations. This is the essence of the diagram.

The PIF assessment process

Input: Information from the people from the project.

Transformation: Questions in the frame of the PIF diagram. Evaluations of answers.

Output:

• PIF-diagram.

• If the polygon is smooth, round and large there are no critical risks.
• If the polygon has bumps, potential risk areas are visualized.

Questions on individuals – Management commitment

• How is the management commitment? Does the top management pay any interest? Do they show up at your meetings?

• Who is sponsor for the improvement project? Who is paying?

• Is there a champion among? (i.e. a person with the personal authority and charisma to drive the change.)

• Which SPI skills are present?
• Has the SPI manager carried out SPI before?
• What knowledge on best practiced is present?

• Does the SPI manager attend SPI networks or conferences? Do they read papers or books?

• What’s the level of resistance among the people?
• If the resistance visible or hidden?
• How old are the people involved?

• What is the resource situation for the improvement project compared to the general situation in the company?

• Does the company have any recent success histories about improving and changing the processes?

• What is the aggregated attitude to improvements from the organization, that is the top managers, the middle managers, the developers, the culture, and the business areas operated?

• How is the company culture in relation to quality, improvements, and change?
• Who generates ideas for improvements?
• Who take responsibility for improvements?

• Who are the drivers of change?

• If the improvement activities are successful, what will the consequences be?

• If the improvement activities fail, what will the consequences be?

Are the decisions driven by: The individuals, the groups, or the organization? What level of capability maturity do you suspect of the company?
 

Final assessment: TPR and PIF results combined

After the meeting with the SPI project the assessors discuss the results of the TPR and PIF diagrams.

An ordinary SWOT (Strengths, Weaknesses, Opportunities, Threats) list with 5-6 bullets is produced and mailed to the project.

Experiences with TPR-PIF

Anyone who has been involved in software process improvements know how difficult it can be. Many times the battle of convincing/persuading the project managers and the developers to go on is not really won. Pressure from top management cannot avoid people resisting the proposed changes.

Resisting change is a key area of SPI work and although the reasons for this phenomenon is fairly well understood, it is seldom systematically counter-measured. In fact, it's all about insecurity and fear of loosing control - in other words, a very human reaction.

The TPR-PIF method has been successfully used by DELTA in Copenhagen, by FZI in Karlsruhe, and on Iceland. These companies are all EspiNodes in the ESSI program. The number of assessed projects (PIE’s) is currently about 20. The method is still being refined.

As mentioned earlier, the assessment is not an attempt to measure the risks in any quantitative way. The main purpose as we have seen it in practice is that it opens up for a qualitative yet highly structured discussion of the risks of carrying out improvements. The awareness and overview of the potential risks have a double purpose. First, to reduce the total risk of baseline project failure and second, to reduce the resistance against the improvement project due to insecurity and lack of knowledge

In the interviews we have noticed the effect of discussing the problems of both the baseline project and the improvement project from the various points of view. The frame provided by the TPR-PIF method ensures that most of the important topics are covered. Moreover, the final summery using few very simple kiviat diagrams is an excellent way of sharing the overview of the current situation. If done properly, key insight can be gained here.

Traditionally, risk analysis is hard. Project managers say that this is what they are doing all the time. Developers say that there are two kinds of risks: The ones you can do something about and the ones that are simply out of your sphere of power and control. The first ones occupy most of your time.

Thus, in a hectic software project, all the things to do and to be aware of soon seem overwhelmingly many. Proposing process improvements on top of all that is bound to provoke resistance. The TPR-PIF method helps by bringing in the overview that is blurring the intellectual control of the project. This means reducing the insecurity in the project by increasing the knowledge of the real problems.
 
 

References:

1. Allan Baktoft Jakobsen: Bottom-Up Process Improvement Tricks, IEEE Software, Jan./Feb. 1998, pp. 64-68.
2. Allan Baktoft Jakobsen: Over My Dead Body, The SPIDER Kourier, October 1999.
3. Chuck Myers, Suzanne Garcia: SEPG SkillShop: Building Your Process Improvement toolkit. E-SEPG 1998.
4. Gerald Weinberg: Quality Software Management Vol. 3: Congruent Action. Dorset House 1994.
5. Gerald Weinberg: Quality Software Management Vol. 4: Anticipating Change. Dorset House 1997.
6. Watts S. Humphrey: Managing Technical People. Addison-Wesley 1997.
7. Susanne Kelly: The Complexity Advantage: How the Science of Complexity Can Help Your Business Achieve Peak Performance. McGraw-Hill 1999.

Partners in EuroSPI

Editors

ISCN LTD, ISCN GesmbH, Schieszstattgasse 4/24, 8010 Graz, and Coordination Office, Florence House, 1 Florence Villas, Bray, Ireland, office@iscn.at, office@iscn.com, office@iscn.ie, Editing Done: 19.7.2002