Dynamic CMM for Small Organisations - Implementation Aspects
Terttu Orci Umeå University/Stockholm University
Astrid Laryd Umeå University
It is commonly agreed that a software development organisation with notably symptoms of chaos caused by immaturity should start a software process improvement program. However, when a chaos is already a fact, it is difficult to find time and personnel resources for an improvement program. It would be wiser to start an improvement program before the chaos is a reality. In fact, the wisest thing to do would be to start an improvement program when starting the operation of the organisation. Obviously, we would in that case not think about an improvement, but see it as a sound business and engineering strategy.
The next best thing is to start an improvement program while an organisation is a very small one, with a few software engineers, and with a simple management. In the start-up phase, with a few software engineers, with one or a few versions of one product or only one project running at a time, the communication is simple, configuration management is relatively easy, everybody knows what the colleague engineer is doing, neither the development work nor the management offers bigger problems.
The existing models, e.g. CMM, are not, however, directly applicable for small organisations for various reasons. CMM, for example, proposes more than 25 organisational roles, with various tasks and responsibilities. In a small organisation, there is not enough people to fill the roles proposed, neither is there any need of many of those roles. Further, the models are usually described on a huge number of text pages, being cumbersome and time consuming to get oversight, digest, and apply. Therefore, the models need to be scaled down to the needs and possibilities of small organisations. A usual restriction in a small organisation is that there is not enough resources for appointing external competence for a long term SPI, but local competence is the only realistic possibility. Therefore, the models should include guidelines for internal assessment and application of the model. Further, it is essential that such a model is applicable continuously in the course of time, while the organisation grows, otherwise it will cease to be useful after a while.
We have developed a model called Dynamic CMM for Small Organisations. The model has been briefly presented in 114] and in detail in [10]. In this paper, the model is briefly presented together with some implementation guidelines.
The model is primarily intended to be used by an organisation's internal staff, with some experience of SPI and by the management. The basic idea is that the model users can easily get an overview of the model, of the magnitude of the effort required and of the roles, responsibilities, tasks, and documents. With those intentions in mind, the original CMM has been interpreted, reduced, reorganised, and partially represented in a graphical notation.
The roles may be one of three types. First, a role may be important enough to be included as a role, assigned to a person with associated responsibilities, e.g. Senior Management (SM) as every organisation must have such a role irregarded the size. Second, a role may be important in terms of activities and responsibilities, but without need for a formal role. In such a case, the activities and responsibilities can be carried out by a person having some other role, with the consequence that the responsibilities and activities of that person will be more extensive than implied by his formal role. An example of such a role is Documentation Support Group (DSG) which is unrealistic in a one person company, but still there is some documentation to do, assumed to be taken over by software engineers (SE). Third, some roles are irrelevant, e.g. an organisation not applying subcontracting does not need Software Subcontract Management (SSM).
We make the assumption that subcontracting is not realistic in a two-person organisation, implying that the Key Process Area (KPA) Software Subcontracting Management KPA is irrelevant. System Test Group (STG) is supposed to be responsible for system tests, while SE has the responsibility of tests during the development. Validation and verification is of primary importance to obtain a quality product. Still, an internal STG role is hardly realistic in a two person company. For organisations with customer specific development, the customer is the most adequate group for acceptance tests. In product development organisations in the beginning of the business, an external test service can be used.
SQA should not be shared with persons involved in development activities or in the management. In a two person organisation, it is not realistic to appoint an internal SQA. In an organisation with specific customers, Customer SQA (CSQA) can be used to conduct SQA activities, if SQA is available at the customer site. In product development organisations, an external SQA service can be bought.
System Engineering Group (SG) is responsible for the systems with both software and hardware. The roles in an XXS organisation are presented in Figure 1.
Fig. ORCI-LAR.1 The Roles in an XXS Organisation
In the model, a circle denotes a role. A dotted line around a circle means that the role is relevant only in organisation developing customer specific solutions. The links between the roles have the semantics of "shared-by", which is a binary relation, more exactly an equivalence relation. Therefore, transitivity applies. For example, the activities and responsibilities of SE may be shared by SG. From Figure 1 it is obvious that model is applicable in an organisation with only one person, who possesses the roles SM/PM, SE, SG, SCM, and SWM, and buys external services for STG and SQA, or uses CSQA, if applicable.
Figure 2 presents the model for XS organisations. The shading of a circle indicates that the role is an additional one compared to the XXS organisation. For example, when growing out of XXS, PM and MS are roles to be added. The frames depict projects. The roles within a frame denote roles, which may be specific for each project, while the roles outside the frame are roles having responsibility in the whole organisation. For example, there is SCM role in each project. SWM is general for the organisation, but the person in SWM role may belong to SCM in one or several projects. SM and MS are general for the organisation, possibly one and the same person. SM can also work as SE.
Fig. ORCI-LAR2. The Roles in an XS Organisation.
Fig. ORCI-LAR3. The Roles in an S Organisation
Table 1. The Responsibilities and Activities of SWM
Reviews
-statement of work -project plan -resource estimates -quality assurance plan -configuration management plan -the progress against the project plan -specification for subcontract -subcontract
Fig. ORCI-LAR4. Software Project Planning - overview
Fig. ORCI-LAR5. Software Project Planning - the Activities
A software process improvement effort should be driven in a project form, with project plan, resource estimates, budget, and schedule. It is also important that the project management of the improvement process is conducted in the way proposed in Software Process Planning KPA at Level 2 for development projects, to serve as a good picture of what is expected from management issues in the development projects. In order to maintain the focus and to prevent misunderstandings in the following discussion about projects, processes, and roles, a distinction must be made between software project improvement and development. For both improvement and development, we can distinguish projects and processes. The terms I-Project, D-Project, I-Process, and I-Project are used to make a distinction. A long term improvement effort is called an I-Process. An I-Process involves some particular steps to be taken initially, and a number of iterations of smaller improvement efforts, realised in project form, in I-Projects. Each of the I-Projects includes planning, doing and analysing the results. The doing coincides with design and use of a D-Process, e.g. one particular KPA like Requirement Management. The use of the newly designed D-Process is in a pilot D-Project. Also for the roles needed in the improvwment work, the distinction is useful. The roles prescribed by CMM are roles in software development organisation, in the development work, and are called D-Roles. The roles needed for SPI work are called I-roles, e.g. SEPG. The distinction between improvement and development is illustrated in Figure 6.
Fig. ORCI-LAR6. An I-Process including an I-Project
The activities of an I-Process are described in detail below.
Table 2. The entry points to Dynamic CMM
The alternatives marked with "-" are unusual if not unrealistic. For example, an organisation with 2-5 products/product versions, with 1-2 employees might have a theoretical chance to stay on the market with a large number of subcontractors, but it is more a rule than an exception that the company growth implies growth in the number of employees. If the organisation characteristics are outside the limits of the table, it is assumed that the original CMM can be used.
The selection of the high priority KPA is not independent of the model selected. If the model is XS or S, SPP and SPTO are maybe the most adequate KPAs to start with. For the order of RM and SCM, the same reasons should apply as in XXS organisation.
The prioritising activity is the first task in Plan activity in an I-Project. Further planning in an I-Project requires, among other things, that appropriate resources are given by the steering group, that people are appointed to the organisational roles for the KPA in case, and that a project plan for the I-Project is developed and documented.
Table 3. Software Process Planning Checklist - Entry Conditions and Roles
Table 4. The Checklist for Software Project Planning - the Activities
critical computer resources size (or changes in size) of software work products project’s effort and costs capacity requirements for software engineering facilities and support tools
q
Table 5. The Checklist for Software Project Planning - the Exit Conditions
The work presented in [1] describes the issues encountered by small businesses, organisations, and projects, if applying the existing models for SPI, e.g. CMM: documentation overload, layered management, scope of reviews overkill, limited resources, high training costs, and unrelated practices. A set of tailoring guidelines for each of the issues is presented in [1], and a tailored CMM, based on the original CMM with marked additions and deletions. The same authors present more detailed tailoring guidelines in [7] for different issues, e.g. documentation tailoring, review tailoring. It is important to emphasise the scalability issues of Software CMM for small organisations. We believe, however, that not only should the model be downscaled, but also the representation should be restructured, e.g. graphics, lists, for simplicity and easy overview. In [9], SPI work in small organisations has been presented, and critical success factors given, they being a flexible, tailored assessment and improvement approach, a functioning network of small enterprises and their environment, external technical help by mentors for change, and external financial support coupled to some conditions for performance. Our model is intended to support the first factor. Although external technical help may be needed to take the first steps in the SPI work, we believe that only organisations with an internal strong competence in SPI have the chance to conduct long-term SPI work. External services should only be needed for assessments to obtain impartiality.
The current research concerns validation of the model in real cases, one being in progress and two more under negotiations. The real cases involve not only application of the model in SPI work in the organisations in case, but empirical evaluation of the model and of the underlying ideas.
[2] Byrnes P, Phillips M. Software Capability Evaluation, Version 3.0, Method Description, Technical Report CMU/SEI-96-TR-002, ESC-TR-96-002, 1996.
[3] Caputo K. Implementation Guide - Choreographing Software Process Improvement. Addison Wesley, 1998.
[4] Curtis, B.,Hefley, W.E., Miller, S. People Capability Maturity Model. Software Engineering Institute, Carnegie Mellon University, 1995.
[5] Dunaway D.K. et al. Why Do Organizations Have Assessments? Do They Pay Off?, Technical Report, CMU/SEI-99-TR-012, ESC-TR-99-012, 1999.
[6] Hayes W., Zubrow D. Moving On Up: Data and Experience Doing CMM-Based Process Improvement, Technical Report CMU/SEI-95-TR-008, ESC-TR-95-008, 1995.
[7] Johnson D.L., Brodman J.G. Tailoring the CMM for Small Businesses, Small Organizations, and Small Projects. LOGOS International Inc, USA.
[8] Kautz K. Software Process Improvement In Very Small Enterprises: Does It Pay Off?, Software Process - Improvement and Practive 4, 209-226, 1998.
[9] Kautz K. Even in Very Small Software Enterprises Metrics Can Make Sense!, in the Proceedings of IRIS 21, 1998.
[10] Orci, T., Laryd, A. CMM for Small Organizations, Level 2. Umeå University, UMINF-00.20, 2000.
[11] Laryd, A., Orci, T.: Dynamic CMM for Small Organizations. In Proceedings of ASSE2000, Argentina, 2000.
[12] McFeeley B. IDEAL - A User's Guide for Software process Improvement. Handbook, CMU/SEI-96-HB-001, 1996.
[13] Paulk, M.C. et al. The Capability Maturity Model - Guidelines for Improving the Software Process, Addison-Wesley, 1995.
[14] Stelzer D, Mellis W. Success Factors of Organizational Change in Software Process Improvement, Software Process - Improvement and Practice 4, 227-250, 1998.
[15] Zahran, S. Software Process Improvement. Practical Guidelines for Business Success. Addison-Wesley, 1997.