Application Management Framework

FrameworkApplication Management Framework

DEDTA

29/10/2012Version Number: 1

Prepared by: Rory Mackay

ContentsProject Information............................................................................................................................2

The Framework..................................................................................................................................3

Business Relationship Management..................................................................................................6

Application Development/ Acquisition..............................................................................................9

Compliance......................................................................................................................................11

Governance......................................................................................................................................13

Environment.....................................................................................................................................14

Documentation.................................................................................................................................14

Conclusion........................................................................................................................................18

Project Information

Title:Application Management Framework

Purpose/Objective:Create a suggested framework of how Business ICT Services can structure application development and application lifecycle management into the future.

Problem Statement:Business ICT Services don’t have a complete view of all the applications developed or in use by the business. This exposes the unit to unseen risks and an inability to implement continuous improvements to the business and applications.

Background: An Application Management registration program has been created but has not been completed. This project is part of the completion of that project. This project aims to gather as much information as possible about as many applications as identified.

The project then aims to build a roadmap for key applications based on a suggested application management framework and best practises for that application.

This document articulates the framework to be used in application management for the business ICT services unit.

Framework: A Framework does not contain answers; rather it is a source of guidance that encourages thought in a certain way. A framework encourages a step back and helps the thought process cover all bases. Frameworks help ask the tough questions.

Research: In building this framework a number of highly regarded management frameworks were investigated. They included PMBOK, ITIL, ASL, COBIT5, Microsoft compliance, CMMI.

Tools investigated to help drive continuous improvement of applications and application management included Six Sigma, TQM and Balanced score card.

Page 2 of 18

The Framework

Application management is not just about managing the software it is also about managing the relationships and expectations of those that use, deliver and are involved with the software and the problems which the software is designed to address.

In building an applications management framework that considers the application software as well as expectations that stakeholders have of the application, six areas of significance are suggested.

These six key areas of impact are1. Business Relationship Management2. Application Development3. Compliance of the application to standards, policies and legal requirements4. Governance of the application and any development work5. Environment which includes the tools, skills and resources in delivering an application6. Documentation

As the ICT services unit manages these six areas over an applications life cycle the unit will be able to create a platform in order to drive an increase of business value to the agency.

When a customer (business unit) first puts forward the request for help with a business problem, it is important from the outset to understand the business needs. From this starting point working with the customer is essential. This working relationship should continue through application development and should not end once the application is delivered but continue until that application is farewelled into the sun set.

Achieving this culture of ongoing improvement and partnership with those that use an application is not easy as there are so many demands on the ICT Services units’ time and resources. Often the pressing nature of current projects drowns out the follow up and ongoing management of past projects and applications that have been developed.

With new projects constantly being worked on and changes in staff assignment the ICT Services unit struggles to keep ahead and have a full understanding of all the applications being used by the business. During this project 63 applications and systems were identified. 67 Questions were asked to help understand these applications and their usage, compliance, management and cost better. While many of the questions could be answered these answers often resided at an operational level within individuals heads.

There are many factors that contribute to an incomplete picture of a particular application. It is the aim of this framework to help create a fuller picture of each application from its inception through to sun setting.

Factors that contribute to an incomplete picture leading to poor support of an application are; not all procedures are followed correctly, poor documentation, changes in staff and end users adaptation of the system or changes in business requirements. This in turn leads to dissonance in those that use the application.

Page 3 of 18

Combating this dissonance is what continuous improvement and relationship building tries to accomplish. To implement continuous improvement it is important to understand the landscape for each application and make sure that each application is standing on a solid foundation of correct application development that it complies with all needed policies, legal requirements and is correctly governed through its life cycle. Once this base foundation is in place and understood it is easier to allocate time to reviewing, managing and improving application offerings. This will translate into clearer vision of current applications and more flexibility and speed in delivering new applications that meet business needs.

As part of this framework each key area is broken down into more manageable chunks that explain what the key area encompasses.

A set of questions to help crystallise the intent within a key area is proposed. These questions will not by themselves create an effective base foundation for an application but are the prompts to make sure that the work conducted in delivering an application are sound and cover all needed steps.

Page 4 of 18

Application Management Framework diagram

Figure 1

Business Relationship Management

Page 5 of 18

Review/ Continual Improvement

Champion

Formalise

Understand

Compliance

Governance

Application Development/Acquisition

Business Relationship Management

Practices/ Policies

Unit Goals

Resources

Tools

Environment

Documentation

Business relationship management taken from the ITIL body of knowledge helps understand business requests and requirements, formalise and agree with business on deliverables, champion business requirements through the development/acquisition process and review the delivered product in order to take advantage of opportunities for improvement.

Business relationship management is the process of delivering real business value while managing expectation.

Business Relations Management follows the path of 1. Understand the business needs and requirements surrounding a request of service or

application software2. Formalise the needs into a specific request that is agreed to3. Championing the business needs and requirements during the application life cycle4. Reviewing the deliverables to achieve continual improvement and identify opportunities.

Overview QuestionsIn this section of the framework 10 questions are suggested to help improve Business Relationship Management in the delivery of services and applications.

1 Why does the business want to develop/change this system?2 What business need will this system fill?

3What does the system look like and do you have all the information needed to deliver the end result?

4 Do all the stakeholders agree as to what will be delivered?5 Do you have sign off from all needed stakeholders?6 Is the Customer happy right now?7 Will the Customer be happy in the future?8 Have/Are we provided/ing the Customer with value?9 Is the system meeting Customer expectations?10

What more can we do to improve the Customer experience?

These questions are not part of the business analysis process that will be undertaken when identifying business needs and drawing up business requirements documentation. What these questions aim at achieving is verifying that the business analysis work under taken has answered questions with the customers end goal in mind.

Service Portfolios A service’s portfolio is a needed input into managing business relations. A service’s portfolio is an information repository of all information relating to current applications and services. This portfolio should include a number of distinct catalogues

1. Current supported applications and related information2. Environment information of resources, skills and tools available3. Current commitments4. Learning’s from past developments 5. Policies and procedures

These catalogues will be used during the assessment of business needs. The catalogues will help determine ICT Services capacity to accomplish the business request or to identify overlapping services or applications that might suit business needs reducing time and effort in meeting the business demands.

Page 6 of 18

Areas in more detail and suggested toolsUnderstand Business needs and requirements

This is a business analyst activity and should be conducted using business analyst skills and tools.

Documentation that should be produced because of this activity include Project initiation document Current state documentation Project vision documentation Business requirements documentation Business process design documentation

This information helps in deciding on project feasibility refining the requirements of what is needed as opposed to what is expected what will be delivered what resources will be needed

Formalise the needs into a request

Before a project starts it is important to make sure that stakeholders’ and sponsors understand all the information and the impacts of a project. These elements need to be agreed to before the project work is started.

Champion the business needs and requirements when working on the request

This is an ongoing process and is “Customer Centric”. It stems from the requirements and is a mindset of making sure that what is being produced or worked on is meeting the Customers’ Requirements.

Is the Customer happy right now?Will the Customer be happy in the future?

Review Application for continual improvement

There are two points to application review 1. At completion of the development or project work or an element thereof2. As a matter of continuous improvement

In carrying out application review to make sure that the application is meeting business demands a balanced score card reviewed on a yearly basis is proposed. The balanced score cards objectives are set when the application is initially launched.

It is suggested that each Application use a Balanced score card approach. This will help highlight problems with applications opportunities to deliver better services to the business.

Balanced score card template for application review tool

Page 7 of 18

USER ORIENTATION

How do users view the Application?

Mission:To be the preferred Application for performing the task

Objectives: User satisfaction Partnership with users

Measure/Response:

Initiatives/Fixes:

BUSINESS CONTRIBUTION

How does business owner view the Application?

Mission:To obtain a reasonable business outcome from IT Investments.

Objectives: Control of Application Expenses Business Value of Application

Measure/Response:

Initiatives/Fixes:

OPERATIONAL EXCELLENCE

Does Application meet standards and requirements?

Mission:To maintain standards, connectivity, version control, security and business objectives

Objectives: Efficient and Effective Developments Efficient and Effective Operations Application Compliance

Measure/Response:

Initiatives/Fixes:

FUTURE ORIENTATION

How well is the Application Positioned to meet future needs? How well is ICT situated to deliver new application needs?

Mission:To develop opportunities to answer future challenges.

Objectives: Meet changing business needs Expertise of IT Staff Research into emerging technologies Age of Application

Measure/Response:

Initiatives/Fixes:

Figure 2

Application Development/ Acquisition

The development or acquisition of an application should be conducted in such a way that “best practise” processes are used in making sure that the application delivered meets the formalised needs

Page 8 of 18

agreed to. This development cycle taken from PMBOK (project management body of knowledge) and the Tasmanian Government project management framework is the suggested way in which application development/acquisition is conducted and the following areas of project management have been singled out as things to concentrate on

Application development / acquisition core areas includeo Scope management

o Time management

o Risk management

o Procurement management

o Cost management

o Communications

o Development quality

Overview QuestionsThere are 13 top level questions that can be asked. These questions help determine the robustness of work done in running a development project for an application.

1 Do you have an agreed scope statement?2 Do you know what activities you will be expected to do to achieve the scope?3 Do you have the needed resources, People, Time, and Money?4 Are you able to tell people when things will happen by referring to a time line estimate?5 Have you been able to identify risks to the project and risk mitigation plans?

6Have you created the appropriate procurement documentation, including requests and responses?

7 Have you planned for the procurement selection process?8 Do you have a budget?9 Who needs information and status updates?

10 How will people get the updates or information that they need?11 Is there a place where all the documentation is stored that is safe and central?12 Do you know what you will need to test?13 Do you have a test plan for testing?

Areas in more detail and suggested toolsScope managementMake sure that all required work is understood. Make sure that only required work is undertaken to complete the project and avoid scope creep through clear documentation and communication.

Create an agreed and signed scope statement Create a list of task categories to help understand requirements of the agreed scope

Time managementManage the time taken in completing the project

Schedule resources Create an estimated timeline

Risk management

Page 9 of 18

Identification, analysing and response planning to risks or opportunities that occur as a result of the project

Create a project risk register. Suggested format below

Risk Statement

Consequence Vulnerability Trigger ActionsProgress Report

description of risk

Cost/Time/ Quality Benefit/

What will happen

What will cause the problem

What can being done

What is being done

It is suggested that a spread sheet be populated with information as the result of a brain storm session from those involved in the project.

Procurement managementManagement of the process to purchase or acquire products or services

Create appropriate RFQ documentation Get appropriate responses Conduct selection and appointment process

This must be completed so that it meets department rules and requirements.

Cost managementManagement to keep costs within agreed limits

Create a budget

CommunicationsManagement of project information making sure that stakeholders are informed and information is correctly captured

Identify who needs information Plan how information will be communicated Create a central communication repository especially for documentation, maybe for team

member collaboration

Development qualityManaging the quality of the delivered service or product

Create a list of deliverable features Create a test plan of the deliverables

Compliance

Page 10 of 18

Adapted from Microsoft’s compliance framework this part of the framework clarifies the steps that must be taken to make sure that an application meets laws, regulations and policies.

Compliance has six areas to consider. Each application or subsystem should be considered in conjunction with each of these areas.

o Information Security / Access

o Business Continuity management

o Risk Management

o Legal compliance

o Business aligned (strategy)

o Procurement

Overview QuestionsTo help manage compliance eight top level questions can be asked.

1 Does the application meet information security needs?2 Is the system able to withstand a disaster?3 Have you identified all possible risks and opportunities?4 Do you have a plan in place regarding the risks and opportunities?5 Does the application meet all legal requirements?6 Does the application adhere to all policies that impact the application?7 Does the application meet strategic business goals?8 Have all procurements and contractual arrangements been carried out correctly?

A suggested tool to help tease out all the compliance issues for an application could be something along the following lines. Here an application is rated against each area of compliance, with questions being asked about the expected compliance or the goal. What would constitute compliance or what test applied would allow a positive rating. And then what actions need to be taken to make the application compliant?

Application Name :

Compliant Domain Expected/GoalRecommended Test Compliant Y/N Remedy Action

Information securityBusiness continuityRiskLegalBusiness alignedProcurement

Areas in more detail and suggested toolsInformation security / accessMaking sure that information is securely housed and that all reasonable steps have been taken to safe guard private and confidential information is an important compliance goal.

Business continuity management

Page 11 of 18

High risks Significant risks

Moderate risks Low risks

Can the business continue working in the case of a disaster? Under what circumstances can an application recovery take place? How long will it take to recover all the data? Who is the first point of call in a disaster?

These questions are an example of the type of questions that should be asked when ascertaining wether business continuity needs have been met.

The Good Practice Guidelines for business continuity should be reviewed for information when implementing business continuity practises.

Risk managementMany of the compliance areas for consideration if not managed correctly will impose risks.

“Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.” - Wikipedia

“If it can’t be identified, it can’t be managed”. In dealing with risks that are inherent in the management of applications the following is important that a sufficiently robust risk analysis be conducted that uncovers any risks that need to be managed. Tools in accessing and managing risk are

Risk impact assessment matrix Risk register

Risk Impact matrix

Figure 3

Page 12 of 18

Likelihood

Con

seq

uen

ce

Catastrophic

RareAlmost Certain

1

2

2

3

3

4

4

5

5

Raw risks identified as high or significant should receive further attention. Current risk mitigation plans should be considered to ascertain if the application risk is within a tolerant range of if further risk management plans need to be looked at.

Legal complianceMaking sure that an application development meets all legal standards and that IP and other such legal matters are not compromised is important. When in doubt crown legal should be contacted for support and information.

Business aligned (strategy)The business goals and objectives while not being a legal requirement are extremely important to make sure that they are implemented correctly. In doing this for each application it ensures that application development and services time is not spent in areas that do not contribute to the overall identified business goals and objectives

ProcurementThere are procurement guidelines and policies and these need to be followed making sure that all interaction between the agency and external suppliers is conducted correctly and according to the laid out guidelines and directions.

Governance

Governance is normally something that applies to a government body or organisation as a whole. In providing value to stakeholders when delivering application development services it is useful in taking the concept of governance that is used at a helicopter view for an entire organisation or even a large project and refining this to simple statements that help drive real value in the correct direction keeping the correct focus (priority) of the applications business value.

Governance taken from COBIT5 works towards making sure benefits, risks and opportunities are managed in a manner that provides comfort to all stakeholders

Governance talked about in this document is concerned with governance of the application and the applications life cycle only. Correct governance translates into consistent management, effective guidance and granted power in achieving application value.

In viewing an applications life cycle there are three areas of governance that need to be controlled 1. Resources and how they are used during the application life cycle2. Risks that are associated with an application and its life cycle3. Benefits that can be realised because of an application through its life cycle

These areas of governance are driven by the governance scope and who is responsible for governance.

Governance should not hinder management but rather assist management in achieving the desired outcomes. What governance does do is make sure that allocated resources, risks and benefits are balanced responsibly.

Overview QuestionsTo allow correct governance the following governance questions help clarify if governance is being conducted appropriately.

Page 13 of 18

1 Who is responsible for the governance decision?

2 Is there a defined capacity for action?

3 Do they have enough information to provide guidance?

4 What are the interactions points between governance and management?

Environment

A factor with significant impact is the environment within which an application will be developed. The environment captures tools, resources, unit goals and process & practices. All of these impact an applications development and life cycle.

The Environment is all of those elements that form part of the way in which the unit delivers its services. This includes

Tools used Resources of time, money and skill The Units strategic goals as they relate to the agency goals Practices, policies and culture of the unit

All of these things will impact the delivery of services and the unit’s outputs. A number of management frameworks or methodologies can be used in managing these elements.

Documentation

Documentation is a constant and a very important part of every effort that is undertaken in delivering an outcome. There is documentation in all aspects of the suggested activities in this framework. Documentation is part of the expected activities of Business Analysis, Project management, Governance, Compliance and Unit management. What happens to this documentation and the ongoing need to make the information available is an important element of this framework. A good documentation foundation enhances an applications ability to meet business needs throughout its life cycle and especially looking into the future.

The documentation of an application should be maintained with consideration for static documentation or documentation that is rarely changed and live documentation which is updated regularly.Archive Documentation

1. Development or implementation documentation including compliance and governance setup2. Technical and end user documentation3. Learning’s from project implementation (can be part of implementation documentation)

Live Documentation 4. Quick – Key application and management information5. Issues tracking and resolution information

Development or implementation documentation

Page 14 of 18

Documentation that is generated during the analysis and implementation of an application should be stored. This should be stored somewhere that is accessible and easy to find and link to other documentation relating to an application. It will be infrequently accessed but will be of great help if that type of information is needed e.g. a review of business analysis as to why an application was chosen or procurement documentation.

The TRIM system should be considered as the best place for this type of information. This type of documentation should be expected to be versioned and easily referenced. It will be the baseline and include changes and enhancements that happen to an application over time.

Technical and end user documentationTechnical and end – user documentation should also be stored in a secure and accessible place. Technical documentation gives developers, support staff and users the information that they need when working with the application. It is important that this documentation be maintained up to date as un-maintained documentation is frustrating and reflects badly on the application. Technical documentation includes diagrams, interactive flow diagrams and written information.

This documentations accessibility is important especially for new users.

Application Management Matrix: Quick – Key application and management informationThe ICT Business Services unit deals with many applications. It is important to be able to understand an applications basic structure.

Areas of knowledge that enhance managements knowledge of an application are as follows

Business unit information - Information relating to the business unit that initiated and use the application

Hardware infrastructure – What hardware is the application using Software Infrastructure – Warranty, versioning, upgrade strategy Application Management – Application interconnectivity, Dealing with the application

internal to ICT business system Software Information – Proprietor information, contact details Software usage and maintenance – Upgrade strategy, issues management Skills and People – Skills needed, who has the skills Cost of Ownership – What cost is there for running the application

All this information should be easily available in a database that is maintained allowing information to improve management of applications. A software project has been started with the creation of the Application Management Database as its goal. It is suggested that a database like this should be expanded to house all of the relevant application management information pertaining to an applications life cycle.

Information that should form part of this database would include user perception and balanced score card information relevant to each application.

This information is live or active information and needs to be searchable and allow the manager to create dynamic reports.

In providing a database of this capacity one of the below alternatives will need to be adopted1. The current application management database could be enhanced

Page 15 of 18

2. A SharePoint solution could be investigated using SharePoint 2013 and many of the enhancements within this system especially if SharePoint is to be relaunched and made the central point of agency user knowledge and connectivity.

3. Look for an off the shelf application management software that will allow the above information to be captured.

In considering what the application management software should achieve the following should be considered

General application knowledge Accessibility to the information Ability to store external documentation e.g. .doc .vsd .xls and other files not just field entered

information Ability to search the information Easy and intuitive information maintenance Easy to use interface paying attention to usability

Bugtracker/IT Helpdesk: Issues tracking and resolution information

This documentation really is part of the ongoing documentation that should be kept and is important in understanding an applications usefulness, struggle points and cost of maintenance. There are two systems being used at the moment

The TT system used by infrastructure help desk for support tickets Bugnet

Querying issue tracking information and making this available as part of a management tool, allows a clearer understanding of trends and future requirements that an application will need. Often this information is used during the issue resolution by the technical support but not as a whole of application overview. Drawing intelligence from what users are reporting can be very beneficial when considering an application as a whole and should feed into the balanced score card suggested earlier.

Bugnet at the moment is used only during application development. The TT system is used for user incoming requests and raised problems. There may be the possibility to somehow integrate the information from these systems. It may also be decided that having different systems is working well at the moment. The struggle is that the more systems there are to maintain the less chance that the systems or applications get used effectively.

Key questions to be asked when managing documentation

1 Do we have all the Key application information for ongoing management?2 Have we captured and stored all generated documentation during implementation?3 Are we recording all issues and problems effectively?

Page 16 of 18

Documentation and Storage for Static and Live Information

Figure 4

Conclusion

Page 17 of 18

This framework is not a definitive structure for managing applications but is a suggestion of how it can be approached. It has strived to make the management of an application as simple as possible. All along the way it has strived to put forward a group of questions that stimulate thoroughness, out of the box thinking and accountability.

It has considered frameworks from a number of disciplines and selected elements that make sense for use by DEDTA ICT Business Services application framework.

It is anticipated that elements of this framework if implemented will grow and be refined as learning’s occur. When implementing this framework it is suggested that the Deming cycle of PDCA (Plan, Do, Check, Act) be adopted. This paper should be considered as the first element in the cycle being a plan of what could be implemented to improve application management. The ideas here need to be implemented and tested to see if they are producing the desired results. Following this a replanning covering shortfalls and gaps and ways to improve should then be undertaken making sure that the unit is not burdened down with tasks that produce no value.

Figure 5

Page 18 of 18