Académique Documents
Professionnel Documents
Culture Documents
Hans R. Brands
Anton H. Evers
This paper first describes the CMM and then its application at the software
development department of Philips DVS-PS.
Having established these external factors, a first step towards control of the
project is making a work-breakdown. Traditionally, a software project is divided into a
specification, design, code and test phase (Fig. 1). In order to be able to control the
development, these phases are further divided into smaller work packages. Sizes of the
work-packages and their required effort are estimated and an analysis of the risks we face
is made. A schedule is designed. In other words, planning the project is necessary before
we can measure whether the project is on schedule. Once the project has started, regular
measurement of the progress is necessary to gain insight into and oversight of the project.
We need insight into the project in order to control it, we need oversight in order to be
able to report on an appropriate level to interested parties inside and outside the project:
we need project tracking (Fig. 2).
The quality of the outcome of the project is highly dependent of the quality of
project deliverables and of the extent to which the agreed software process is executed. In
order to control the quality of processes and products, a suitable form of quality assurance
should be established (Fig. 3).
Quality Assurance
The larger the software project, the more intermediate deliverables are made
available to project team members. And as change of deliverables is a daily practice, each
of the team members should have access to the latest accepted version of the deliverables
that he / she needs. A suitable form of configuration management should be put in place
to retain control over the change requests, the problem reports and the changing
deliverables, be it documents or code (Fig. 4).
It should be noted, that the quality assurance and configuration management
activities have been extended to last before and after the project, both types of activities
being most fruitful when they are embedded in the standing organisation.
Quality Assurance
Configuration Management
Even more so, complex software projects are executed by subcontracting (parts
of) the project, for reasons of efficiency or available capacity or knowledge. It seems
obvious that, in order to control the project, a software subcontract management process
should be present.
Optimising (5)
Managed (4)
Defined (3)
Repeatable (2)
Initial (1)
A Level Two software process is characterised as a software process that has the
above mentioned elementary controlling processes operational. These internal and
external controlling processes Requirements Management, Software Project Planning,
Software Project Tracking and Oversight, Software Quality Assurance, Software
Subcontract Management and Software Configuration Management are identified as Key
Process Areas (KPAs) for Level Two in the Capability Maturity Model. It should be
noted that these KPA's have only little software specific content, but are general project
control process areas.
Once a software organisation has gained basic control over its software projects,
other areas become subject to improvement. The Defined Level is characterised by seven
Key Process Areas that define and maintain the software process. The seven KPA's are:
Organisation Process Focus: the area that establishes and improves a common
understanding of the overall software process.
Organisation Process Definition: the area that defines and maintains the
definition of a standard software process, from which software projects are
documented instantiations.
Training Program: the area that defines the development of software skills in
the organisation.
Integrated Software Management: the area that integrates the standard software
process with the Planning and Tracking level 2 KPA's, leading to synergy
between engineering processes and management processes.
Software Product Engineering: the area that is concerned with the technical
software engineering activities and their coherent relations.
Intergroup Co-ordination: the area that is concerned with the relations between
the software development organisation and surrounding disciplines and
organisations, such as hardware development, quality, service and
manufacturing.
Peer Reviews: the area that is concerned with the defect removal process that
can be implemented through inspections and walk-throughs.
Having these seven KPA's effectively in place means that the organisation
behaves as an organisation with a Defined Level software process, as a Level Three
organisation. The next maturity level is the Managed Level (level 4). What about the
KPA's that serve this level?
The organisation that is able to control its software process this way, may call
itself an organisation with a Managed Level software process. It seems obvious that only
a limited number of organisations have been able to grow to this level of capability.
Yet, there is another step to take for mature organisations. The step towards the
Optimising Level is characterised by
For those of us who have been trying to improve productivity with the aid of
CASE tools, the Capability Maturity Model tells us that successful introduction should be
built on a mature process!
The KPA internals
Each Key Process Area is described with a number of goals that have to be
achieved in order to have the KPA fully satisfied.
The way to reach the goal may be different for various organisations; however,
the CMM gives guidance by offering a number of key practices for each KPA. The key
practices address institutionalisation or implementation. In the model the key practices
are organised by the following common features: Commitments to Perform, Abilities to
Perform, Activities Performed, Measurements and Analysis, and Verifying
Implementation.
The Abilities to Perform ask for proper budgeting, for an adequate organisational
structure, for training of and orientation into the KPA.
The Activities Performed guide actions that people having various roles in the
organisation should perform in order to make the key process effective. These activities
may differ from organisation to organisation, but if you start from scratch, you may use
them literally as a starting point.
management define
awareness
awareness objectives
assess
verify
current
results
situation
define
execute improvement
improvements plan
schedule establish
improvements commitment
From the results of the assessment the areas of improvement can easily be
identified, whereas the CMM provides guidance in the Key Process Areas that can be
most fruitfully implemented. The CMM recommends improving level by level, however,
if business needs call for another priority, or if an organisation already has practices in
place, other implementation tactics may be followed. The various activities to implement
improvements and their priorities appear in an improvement plan, which after having
been agreed by the parties involved, lead to an improvement schedule.
The details of the improvement areas can be found in the detailed descriptions of
the CMM Key Process Areas (Ref. 2).
In designing an improved process, the CMM, being used as a reference model for
measuring the capability of a software organisation, is also often used as the reference
model to design an improved software organisation. We believe an even richer model
should be used, making use of the treasures of the software engineering community as
well as our own organisational treasures.
For that purpose we investigated into software process models and we designed a
general model for the software process as a reference for the DVS Product Services
softwareprocess. The model is based on IEEE1074, ISO 12207, CMM and proprietary
software process models, baptized the Smiley model (Ref. 5). An impression of this
reference model is given in Fig. 7. The primary software creation process is depicted in
the centre from top to bottom. Management processes are in the hat of smiley, whereas
supporting processes are in the mouth.
What are our experiences using the CMM to improve our software process?
IMPLEMENTATION OF THE IMPROVEMENT PROCESS AT PHILIPS DVS-PS
Before a product can be released for production the Quality Department verifies
that the product is according to government regulations and adheres to internal
production standards. Of course it is also verified that the product fulfils the requirements
of the customer.
Early 1996 the current DVS-PS development organisation was created with a
crew of 25. Software engineers had different backgrounds and experience in projects of
varying maturity and different working practice. There were ISO9000 procedures
available describing a generic software plan, documents in software development and
quality control. The Quality Department only looked at the functionality of the product
as perceived by the consumer and did not have a real software focus. By that time we had
projects with a reported lead-time slip of 6 to 12 months, resulting in missed
opportunities. One project celebrated its 1000th bug found in beta-testing. The first
experiments with subcontracting resulted in the software engineers physically relocating
to the Hasselt premises.
To make everybody aware of the importance of the software process in
combatting these disasters, a consultant was invited to give a lecture about Software
Process Improvement (SPI). SPI has a major focus in all Philips software development
groups and is using the Capability Maturity Model (CMM) as a vehicle. Not only the
software engineers attended, but also the overall project leaders and development
management. In this lecture a rough outline of process improvement in software
development was given. The following steps can be determined (Fig. 6):
2. Define objectives. Which are the goals and targets of the software
improvement process? Can they be linked to the mission of the organisation?
6. Execution. The SPI project was divided into a number of subprojects. Each
subproject was assigned to a working group. These working groups were
given a time budget of 5 10% of their normal working hours. Most
subprojects delivered a procedure, a template or a checklist.
Requirements engineering.
Project planning
Project tracking
Every week a tracking is done of released deliverables, budget spent and hours
spent. The customer is informed and can follow the process closely. It will be clear
immediately when the project is behind schedule or when more hours are spent than
agreed in the budget.
110
113
105
101
100
95
90
90
60
55
50
45
40
35
30
25 Original
New Agreed 747.5
20
Last Estimate
15 Completed
10
0
722
724
726
728
730
732
734
736
738
740
742
744
746
748
750
752
802
804
806
808
810
812
814
816
818
820
822
824
826
828
830
Figure 8. Example of a tracking sheet.
The line Completed shows that in week 804 a delay is reported, even according
to the last estimate. The reason here was that the team was waiting for input from others.
Subcontract management
During execution of the contract with the supplier is it normal that we receive
weekly reports about their project status. All deliverables (such as designs, code, and test
reports) are reviewed. Preferably the supplier uses the same configuration management
tool as we have in order to facilitate multi-site configuration management.
We now have three years of experience with an Irish software supplier who
assisted us in developing the CDR application software for several projects. These
projects are all delivered according to agreed development time and budget. Furthermore
some small projects were issued to a development group in Vienna and an Indian
software company. Only the latter experience was not satisfactory, because we were both
in a learning phase and did not operate on CMM Level Two. Furthermore two projects
are running together with the Philips Software Centre in Bangalore. This development
site operates on CMM Level Three.
Quality assurance
Within the software group a team of Software Quality Inspectors has been
established. These inspectors are part of a project team but also report to the Software
Quality Assurance Manager (the head of the team). The inspectors check whether product
deliverables and the software creation process are according to the agreed procedures.
They have played an important role as review moderators when the role was introduced.
More and more we see a shift from product verification towards process verification and
support. The budget for this role takes 5% of the project budget. This is exclusive the
time that team members spend in reviews.
Configuration management
With the aid of the Smiley reference process model, 16 working groups (one
group for each process) designed process and procedure descriptions, as well as templates
and examples for documents. The complete software process contains some 25 process
descriptions and some 80 procedures. Each project tailors the standard software process
to its own needs. The project plan is based on the project specific software process.
As a first step towards solving this problem, the hardware group started
developing debug-, diagnostic-, service- and test software themselves, which meant that
they tried to hire software engineers for hardware development support. However, in the
current software market situation software engineers prefer to be employed by a software
group, rather than a hardware group.
This meant that we decided to have the debug software to be developed by the
hardware group and the diagnostic-, service- and test software by the software group. It
turns out to be a better solution, provided the hardware group improves their development
process to include project planning and tracking activities similar to the software
planning and tracking activities.
Where three years ago the Quality Department was merely detecting problems in
the product during beta testing it now participates in project audits. Furthermore it is able
to detect the point in time where it makes sense to start beta testing. In Fig. 9 you can see
the actual number of bugs found during integration and alpha testing and the prediction
from week 916 onwards. In week 916 it does not make sense to start beta testing. Already
in week 916 we are able to see that by week 928 beta testing can start.
bugtracking: prediction
700
600
400
300
200
100
0
843 844 845 846 847 848 849 850 851 852 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 921 922 923 924 925 926 927 928 929
actual number 2 12 14 14 16 20 24 26 26 49 64 75 80 92 114 142 164 182 196 221 232 254 273 305 326 364 400
GO prediction 0 0 326 360 400 440 520 550 570 590 608 625 640 660 660
Week
Most of the project co-ordination takes place on overall project level. Planning
and tracking delivery from and to the software group are the responsibility of the project
leader software.
The current process definition activity generates an overview of all links from
software processes to the external processes, which will be used for co-ordinating
purposes.
Training program.
We extended the scope of the KPA Training Program to include all human
resource management activities, including hiring, firing, appraisal et cetera. The training
program procedures, including identifying the skills and needs of the organisation, of the
project and of the person and the resolution to those needs, were designed and
implemented.
The planning and tracking activities from CMM Level Two have been upgraded
to monitoring and control activities. Having metrics defined for each process, the
monitoring and control process simply monitors these metrics. In a later stage, a software
quality management process will set boundary targets for those performance indicators
that are calculated from the metrics.
CMM audits
The first assessment that the software group performed was an Incremental
Maturity Evaluation that was guided by an external consultant. We found out that we had
a Level One maturity process. After about half a year we did another Incremental
Maturity Evaluation that made us believe that we nearly had attained a Level Two. The
external assessment of November 1997 told us the truth: we attained a Repeatable Level
for the KPAs Requirements Management and Project Tracking and a Defined Level for
the KPAs Peer Reviews and Process Focus. The other four Level Two KPAs were
partly satisfied.
Since then we focused more on a formal definition of our Level Two processes,
including the policy statements in our organisation documents and their independent
verification. In the external assessment of July 1998 this resulted in a fully satisfied for
all Level Two KPAs, as can be seen from the Kiviat diagram in Fig. 10a. These scores
were confirmed in the Incremental Maturity evaluations of November 1998 and March
1999.
score > 8: Fully satisfied;
5 < score < 8: Partly satisfied;
RM 0 < score < 5: Not satisfied.
10
CM 5 PP
4
2 Sep-96
1 Nov-97
0 Jul-98
Nov-98
Mar-99
QA PT
SM
Since the third quarter of 1998 the software group focuses on improvement of the
CMM Level 3 KPAs, resulting in a better process definition, with the aid of the Smiley
model, and in improvement of our HRM procedures, including training development and
training program execution. The results of the measurements are depicted in Fig. 10b.
PF
10
9
8
7
PR 6
PD
5
4
3
2
1
0
IC TP
Nov-98
Mar-99
PE IM
One of the lessons we learned was that we had much too high expectations of our
own software processes and that improving considerably means a real change and a real
challenge. Furthermore we learned what the CMM really is and what it is worth. It is
really worth the investment! At this moment we believe that we are able to repeat the
same type of projects in a similar way as we have done; our estimates for delivery dates
are within 10 % accurate; our staff is acting under less pressure. And we have grown to
be a reliable partner in hardware related software development.
References:
2. M.C. Paulk et al, The Capability Maturity Model: Guidelines for Improving the
Software Process, Addison-Wesley, Reading, MA, 1994.