Simplified application management framework created taking information from PMBOK, ITIL, COBIT5, CMMI, ASL and Microsoft compliance. This aims at putting the first steps in place to be able to understand and manage an applications life cycle.
The project was undertaken to try and identify how to reduce risk associated with the applications that the department create, implement and manage. It dovetailed into an audit of the applications that the department use and have implemented in the past 5 years.
2. Contents
Project Information ............................................................................................................................ 2
The Framework .................................................................................................................................. 3
Business Relationship Management .................................................................................................. 6
Application Development/ Acquisition ............................................................................................. 8
Compliance ...................................................................................................................................... 10
Governance ...................................................................................................................................... 13
Environment ..................................................................................................................................... 14
Documentation ................................................................................................................................. 14
Conclusion ....................................................................................................................................... 18
Project Information
Application Management Framework
Title:
Create a suggested framework of how Business ICT Services can
Purpose/Objective: structure application development and application lifecycle management
into the future.
Business ICT Services don’t have a complete view of all the applications
Problem Statement: developed or in use by the business. This exposes the unit to unseen risks and an
inability to implement continuous improvements to the business and applications.
An Application Management registration program has been created but has not
Background:
been completed. This project is part of the completion of that project. This project
aims to gather as much information as possible about as many applications as
identified.
The project then aims to build a roadmap for key applications based on a
suggested application management framework and best practises for that
application.
This document articulates the framework to be used in application management
for the business ICT services unit.
A Framework does not contain answers; rather it is a source of guidance that
Framework:
encourages thought in a certain way. A framework encourages a step back and
helps the thought process cover all bases. Frameworks help ask the tough
questions.
In building this framework a number of highly regarded management frameworks
Research:
were investigated. They included PMBOK, ITIL, ASL, COBIT5, Microsoft
compliance, CMMI.
Tools investigated to help drive continuous improvement of applications and
application management included Six Sigma, TQM and Balanced score card.
Page 2 of 18
3. The Framework
Application management is not just about managing the software it is also about managing the
relationships and expectations of those that use, deliver and are involved with the software and the
problems which the software is designed to address.
In building an applications management framework that considers the application software as well as
expectations that stakeholders have of the application, six areas of significance are suggested.
These six key areas of impact are
1. Business Relationship Management
2. Application Development
3. Compliance of the application to standards, policies and legal requirements
4. Governance of the application and any development work
5. Environment which includes the tools, skills and resources in delivering an application
6. Documentation
As the ICT services unit manages these six areas over an applications life cycle the unit will be able
to create a platform in order to drive an increase of business value to the agency.
When a customer (business unit) first puts forward the request for help with a business problem, it is
important from the outset to understand the business needs. From this starting point working with the
customer is essential. This working relationship should continue through application development
and should not end once the application is delivered but continue until that application is farewelled
into the sun set.
Achieving this culture of ongoing improvement and partnership with those that use an application is
not easy as there are so many demands on the ICT Services units’ time and resources. Often the
pressing nature of current projects drowns out the follow up and ongoing management of past
projects and applications that have been developed.
With new projects constantly being worked on and changes in staff assignment the ICT Services unit
struggles to keep ahead and have a full understanding of all the applications being used by the
business. During this project 63 applications and systems were identified. 67 Questions were asked to
help understand these applications and their usage, compliance, management and cost better. While
many of the questions could be answered these answers often resided at an operational level within
individuals heads.
There are many factors that contribute to an incomplete picture of a particular application. It is the
aim of this framework to help create a fuller picture of each application from its inception through to
sun setting.
Factors that contribute to an incomplete picture leading to poor support of an application are; not all
procedures are followed correctly, poor documentation, changes in staff and end users adaptation of
the system or changes in business requirements. This in turn leads to dissonance in those that use the
application.
Page 3 of 18
4. Combating this dissonance is what continuous improvement and relationship building tries to
accomplish. To implement continuous improvement it is important to understand the landscape for
each application and make sure that each application is standing on a solid foundation of correct
application development that it complies with all needed policies, legal requirements and is correctly
governed through its life cycle. Once this base foundation is in place and understood it is easier to
allocate time to reviewing, managing and improving application offerings. This will translate into
clearer vision of current applications and more flexibility and speed in delivering new applications
that meet business needs.
As part of this framework each key area is broken down into more manageable chunks that explain
what the key area encompasses.
A set of questions to help crystallise the intent within a key area is proposed. These questions will not
by themselves create an effective base foundation for an application but are the prompts to make sure
that the work conducted in delivering an application are sound and cover all needed steps.
Page 4 of 18
6. Business Relationship Management
Business relationship management taken from the ITIL body of knowledge helps understand business
requests and requirements, formalise and agree with business on deliverables, champion business
requirements through the development/acquisition process and review the delivered product in order
to take advantage of opportunities for improvement.
Business relationship management is the process of delivering real business value while managing
expectation.
Business Relations Management follows the path of
1. Understand the business needs and requirements surrounding a request of service or
application software
2. Formalise the needs into a specific request that is agreed to
3. Championing the business needs and requirements during the application life cycle
4. Reviewing the deliverables to achieve continual improvement and identify opportunities.
Overview Questions
In this section of the framework 10 questions are suggested to help improve Business Relationship
Management in the delivery of services and applications.
1 Why does the business want to develop/change this system?
2 What business need will this system fill?
What does the system look like and do you have all the information needed to
3 deliver the end result?
4 Do all the stakeholders agree as to what will be delivered?
5 Do you have sign off from all needed stakeholders?
6 Is the Customer happy right now?
7 Will the Customer be happy in the future?
8 Have/Are we provided/ing the Customer with value?
9 Is the system meeting Customer expectations?
10 What more can we do to improve the Customer experience?
These questions are not part of the business analysis process that will be undertaken when identifying
business needs and drawing up business requirements documentation. What these questions aim at
achieving is verifying that the business analysis work under taken has answered questions with the
customers end goal in mind.
Service Portfolios
A service’s portfolio is a needed input into managing business relations. A service’s portfolio is an
information repository of all information relating to current applications and services. This portfolio
should include a number of distinct catalogues
1. Current supported applications and related information
2. Environment information of resources, skills and tools available
3. Current commitments
4. Learning’s from past developments
5. Policies and procedures
These catalogues will be usedduring the assessment of business needs. The catalogues will help
determine ICT Services capacity to accomplish the business request or to identify overlapping
Page 6 of 18
7. services or applications that might suit business needs reducing time and effort in meeting the
business demands.
Areas in more detail and suggested tools
Understand Business needs and requirements
This is a business analyst activity and should be conducted using business analyst skills and tools.
Documentation that should be produced because of this activity include
Project initiation document
Current state documentation
Project vision documentation
Business requirements documentation
Business process design documentation
This information helps in deciding on
project feasibility
refining the requirements of what is needed as opposed to what is expected
what will be delivered
what resources will be needed
Formalise the needs into a request
Before a project starts it is important to make sure that stakeholders’ and sponsors understand all the
information and the impacts of a project. These elements need to be agreed to before the project work
is started.
Champion the business needs and requirements when working on the request
This is an ongoing process and is “Customer Centric”. It stems from the requirements and is a
mindset of making sure that what is being produced or worked on is meeting the Customers’
Requirements.
Is the Customer happy right now?
Will the Customer be happy in the future?
Review Application for continual improvement
There are two points to application review
1. At completion of the development or project work or an element thereof
2. As a matter of continuous improvement
In carrying out application review to make sure that the application is meeting business demands a
balanced score card reviewed on a yearly basis is proposed. The balanced score cardsobjectives are
set when the application is initially launched.
It is suggested that each Application use a Balanced score card approach. This will help highlight
problems with applications opportunities to deliver better services to the business.
Page 7 of 18
8. Balanced score card template for application review tool
USER ORIENTATION BUSINESS CONTRIBUTION
How do users view the Application? How does business owner view the Application?
Mission: Mission:
To be the preferred Application for performing the To obtain a reasonable business outcome from IT
task Investments.
Objectives: Objectives:
User satisfaction Control of Application Expenses
Partnership with users Business Value of Application
Measure/Response: Measure/Response:
Initiatives/Fixes: Initiatives/Fixes:
OPERATIONAL EXCELLENCE FUTURE ORIENTATION
Does Application meet standards and How well is the Application Positioned to meet
requirements? future needs? How well is ICT situated to deliver
new application needs?
Mission:
To maintain standards, connectivity, version Mission:
control, security and business objectives To develop opportunities to answer future
challenges.
Objectives:
Efficient and Effective Developments Objectives:
Efficient and Effective Operations Meet changing business needs
Application Compliance Expertise of IT Staff
Measure/Response: Research into emerging technologies
Age of Application
Initiatives/Fixes: Measure/Response:
Initiatives/Fixes:
Figure 2
Application Development/ Acquisition
The development or acquisition of an application should be conducted in such a way that “best
practise” processes are used in making sure that the application delivered meets the formalised needs
Page 8 of 18
9. agreed to. This development cycle taken from PMBOK (project management body of knowledge)
and the Tasmanian Government project management framework is the suggested way in which
application development/acquisition is conducted and the following areas of project management
have been singled out as things to concentrate on
Application development / acquisition core areas include
o Scope management
o Time management
o Risk management
o Procurement management
o Cost management
o Communications
o Development quality
Overview Questions
There are 13 top level questions that can be asked. These questions help determine the robustness of
work done in running a development project for an application.
1 Do you have an agreed scope statement?
2 Do you know what activities you will be expected to do to achieve the scope?
3 Do you have the needed resources, People, Time, and Money?
4 Are you able to tell people when things will happen by referring to a time line estimate?
5 Have you been able to identify risks to the project and risk mitigation plans?
Have you created the appropriate procurement documentation, including requests and
6 responses?
7 Have you planned for the procurement selection process?
8 Do you have a budget?
9 Who needs information and status updates?
10 How will people get the updates or information that they need?
11 Is there a place where all the documentation is stored that is safe and central?
12 Do you know what you will need to test?
13 Do you have a test plan for testing?
Areas in more detail and suggested tools
Scope management
Make sure that all required work is understood. Make sure that only required work is undertaken to
complete the project and avoid scope creep through clear documentation and communication.
Create an agreed and signed scope statement
Create a list of task categories to help understand requirements of the agreed scope
Time management
Manage the time taken in completing the project
Schedule resources
Create an estimated timeline
Risk management
Identification, analysing and response planning to risks or opportunities that occur as a result of the
project
Page 9 of 18
10. Create a project risk register. Suggested format below
Risk Progress
Consequence Vulnerability Trigger Actions
Statement Report
Cost/Time/ What will
descriptio What will What can What is being
Quality cause the
n of risk happen being done done
Benefit/ problem
It is suggested that a spread sheet be populated with information as the result of a brain storm session
from those involved in the project.
Procurement management
Management of the process to purchase or acquire products or services
Create appropriate RFQ documentation
Get appropriate responses
Conduct selection and appointment process
This must be completed so that it meets department rules and requirements.
Cost management
Management to keep costs within agreed limits
Create a budget
Communications
Management of project information making sure that stakeholders are informed and information is
correctly captured
Identify who needs information
Plan how information will be communicated
Create a central communication repository especially for documentation, maybe for team
member collaboration
Development quality
Managing the quality of the delivered service or product
Create a list of deliverable features
Create a test plan of the deliverables
Compliance
Page 10 of 18
11. Adapted from Microsoft’s compliance framework this part of the framework clarifies the steps that
must be taken to make sure that an application meets laws, regulations and policies.
Compliance has six areas to consider. Each application or subsystem should be considered in
conjunction with each of these areas.
o Information Security / Access
o Business Continuity management
o Risk Management
o Legal compliance
o Business aligned (strategy)
o Procurement
Overview Questions
To help manage compliance eight top level questions can be asked.
1 Does the application meet information security needs?
2 Is the system able to withstand a disaster?
3 Have you identified all possible risks and opportunities?
4 Do you have a plan in place regarding the risks and opportunities?
5 Does the application meet all legal requirements?
6 Does the application adhere to all policies that impact the application?
7 Does the application meet strategic business goals?
8 Have all procurements and contractual arrangements been carried out correctly?
A suggested tool to help tease out all the compliance issues for an application could be something
along the following lines. Here an application is rated against each area of compliance, with
questions being asked about the expected compliance or the goal. What would constitute compliance
or what test applied would allow a positive rating. And then what actions need to be taken to make
the application compliant?
Application Name :
Recommended
Compliant Domain Expected/Goal Test Compliant Y/N Remedy Action
Information
security
Business continuity
Risk
Legal
Business aligned
Procurement
Areas in more detail and suggested tools
Information security / access
Making sure that information is securely housed and that all reasonable steps have been taken to safe
guard private and confidential information is an important compliance goal.
Business continuity management
Page 11 of 18
12. Can the business continue working in the case of a disaster? Under what circumstances can an
application recovery take place? How long will it take to recover all the data? Who is the first point
of call in a disaster?
These questions are an example of the type of questions that should be asked when ascertaining
wether business continuity needs have been met.
The Good Practice Guidelines for business continuity should be reviewed for information when
implementing business continuity practises.
Risk management
Many of the compliance areas for consideration if not managed correctly will impose risks.
“Risk management is the identification, assessment, and prioritization of risks followed by
coordinated and economical application of resources to minimize, monitor, and control the
probability and/or impact of unfortunate events or to maximize the realization of opportunities.” -
Wikipedia
“If it can’t be identified, it can’t be managed”. In dealing with risks that are inherent in the
management of applications the following is important that a sufficiently robust risk analysis be
conducted that uncovers any risks that need to be managed. Tools in accessing and managing risk are
Risk impact assessment matrix
Risk register
Risk Impact matrix
Catastrophic
5
High risks Significant risks
Moderate risks Low risks
4
Consequence
3
2
1 4 5
Rare 2 3
Almost Certain
Likelihood
Figure 3
Page 12 of 18
13. Raw risks identified as high or significant should receive further attention. Current risk mitigation
plans should be considered to ascertain if the application risk is within a tolerant range of if further
risk management plans need to be looked at.
Legal compliance
Making sure that an application development meets all legal standards and that IP and other such
legal matters are not compromised is important. When in doubt crown legal should be contacted for
support and information.
Business aligned (strategy)
The business goals and objectives while not being a legal requirement are extremely important to
make sure that they are implemented correctly. In doing this for each application it ensures that
application development and services time is not spent in areas that do not contribute to the overall
identified business goals and objectives
Procurement
There are procurement guidelines and policies and these need to be followed making sure that all
interaction between the agency and external suppliers is conducted correctly and according to the laid
out guidelines and directions.
Governance
Governance is normally something that applies to a government body or organisation as a whole. In
providing value to stakeholders when delivering application development services it is useful in
taking the concept of governance that is used at a helicopter view for an entire organisation or even a
large project and refining this to simple statements that help drive real value in the correct direction
keeping the correct focus (priority) of the applications business value.
Governance taken from COBIT5 works towards making sure benefits, risks and opportunities are
managed in a manner that provides comfort to all stakeholders
Governance talked about in this documentis concerned with governance of the application and the
applications life cycle only. Correct governance translates into consistent management, effective
guidance and granted power in achieving application value.
In viewing an applications life cycle there are three areas of governance thatneed to be controlled
1. Resources and how they are used during the application life cycle
2. Risks that are associated with an application and its life cycle
3. Benefits that can be realised because of an application through its life cycle
These areas of governance are driven by the governance scope and who is responsible for
governance.
Governance should not hinder management but rather assist management in achieving the desired
outcomes. What governance does do is make sure that allocated resources, risks and benefits are
balanced responsibly.
Overview Questions
To allow correct governance the following governance questions help clarify if governance is being
conducted appropriately.
Page 13 of 18
14. 1 Who is responsible for the governance decision?
2 Is there a defined capacity for action?
3 Do they have enough information to provide guidance?
4 What are the interactions points between governance and management?
Environment
A factor with significant impact is the environment within which an application will be developed.
The environment captures tools, resources, unit goals and process & practices. All of these impact an
applications development and life cycle.
The Environment is all of those elements that form part of the way in which the unit delivers its
services. This includes
Tools used
Resources of time, money and skill
The Units strategic goals as they relate to the agency goals
Practices, policies and culture of the unit
All of these things will impact the delivery of services and the unit’s outputs. A number of
management frameworks or methodologies can be used in managing these elements.
Documentation
Documentation is a constant and a very important part of every effort that is undertaken in delivering
an outcome. There is documentation in all aspects of the suggested activities in this framework.
Documentation is part of the expected activities of Business Analysis, Project management,
Governance, Compliance and Unit management. What happens to this documentation and the
ongoing need to make the information available is an important element of this framework.A good
documentation foundation enhances an applications ability to meet business needs throughout its life
cycle and especially looking into the future.
The documentation of an application should be maintained with consideration for static
documentation or documentation that is rarely changed and live documentation which is updated
regularly.
Archive Documentation
1. Development or implementation documentation including compliance and governance setup
2. Technical and end user documentation
3. Learning’s from project implementation (can be part of implementation documentation)
Live Documentation
4. Quick – Key application and management information
5. Issues tracking and resolution information
Page 14 of 18
15. Development or implementation documentation
Documentation that is generated during the analysis and implementation of an application should be
stored. This should be stored somewhere that is accessible and easy to find and link to other
documentation relating to an application. It will be infrequently accessed but will be of great help if
that type of information is needed e.g. a review of business analysis as to why an application was
chosen or procurement documentation.
The TRIM system should be considered as the best place for this type of information. This type of
documentation should be expected to be versioned and easily referenced. It will be the baseline and
include changes and enhancements that happen to an application over time.
Technical and end user documentation
Technical and end – user documentation should also be stored in a secure and accessible place.
Technical documentation gives developers, support staff and users the information that they need
when working with the application. It is important that this documentation be maintained up to date
as un-maintained documentation is frustrating and reflects badly on the application. Technical
documentation includes diagrams, interactive flow diagrams and written information.
This documentations accessibility is important especially for new users.
Application Management Matrix: Quick – Key application and management information
The ICT Business Services unit deals with many applications. It is important to be able to understand
an applications basic structure.
Areas of knowledge that enhance managements knowledge of an application are as follows
Business unit information - Information relating to the business unit that initiated and use the
application
Hardware infrastructure – What hardware is the application using
Software Infrastructure – Warranty, versioning, upgrade strategy
Application Management – Application interconnectivity, Dealing with the application
internal to ICT business system
Software Information – Proprietor information, contact details
Software usage and maintenance – Upgrade strategy, issues management
Skills and People – Skills needed, who has the skills
Cost of Ownership – What cost is there for running the application
All this information should be easily available in a database that is maintained allowing information
to improve management of applications. A software project has been started with the creation of the
Application Management Database as its goal. It is suggested that a database like this should be
expanded to house all of the relevant application management information pertaining to an
applications life cycle.
Information that should form part of this database would include user perception and balanced score
card information relevant to each application.
This information is live or active information and needs to be searchable and allow the manager to
create dynamic reports.
Page 15 of 18
16. In providing a database of this capacity one of the below alternatives will need to be adopted
1. The current application management database could be enhanced
2. A SharePoint solution could be investigated using SharePoint 2013 and many of the
enhancements within this system especially if SharePoint is to be relaunched and made the
central point of agency user knowledge and connectivity.
3. Look for an off the shelf application management software that will allow the above
information to be captured.
In considering what the application management software should achieve the following should be
considered
General application knowledge
Accessibility to the information
Ability to store external documentation e.g. .doc .vsd .xls and other files not just field entered
information
Ability to search the information
Easy and intuitive information maintenance
Easy to use interface paying attention to usability
Bugtracker/IT Helpdesk: Issues tracking and resolution information
This documentation really is part of the ongoing documentation that should be kept and is important
in understanding an applications usefulness, struggle points and cost of maintenance. There are two
systems being used at the moment
The TT system used by infrastructure help desk for support tickets
Bugnet
Querying issue tracking information and making this available as part of a management tool, allows a
clearer understanding of trends and future requirements that an application will need. Often this
information is used during the issue resolution by the technical support but not as a whole of
application overview. Drawing intelligence from what users are reporting can be very beneficial
when considering an application as a whole and should feed into the balanced score card suggested
earlier.
Bugnet at the moment is used only during application development. The TT system is used for user
incoming requests and raised problems. There may be the possibility to somehow integrate the
information from these systems. It may also be decided that having different systems is working well
at the moment. The struggle is that the more systems there are to maintain the less chance that the
systems or applications get usedeffectively.
Key questions to be asked when managing documentation
1 Do we have all the Key application information for ongoing management?
2 Have we captured and stored all generated documentation during implementation?
3 Are we recording all issues and problems effectively?
Page 16 of 18
18. Conclusion
This framework is not a definitive structure for managing applications but is a suggestion of how it
can be approached. It has strived to make the management of an application as simple as possible. All
along the way it has strived to put forward a group of questions that stimulate thoroughness, out of
the box thinking and accountability.
It has considered frameworks from a number of disciplines and selected elements that make sense for
use by DEDTA ICT Business Services application framework.
It is anticipated that elements of this framework if implemented will grow and be refined as
learning’s occur. When implementing this framework it is suggested that the Deming cycle of PDCA
(Plan, Do, Check, Act) be adopted. This paper should be considered as the first element in the cycle
being a plan of what could be implemented to improve application management. The ideas here need
to be implemented and tested to see if they are producing the desired results. Following this a
replanning covering shortfalls and gaps and ways to improve should then be undertaken making sure
that the unit is not burdened down with tasks that produce no value.
Figure 5
Page 18 of 18