Professional Documents
Culture Documents
Cost Estimation and Systems Acquisition
Cost Estimation and Systems Acquisition
processMax is a complete project management system, integrated with Microsoft Project, and is
guaranteed by pragma SYSTEMS to be compliant with CMMI-DEV.
With processMax, managers and their teams efficiently collaborate with step-by-step procedures,
integrated document management, risk management, automated workflow, and automated meas-
urement and reporting. processMax increases productivity, reduces defects, and manages risk.
Now available as a hosted service for both our subscription and perpetual licenses, processMax is
more affordable than ever. We manage the server, installation, updates, and upgrades.
More than 70 organizations have passed Level 2 and Level 3 appraisals with processMax, at a frac-
tion of the time and expense required by traditional methods.
GSA Schedule Contract NO. GS-35F-0559S. processMax is a registered trademark of pragma SYSTEMS CORPORATION.
Although processMax makes use of portions of “CMMI for Development, Version 1.2,” CMU/SEI-2006-TR-008, copyright 2006 by Carnegie Mellon University,
neither the Software Engineering Institute nor Carnegie Mellon University have reviewed or endorsed this product.
Copyright 2010 pragma SYSTEMS CORPORATION
This is a paid advertisement.
2 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
TECH VIEWS
Data as a Critical Service in Acquisition
By Thomas McGibbon, DACS Director
W
e all understand the importance of data to manage to key data within the Better Buying Power initiative. We are
any program, whether it is estimated data for partnering with the University of Southern California (USC)
planning purposes or actual data for monitoring Center for Systems and Software Engineering to develop this
project progress and performance. The importance of data toolkit, leveraging their knowledge in development of the
in managing systems acquisition programs, from a software COCOMO-based models.
intensive systems perspective, is particularly crucial when:
Several parametric cost estimation experts provide their
• Acquisition program requirements are complex and diverse insight on effective cost estimation methods using historical
• Large and complex software and systems development data throughout the systems acquisition lifecycle:
teams are being used, including teams of teams
• Users specify requirements and accept systems, but are • Throughout the systems acquisition lifecycle, the
not part of the development process Government has to develop independent systems cost
• Complex and difficult to understand system architectures estimates. William Roetzheim, in his article Parametric
are used Modeling to Support Systems Acquisition, describes the use
• Many complex legal issues exist (e.g., contracts, copyrights, and benefits of parametric models for estimation, starting
warranties) from the very earliest phases of the lifecycle.
• Arlene Minkiewicz of PRICE Systems, and a frequent
Cost data, in particular, plays a key role in acquisition author for the DACS Journal, describes a strategy for being
planning, making affordability trade-off decisions, and able to defend cost estimates in her article Selling Your
monitoring acquisition performance. Cost estimation is a key Cost Estimate. Having good data is an important factor.
activity underlying all of systems acquisition management, • Another article describing the importance of historical
where in many cases estimates need to be made long before data and its use for estimation and understanding of the
critical decisions have been finalized or much is known about impacts of changes is the article by Kate Armel, from
all of the key requirements. Historical cost data, or models Quality Software Management, Inc., entitled History is the
built on historical data, are used to generate cost estimates. Key to Estimation Success. In this article she shows, from
However, interpreting what is in the data, and the relationships a database of over 1,000 historical projects, the impact
of data to outcomes, remains a key challenge. on cost and quality of small changes to project team size.
This issue of the DACS Journal looks at the role of cost We also include an article addressing current research in cost
estimation and data in systems acquisition management. estimation. A serious challenge to estimators is developing
We have assembled a group of leading subject matter experts credible estimates well before a system solution is conceived.
in systems acquisition and cost estimation to share their Addressing this, the SEI’s Cost Estimation Research Group
knowledge. describes their work in An Innovative Approach to Quantifying
Uncertainty in Early Lifecycle Cost Estimation. In it, they
Our lead article, The Need for “Acquisition Visibility”, written describe their proposed methods for pre-Milestone A cost
by Mr. Mark Krzysko, the Deputy Director of the Enterprise estimation.
Information and Office of the Secretary of Defense Studies,
provides an outstanding discussion and sets the stage for In the article Outcome-Based Software Acquisition, Roger
describing the need for data – data as a service - to support the Stewart and Lew Priven describe the use of standards-based
“Better Buying Power” initiative of the DoD, and how that Inspections and supporting tools to achieve an auditable and
need is being addressed. actionable outcome-based acquisition process.
The DACS has, for many years, endorsed and implemented We close out this issue of the DACS Journal with the article
this vision of data as a service. With this issue of the DACS A Roadmap for Reforming the DoD’s Acquisition of Information
Journal, in the article The DACS Software & Systems Cost and Technology from John M. Gilligan, former Air Force Chief
Performance Analysis Toolkit, we are announcing the addition of Information Officer (CIO), who describes an effective five-
a new data service and resource to provide representative cost point program to improve DoD IT acquisition processes.
data to support the software intensive systems acquisition and
cost estimation communities, in line with the vision of access
O
n September 14, 2010, then Under Secretary of averaging 22 months.4 While DoD worked closely with GAO
Defense for Acquisition, Technology and Logistics to review their conclusions, the scope of the portfolio is real.
(USD(AT&L)), Dr. Ashton Carter, provided
guidance to acquisition professionals regarding the “Better Better Buying Power provided a strategic foundation to
Buying Power” initiative. The Department of Defense implement change, but acquisition leadership still needed to
(DoD) introduced Better Buying Power – with broad support answer a tough but appropriate question: did DoD have the
from senior DoD leadership – to improve acquisition value right information or systematic processes to address acquisition
through increased competition, tradecraft, productivity and management, oversight and process complexities and achieve
incentives. Better Buying Power also focused heavily on how efficiencies that provided better value to the Warfighters and
the Department managed its complex acquisition portfolio taxpayers? In the September 14, 2010, Better Buying Power
by challenging the workforce to improve critical acquisition guidance memorandum to acquisition professionals, Dr. Carter
management, oversight and processes. The Department emphasized the use of data to answer this question.
would achieve better acquisition management and processes,
according to Better Buying Power, with a greater focus on cost, “We have analyzed data on the Department’s
affordability and performance – elements that were becoming practices, expenditures, and outcomes and
increasingly important as DoD faced growing scrutiny on its examined various options for changing our
acquisition programs. practices. We have sought to base the specific
actions I am directing today on the best data
The timing of Better Buying Power was no surprise. In the Department has available to it. In some
2010 the Department’s Major Defense Acquisition Program cases, however, this data is very limited. In
(MDAP1) portfolio grew to over $1.7 trillion across the life these cases, the guidance makes provision for
of the programs, an almost 60% increase from acquisition future adjustments as experience and data
numbers reported ten years earlier.2 The $1.7 trillion did accumulate so that unintended consequences
not account for certain operations and sustainment costs, c a n b e d e t e c t e d a n d m i t i g a t e d .” 5
the Military Department’s smaller acquisition programs, or
Major Automated Information Systems, adding billions to The message was clear: data and information were key to
an already incredible portfolio. DoD’s acquisition processes managing, overseeing and streamlining processes within the
were also the subject of ongoing Congressional scrutiny and acquisition portfolio, but DoD would require diligence to
numerous Government Accountability Office (GAO) and obtain it. Data offered innovative perspectives on acquisition
DoD Inspector General (IG) investigations.3 Highlighting processes, delivering the necessary insight into acquisition
significant management and oversight issues, the GAO claimed cost, performance, affordability and other critical elements.
that development costs for acquisition programs were as much Empowered with data, DoD leadership could report, analyze,
as 42% higher than original estimates, with program delays and make informed decisions on the Department’s complex
acquisition portfolio. This is the focus of this article.
1 10 U.S.C. 2430 defines a Major Defense Acquisition Program as a program
that the Secretary of Defense defines as a major program (non classified), estimates Prior to Better Buying Power, the Director of Acquisition,
that total expenditures for research, development, test and evaluation will exceed
$365,000,000, or estimates that total expenditures for procurement will exceed Resources and Analysis (ARA), an organization under the
$2,190,000,000.
4 U.S Government Accountability Office, Assessment of Selected Weapon Programs,
2 Budget data from the Defense Acquisition Management Information Retrieval GAO-09-326SP, March 2009, p. Highlights.
System
5 Dr. Ashton Carter Memorandum for Acquisition Professionals, Subject: Better
3 A listing of GAO and IG reports on defense acquisition issues and investigations Buying Power: Guidance for Obtaining Greater Efficiency and Productivity in Defense
can be found at http://www.gao.gov and http://www.dodig.mil. Spending, September 14, 2010, p. 1.
4 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
THE NEED FOR “ACQUISITION VISIBILITY” (CONT.)
USD(AT&L), led a parallel effort to support the reformation provide dramatically better insight to leadership about how
of acquisition management, oversight and departmental DoD oversaw and managed its acquisition programs. This
business processes. The Director, ARA directed a small team also provided leadership awareness into how DoD’s industry
to focus on using structured data to provide insight on how the partners were performing against their requirements and
Department viewed and managed its acquisition portfolio. Key obligations. As data requirements increased, Acquisition
areas of focus were data governance and using data as a service. Visibility quickly became the single source for acquisition
In conjunction with the Military Departments, the team information across the Department.
demonstrated it could identify authoritative sources of major
acquisition information; have consistent, semantic definitions An Effective Capability Through Agility
across the Department; measure data for accuracy, reliability While Acquisition Visibility provides important information
and availability; and provide it to acquisition leadership for to acquisition decision-makers, it is more than a technical
use in any visual tool giving them data-driven insight into the capability which shares information across the Department. The
major acquisition portfolio. service is the authoritative source for acquisition information,
acquisition information definition and the foundation for how
These efforts were part of a pilot that went from concept acquisition leadership oversees, manages, reports and analyzes
to execution in under 60 days – a short order for a complex its major acquisition portfolio. It delivers the core service for
Department of Defense. The team extracted performance the USD(AT&L)’s acquisition oversight, accountability and
data elements of 12 major weapons programs and presented strategic decision making. Acquisition Visibility leverages
this data to leadership within a service-oriented environment. internal net-centric services from OSD defense agencies as
DoD leadership would manage this service Department-wide well as engineering and technical expertise from the Military
with the goal of supporting reporting, analysis and decision Departments and industry partners. Components now provide
making. Although the pilot represented a small subset of accurate, structured, acquisition information – via AV SOA
acquisition data and programs, it demonstrated two important as the core element of net-centricity – immediately to the
achievements: first, DoD could manage and govern acquisition USD(AT&L) and senior decision makers.
information with technologies and techniques such as Service
Oriented Architecture (SOA) and semantics; second, DoD Acquisition Visibility does not impose uniform business
could provide data and information as a service in a near real- processes across the DoD acquisition community, replace
time environment. The ability for this team to reach across current applications and tools or implement an “IT solution”.
DoD and work closely with the Military Departments showed It benefits from best practices, SOA and existing technical
transcendence of organizational boundaries, infrastructures, infrastructure to gain access to transparent, acquisition data
organizational prerogatives, and security models. Acquisition without having to maintain a single data strategy or common
data – once held tightly by those processes – was now transparent infrastructure – each Component optimizes their business
and understood. The USD(AT&L) saw the potential structured processes and leverages technologies as appropriate. Data
data could have on acquisition management, oversight and governance ensures access to Component-managed acquisition
business processes and expanded the pilot to determine information and defines data for consistency, accuracy
its full capability. Additionally, he sought an on-demand and reliability across the Department. Governance also
environment that could provide data across the enterprise establishes definitive semantic meaning to the business rules
seamlessly and efficiently. This capability became known as so Components share acquisition information consistently
Acquisition Visibility (AV), which transitioned from pilot to within the AV environment. This enables Components,
implementation, formally effective in July 2009. The number leadership and acquisition stakeholders to view and measure
of acquisition programs covered under Acquisition Visibility data uniformly and promotes information quality assurance
tripled during this transition and the team worked across the when it comes to data reporting and analysis.
Department to apply structured acquisition data to other uses.
They began to automate reporting to immediately comply with Multiple delivery teams support Acquisition Visibility
internal and Congressional reporting requirements and reused providing functional, technical and data expertise. Acquisition
data to develop multiple reports at the same time. In support Visibility now covers all major defense acquisition programs,
of other organizations, including the Office of Performance by sharing sustainment, operating costs and earned value
Assessments and Root Cause Analyses, DoD began to explore management data among other acquisition information.
the use of data analytics, using business intelligence tools to AV leadership has transitioned the service into a production
environment and grew the number of acquisition data elements leadership, the use of best business practices, and technical
to over 700 bringing additional, more relevant information competency within the Federal Government. Implementing
to acquisition decision makers. The Department will add this service required a significant amount of leadership,
the Major Automated Information Systems and non-MDAP change management, and alignment of disparate defense
acquisition programs to this information paradigm in the organizations from Acquisition Visibility delivery teams.
near future. Figure 1 below provides a visual of Acquisition Teams constantly engaged and collaborated with acquisition
Visibility and its core services. In support of Acquisition organizations across the Department. They remained flexible
decision making, DAES6, SAR7, UCR8, DAB9 and APB10 to address leadership’s ever-changing data, service and technical
are legislative reporting requirements or decisions forums that requirements. Support constantly evolved as Acquisition
leverage acquisition information via Acquisition Visibility. Visibility adapted to and embraced cutting-edge technologies
and concepts improving performance. In addition, AV
A Case Study for Change leadership deliberately used agile methodologies to create
Acquisition Visibility is a case study in cross-organizational synergies among delivery teams, including the Components,
to meet strategic, functional, data and technical requirements
6 The Defense Acquisition Executive Summary is an early warning report. DAES more effectively.
reports program assessments (including interoperability), unit costs (10 U.S.C.
2433), and current estimates. It also reports the status of exit criteria and vulner-
ability assessments (31 U.S.C. 9106). Acquisition leadership agrees this remains an optimal
approach despite the need for perpetual agility. By having
7 In accordance with 10 U.S.C. 2432, the Secretary of Defense will submit a
Selected Acquisition Report to Congress for all MDAPs. The program manager
instant access to authoritative acquisition information,
will use the Defense Acquisition Management Information Retrieval application to leadership has insight into major acquisition programs
prepare the SAR. more effectively. Performance data ensures Components are
8 A Unit Cost Report is a quarterly written report on the unit costs of an MDAP meeting cost, budget and specification targets while offering
submitted by the program manager on a quarterly basis to the service acquisition clues as to why certain programs may not be meeting their
executive (10 U.S.C. 2433). performance objectives. Data-driven decisions will help
9 The Defense Acquisition Board is the Department’s senior-level forum for the Department address and overcome current and future
advising the USD(AT&L) on critical decisions concerning selected Acquisition acquisition challenges, whether organizational, budgetary
Category I programs.
or technical. The Department can reliably report on the
10 The Acquisition Program Baseline reflects the threshold and objective values for performance and status of each major acquisition program to
the minimum number of cost, schedule, and performance attributes that describe stakeholders – and Congress – to improve transparency. The
the program over its life cycle. he APB satisfies the requirements in 10 USC 2435
and 10 USC 2220 for Acquisition Category I Programs. ability to capture growing amounts of acquisition information
6 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
exposes the Department to the strengths of data analytics, to be agile with a focus on immediately – both effectively and
providing leadership with even more powerful information efficiently – responding to acquisition leadership.
to drive critical decision making and oversight in the future.
Table 1
Action or Activity Impact on Acquisition Management and the Acquisition Portfolio
Development of an • Structured acquisition information to manage the $1.7 trillion acquisition portfolio
information sharing • Data serves as the foundation for AT&L reporting and analysis
framework • Measures for implementing the (USD)AT&L’s Better Buying Power Initiative
• Compliance with statutory reporting, organizational and analytical requirements
• A service that shares acquisition information to leadership within an on-demand environment versus
ad hoc briefings
Deliberate and • Requirements definition to delivery within 60 days
perpetual use of agile • Collaboration among all delivery teams produces a shared services mentality
methodologies • Ability to implement new information requirements consistently and quickly across all delivery teams
and the Department
• Mitigate single points of failure through the inclusion of delivery teams in all efforts
• Achieve the ultimate goal of being responsive to the customer (USD(AT&L))
Viewing Acquisition Visibility from strategic, functional Functional Perspective: Customers who use service providers
and technical perspectives provides insight as to why the rarely consider the processes or technical infrastructure needed
Department created this service to be the authoritative source to meet their requirements; they simply demand the service
for acquisition information and the primary tool to improve they request as expeditiously as possible. A key component
management, oversight and decision making on the acquisition to Acquisition Visibility’s success is the delivery teams’ focus
portfolio. These perspectives highlight how and why specific on end-users’ (customers) requirements for acquisition
techniques were used, their impact to operations, and the information. Thus, the service provides the right information
benefits of using these strategies, so other organizations can through functions that are easy to use while meeting leadership’s
replicate similar techniques across Department. demands at the same time. USD(AT&L) leadership ensures
collaboration across organizational boundaries to obtain
Strategic Perspective: Acquisition Visibility was an effective acquisition information. This collaborative environment lets
means to provide structured, and eventually unstructured, delivery teams not only understand the type of information
acquisition data and reports to leadership and acquisition end-users need, it also allows them to understand how end-
stakeholders. Use of acquisition information – as a service – users would like to obtain, access and see the data. Governance
exploded as DoD leadership realized the value of authoritative, and enterprise-level business process modeling (Table 2)
reliable acquisition information to manage, oversee and support streamlines and aligns business processes and rules across the
informed decision making on major acquisition expenditures. Department to allow Acquisition Visibility to meet acquisition
Consequently, Acquisition Visibility’s vision and mission has data requirements more effectively (Components maintain the
adapted since its pilot/implementation phase to account for flexibility to management their own internal data processes as
the USD(AT&L)’s data requirements and growing uses for appropriate).
acquisition information. DoD leadership expects and requires
timely, “ground truth” information regarding the acquisition Technical Perspective: AV leadership’s insistence to be
portfolio, and Acquisition Visibility evolved into the service “world class” in technical delivery is the nucleus for sharing
that provides it to them. What was once organizationally acquisition information (Table 3). Acquisition Visibility
consuming to manage (data), is now a real-time data service is an information service that relies heavily on systems and
executed by strong governance and technical competency. To software engineering and other technical best practices such
implement this type of service, AV leadership needed a strategic as cloud computing and open source software to achieve its
information framework to manage acquisition information objectives. The use of technical best practices and services
across the Department (Table 1). This framework needed provides delivery teams flexibility when managing technical
to identify data requirements, support both functional and requirements, reduces Acquisition Visibility’s footprint and
technical processes, and posses the appropriate infrastructure organizational impacts across DoD, and provides delivery
to connect with acquisition leadership. This framework needed teams access to cutting-edge tools to address unique, changing
Table 2
Action or Activity Impact on Acquisition Management and the Acquisition Portfolio
Enterprise-level data • Data transparency and accountability for informed decision-making on acquisition programs
governance • The ability to access and obtain Component-managed data and infrastructure specifications
• Consistent and defined acquisition data for multiple uses across the Department
• A structure for working within a disparate and bureaucratic environment
• Identifies the authoritative sources of acquisition data and where they maintain the data
Adoption of business • Consistent processes for working with acquisition portfolios across DoD
process modeling • Easily incorporates new stakeholders or acquisition information into the AV environment
techniques • Scalable processes that account for the complexities of meeting unique data requirements
• Process clarity and cross-team integration by illustrating roles and activities across DoD
Table 3
Action or Activity Impact on Acquisition Management and the Acquisition Portfolio
Use of SOA as the core of • Creates a comprehensive, shared services environment with the ability to get acquisition information
net-centricity to leadership instantaneously
• Components transition at their own pace without sub optimizing processes and information reporting
• Less system-to-system / point-to-point coupling via an enterprise-wide information broker
• Leadership has single access to Component-managed data and infrastructure
• Avoids costly future integration efforts for data providers by streamlining data collection and
dissemination
Focus on leveraging • Access to existing DoD infrastructure via enterprise messaging reducing hardware costs to OSD and
services and tools that Military Departments
already exist • Lightweight and flexible information sharing that complies with Joint specifications
• Reduces network load across Component acquisition systems
• Minimizes re-training and work stoppages since Components spend less time implementing new
services
• Ensure information exchange efficiencies as more data sources are consumed
Publish and subscribe • Unifies the Services and Component acquisition community with a federated information sharing
approach approach that reduce costs and significantly improves timeliness and reliability
• Opportunities for more real-time data capabilities for information analysts/users and tools
information demands. This information service is a federation among the Components. As these types of techniques mature,
of software and data of various servers across OSD and the Acquisition Visibility can continue to serve as a technical model
Military Departments to promote internal cooperation among that utilizes the most advanced technologies and best practices
Components. Strong information stewardship ensures the while reducing costs and the overall technical footprint.
best value regardless of where the servers are located. The use
of both organic and private industry expertise with systems Figure 2 below depicts Acquisition Visibility’s maturity and
and software engineering, SOA and data governance enables growth since its inception as a pilot program three years ago.
Acquisition Visibility to provide leadership strong support Three perspectives measure Acquisition Visibility’s maturity.
despite the varying complexities of security, architecture and First is the functional growth and improvements to Acquisition
infrastructure. As the amount of information shared across Visibility (Y-axis). Second is the increase of acquisition
the service continues to expand, DoD has looked to more information shared across DoD as acquisition leadership
automated and accurate ways to share acquisition data. Just took a combination of organizational and technical steps to
last year, acquisition leadership worked with Components improve data delivery (X-axis). Third is a combination of both
to implement a Department-wide “publish and subscribe” perspectives: DoD realizes capability synergies and achieves
process. This process allows leadership to pull data from technical transformation.
the various acquisition portfolios making data more readily
available to leadership and promoting better data quality
8 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Figure 2: Acquisition Visibility’s Maturity and Growth
10 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
QA Wizard® Pro
[ [
Automated Testing
www.seapine.com/gsa
Satisfy your quality obsession.
Change Management
Seapine CM®
Configuration Management
Surround SCM®
© 2009 Seapine Software, Inc. All rights reserved.
TestTrack® Studio
Test Planning & Tracking
Satisfy Your Quality Obsession
Software quality and reliability are mission critical. The size, pervasiveness, and complexity of
today’s software can push your delivery dates and budgets to the edge. Streamline communication,
improve traceability, achieve compliance, and deliver quality products with Seapine Software’s
scalable, feature-rich application lifecycle management solutions:
Designed for the most demanding software development and quality assurance environments,
Seapine’s flexible cross-platform solutions adapt to the way your team works, delivering maximum
TestTrack® Pro
Visit www.seapine.com/gsa
T
Overview of Current Toolkit Capabilities
he goal of Data and Analysis Center for Software
(DACS) Software & Systems Cost and Performance Currently, the Software & Systems Cost and Performance
Analysis Toolkit (S2CPAT) is to capture and analyze Analysis Toolkit can display statistics about all of the software
software and software engineering data from completed projects in the database as well as allow users to specify search
software projects that can be used to improve a) the quality criteria to select software projects of interest based on project
of software –intensive systems and b) the ability to predict size and application domain. The current version of the toolkit
the development of software –intensive systems with respect provides some standard statistical analyses of the selected
to effort and schedule. projects.
The toolkit allows users to search for similar software projects In addition, there is a data submission capability that
and use the data to support: allows users to submit additional projects to the toolkit so
that the toolkit can grow and better reflect changing software
1. Rough order of magnitude estimates 1 for software development approaches, languages, and tools.
development effort and schedule
2. Project planning and management: life cycle model Overview of Statistical Analysis Capabilities
information, key risks, lessons learned, templates, Before searching for information about specific projects
estimation heuristics in the toolkit, the user can first review general information
3. Software engineering research. about the toolkit contents related to distribution of projects
12 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
DACS SOFTWARE & SYSTEMS COST AND PERFORMANCE ANALYSIS TOOLKIT (CONT.)
by software size and effort, application domain, software After the submission, the
operating environment, and development languages, as shown system will pop up messages The following Government
personnel are to be
in Figure 1. The upper left chart in Figure 1 shows an example as shown in Figure 5. The acknowledged for their
scatter chart with software size on the y-axis and effort (labor user can either choose efforts in sanitizing and
hours) on the x-axis. The upper right chart in Figure 1 shows to update the previously releasing the Software
a distribution of the toolkit projects across application domains submitted data or submit Resources Data Report Data:
(note that the current domains primarily reflect DoD types of another new data point.
• Wilson Rosa, Ph.D.,
projects). The two lower charts illustrated project distributions Technical Advisor,
by operating environment (primarily military environments/ When a user submits a set Information Technology
platforms) and development language. of data for incorporation into Division, Air Force Cost
the toolkit, the validation Analysis Agency
Searching Function with Output Statistics • Christopher Zember,
team analyzes the data Deputy Director, DoD
To select a subset of the projects in the toolkit for analysis, to ensure that the proper Information Analysis
users can use the query parameters for software size (specific counting rules were used Centers, Defense
value with an optional ± range, application domain, primary and that the data can be Technical Information
Center
development language, and operating environment. User aggregated with the rest of
• Paul Engelhart, DACS
queries can specify one or more of these query parameters the toolkit data to support Contracting Officers
using the fields shown in Figure 2 . The toolkit returns an future toolkit queries. Once Representative, Air Force
aggregated response to the user query based on the toolkit the user-submitted data is Research Laboratory
records that match the specified parameters. Note that in order validated, it is incorporated Information Directorate
to protect the identity of the specific projects in the toolkit, into the toolkit. Currently,
results are provided only for those queries that result in at least the DACS toolkit team is working on a reward system that will
four records with no one organization providing more than provide custom analyses and reports for those organizations
50% of the data points. that contribute data directly to the toolkit.
After the user inputs the query conditions, and clicks on Initial Toolkit Contents
“Search”, the statistics results (Average, Median, Min, and Max)
and more direct visualization such as bar charts or pie charts The initial release of the DACS Software & Systems Cost and
for all the measures (Productivity, Size, Effort, Duration, Peak Performance Analysis Toolkit will contain Software Resources
Staff, SW Effort Distributions, Staff Experience Distribution, Data Report (SRDR) data provided by the Air Force [1]. This
CMMI Level, Operating Environments, Developing Process, data has been sanitized for public release by the US Department
Primary Language) are displayed for those projects for which of Defense (DoD) and validated by a DoD-funded academic
the data is available. Figure 3 illustrates the format of this research team. (see sidebar) Efforts are also underway at the
output using random test data. University of Southern California (USC) Center for Systems
and Software Engineering (CSSE) to obtain permission
Submitting and Updating Software Data from their affiliates to migrate the academic COCOMO II
The data submission user input screens, illustrated in Figure calibration data into the DACS Software & Systems Cost
4, are primarily based upon information available from the and Performance Analysis Toolkit. Efforts are also underway
DoD Software Resources Data Report (SRDR) forms [1] to include additional DoD SRDR data in the toolkit as it is
and COCOMOII parameters [2]. The explanation of each approved for public release. Individual project data submitted
data item is displayed when the user hovers the mouse on to the toolkit will capture both the SRDR and COCOMO II
associated with the field. fields so that a richer set of software development performance
analyses can be supported in the future.
Data & Analysis Center for Software (DACS) 13
DACS SOFTWARE & SYSTEMS COST AND PERFORMANCE ANALYSIS TOOLKIT (CONT.)
Planned Schedule
• Make the beta version available for general review and
Currently the toolkit has been presented at several software comment by January 15, 2012
measurement-related conferences and workshops and has • Solicit comments/suggestions during the rest of January
evolved to a beta version as a result of these reviews and and early February 2012
comments. Current plans are to: • Incorporate comments late in February 2012
14 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Figure 4. Submitting Data
• Roll out the initial release for general access, populated Value-Based Software Engineering. His dissertation title is
with the SRDR data currently approved for public release “Value-based, Dependency-aware Inspection and Testing
in early March 2012. Prioritization”. He has published over 10 papers in the software
To obtain additional information about accessing the beta engineering field and was awarded the Best Paper Awards from
or initial release version or to get the latest information on the HICSS 2010 and PROMISE 2011. He also interned with
toolkit, go to http://www.thedacs.com/databases/SSCPAT/. IBM Rational in 2010 and Galorath Incorporated in 2011. He
obtained his master degree in 2008 from Institute of Software
References Chinese Academy of Sciences and bachelor degree in 2004
[1] SRDR data contents and format: http://dcarc.pae.osd. from Beijing Normal University, all in Computer Science.
mil/Policy/csdrReporting.aspx
Jo Ann Lane is a research assistant
[2] Boehm, B., C. Abts, A. Brown, S. Chulani, B. Clark, E. professor at the University of Southern
Horowitz, R. Madachy, D. Reifer, and B. Steece. 2000. California Center for Systems and Software
Software cost estimation with COCOMO II. Upper Saddle Engineering, conducting research in the
River: Prentice Hall. areas of software engineering, systems
engineering, and system of systems
engineering (SoSE). She was a co-author
About the Authors
of the 2008 Department of Defense
Qi Li is a Ph.D candidate and research Systems Engineering Guide for Systems of Systems. Current
assistant at the Center for Systems and areas of research include SoSE processes, SoSE cost modeling,
Software Engineering, University of and SoS constituent system interoperability. Prior to her
Southern California, and his advisor current work in academia, she was a key technical member of
is Dr. Barry Boehm. He is also the Science Applications International Corporation’s Software and
lead developer for S2CPAT. His Systems Integration Group for over 20 years, responsible for
current research interests mainly focus the development and integration of software-intensive systems
on Empirical Software Engineering, and systems of systems. She received her PhD in systems
with special interests on Software engineering from the University of Southern California and her
Cost Estimation & Modeling, and Master’s in computer science from San Diego State University.
[ ]
There are known unknowns… a rough order of magnitude estimate based on
But there are also unknown unknowns, relevant industry data.”
The ones we don’t know
“Rough order of magnitude??? My boss will
We don’t know. never accept that much risk on a fixed price
—Secretary of Defense Donald Rumsfeld, February 2002 bid! Isn’t there some general rule of thumb we
can apply?”
I
t was late afternoon in April of 1999 when the phone in my
office rang. The conversation went something like this: Welcome to the world of software cost estimation where the
things we know – the known knowns - are often outweighed by
“This software estimate just landed on my desk and I the things we don’t know. Numerous estimation methods exist.
need to finish it by close of business today to support a fixed Scope is described using effort, delivered code volume, features,
price bid.” or function points. Expert judgment, Wideband Delphi, top
down, bottom up, parametric and algorithmic models each
“What can you tell me about this project?” have their determined champions. But regardless of method, all
estimates are vulnerable to risk arising from uncertain inputs,
“We’re rewriting an existing mainframe billing system requirements changes, and scope creep. Skilled estimators and
developed in COBOL. The new system will be written in better methods can reduce this risk, but they can’t eliminate
C++, so it should be much smaller than the old system.” it. Thus, the ability to identify and account for uncertainty
remains a vital component of successful risk management.
“Great –perhaps we can use the existing system as a rough
baseline. How big is it?” Estimation Accuracy vs. Estimation Usefulness
How accurate is the average software cost estimate? Industry
“I don’t have that information.” statistics vary as widely as the estimates they seek to measure.
One oft-cited study – the Standish Group’s Chaos Report –
“Will this be a straight rewrite, or will you add new concludes that only one third of software projects deliver the
features?” promised functionality on time and within budget1. A later
IEEE study2 noted several gaps in the Standish Group’s criteria
“Not sure – the requirements are still being fleshed out.” for estimation accuracy:
“What about resources? How many people do you have …the [Standish] definitions don’t cover all
on hand?” possibilities. For instance, a project that’s within
budget and time but that has less functionality
“Not sure – the team size will depend on how much work doesn’t fit any category. … The Standish Group’s
must be done... which we don’t know yet.” measures … neglect under runs for cost and time
and over runs for the amount of functionality.
“Can we use some completed projects to assess your
development capability?” When studies rely on different definitions of estimation
success or failure, we should expect their assessments of
“Sorry, we don’t have any history.” estimation accuracy to exhibit considerable variability. The
existence of different standards raises an intriguing question:
“That’s OK –even without detailed information on scope, what makes an estimate “accurate”?
resources, or productivity we should still be able to produce
16 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
HISTORY IS THE KEY TO ESTIMATION SUCCESS (CONT.)
Brooks, most software professionals now accept the existence this, but the human mind is poorly equipped to account for
and validity of these tradeoffs but as Brooks himself once non-intuitive exponential relationships on the fly.
ruefully observed, quoting famous maxims is no substitute
for managing by them. Without historical data, estimators must rely on experience
or expert judgment when assessing the potential effects of small
With so many unknowns out there, why don’t we make changes to effort, schedule, or scope on an estimate. They can
better use of what we do know? Most software “failures” are guess what effect such changes might have, but they cannot
attributable to the human penchant for unfounded optimism. empirically prove that a change of the same magnitude may be
Under pressure to win business, organizations blithely set beneficial in one case but disastrous in another. The presence
aside carefully constructed estimates and ignore sober risk of an empirical baseline removes much of the uncertainty
assessments in favor of plans that just happen to match what and subjectivity from the evaluation of management metrics,
the company needs to bid to secure new business. Lured by allowing the estimator to leverage tradeoffs and negotiate more
the siren song of the latest tools and methods, it becomes all achievable (hence, less risky) project outcomes. One of the
too easy to elevate future hopes over past experience. This most powerful of these project levers is staffing. A recent study
behavior is hardly unique to software development. Recently of projects from the QSM database5 used 1060 IT projects
two economists (Carmen Reinhart and Kenneth Rogoff) cited completed between 2005 and 2011 to show that small changes
this tendency to unfounded optimism as one of the primary to a project’s team size or schedule dramatically affect the final
causes of the 2008 global financial crisis. Their exhaustive cost and quality. To demonstrate the power of the time/effort
study of events leading up to the crash provides powerful tradeoff, projects were divided into two “staffing bins”:
evidence that optimism caused both banks and regulators
to dismiss centuries-old banking practices. They dubbed • Projects that used small teams of 4 or fewer FTE staff
this phenomenon the “This Time Is Different” mentality4. • Projects that used large teams of 5 or more FTE staff.
Citing an extensive database of information gleaned from
eight centuries of sovereign financial crises, bank panics, and The size bins span the median team size of 4.6, producing
government defaults, Reinhart and Rogoff illustrate a pattern roughly equal samples covering the same size range with no
that should be depressingly familiar to software professionals: overlap in team size. Median team size was 8.5 for the large
without constant reminders of
past experiences, our natural
optimism bias makes us prone Construct & Test Avg. Staff vs. System Size
100
to underestimate risk and
overestimate the likelihood of
positive outcomes.
18 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
team projects and 2.1 for the small team projects, making the ratio of large median to small median staff approximately 4 to
1. The wide range of staffing strategies for projects of the same size is a vivid reminder that team size is highly variable, even
for projects of the same size. It stands to reason that managers who add or remove staff from a project need to understand the
implications of such decisions.
Regression trends were run through each sample to determine the average Construct & Test effort, schedule, and quality
at various points along the size axis. For very small projects (defined as 5000 new and modified source lines of code), using
large teams was somewhat effective in reducing schedule. The average reduction was 24% (slightly over a month), but this
improved schedule performance carried a hefty price tag: project effort/cost tripled and defect density more than doubled.
For larger projects (defined as 50,000 new and modified source lines of code), the large team strategy shaved only 6%
(about 12 days) off the schedule but effort/cost quadrupled and defect density tripled.
At 5K ESLOC Schedule (Months) Effort (Person Hours) Defect Density
(Defects per K ESLOC)
Small teams 4.6 1260 3.7
Large teams 3.5 4210 9.2
Avg. Difference
-24% 334% 249%
(Large team strategy)
At 50K ESLOC
Small teams 7 3130 1.2
Large teams
6.6 13810 3.9
Avg. Difference
-6% 441% 325%
(Large team strategy)
The relative magnitude of tradeoffs between team size and schedule, effort, and quality is easily visible: large teams achieve
only modest schedule compression while causing dramatic increases in effort and defect density.
10 10
1 1
0.1 0.1
0.1 1 10 100 1,000 0.1 1 10 100 1,000 10,000
Effective SLOC (thousands) Effective SLOC (thousands)
1,000
100
10
10
1
1 0.1
0.01
0.1 0.001
0.1 1 10 100 1,000 10,000 0.1 1 10 100 1,000 10,000
Effective SLOC (thousands) Effective SLOC (thousands)
What else can the data tell us about the relationship between team size and other software management metrics? A 2010
study by QSM consultant and metrics analyst Paul Below found an interesting relationship between team size and conventional
productivity (defined as effective SLOC per unit of construct and test effort). 6 To make this relationship easier to visualize,
Paul stratified a large sample of recently completed IT projects into 4 size quartiles or bins, then broke each size bin into sub-
quartiles based on team size. The resulting observations held true across the entire size spectrum:
To see the relationship between average productivity and project size, compare any four staffing quartiles of the same color
in the graph below from left to right as size (bottom or horizontal axis) increases:
As the quartiles increase in size (bottom axis), average productivity (expressed as SLOC per Person Month of effort on the
left-hand axis) rises. The slope is reversed for projects of the same size (i.e., within a given size quartile). To see this, compare
the four differently colored box plots in the second size quartile highlighted in blue. The size and staffing vs. productivity
relationships hold true regardless of which Productivity measure is used: SLOC per Person Month, Function Points per Person
Month, and QSM’s PI (or Productivity Index) all increase as project size goes up but decrease as team size relative to project
size increases. The implication that the optimal team size is not independent of project scope should not surprise anyone who
has ever worked on a project that was over or under staffed but the ability to demonstrate these intuitively sensible relationships
between scope and team size with real data is a valuable negotiation tool.
20 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
the best team size for different project sizes and management goals. He divided 1920 IT projects completed since 2000 from
the QSM database into four size bins: less than 4000, 4001 – 9400, 9401-25000, and over 25000 SLOC. For each of these
size bins, he determined median effort (SLOC/PM) and median schedule (SLOC/Month) productivity values. Based on the
results, he assigned projects to one of four categories:
Better than average for effort & schedule Worse than average for effort & schedule
Better for effort/worse for schedule Worse for effort/better for schedule
40
performance and teams of 2-4 (yellow) Effort Optimized
Schedule Optimized
delivered the best schedule performance. 30
Below Average
Teams that used more than 4 people 20
achieved dramatically worse cost/effort
10
and schedule performance (green bar).
This process was repeated for projects in 0
the next 3 size quartiles and the results <= 1 1-2 2-3 3-4 >4
Team Size
were entered into a team size matrix:
Don’s results confirm the findings from our previous two studies: the maximum optimal team size for cost/effort performance
increases steadily with project size. The relationship between schedule performance and team size is less clear, with the optimal
team size for balanced schedule and performance falling somewhere in the middle.
Measures of estimation accuracy that penalize estimators for being “wrong” when dealing with uncertain inputs cloud this
fundamental truth and create powerful disincentives to honest measurement. Recording the difference between planned and
actual outcomes is better suited to quantifying estimation uncertainty and feeding that information back into future estimates
than it is to measuring estimation accuracy.
22 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
The DACS Gold Practice Initiative:
• Promotes effective selection/use of software acquisition
& development practices
• Defines essential activities/benefits of each practice
• Considers the environment in which each practice is used
• Addresses the timeliness of practice benefits
• Recognizes interrelationships between practices that
influence success or failure
• Contains quantitative and qualitative information
• A continually evolving resource for the DoD, Government,
Industry and Academia
• Free to use/free to join
T
he inaccuracy of cost estimates for developing major data that explicitly model influential relationships and
Department of Defense (DoD) systems is well interdependencies among the drivers on which the estimates
documented, and cost overruns have been a common depend. Assumptions and constraints underlying the estimates
problem that continues to worsen. Because estimates are now are well documented, which contributes to better management
prepared much earlier in the acquisition lifecycle, well before of cost, schedule, and adjustments to program scope as more
concrete technical information is available, they are subject is learned and conditions change. Documenting the basis of
to greater uncertainty than they have been in the past. Early an estimate facilitates updating the estimate during program
lifecycle cost estimates are often based on a desired capability execution and helps others make informed judgments about
rather than a concrete solution. Faced with investment estimation accuracy.
decisions based primarily on capability, several problems are
encountered when creating estimates at this early stage: The QUELCE method differs from existing methods
because it
• Limited Input Data –The required system performance,
the maturity of the technology for the solution, and the • uses available information not normally employed for
capability of the vendors are not fully understood. program cost estimation
• Uncertainties in Analogy-Based Estimates – Most early • provides an explicit, quantified consideration of the
estimates are based on analogies to existing products. uncertainty of the program change drivers
While many factors may be similar, the execution of the • enables calculation (and re-calculation) of the cost impacts
program and the technology used as part of the system caused by changes that may occur during the program
or to develop it are often different. For example, software lifecycle
product size depends heavily on the implementation • enhances decision-making through the transparency of
technology, and the technology heavily influences the assumptions going into the cost estimate
development productivity. Size and productivity are key
parameters for cost estimation. Figure 1 shows the flow of information in a typical
• Challenges in Expert Judgment – Wide variation in MDAP Acquisition, with blue boxes added to represent the
judgment can exist between experts and the confidence contributions from the QUELCE method.
in the input that they provide is generally not quantified
and unknown. How QUELCE Works
• Unknown Technology Readiness – Technology readiness QUELCE synthesizes scenario building, Bayesian Belief
may not be well-understood, and is likely to be over or Network (BBN) modeling, and Monte Carlo simulation into
under estimated. an estimation method that quantifies uncertainties, allows
subjective inputs, visually depicts influential relationships
An Improved Method for Early Cost Estimation among change drivers and outputs, and assists with the explicit
description and documentation underlying an estimate. It
In 2011 the SEI introduced the QUELCE (Quantifying uses scenario analysis and design structure matrix (DSM)
Uncertainty in Early Cost Estimation) method, an integrative techniques to limit the combinatorial effects of multiple
approach for pre-Milestone A cost estimation. The method interacting program change drivers to make modeling and
aims to provide credible and accurate program cost estimates analysis more tractable. Representing scenarios as BBNs
within clearly defined, statistically valid confidence intervals. enables sensitivity analysis, exploration of alternatives, and
QUELCE produces intuitive visual representations of the quantification of uncertainty.
24 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
AN INNOVATIVE APPROACH TO QUANTIFYING UNCERTAINTY IN
EARLY LIFECYCLE COST ESTIMATION (CONT.)
Probabilistic
Modeling (BBN) Cost Estimates Program Execution
& Monte Carlo •analogy
Scenarios with
Simulation •parametric conditional probabilities
•engineering of drivers/states
•others
Figure 1: Information Flow for Early Lifecycle Estimation, Including the QUELCE Method
The BBNs and Monte Carlo simulation are then used to affect program costs. These experts should consider all aspects
predict variability of what become the inputs to existing, of a program that might change (and affect cost) during the
commercially available cost estimation methods and tools. program’s lifecycle—particularly given the new information
As a result, interim and final cost estimates are embedded developed during the Technology Development Phase in
within clearly defined confidence intervals. The method can preparation of Milestone B. The Probability of Program Success
be described as a series of eleven steps, summarized in the (POPS) factors used by the Navy and Air Force can be used
following sections.1 Our recent SEI technical report, CMU/ to start the discussion.
SEI-2011-TR-026, elaborates further on the method and its
application.
Step 2: Identify States of Program Change Drivers
Step 1: Identify Program Change Drivers In the workshops, experts are asked to brainstorm ideas
The identification of program change drivers is best about the status of each program change driver. The specific,
accomplished by the experts who provide programs with assumed state as proposed by the Materiel Solution is identified
information for consideration in cost estimation. Workshops and labeled as the nominal state. Experts then brainstorm
with DoD contractors, domain experts, and former DoD about possible changes in the condition of each driver that
program managers are used to identify drivers that could may occur during the program lifecycle. The experts identify
possible changes that might occur to the nominal state and
1 This work was originally described on the SEI blog in a two-part series, “A New use their best judgment for the probability that the nominal
Approach for Developing Cost Estimates in Software Reliant Systems.” http:// state will change.
blog.sei.cmu.edu/post.cfm/improving-the-accuracy-of-early-cost-estimates-for-
software-reliant-systems-first-in-a-two-part-series
Step 3: Identify Cause-and-Effect Relationships for structures to a manageable size. An example of a dependency
Dependency Matrix matrix after DSM transformation created during an SEI pilot
Once the changed condition— referred to as potential driver workshop is provided in Figure 2.
states—are fully identified, participants subjectively evaluate
the cause and effect relationships among the drivers. Expert Step 5: Construct a BBN Using the Reduced Matrix
judgment is applied to rank the causal effects. A matrix is Using the program change drivers derived from Step 4 and
developed that provides the relationship between nominal and their cause and effect relationships established in Step 3, a
dependent states and contains the conditional probability that BBN is constructed. This BBN is a probabilistic model that
one will affect the other, but not the impact of the change. This dynamically represents the drivers and their relationships, as
exercise can result in a very large number of program change envisioned by the program domain experts. Figure 3 depicts an
drivers and states identified for an MDAP. abbreviated visualization of a BBN, in which the circled nodes
represent program change drivers and the arrows represent
Step 4: Reduce the Dependency Matrix Using a either cause and effect relationships or leading indicator
Design Structure Matrix relationships. This example shows that a change in the Mission
Using the Design Structure Matrix (DSM) technique the and CONOPS driver most likely will cause a change to the
change drivers can be reduced to an efficient set that has Capability Analysis driver, which in turn will likely effect a
the most potential impact to cost. The DSM technique is a change in the Key Performance Parameter (KPP) driver and
well-established method to reduce complicated dependency subsequently the Technical Challenge outcome factor. The
Effects
Functional Solution Criteria (measure)
PO Process Performance
Contractor Performance
Project Social / Dev Env
Standards/Certifications
Functional Measures
Scope Responsibility
Production Quantity
Sustainment Issues
Capability Definition
Information sharing
Mission / CONOPS
Product Challenge
Causes
Advocacy Change
Funding Schedule
Project Challenge
Interdependency
Systems Design
Scope Definition
Data Ownership
Contract Award
Interoperability
Cost Estimate
Total
Size
Mission / CONOPS 3 3 0 6 0
Change in Strategic Vision 3 3 3 2 2 2 2 2 3 2 3 2 29 0
Capability Definition 3 0 2 1 1 0 0 2 2 2 0 1 0 2 0 0 16 0
Advocacy Change 2 1 1 1 1 6 0
Closing Technical Gaps (CBA) 2 1 3 1 2 2 1 2 2 1 1 2 1 0 2 2 1 1 2 2 1 2 34 0
Building Technical Capability & Capacity (CBA) 1 1 2 1 2 2 1 2 3 2 2 1 2 2 1 1 1 27 0
Interoperability 1 2 1 1 1 1 1 1 1 1 2 1 1 2 1 1 3 1 2 2 2 29 1
Systems Design 1 2 2 2 2 1 1 1 1 1 2 2 3 21 3
Interdependency 1 2 2 1 1 1 1 1 1 1 1 1 2 1 2 2 1 1 1 1 1 2 2 3 33 5
Functional Measures 2 2 2 1 1 1 1 1 1 1 2 1 16 0
Scope Definition 1 1 3 5 0
Functional Solution Criteria (measure) 1 2 2 1 1 2 1 10 1
Funding Schedule 1 1 2 1 5 0
Acquisition Management 1 1 2 3 1 1 2 2 1 1 1 2 1 19 2
Program Mgt - Contractor Relations 1 1 2 1 1 1 1 2 2 12 2
Project Social / Dev Env 1 1 1 2 2 1 1 2 1 1 1 14 2
Prog Mgt Structure 1 2 1 2 6 1
Manning at program office 2 1 2 5 2
Scope Responsibility 1 1 1 1 1 1 6 5
Standards/Certifications 1 1 1 1 1 1 3 1 10 2
Supply Chain Vulnerabilities 1 1 1 1 2 1 7 4
Information sharing 1 1 1 1 1 1 1 7 3
PO Process Performance 2 2 4 0
Sustainment Issues 0 0
Contract Award 0 0
Production Quantity 2 2 0
Data Ownership 2 2 0
Industry Company Assessment 0 0
Cost Estimate 0 0
Test & Evaluation 0 0
Contractor Performance 2 2 0
Size 0 0
Project Challenge 0 0
Product Challenge 0 0
Totals 0 0 6 4 1 9 5 12 8 7 7 13 4 10 15 18 7 7 8 8 14 17 17 15 12 9 10 13 11 20 19 5 5 17 0
Below diagonal 0 0 0 1 1 4 4 4 1 2 0 3 1 3 2 2 3 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
26 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
three outcome factors (Product Challenge, Project Challenge, Step 6: Populate BBN Nodes with Conditional
and Size Growth) are then used to predict some of the input Probabilities
values for traditional cost estimation models. Conditional probabilities are assigned to the nodes (drivers)
in the BBN. Each node can assume a variety of states, each
Tech. Dev. System
of which has an associated likelihood identified by the
Capability Strategy Design domain experts. This allows the calculation of outcome
Mission & Analysis
CONOPS distributions on the variables.
KPPs
Production Step 7: Define Scenarios by Altering Program
Quantity Product
Acquisition Challenge Change Driver Probabilities
Strategy
Logistics Domain experts use the BBN to define scenarios. The
& Support Project realization of a potential state in a particular node was
Challenge
Contract
specified in Step 6, and the cascading impacts to other
nodes and the resulting change in the outcome variables
Size
Growth
were recalculated. Any change in one or more nodes
(drivers) constitutes a scenario. Once the experts are
Figure 3: Example BBN
satisfied that a sufficient number of scenarios are specified,
they use their judgment to rank them for likely impacts
to cost. An example scenario created during an SEI pilot
workshop is provided in Figure 4.
Figure 4: Partial Example of a Scenario With Two Driver Nodes In A Nominal State
Data & Analysis Center for Software (DACS) 27
AN INNOVATIVE APPROACH TO QUANTIFYING UNCERTAINTY IN
EARLY LIFECYCLE COST ESTIMATION (CONT.)
Step 8: Select Cost Estimating Relationships or modeling a factor (person-months) in three different scenarios.
Tools to Generate an Estimate
Parametric cost estimation models for software use a Step 11: Report Each Scenario Result Independently
mathematical equation to calculate effort and schedule from Report the final cost estimates for each scenario, including
estimates of size and a number of parameters. A decision is the nominal program plan. The explicit confidence levels and
made as to which cost estimating tool or tools, CERs, or other the visibility of all considered program change drivers allows for
methods will be used to form the cost estimate. COCOMO II quick comparisons and future re-calculations. The transparency
is a well-known estimation tool and is open source. The SEI afforded by the consideration of alternative scenarios enables
has so far developed the relationships between BBN-modeled improved decision making and contingency planning.
program change drivers and COCOMO, shown in Figure
5. The use of the commercial SEER cost estimating tool is Results and Future Research
being explored. QUELCE as an approach to early cost estimation
is unprecedented in
Drivers X L VL L N H VH X H P roduct P roje ct many ways. The SEI
S cale F actors spent much of the past
PREC 6.20 4.96 3.72 2.48 1.24 0.00 <X > year developing and
FLEX 5.07 4.05 3.04 2.03 1.01 0.00 <X > refining the analytical
methods used. So far,
RESL 7.07 5.65 4.24 2.83 1.41 0.00 <X >
trials of the earlier
TEAM 5.48 4.38 3.29 2.19 1.10 0.00 <X >
steps of the method
PMAT 7.80 6.24 4.68 3.12 1.56 0.00 <X >
have been conducted
E ffort Multiplie rs
in workshops, and post
RCPX 0.49 0.60 0.83 1.00 1.33 1.91 2.72 X hoc reviews of previous
RUSE 0.95 1.00 1.07 1.15 1.24 X estimation artifacts were
PDIF 0.87 1.00 1.29 1.81 2.61 X used for later steps. The
PERS 2.12 1.62 1.26 1.00 0.83 0.63 0.50 <X > SEI’s experience and the
PREX 1.59 1.33 1.12 1.00 0.87 0.74 0.62 <X > results achieved thus far
FCIL 1.43 1.30 1.10 1.00 0.87 0.73 0.62 <X > suggest that the approach
SCED 1.43 1.14 1.00 1.00 1.00 <X > has considerable merit.
Feedback about the
Figure 5: Mapping BBN Outputs to COCOMO Inputs value of the approach
from the participants in
Step 9: Obtain Program Estimates Not Computed workshops and from leaders in estimation research has been
very positive.
by the BBN
The Program Office estimates of size and/or other cost model Empirical validation of QUELCE is ongoing, and the results
inputs such as productivity are used as the starting point in of this evaluative research will be used to refine the approach
this step. Often these values are estimated by analogy and and demonstrate its value. Future efforts will benefit from the
aggregation. They are adjusted by applying the distributions participation of programs that are willing to provide access
calculated by the BBN. to the artifacts developed prior to Milestone A or to use
the QUELCE method in upcoming Milestone A estimates.
Step 10: For Each Scenario, Run a Monte Carlo Through these joint efforts, the SEI will evaluate the extent
Simulation to which the probabilistic methods proposed improve the
From each selected scenario in Step 7, use the outcome accuracy and precision of cost estimates for DoD programs.
to parameterize a Monte Carlo simulation. Along with the
information from Step 9, this provides probability distributions Conclusion
for adjusting the input factors to the cost estimating models. Extensive cost overruns have been endemic in defense
This also provides explicit confidence levels for the results. programs for many years. A significant part of the problem
Figure 6 shows the simulation results the SEI obtained when is that cost estimates for unprecedented systems must rely
28 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Scenario 1 Median = 1,227 mths
(All Cost Range = 2,664 mths
Drivers set at Upper 95% Limit = 1,854 mths
their
historical
distributions)
heavily on expert judgments made under uncertain conditions. Boehm, B., Abts, C., Brown, A. W., Chulani, S., Clark, B.
QUELCE aims to reduce the adverse effects of that uncertainty. K., Horowitz, K., Madachy, R., Reifer, D. & Steece, B.
Important program change drivers and the dependencies Software Cost Estimation with COCOMO II. Prentice
among them that may not otherwise be considered are made Hall, 2000 (ISBN 0130266922).
explicit to improve the realism and likely accuracy of the
estimates. The basis of an estimate is documented explicitly, Browning, Tyson R. “Applying the DSM To System
which facilitates updating the estimate during program Decomposition And Integration Problems - A Review
execution and helps others to make informed judgments about and New Directions.” IEEE Transactions On Engineering
their accuracy. Variations in the range of possible states of the Management 48, 3 (August 2001): 292-306.
program change drivers that may occur under different likely
scenarios are explicitly considered. The use of probabilistic Ferguson, R., Goldenson, D., McCurley, J., Stoddard, R.,
methods combining Bayesian belief systems and Monte Carlo Zubrow, D. & Anderson, D. Quantifying Uncertainty
simulation will ultimately place the cost estimates within a in Early Lifecycle Cost Estimation (QUELCE) (CMU/
more defensible range of uncertainty. SEI-2011-TR-026). Software Engineering Institute,
Carnegie Mellon University, December 2011.
References
Ben-Gal, Irad. “Bayesian Networks” in Encyclopedia of Mooney, Christopher Z. Monte Carlo Simulation (Quantitative
Statistics in Quality and Reliability. John Wiley & Applications in the Social Sciences). Sage Publications,
Sons, 2008. 1997 (ISBN: 978-0803959439).
29
AN INNOVATIVE APPROACH TO QUANTIFYING UNCERTAINTY IN
EARLY LIFECYCLE COST ESTIMATION (CONT.)
Naval PoPs Guidebook Version 2.2., Guidance for the capability and requirements engineering. His current and
Implementation of Naval PoPS. A Program Health recent work also includes empirical evaluation of software
Assessment Methodology for Navy and Marine Corps architecture in cloud computing, the quantitative analysis
Acquisition Programs, 2010. of textual information, and tools to support collaborative
processes. Related interests are in voice of customer methods,
Sangal, Neeraj; Jordan, Ev; Sinha, Vineet; and Jackson, Daniel. modeling and simulation, experimental design, and the visual
“Using Dependency Models to Manage Complex display of quantitative information.
Software Architecture,” OOPSLA ‘05 Proceedings
of the 20th annual ACM SIGPLAN Conference on Jim McCurley is a Senior Member of the Technical Staff for
Object-Oriented Programming, Systems, Languages, and the Software Engineering Measurement and Analysis (SEMA)
Applications; ACM New York (2005): 167-176. group within the Software Engineering Institute (SEI). During
his 14 years at the SEI, his areas of expertise have included
Software Engineering Measurement and Analysis (SEMA) data analysis, statistical modeling, and empirical research
Cost Estimation Research Group: Ferguson, Robert; methods. For the last several years, he has worked with various
Goldenson, Dennis; McCurley, James; Stoddard, DoD agencies involved with the acquisition of large scale
Robert; Zubrow, David; Anderson, Debra. Quantifying systems. From 1999-2005, Jim also worked as a member of
Uncertainty in Early Lifecycle Cost Estimation (QUELCE). the Technical Analysis Team for the CERT Analysis Center.
(CMU/SEI-2011-TR-026). Software Engineering The team developed tools and techniques for the identification
Institute, Carnegie Mellon University, 2011. http:// and remediation of threats to ultra large scale government and
www.sei.cmu.edu/library/abstracts/reports/11tr026.cfm military networks and worked with the DoD JTF-GNO, DoD
CERT, NSA and the FBI’s NIPC. Prior to joining the SEI,
Jim consulted on projects with several governmental agencies
About the Authors
and corporations, including NOAA, EPA, Army Corps of
Mr. Robert Ferguson is an experienced software developer Engineers, the Pennsylvania Governor’s Energy Council
and project manager who joined the SEI after 30 years and Science Advisory Board, the Batelle Institute, Martin-
in industry. His experience includes applications in real- Marietta Environmental Research, the Western Psychiatric
time flight controls, manufacturing control systems, large Institute and Clinic, and the University of Pittsburgh Medical
databases, and systems integration projects. He has also led Center’s transplant program and Center for Medical Ethics.
process improvement activities at two companies. At the He began programming computers for mathematical and
SEI he supports customers with problems in estimation and scientific problem-solving in 1966 and has taught courses in
measurement implementation. FORTRAN, Pascal, Lisp, APL, and several statistical packages
at Carnegie-Mellon University. He currently teaches the
Mr. Ferguson is a Senior Member of IEEE. He has Project Improving Process Performance Using Six Sigma, Designing
Management Professional (PMP) certification from the Project Products and Processes Using Six Sigma, and Implementing
Management Institute (PMI). Goal-Driven Measurement courses at the SEI.
Dennis R. Goldenson came to the SEI in 1990 after Robert Stoddard currently serves as a Senior Member of
teaching at Carnegie Mellon University since 1982. He is the Technical Staff within the Carnegie Mellon University
widely recognized as a leading expert in software engineering federally-funded research and development center known as
measurement and analysis. His work over the years has the Software Engineering Institute (SEI). Robert is responsible
concentrated on advanced measurement and analytical for research, Air Force Logistic Center client consulting and
methods with a focus on the performance and quality outcomes the development and delivery of advanced training on cost
of software and systems engineering practices. In addition to estimation and software predictive analytics, specifically with
his work on early cost estimation in the presence of uncertainty, regards to CMMI High Maturity process performance baselines
other recent work related to early cost estimation done with and models. Robert continues to promote the integrated use
DoD and contractor organizations includes research on of Six Sigma and CMMI as exemplified in a 2008 published
30 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
book entitled “CMMI and Six Sigma: Partners in Process Director of Quality and Distinguished Member of Technical
Improvement” by Addison Wesley, and is an invited speaker Staff and for 14 years as a Texas Instruments Site Software
to a wide variety of annual conferences and symposiums held Quality Manager.
by the SEI and the American Society for Quality (ASQ).
Robert remains active with both the IEEE Reliability Society Dave Zubrow is a senior member of the technical staff and
and the ASQ Software Division. Robert holds certifications manager of the Software Engineering Measurement and
with the ASQ on five topics including Six Sigma Black Belt, Analysis (SEMA) initiative within the Software Engineering
Reliability Engineering, Quality Engineering, Software Quality Institute (SEI). Prior to joining the SEI, Zubrow served as
Engineering and Quality Audits. Robert became a Motorola- assistant director of analytic studies for Carnegie Mellon
certified Six Sigma Black Belt in 1993 and Motorola-certified University. He is an SEI certified instructor for courses related
Six Sigma Master Black Belt in 2003. Robert earned a B.S to process improvement and measurement and analysis, a
in Finance and Accounting from the University of Maine, an member of several editorial boards of professional journals,
M.S. in Systems Management from the University of Southern and active in working with organizations on applications of
California, and has completed PhD course work in reliability measurement and analysis for management and improvement
engineering and engineering management. Prior to joining purposes. Zubrow is a senior member of ASQ and an ASQ
the SEI in 2005, Robert served for seven years as a Motorola Certified Software Quality Engineer.
T
his article describes the use of parametric modeling There are many approaches to IGCE, and some specific
to support independent government cost estimates at nuances that are important, but before we get into those areas
the feasibility/budgeting, acquisition, and on-going we will present a brief overview of parametric modeling.
project lifecycle procurement support. Benefits over alternate
approaches (analogy and bottom-up) are defined, and typical Parametric Modeling Using High-Level Objects
budgets for this activity are presented. (HLOs)
At the core, there are fundamentally three approaches to
Introduction estimating:
For most system acquisitions, there are three stages at which
there is a need for some form of Independent Government 1. Bottom up3, in which the project is decomposed to
Cost Estimate (IGCE) or other cost/price review. The FAR individual components that can be estimated by some
addresses these requirements primarily in FAR 151, although other means, often expert judgment for labor.
FAR 72 provides the high level requirement, stating that 2. Analogy, in which historic budgets or actual expenditures
Agency Heads are responsible for “Ensuring that the statement are used as a basis for current estimates. These numbers
of work is closely aligned with performance outcomes and are normally adjusted to account for known differences
cost estimates.” The three acquisition stages where IGCEs between the historic project and the current project,
are necessary are: including as a minimum an allowance for inflation based
on the relative timeframes;
1. As part of the feasibility or budgeting cycle; 3. Parametric, in which models are used to forecast cost
2. As part of the proposal analysis during system acquisition; based on some representation of project size combined
and with adjusting factors.
3. As part of the on-going procurements involving scope
changes during the system lifecycle. Traditional Project Management guidance is that Bottom
up is the most accurate; followed by Analogy; followed by
This article provides an overview of recommended processes Parametric. Whether this is true is highly dependent on the
that a government cost estimator can follow at all stages, with maturity of the parametric models in the domain you are
an emphasis on parametric modeling using domain specific trying to estimate. For example, in the software domain we
high level objects as proxies for effort and/or cost. have had an opportunity to track budgets versus actuals for
more than 12,000 projects that were estimated using the above
It’s useful here to differentiate between price analysis and three approaches. What we have found is quite the opposite.
cost analysis as defined in FAR 15.404. Price analysis is the
process of examining and evaluating a proposed price without In the software domain, parametric is the most accurate,
evaluating its separate cost elements and proposed profit. followed by analogy, followed by bottom up. The standard
Cost analysis is the review and evaluation of any separate deviation of the estimate for parametric estimates is 55%
cost elements and profit or fee in an offeror’s or contractor’s smaller than estimates by analogy and 64% smaller than
proposal. To some extent, Price Analysis is closer to the bottom up estimates. These ratios hold more-or-less true
field of Economics while Cost Analysis is closer to the field for estimates prepared at any stages of the project lifecycle
of Accounting. The primary focus of this article will be on (budgeting, feasibility, planning). A value that is often more
Price Analysis, although we’ll touch on Cost Analysis briefly critical, at least when dealing with project portfolios or clusters
toward the end. of estimates for a given scope change, is estimation bias. If
you look at a statistically significant sample of estimates (e.g.,
32 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
PARAMETRIC MODELING TO SUPPORT SYSTEM ACQUISITION (CONT.)
These outputs will also typically include labor needed over unknown components, and using that as your estimate. This
time, broken down by labor category. These outputs are is wrong for two reasons. First, a lot of time is spent on the
generated using a top down allocation. well understood components to achieve a high degree of
2. Non-Cost Outputs: Non-cost outputs are quantitative precision, but that precision is lost when the total effort is
predictions of either intermediate work product size, or created. So it wastes time. Second, this approach gives a sense
non-cost deliverable components. Examples include the of understanding of the project that is overly confident, thereby
number of test cases (perhaps broken down by type), failing to adequately compensate for the areas of unknown and
the engineering documents created with page counts, resulting in a tendency to underestimate (sometimes badly).
the number of use-case scenarios to be created, or the Worse yet, the detail in some areas can mask this lack of overall
estimated help desk calls broken down by category. These completeness from a reviewer with oversight responsibility.
outputs are typically created using curves similar to the
productivity curves, operating either on the HLOs or on One alternate approach is to use a parametric modeling
the total project effort. approach that makes heavy use of estimation by analogy
3. Lifecycle Costs: If the estimate is for a product to be concepts. The steps involved are as follows:
created, delivered, and accepted then the cost and non-
cost items above would typically cover the period through • Break the problem domain down into components where
acceptance. In most cases there would then be an on- there is data available for analogous components. This
going cost to support and maintain the delivered product might be the entire product, or a part of the product.
throughout its lifecycle. These support costs are relatively • Use engineering judgment to select where this project
predictable both in terms of the support activities that are lies for that component on a ranked list of the analogous
required and the curves that define the effort involved. components. Interpolate or extrapolate if necessary.
For many of them, the effort will be high immediately • Use the HLO count for the analogous component as input
following acceptance, drop off over the course of one to the parametric model for this component.
to three years to a low plateau, then climb again as the • Set adjusting variables specific to this project.
product nears the end of its design life. • Generate the estimate for this component.
• Repeat for other components, then sum.
In the next few sections of this article we’ll focus on the
application of parametric modeling techniques to IGCEs in Often you’ll use this approach for the labor components
support of the three procurement phases. needed to create the component (e.g., programming); then use
cost estimating relationships (CERs) to create the estimates for
Feasibility and Budgetary Analysis other project roles such as project management.
The purpose of the Feasibility/Budgetary estimate is to
determine the estimated final cost with sufficient accuracy A second approach often works well when you are replacing
to support accurate prioritization of competing projects and an existing item.
the allocation of sufficient funds in future accounting periods
to support the actual project procurement. Problems with • Count the size of the existing item using a suitable set of
estimation accuracy (the standard deviation of the estimate) HLOs;
will distort project prioritization decisions. Problems with • Adjust the count down using reuse equations if you expect
estimation bias will result in future funding shortfalls that to get any reuse of the design or portions of the existing
will create problems for multiple projects as the budgets are system;
re-allocated. • Add to the count based on anticipated expansion of
capabilities;
In many ways, these early stage estimates are the most • Set adjusting variables specific to this project;
difficult. The Cost Analyst is asked to estimate the cost to • Estimate the effort.
build something that is often only understood at the highest
level of granularity. A common mistake is to attack the A third approach works well in an environment where
problem by looking for pieces of the puzzle that are well you are primarily making on-going modifications to existing
understood, defining those to a high degree of granularity, systems.
estimating those, adding some kind of fudge factor for the
34 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
• Identify the impacted systems; generally does not have an opportunity to modify their cost
• Make a guess at the degree of impact (e.g., very small, proposal if it fails the test.
small, average, large, very large). If you can’t guess, use
average; Price fairness looks at the vendor’s proposed pricing relative
• Use historic data about HLO equivalent effort for to equivalent pricing for the same product offered by others
modifications to that system. in the industry. In a situation where there are competing bids
• Set adjusting variables specific to this project; and that are roughly in-line with each other, price fairness is assured
• Estimate the effort. through the competitive process. In a situation where there
is historic precedence for the quoted price (e.g., catalog price,
In our experience, these approaches can consistently generate similar procurements for the same goods and services in the
estimates within +/- 50% with less than 5% bias, and standard past), then this historic information may be used to confirm
deviations closer to +/- 25% are often achievable for any price fairness. Where price fairness becomes critical for the
given organization. Further, the time required to generate cost analyst is the situation where there is only one bid that is
the estimates is less than half the time required using other under consideration. This might be because only one bid was
techniques. submitted, or it might be that only one bid offered a solution
that meets the technical or administrative requirements of the
Initial System Procurement procurement. In that situation, the approach to determining
The objective of proposal analysis is to ensure that the price fairness is to do a cost (vice price) analysis.
final agreed-to price is fair and reasonable [FAR 15.404-1].
The FAR uses the phrase “fair and reasonable” throughout, One approach to doing the cost analysis is to look at the
although these are actually two separate but related items when vendor’s detailed build-up of costs (level-of-effort, direct salary,
applied to price analysis. fringe rates, overhead, G&A, fee, etc.) and to assess each
for reasonableness. The direct salary can be validated using
A proposal price analysis looks at the reasonableness of wage and labor charts or through competitive labor market
a vendor’s proposed price as a risk reduction measure. A surveys. The fringe rates can be validated through those same
reasonable price is one where there is a high probability that the surveys. The overhead and G&A rates can be validated against
vendor can deliver the solution for that price. An unreasonably competing companies of a similar size and competition6. Fee
low price is a problem for two primary reasons: can be validated against other similar contracts, based on
risk and other factors affecting appropriate profit margins.
• The vendor may not be willing or able to perform the However, the validation of the vendor’s proposed level-of-effort
necessary work at a loss, thereby resulting in a situation is the difficult part. This is where parametric modeling can
involving potential litigation, project cancellation, offer assistance. The vendor’s proposed solution is analyzed to
or major scope changes that are unfavorable to the identify suitable HLO counts and adjusting factors, and the
government. All of these options are extremely expensive models are then used to forecast effort based on productivity
for the government; and curves from similar historic projects. The resultant modeled
• The vendor may deliver the product at the price quoted effort is then compared with the vendor’s proposed effort to
by significantly reducing quality, thereby increasing determine if the effort is fair.
government work both during the project and during
the product lifecycle. Again, this is an expensive option. Unlike reasonableness, problems with price fairness are
often handled through vendor negotiation and submission
While there are unscrupulous vendors who will buy-in of a best and final offer. The reason for this difference is as
to a contract with a low-ball bid, hoping to use change follows. Cost is always one of the evaluation criteria. If a
requests to bring the project back into profitability; the more vendor wins the competition with a low price, but then fails
common reason for unreasonable pricing is that the vendor’s the price reasonableness test, and we allow the vendor to raise
understanding of the project scope does not match the their price to reasonable levels, then we have given that vendor
government’s understanding of project scope. In that situation a competitive advantage over other companies who bid the
in particular, a price reasonable test of the vendor’s proposal correct price in the first place. One of those companies should
is of benefit to both the government and the vendor. Price be awarded the contract instead of this vendor. On the other
reasonableness tests are generally pass-fail, and the vendor hand, if a vendor wins the procurement but fails the fairness
test, then their bid is the most attractive to the government for which this is their first exposure to this domain will often
of the submitted bids at their current, high price. Lowering see them as high ambiguity. For example, a builder might be
their price through negotiation is in the best interest of the able to look at a well drawn set of blueprints and understand
government, but would not change the vendor’s relative the scope exactly, but a homeowner might not understand what
ranking among the competition. is being built until they can actually see it. This disconnect
in perception can result in friction. Here, effective scope
The third area where IGCE is used is during the life of a management centers on early education of the customer about
project, and that will be the topic of our next discussion. exactly what the product will be when delivered, or reducing
the customer’s scope ambiguity in other words.
Project Lifecycle Acquisition Support
While the baseline project scope and price are defined upon A high ambiguity project is one in which there are no
contract award, it is not unusual for there to be dozens or comparable products for direct comparison. An example
hundreds of legitimate scope changes during the course of might be a mission to Mars. A more common example would
the contract, each with an impact on cost and schedule that be virtually every custom software project. Because there are
must be analyzed. We’ll discuss this process here. There are no comparable products for direct comparison, we will have
two primary sources of scope change: scope ambiguity and scope ambiguity.
requirements changes. We’ll start by discussing what is often
the larger of these, scope ambiguity. Dealing with Ambiguity
For high ambiguity projects, a significant portion of the
Scope Ambiguity project effort is spent reducing that ambiguity. Looking
Low ambiguity projects are those for which a comparable at Figure 2, we see that in reality the project doesn’t have a
product exists and to which this product may be compared. A single baseline, but rather it has an evolving baseline that is
good example is a tract house. If you want to know what your progressively elaborated. For example, on a software project
house will look like, go look at the model house. It will look we start with business need, then define the requirements, then
just like that. Other examples of low ambiguity projects are turn those into high level design, turn that into detail design,
shrink-wrap software installations and hardware installations. possibly do a prototype, turn that into physical code, and
Many projects fit into the low ambiguity category, and scope turn that into delivered functionality (the actual product). At
can and should be tightly managed on these projects. each step in the process we are elaborating on the work of the
previous stage, refining, clarifying, correcting, and changing
Moderate ambiguity projects are those where the components as we go.
of the final product all
have comparable products
elsewhere for comparison, Scope Scope Scope Change
Scope Definition
but the combination of those Planning Elaboration Control
components in this product
is unique. Consider a custom
built home using standard
construction techniques. The Progressively Elaborated Baseline
cabinets, flooring, windows,
etc. are all components that
are well defined but uniquely
assembled. Even things like Scope
flooring can be unambiguously Verification
described, as in “100 square Figure 2: Dealing with Scope Ambiguity
yards of carpet with padding.”
Some Commercial Off-The-Shelf (COTS) software installations Requirements Change
are another example of moderate ambiguity projects. One The second source of change is actual requirement changes.
characteristic of these projects is that professionals in that Here I’m talking about actual changes in the underlying
domain tend to see these as low ambiguity, while customers requirements. Perhaps there is a building code change that
36 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
must be met. Perhaps the
legislature has changed a law Change Request Vendor Estimates
IAP Is Prepared Government Reviews
which affects how the software Is Prepared Costs
should operate. Perhaps the
operational feedback from the
field requires modifications in Negotiate No Approved?
the armor plating. The longer
a project lasts, the more you Yes
can count on the requirements
changing during the project. Justify Expenditure
For software projects, the rate
of requirement change varies
from 3% to 15% per year, with No
12% being a common number. Figure 3: Typical Change Request Processing Approved? Yes Done
The good news is that these
changes are clear candidates for
scope management through the
change control process. The IGCE
bad news is that because they Estimate
No
Let’s take a DoD project as Approved? Yes Done
an example. The approach Figure 4: IGCE Oversight Estimate
to managing change requests
might look something like As long as the IGCE estimate matches the vendor estimates,
Figure 3. A change request is prepared; an impact assessment this approach works swimmingly. Unfortunately, when they
plan (IAP) or some similar document is prepared; the vendor don’t match, I have yet to meet a vendor that didn’t think
estimates costs; the government reviews the estimate. If the their estimate was right and the IGCE estimate was wrong.
costs are approved, the government then attempts to justify the Again, lots of friction and finger pointing. This time, because
additional funding and authorize the change. If they do not of the clear discrepancy between the two estimates, the almost
agree with the estimate, or they cannot justify the expenditure, inevitable result is that the entire process gets deadlocked.
then they negotiate with the vendor. At this point, there is
often a significant amount of stress and finger pointing, with Now, let’s look at an alternative that does work consistently,
no-one very happy. on projects of all sizes and complexities (Figure 5). The first
step is that a parametric model based approach to estimation is
The first attempt to fix the problem often looks like Figure agreed to by all stakeholders, configured, and validated. This
4. Here, the government creates an independent government might be a software cost estimating model, a construction
cost estimate (IGCE) for validation of the vendor estimate. cost estimating database, or any other standard estimating
Estimation
Stakeholders Finalized
Template Approve? Model
Defined
Change Request
Is Prepared
Independent Independent
Analysis Estimate
method that is objective and verifiable. This approach, and methodology. Increment 1 of the project involved spirals 1
the underlying configuration, should be set up and agreed to and 2, while increment 2 involves spirals 3 and 4. There will
with no money on the table, thereby allowing stakeholders to be an Increment 3 procurement that will encompass spiral
be objective. Once it is finalized, then as an IAP is completed 5. Because the project is an ERP implementation, RICEW1
both the Vendor and an independent government expert review was used as the HLO set (Reports-Interfaces-Conversions-
the IAP and use the common, agreed to estimating model to Enhancements-Workflows) with COCOMO environmental
create independent estimates. If they match, then the estimate variables as the productivity adjusting variables. Help desk
is approved and the change control board can proceed with support was modeled using user counts by type as the HLO
a cost benefit review of the change request. If they do not with system size in equivalent function points as the adjusting
match, then there is a reconciliation meeting to identify where variable. Lifecycle support costs for deployed spirals that
and why the underlying assumptions do not match. The key must be supported while building the next spiral were
here is that the discussion is focused on technical aspects of modeled using COCOMO II maintenance effort equations.
the work to be done (e.g., HLO object definitiions), not on Program management, blueprinting, and IOT&E support
costs or efforts. Once that is clarified, then both parties run were modeled using Cost Estimating Relationships (CERs).
the models again and compare results. In my experience, 70% The resultant model calculations were compared to actuals
of the IAPs result in estimates that match and therefore do not following increment 1 and found to be accurate within an 8%
need a reconciliation meeting at all; another 24% are resolved tolerance range. For an example of the use of these techniques
following one reconciliation meeting, and 6% either require to manage change requests during the life of a project, see
another meeting or require that the original change request [Tangella, 2010].
be clarified as to intent7.
Summary
A Real-World Example IGCEs are an important part of system acquisition at all
Let’s look at an actual example of the application of these stages of the project life, from budgeting through procurement
techniques. Cost Xpert Group, Inc. (www.costxpert.com) was through final delivery. Parametric models are a useful tool
hired to perform an independent cost analysis for the Transcom to support these estimates, offering improved accuracy and
DEAMS Increment 2 program, and the resultant work was significantly reduced internal bias. IGCEs may be developed
performed by William Roetzheim. DEAMS is a defense by government employees working for the agency involved;
accounting and financial management information system developed by an agency wide center of expertise (e.g., Navy
(MIS) that is being implemented using Oracle’s eBusiness Center for Cost Analysis, Air Force Center for Cost Analysis);
product (specifically, Oracle Federal Financials) using a spiral
1 We often add an additional I to the ERP HLO set, covering Installations,
although that was not done in this case.
38 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Value from IT?
or created by outside experts brought
in for this purpose under a consulting
agreement. The cost of performing the
IGCEs will vary based on the size and
complexity of the project; and for Price
fair and reasonable analysis, also based on
the number of proposals received. For
IT projects in the $100M to $1B range,
typical budgets would be:
Mr. Roetzheim
( P M P, R M P,
MBA, CRISC, Business Value of IT – IT-CMF
CISA, IFPUG) is Function Point Analysis
founder and
CMMI
CEO of Level 4
Ventures, Inc., an Agile Development
SDVOSB that Software Estimation
o f f e r s Software Metrics
independent cost
analysis, risk management, and project +1.610.644.2856
oversight services for large IT projects. info@davidconsultinggroup.com | davidconsultinggroup.com/more
He has written 27 published books, over
100 articles, and three columns. He is a
frequent lecturer and instructor at
multiple technology conferences and two
California universities. He can be
reached at William@level4ventures.com.
Endnotes
i FAR 15.404-1
ii FAR 7.103 v Boehm, Barry, et. Al, Software Cost Estimation with
iii For an overview of IGCEs using this approach, see: COCOMO II, Prentice Hall, 2000
McDonough, Barbara, et. Al, Independent Government vi See also OMB Circular A-94, Guidelines and Discount
Cost Estimates (IGCEs), presented at the 19th annual Rates for Benefit-Cost Analysis, 1993
NARMP training conference, 2009. vii For an example of the successful application of this
iv For an in-depth look at parametric estimation approach on a government contract, see: Tangella,
approaches in support of acquisitions, see: Parametric Lakshmi, Validation of Software Cost Estimates, IBM,
Estimating Handbook, DCAA, 1996 2010
39
Selling Your Software Estimate
By Arlene Minkiewicz
I
n many instances the software industry continues to Project leaders don’t want to embark on projects that are
flounder when it comes to understanding how to properly destined to fail – they want their projects to be successful. On
plan and manage software development project. One need the other hand they do want to perform in ways that make the
not look far to find evidence that software project planning and business and its leaders happy. Sometimes these two goals are
management is a complicated challenge. Software estimating is in violent conflict because the business needs are greater than
indeed a hard thing to do. But often the problem goes deeper the resources that the business chooses to apply to meeting
than that. There are many practitioners in our industry who these needs. It is often the job of the project leaders to bring
have mastered this skill and still we seem to have way too this to the attention of the business. No one likes to have to
many projects failing. Software projects often fail not because tell the boss no. It is often easier to capitulate, hope for the
software professionals lack the proper estimation skills but best and save the bad news for later. This is generally a bad
rather because they lack the skills to negotiate successfully with strategy and often leads to project failures.
business leaders during the planning phase and throughout the
life of the project. This paper discusses the importance of well Decisions around project planning and the management
reasoned and purposeful negotiation in selling an estimate to a of an on-going software project should be based on cold hard
business or customer and presents some strategies for planning facts – not solely on what the business wants or expects nor
and executing such a negotiation. on the project teams best guess. Ideally every project decision
represents the results of collaboration between the business
Introduction and the project leaders to develop a plan that delivers to the
Having spent almost 30 years in the software industry, I business an optimal set of capabilities for the investment the
think I can safely say that we continue to flounder when it business is willing to make for such capabilities. Unfortunately
comes to understanding how to properly plan and manage this is not always the case. While it is generally true that all
software development projects. One need not look far to find stakeholders in a project have the greater good of the business
evidence that software project planning and management is as a goal, there is often not consensus on how best to drive to
a complicated challenge. Quantity is illusive when discussing this greater good or even as to what constitutes this greater
software, making it hard to determine how ‘big’ a software good. And there are individual agendas to contend with as well.
project is likely to be. Even in situations where software
projects are properly sized, they have a tendency to grow Collaboration requires negotiation. The business wants a
once underway. Software technology is constantly evolving, certain set of features or capabilities from the project team.
complicating translation of past performance into future Naturally they desire to minimize the time and cost associated
predictions. with getting these features while also expecting the features to
be of a specified degree of quality. The project team wants to
It’s true. Software estimation is a hard thing to do. Despite deliver quality features and they want to ensure that they have
this there are many practitioners in our industry who have sufficient time and people to make that happen. They also want
mastered this skill. And yet we still seem to have way too many to prevent ending up in a ‘death march’ situation. The project
software projects failing. It is this author’s theory that the team develops a plan that to the best of their knowledge satisfies
estimating challenges cited in the previous paragraph are only all parties. When this plan is presented to business leaders, one
part of the problem. Software projects often fail not because of three things might happen:
software professionals lack the proper estimation skills but
rather because they lack the skills to successfully negotiate with • The business leaders accept the plan as is because there is
business leaders during the planning phase and throughout trust between the business leaders and the project team
the life of a project. – most likely based on a track record of good planning
and estimation.
40 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
SELLING YOUR SOFTWARE ESTIMATE (CONT.)
• The business leaders reject the plan and insist on a specific has been established and other project factors identified - such
plan that aligns with their cost and schedule targets. as complexities, information about the project team, schedule
• The business leaders feel that the plan is too costly or the constraints, etc. – an effort estimate can be performed within
schedule is too long. This opens the door for a negotiation. this context. Effort can be estimated using cost estimating
relationships (CERs), either ones developed internally or
The focus of this paper is the third case. Strategies are delivered through a commercially or publically available tool.
presented to facilitate properly preparing for and executing a In the absence of CERs an estimate can be performed by
negotiation around a project plan and the underlying estimate. analyzing productivity on similar projects, adjusting for any
peculiarities posed by other project factors, and applying this
According to BusinessDictionary.com a negotiation is a adjusted productivity to the size. It is best to use more than
bargaining (give and take) process between two or more parties one methodology to estimate software projects so that a sanity
(each with its own aims, needs, and viewpoints) seeking to check can be performed.
discover a common ground and reach an agreement to settle
a matter of mutual concern or resolve a conflict. In our case, The effort estimate should be aligned with schedule
negotiation is the process through which the project and the constraints to determine that the resources are available in a
business come to an agreement on what is a reasonable set of timely fashion. If schedule changes are necessary, it is important
capabilities the project team can deliver given the resources to reevaluate effort in light of any new schedule constraints as
and time the business chooses to devote to obtaining those schedule can be an important cost driver. Finally, the inputs
capabilities. It is important to remember that this negotiation to the estimating process should be evaluated with respect to
is most likely not a one-time event. Software projects are the estimator’s certainty of their values and this analysis should
notorious for change. Good project leadership will update the feed an exercise to determine the risk of accepting a specific
project plan with project changes. Each of these updates may effort /schedule pair. Using multiple methods to estimate
set the stage for additional negotiations. The secret to success and understanding the risk associated with the estimate may
with this kind of a negotiation is preparation. become critical to successful negotiations
has to win or lose makes you much better equipped to know there are non-functional requirements in the area of
where the wiggle room might be. It is also good to find out security, performance, reliability, etc that will make their
beforehand what the negotiator(s) familiarity with software implementation more complex.
development projects is as well as his or her perception of • Team is planning on including Commercial Off the Shelf
their mastery in this area (these might not be the same). If functionality – while this generally tends to reduce overall
the negotiator is a former software project lead, negotiations effort and schedule for a project, it does not eliminate
might go more smoothly because they understand the issues. effort and schedule and activities related to the selection,
Or the fact that it has been some time since they were in the preparation and integration of these capabilities, and is an
trenches may make them insensitive to the complexities of important part of the project plan.
developing software in the current decade.
And the list goes on. There are many factors both technical
Prepare a Strategy and logistical that drive the costs for your project. Some of them
Begin preparation by taking a good hard look at your are obvious and don’t require much discussion. It’s important
estimate. Imagine that it is your job to evaluate the estimate to make sure that the less obvious ones are highlighted and
and view it through the eyes of the person who is paying for understood. Additionally it should be made clear what, if any
the software. What aspects of the project would you expect to risks are inherent in the estimate based on uncertainties in the
raise eyebrows? Identify these areas and be prepared to explain technology or the estimate itself.
what it is about them that make them more effort intensive
than intuition would suggest. Your understanding of the An invaluable tool in negotiations is good historical data.
negotiators software development expertise should help in this As mentioned earlier, your estimate should be based on
exercise. For every potentially questionable or puzzling aspect data reflecting the historical performance of your team,
of your estimate – be prepared with a credible explanation as your organization or your industry. This same data can be
to why it is the way it is. used to sell your plan to the business. Having a good visual
representation of this historical data – such as a scatter plot
Enter negotiations ready to educate the negotiator about the of previous projects - which shows your current project on or
nuances, complexities and risks of your project. Examples of need the trend line is a great way to get across the point that
such issues might include: this estimate was well thought out and informed by history. It
may also be useful, though not always advisable depending on
• Team is using a new tool or technique – make sure they the circumstances, to come armed with evidence of past failures
understand that even though they read a study touting of the organization, especially if those failures can be linked
50% productivity increases in agile development projects to previously unsuccessful negotiations. If multiple methods
(this is just an example – the author is not proposing were used to arrive at an estimate it is good to show how they
to have evidence of this) this does not mean the first are similar and be able to explain away any differences in a
project for which your team applies agile practices will logical manner. In the absence of organizational data, industry
be any more productive than your last project. In fact, benchmarks are available and should be used to show that your
expect the opposite until the new tool or technique is estimate is in an expected range.
institutionalized.
• Team has new members, either new to Projects need to be performed and delivered
software development or new to the product under certain constraints. Traditionally, these
pe
• New technology or market – if the software and quality. They are also used to define the
e
being proposed is ‘out of the box’ for this Quality Project Management Triangle, with each side
particular team they need to understand that representing a constraint and quality in the
this increases the complexity of the project center. A passing familiarity with geometry tells
and increases the amount of time and effort Cost us that one side of the triangle cannot be changed
needed to implement the software. without impact on the others.
• Non functional requirements that push
the state of the art. It may be the case that most of Understand and respect the Project Management Triangle,
the functionality is pretty straightforward but that and educate your adversaries about it when necessary.
42 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Project managers understand the implications of the Project when it wants it. It is the project leadership’s job to calmly
Management Triangle but still there is often a disconnect. inform them if and when their expectations are not reasonable
To be more effective, organizations need a framework that and to present them with achievable options. Sometimes the
respects the triangle and creates a trade space that brokers this business will respond and sometimes they will fail to bend –
negotiation – void of bias, emotion, optimism and personal believing that this time history will be wrong. In this case the
agenda. best the project leadership can do is to document their position
so that it can be judiciously used in a future negotiation. The
The time constraint refers to the amount of time available to institutionalization of good data collection practices should
complete a project. The cost constraint refers to the budgeted inform negotiations into the future, which are increasingly
amount available for the project. The scope constraint refers to less painless.
the content that must be delivered to ensure the project meets
the intended end result. These three constraints are normally Conclusions
competing constraints: increased scope typically means Software estimation is hard but with the right data, tools
increased time and increased cost; a tight time constraint could and methodologies it can be done with a reasonable amount of
mean increased costs and reduced scope; and a tight budget certainty most of the time. Despite this fact, we see indications
may require an increase in time and a decrease in scope. Quality everywhere that software projects are continuing to fail.
sits in the middle of the triangle as a reminder that changes Sometimes the failures are due to poor planning, sometimes
in each of the three legs can be made but as these changes are they’re due to poor project management and sometimes they
made the area of the triangle will be effected – in other words come down to the project leader’s inability to sell their plan to
if you’ve shortened the schedule, even if you’ve made some cost the business. Project leaders need to be able to communicate
adjustments as well, the quality may not be the same. credibly to the business as to the specifics of the project that
inform their project plans. They need to come to the table with
The Project Management Triangle is an excellent negotiation a plan, the data that supports that plan and a few backup plans
tool if it is understood and respected by both sides of the if the original plan is unacceptable. They need to educate the
negotiation. A project leader is well advised to come to the business about software development, software estimation and
negotiation intending to rely on the triangle. In his back the importance of the Project Management Triangle - using
pocket should be a set of well thought out cost/schedule/scope this as a tool to facilitate good negotiations. The best, most
trade-offs that can be proffered if necessary. In other words – well thought out and reasoned software estimate does neither
understand the cost and schedule implications of eliminating the project nor the business any good if the business won’t
or down scoping the features or requirements most likely to accept it, buy into it, and grow it when requirements creep.
be expendable. The ability to speak authoritatively about the
various options coupled with visualization around the triangle
About the Author
lends a sense of credibility to the negotiation.
Arlene Minkiewicz is the Chief Scientist
Keep calm and eliminate emotion at PRICE Systems L.L.C. In this role she
Finally, it is important to remain calm and leave emotion at leads the Cost Research activity for the
the door. If you believe in the quality of the estimate and have entire suite of cost estimating products
communicated the issues and risks to your leadership, then that PRICE develops and maintains.
you’ve done the best you can do. With good historical data Ms. Minkiewicz has over 24 years of
to back up your argument and reasonable tradeoffs to present experience with PRICE, designing
when the cost or schedule is in conflict with organizational and implementing cost models. Her
goals you should feel comfortable standing firm with your recent accomplishments include the
position. development of new cost estimating models for software and
Information Technology projects. She has published articles on
Of course chances are good that you won’t always win, software measurement and estimation in Crosstalk, Software
especially if your organization is new to (or completely Development and British Software Review. She has received
unfamiliar with) standardized estimating and data collection Best Paper awards on several of her recent research projects
practices. At some point you may have to back down. At the from two professional estimating societies (ISPA, SCEA), and
end of the day the business gets to decide what it wants and was named Parametrician of the Year for ISPA in 2002.
T
he Department of Defense (DoD) and Department As shown in Figure 1, the supply chains in today’s software
of Homeland Security (DHS) need “justifiable acquisition world consist of a wide variety of suppliers spread
evidence and high confidence that acquired systems across the world. Each of these suppliers may have their own
perform as expected, when expected, are safe, and are secure” standards for development and quality assurance. “Therefore,
[1]. However, the DoD/DHS Software Assurance (SwA) the responsibility for SwA [software assurance] must be shared
Acquisition Working Group states that “acquisition officials not only by software suppliers in the supply chain but also by
continue to accept software riddled with errors and other the acquirer in the supply chain who purchase the software”
security vulnerabilities” [2]. From these statements, it is clear [2]. Additionally, the SwA Acquisition Working Group
that the U.S. government’s acquisition process for software identified five different acquisition processes - each with
must change! their own planning, contracting, monitoring & acceptance
[criteria], and follow-on [maintenance] approaches. It is
This article shows how the U.S government’s software no wonder there are operational problems with delivered
acquisition process can be changed - today - to deliver high software!
quality software satisfying the needs of these government
communities. The software assurance need begs for an auditable outcome-
based acquisition process that, in addition to ensuring high
A critical component of the acquisition process is to ensure quality, can provide warning of quality and security problems
that any supplier’s bid for new or maintenance work must early in the development process – for example when defining
conclusively demonstrate, in its ‘pre-award’ proposal, its contract terms, interface specifications between suppliers, and
current ability to perform Inspections compliant with the 2008 product requirements.
IEEE Inspection Standard 1028™-2008 (Section 6) [3] and
in accordance with the Federal Acquisition Regulation (FAR) Since 1991, acquisition professionals have been discussing
Part 46.2 for Quality Assurance [4]. the concepts, training, roles, and responsibilities that support
Performance Based Acquisition (PBA) [5]. Missing is the unity
The current delivered state of software-driven systems must of a coherent acquisition process and availability of relevant
end! The US Taxpayer deserves quality products delivered standards and tools that tie together all the elements necessary
on-time to meet our nation’s critical needs. to implement PBA. Outcome-Based Acquisition (OBA) is a
specific implementation of PBA and all the elements needed
to implement OBA are available today!
Opportunity
The Government Auditing Office (GAO) Study of leading
companies [6] found that “software developers and acquirers
all use three fundamental management strategies to ensure
the delivery of high-quality products that are on time and
within budget:
44 Journal of Software Technology 15-1 January 2012: Cost Estimation and Systems Acquisition
OUTCOME-BASED ACQUISITION (CONT.)
The 2008 Inspection Standard provides comprehensive and compliant Inspection implementation of the 2008 Inspection
detailed criteria against which to measure Inspection execution Standard. Inspection tools also provide repeatability,
compliance – a key element of a disciplined development consistency, and outcome-based measurements throughout the
process. However, while formal Inspections have been development process. The continuous output of an Inspection
shown to be highly effective in a disciplined development tool suite during product development is the basis for:
environment, they must have the proper infrastructure support
and upper management’s ongoing adherence to Inspection • Ongoing ‘Product’ evaluations with actions identified and
pitfall prevention techniques to be successfully implemented resolution status visible
and sustained. Upper management’s responsibilities for • The auditable outcome-based acquisition process
mitigation of Inspection pitfalls can be found in our earlier
CrossTalk article [11]. The characteristics of an Inspection tool suite that is compliant
with the 2008 Inspection Standard and generates outcome-
Software Inspections are critical for outcome-based based measurements can be found in our earlier CrossTalk
acquisition. Inspections are the best monitoring / “other” article [14] and are summarized in figure 3. Inspection
method referred to in the Defense Science Board report [8] tools are required to aide upper management responsibilities
for ensuring, throughout development, that: for Inspection planning, execution, monitoring, and result
tracking. For example,
• success is being achieved
• the software will be capable of performing the required Inspection Planning Tools that support ‘what-if ‘scenarios,
functions prior to commitment to project Inspections, using industry
• the software is delivered according to schedule, including data or previous project metrics to estimate: the number of
short-term milestones inspections needed, hours invested to find and fix defects by
Inspection, number and percentage of defects removed by
A development
environment with
defined end-state
requirements including
defined increments
Execution, Analysis & Monitoring Tracking & Measurement
accommodates using Tool Set Tool Set
Inspections to verify (Who - Ins pec tion L eader with team) (Who - Management)
requirements, design, During Inspection After each Inspection
system interfaces and
Inspection ROI Calculators:
other defining material
Readiness -Requirements
(e.g., Statements of Tool -Design
Work). These up-front prepared?
-Code
activities are where Inspection
Inspection Mtg.
Meeting Log
the majority of defects & Follow-Up Aggregate Results
Tool
(~80%) are historically Log Tool Calculators:
exit?
introduced into a - Requirements,
software product [12, Analysis
Analysis - Design, Text,
Management
Tool
Tool - Code, Fixes,
13]. Report
re-inspect?
- All Consolidated
2) Inspection Tools
Other defect
The management Project Quality Measurement Tool Inspections Testing removal
strategy of having
meaningful metrics is Throughout Development & Testing
satisfied by computerized LEGEND: Go/No-Go Decision Supplier Inspection Tools
Inspection tools that
ensure correct and Figure 3: Supplier Inspection Tools for Outcome-Based Acquisition
46 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
inspection, number of defects
and hours for removal of
remaining defects by testing
during development and post-
delivery operation, hours for
defect removal without using
Inspections, and expected
net project hours saved from
incorporating inspections.
standard prior to contract award (e.g., generate ongoing toward contract award and then successful product delivery.
actionable Inspection results).
Table 1 describes each of the steps assigned to the Acquirer
Figure 5 is an example of an Inspection Compliance Matrix and Supplier in the 4 OBA stages in Figure 6. In summary,
provided by the acquirer, to be completed by candidate pre-contract award stages 1, 2, and 3 ensure prospective
suppliers. contract bidders understand Inspections, have the current
stage
1028-2008 Insp Expert Supplier Map ckeckoff
Legend: A-Author D-RecorDer I-Inspectors L-Leader M-Management R-Reader(paraphraser) 0-preinspect 8-postinspect
line 3/30/10 insp role IEEE Std. 1028TM-2008 for Inspections (Actions) Action Type Rec. Implementation Supplier Implementation 1 2 3
# Para step [ Action Clarification Text in brackets ] ShL May ShD Training Tools Process other Training Tools Process other none M V C
a e o
TOTALS > 165 114 26 25 139 82 138 0 p r n
1 6.2.4 AUTHOR
2 6.2.4 6 A Author shall12 be responsible . . . . for performing any 12b
rework required to make the software product meet its x x
inspection exit criteria
3 6.5.1 MANAGEMENT PREPARATION [pre-inspections]
4 6.5.1 0 M Management shall19 ensure inspection is performed as 19
required by applicable standards and procedures and by
x x x
requirements mandated by law, contract, or other policy.
To this end, managers shall20 do the following:
5 6.5.1 0, 8 M Managers shall20e Ensure that inspections are planned, 20e
x x x
and that planned inspections are conducted
6 6.5.1 5, 7 M Managers shall20f Act on inspection team 20f
x x x
recommendations in a timely manner
7 6.5.6.5 MAKE EXIT DECISION [step 5]
8 6.5.6.5 5 I Exit decision shall47 determine if the software product 47
x x x
meets the inspection exit and quality criteria
9 6.5.6.5 5,6 7 I As part of Exit decision, any appropriate rework and 48
x x x
verification shall48 be prescribed.
10 6.7 OUTPUT [ of Inspection ] minimum requirements
11 6.7 7 L output of the inspection shall53 be documented evidence 53
x x
that identifies the following:
12 6.7 5 L documented output: Inspection objectives and whether 53g
x x x
they were met
13 6.7 5, 7 L documented output: anomaly list, containing each 53h
x x x
anomaly location, description, and classification
14 6.7 4 L documented output: individual & total preparation time of 53k
x x x
inspection team
15 6.7 0 M documented output: estimate of the savings by fixing 14
items found in inspection, compared to their cost to fix if x
identified later
16 6.7 0 M this standard sets minimum requirements for content of 93
the documented evidence, it is left to local procedures to x x x
prescribe additional content, format reqts, and media
Of particular importance are the four ‘Recommended (Rec.) infrastructure in place to perform standard-compliant
Implementation’ columns which identify where the Inspection inspections, and can demonstrate this prior to contract award.
Standard Actions (shall, may, should) are best addressed by Stage 4 ensures that during post-award contract performance,
the Supplier’s training, computerized Inspection tools, and both the supplier’s management and the government program
Inspection process material. These four columns are populated manager have access to individual and summarized Inspection
and provided by the Acquirer for later comparison with how results throughout product development.
each Supplier candidate conveys their current Inspection
capabilities they record in the five adjacent columns under The result of putting the pieces together is an auditable
‘Supplier Implementation’. outcome-based acquisition process that can be used TODAY for:
48 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
of products and systems for
On-Time Quality capabilities
delivered within budget.
Contracting Officer
With up to 90% of program
cost occurring after deployment,
the contracting officer will now
contract for the best life-cycle
(true) cost of a program.
Program Manager
Figure 6: Outcome-Based Acquisition Process Overview The suppliers current product
assessment capability is now a
- that comply with the August 2008 IEEE Inspection key factor in awarding contracts
Standard and Federal Acquisition Regulation (FAR) providing government program managers the ability to
Part 46.2 for Quality Assurance and Inspections on monitor ongoing quality, issues, and risk based on the suppliers
government contracts. automated inspection reports.
• Computerized Inspection tool outcome-based
measurements allowing supplier and government Supply Chain Risk Management (SCRM)
management, on a continual basis to: Implementing ongoing outcome-based product assessments
1. evaluate product quality, (OBPA), the focus of OBA, will reduce/streamline much of
2. measure development progress, the strategies, policies, standards, etc. planned and underway
3. assess risk for SCRM
Conclusion Suppliers
“Software vulnerabilities, malicious code, and software that Outcome-Based Product Assessments of pre-code activities
doesn’t function as promised pose a substantial risk to the (e.g., requirements, design) removes defects where 70-80%
Nation’s software-intensive critical infrastructure that provide of defects are typically introduced into products ensuring the
essential information and services to citizens” [2]. best quality at the contracted schedule and cost.
The 2008 IEEE Inspection Standard, the Inspection We welcome your comments.
Compliance Matrix, Computerized Inspection tools and
Inspection pitfall mitigation techniques along with using an
evolutionary development environment approach, ensure
correct, consistent, repeatable and sustainable rigorous
Inspection execution across distributed environments. Use
of these capabilities with their associated benefits (see below)
now gives government acquirers, and any other software
acquirers along the supply chain (see figure 1), the ability to
attain auditable and actionable outcome-based acquisition
bid response
2 Provides the Inspection compliance
matrix to Supplier candidates
3 Performs gap analysis and maps their
Assessment
Assessment
Assessment
About the Authors Previously, Stewart taught the Fagan Defect-Free Process
Roger Stewart is co-founder and for Michael Fagan Associates (8 years) after spending 30
Managing Director of the Stewart- years with IBM’s Federal Systems Division, (now part of
Priven Group. He is an experienced Lead Lockheed-Martin) managing and developing systems for Air
Systems Engineer and Program Manager Traffic Control, Satellite Command & Control, On-Board
in both government and commercial Space Shuttle, Light Airborne Multipurpose System (LAMPS
system development – including Systems Helicopter); and in Commercial Banking, Telecommunication
Engineering, Software Development, and Networking systems.
System Integration, System Testing, and
Process Improvement. Roger has a BS in Mathematics from Cortland University.
50 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Lew Priven is co-founder and Managing [5] Gouldsberry, Pamela, Leslie Deneault, and Bruce Hatlem.
Director of the Stewart-Priven Group. “Performance Based Acquisitions – What’s Out There.”
He is an experienced executive with Software Tech News Vol. 12 No. 3 Sept. 2009: 27
management and technical background
in system and software development, [6] GAO Report to the Committee on Armed Services,
software quality training, management U.S. Senate (GAO-04-393). “Defense Acquisitions –
development training and human Stronger Management Practices are Needed to Improve
resource management. DOD’s Software-Intensive Weapon Acquisitions.”
March 2004
Previously, Priven managed the
IBM team that developed the inspection process, taught the [7] DACS Gold Practice™ Document Series. “Software
Fagan Defect-Free Process for Michael Fagan Associates (8 Acquisition Gold Practice – Acquisition Process
years), and was Vice-President of Engineering & Application Improvement.” Nov. 16, 2005
Development at General Electric Information Services, Vice
President of Application Development for IBM’s Application [8] Report of the Defense Science Board Task Force. “Mission
Systems Division, Director of Operations & Development for Impact of Foreign Influence on DoD Software.’ Sept.
the IBM Information Network, Vice President of Information 2007
Technology & Human Resources for Satellite Business Systems.
[9] McConnell, Steve. “Best Influences on Software
Lew has a BS in Electrical Engineering from Tufts University Engineering Over Past 50 Years.” IEEE Software Jan. /
and an MS in Management from Rensselaer Polytechnic Feb. 2000.
Institute.
[10] DACS Gold Practice™ Document Series. “Software
The Stewart-Priven Group can be contacted at: Acquisition Gold Practice – Formal Inspections.” Nov.
7962 Old Georgetown Road, Suite B, Bethesda MD 20814 26, 2003
Office: 615-754-6685
Web: www.stewart-priven.com [11] Priven, Lew, and Stewart, Roger. “How to Avoid Software
Email: info@stewart-priven.com Inspection Failure and Achieve Ongoing Benefits.”
Crosstalk Jan. 2008
References
[12] McGraw, Gary. “Making Essential Software Work.”
[1] Weimer, Bruce US ARMY-SW Eng. Center SW Assurance Citgal, Inc. Mar. 2003
Div. “Software Quality Assurance.” SSTC Conference
April 22, 2009 [13] Bender, Richard. http://benderrbt.com [Position Papers]
“The Business Case for Software Quality” page 23, 2004
[2] The Software Assurance (SwA) Acquisition Working
Group. “Software Assurance in Acquisition: Mitigating [14] Priven, Lew, and Stewart, Roger. “Management’s
Risk to the Enterprise.” October 22, 2008 Inspection Responsibilities and Tools for Success.”
Crosstalk March/April 2009
[3] Software & Systems Engineering Standards Committee
of the IEEE Computer Society. “IEEE Standard for
Software Reviews, Section 6, Inspections.” IEEE Std.
1028™-2008.
S
enior leaders within DoD, Congress, and industry • Use of agile processes and development methods;
have grappled for many years with the inability of the • Adopting capability-based portfolios as a consistent
Department of Defense’s (DoD) acquisition processes organizing structure across the disciplines of requirements,
to deliver timely and effective information technology (IT) funding, and development/procurement (i.e., short
solutions. The problems are well documented in a number duration projects would be specified, funded, and
of studies and reports. [Ref 1, 2, 3, 4] Common conclusions implemented from portfolios);
of these studies are shown in Table 1. • Use of pre-tailored acquisition process models (templates)
corresponding to types of acquisition;
Table 1: Problems with DoD IT Acquisition • Employment of common IT computing platforms;
• Frequent acquisition progress reviews in lieu of infrequent
• Acquisition processes are based on weapon systems milestone decision points;
and are too slow and costly. • Integrated, concurrent test and evaluation and security
• Requirements and technology change faster than certification.
capabilities can be delivered.
• Few IT projects are delivered on time and within With the publishing of the Report to Congress and the
budget; many are cancelled before any delivery. establishment of teams to flesh out the concepts summarized
in the Report to Congress, there was optimism in early 2011
that significant improvements were on the horizon. This
A philosophical turning point in the longstanding discussion optimism began to fade in late summer 2011 as progress
about how to fix DoD’s IT acquisition problems was the on DoD’s efforts to further define the new IT acquisition
Defense Science Board’s (DSB) report in 2009. The DSB process stalled. Likely, the recommendations to move to a
concluded that it was not possible to tailor the current DoD’s portfolio-based construct across requirements, funding, and
acquisition processes, documented in the so-called 5000 series program implementation was viewed as having too large of
directives, for acquiring information technology capabilities. an impact on the various DoD processes. As discussions on
Instead, a new acquisition process designed for the special implementation of the portfolio construct reached an impasse,
characteristics of information technology was needed [Ref 5]. work on the other efforts to define a new acquisition process
This philosophy was embraced by Congress in Section 804 for IT were also stopped.
of the 2010 National Defense Authorization Act for DoD.
Congress directed DoD to develop a new acquisition process At present, IT acquisition reform efforts have taken a back
for acquiring information technology [Ref 6]. The resulting seat to DoD’s efforts to adjust to troop withdrawals and budget
efforts within the DoD to implement Congressional direction reductions in 2012 and even larger budget impacts in future
resulted in a strategy for a new acquisition process for IT that years. Nevertheless, improvement in IT acquisition is being
was subsequently documented in a December 2010 Report addressed as a part of an ongoing revision to DoD’s 5000
to Congress [Ref 7]. series acquisition directives. It is too early to tell if this effort
will yield significant improvement in the speed, cost, and
The DoD’s Report to Congress identified top level effectiveness of IT acquisition.
characteristics of the envisioned new acquisition process.
Among these characteristics were the following: In view of the lack of progress in achieving significant
reform of DoD’s IT acquisition processes, this paper provides
• Short duration projects delivering capabilities in 6-12 a recommended Roadmap for implementation of IT
months; acquisition reforms. In particular, the Roadmap proposes that
52 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
A ROADMAP FOR REFORMING THE DOD’S ACQUISITION OF INFORMATION TECHNOLOGY (CONT.)
DoD prioritize their reform efforts in order to very quickly The major challenges to implementing these points are the
implement changes that can be done now, in particular changes determination that DoD must make rapid changes and
that can be made without major policy or legislative changes. overcoming the cultural and bureaucratic inertia.
In parallel, DoD should continue to work on the definition
and coordination of those IT reform initiatives that will
take longer to implement. In the paper, the characteristics Table 3: Implement Five Point Program—Now!
of acquisition reform for IT defined in the December 2010 1. Mandate short-duration, agile projects
Report to Congress have been allocated to one of three major 2. Require an agile contracting process
Phases of the Roadmap as shown in Table 2. 3. Employ common platforms and transition to “cloud”.
4. Integrate/streamline T&E and C&A
Table 2: Acquisition Reform Phases 5. Use acquisition templates
IT Box forces requirements to be constrained to fit within a additional consequence of the current approach is so-called
“time-box”, a set calendar window of development time, so “stove pipe” IT solutions that cannot be effectively integrated
that they can be developed and fielded rapidly. into the larger DoD system of systems context.
In order to implement short-duration projects, larger Fortunately, there are examples of DoD organizations
requirements must be divided so that sub portions can be programs that have successfully implementing complex IT
developed and fielded quickly. Agile development methods efforts with short-duration projects that deliver capabilities
ensure continuous communication between developers and to users very quickly. The team that compiled the Report
users minimizing risk that user needs are not understood by to Congress identified a number of examples in each of the
the developers [Ref 10}. Use of common IT platforms (see military services, including DISA, TRANSCOM and DLA.
Point 3 below) permits development efforts to address mission In these examples, short duration projects were effective
capabilities immediately rather than spending months or in delivering incremental capabilities to users in less than
perhaps years developing a custom infrastructure platform to 12 months. Success in these examples necessitated that the
meet a user requirement. The recommended metric and action organizations mature the engineering disciplines necessary to
for this point is the following: ruthlessly cancel IT projects ensure the effective interoperation of the separately-developed,
that do not deliver capabilities useful to the user community incremental projects. Moreover, each of these projects have
within 12 months (the goal is 6 months or less). shown dramatically reduced risk and increased user satisfaction.
Many will assess the 12-month metric and what might be DoD’s challenge with implementing short duration, agile
perceived as a draconian recommended action and conclude projects is twofold. First, DoD must overcome the current
that this guideline just cannot apply to DoD. They will cultural comfort with IT programs taking multiple years to
argue that DoD is too big and its IT solutions too complex deliver capabilities. Unfortunately, many in DoD sincerely
to mandate delivery within 12 months for all IT projects. I believe that it must take years to deliver IT capabilities! Second,
note in particular that those involved in business enterprise and perhaps more significantly, the common practice of
resources planning (ERP) efforts appear to have grown “thorough” implementation of DoD 5000 process steps (i.e.,
comfortable with fielding timelines that rival those of major not taking advantage of tailoring opportunities) influences
weapons programs, often taking a decade or more before acquisition programs toward larger increments and less rapid
delivery of useful capabilities (or in many cases a decision to delivery. Program managers often start with the objective
cancel the program). of rapid fielding only to be consumed by the “mandated”
documentation and well-intended oversight activities that
It is the case that the complex IT needs of DoD will most quickly erase any hopes of rapid fielding. Moreover, it is not
often require solutions that are large and complex, therefore just the design program analysis and software development
necessitating that larger requirements be divided into multiple, efforts that must be done more quickly to achieve the 12 month
perhaps many, short duration projects. DoD’s system engineers target. Contracting, testing, and project oversight decisions
must be directed to determine how to best subdivide larger must align with the objective of 12 month (or less) deliveries.
solutions into “bite-sized” pieces. The response from a program Contracting and test are separately addressed in Points 2 and 4.
manager or engineer that it cannot be done is false and must
be rejected. It is useful to conclude the discussion on Point 1 with the
observation made in the opening sentence—shorter duration
In order to develop larger IT solutions through a number projects are less risky and therefore can and should be done
of short-duration, quick-delivery projects, there is a need to with less oversight and documentation. Rather than using
focus significant attention on how to ensure compatibility surrogates such as documents to assess progress, with rapid
and interoperability among the separately-developed IT capability delivery the end user provides direct, high-fidelity
capabilities. This requires employment of formal engineering feedback by actually using the capability. Based on user
disciplines such as architectures, standards, iterative testing, and feedback, successive projects can be modified, cancelled,
continuous integration. While these engineering disciplines are or accelerated. A DoD mandate to field IT projects in 12
often employed in DoD IT acquisition efforts, they are most months or less with penalty of project cancellation will
often used within a monolithic program rather than across provide the motivation to overcome resistance to change.
many projects that may be developed independently. The In addition, this mandate must force each of the critical
54 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
processes supporting capability delivery (oversight, design, award. The goal for awarding a task order for a 12 month (or
development, test, contracting, etc.) to operate on the same less) effort should be 14 days.
expedited timelines.
In cases where an IDIQ contract is not appropriate, or
Point 2: Rapidly award contracts for the award of IDIQ vehicles, a similar time box approach
There is abundant evidence that processes used for should be employed. In this case the guideline is that the
awarding DoD IT contracts are not aligned with rapid time from RFP release to award must be no longer than
delivery. While the DoD procurement regulations endorse 120 days. Having implemented this process repeatedly as
rapid contracting methods and emphasize using risk to guide a PEO, I am confident that it can be done. The challenge is
contracting efforts, contracting often becomes the pacing to force the awareness of time to meet user needs as a major
item for IT efforts. When I was a Program Executive factor in all contracting decisions. As a PEO, I negotiated
Officer (PEO) in DoD, I pushed the envelope to make with my program managers aggressive contract award dates
contracting more rapid and less costly to government and prior to RFP release and required the program manager to
to contractors. I found that rapid contracting can be done, prioritize tasks to meet the target award dates—it works!
but it usually required the use of guidelines to the program The key to a rapid source selection is that activities and tasks
office and contracting staff. These guidelines would focus on must be formally and ruthlessly prioritized in order to focus
the mission/business benefits of a rapid contracting process. only on the discriminating items that will permit selection of
Several guidelines that can assist in implementing an agile the “best” contractor for the short-duration project or a series
contracting process for IT contracting are described in the of short-duration projects. DoD budgets and DoD users
following paragraphs. Again, these recommendations are cannot afford protracted contracting processes that do not
focused only on what can be done quickly without changing focus only on what is most important within the established
policy or legislation. time constraints.
Awarding contracts based on mission areas (e.g., command It is useful to note that once contracting actions can be done
and control, logistics, IT network infrastructure, etc.) rather rapidly several positive benefits are achieved. It is possible
than based on specific programs or projects results in contracts to terminate a contractor for weak performance without
being available when a specific project is to be undertaken causing significant delays in meeting the needs of the end
within the mission area. Often this contract is an indefinite user customers. It is possible to get high quality government
quantity indefinite delivery (IDIQ) type of contract. By personnel to participate in source selection evaluations.
focusing the contracts on mission areas, the contract holders Most importantly, the collective resources, both financial and
have been prequalified in the mission area. When a specific intellectual, of both government and industry become properly
project is to be undertaken, a contract (task) can quickly be focused on quickly delivering the best capability to the end
awarded to a single contract holder or rapidly competed among user rather than focusing these resources disproportionately
multiple mission area contract holders. on proposals and evaluations that yield no benefit to the end
user and have become increasingly more costly to taxpayers
There are many IDIQ contract vehicles within DoD and across who largely foot the bill.
the Federal government that can be used for development and
delivery of IT capabilities. The primary limitation with most As a final recommendation for Point 2, all program/project
of these vehicles is that the time to award a specific contract managers and contracting personnel should be required
task order is inconsistent with rapid delivery. Rather than a to demonstrate familiarity with the OMB “Myth Busters”
very streamlined contracting action that takes days or perhaps a Memorandum published in February, 2011 [Ref 11]. OMB’s
week for a short duration (i.e., 12 months or less) project, many guidance contains a number of clarifications to common myths
task orders take months to award, with attendant high costs to that have increasingly resulted in lengthy, more costly, and less
both the government and contractors and with negative impacts effective government contracting.
to user missions. There is no reason that this process needs to
take months. The recommended guideline is that all task order Point 3: Mandate all programs/projects use
awards be “time boxed” with established maximum timeframes established standards platforms
and with no task order contracting process taking more than As with DoD weapon systems, current IT acquisition
21 calendar days from announcement of opportunity to task processes require that each program have its own set
requirements, its own funding, and a separate acquisition space application. After further examination, it became clear
program office. As such, each IT program is viewed as largely that none of the COTS components selected for the “space
autonomous. This independent structure and the strong SOA” were selected specifically because of the (near) real time
culture that has grown up around this structural convention nature of the application. At the end of the discussion, it
discourages IT programs from being dependent on capabilities became painfully clear to the government and the contractors
outside of the program office’s control. In the past, this gave assembled that the only reason that this one company was
rise to each program delivering unique, largely redundant and spending many millions of dollars and years developing
tremendously costly network and computing infrastructures. multiple platforms was that the government program offices
While separate networks are largely a thing of the past, most had asked for a unique program platform as a contract
large programs still provide their own unique computing requirement. This was truly a sad observation. Even sadder,
hardware, system software including so-called middleware, and however, is that the practice persists today.
user interface capabilities. DoD cannot afford to continue this
practice. It is expensive and not effective for meeting DoD The bottom line is that there is no need for unique
user’s needs. platforms for 99.9% of DoD IT applications. Unfortunately,
the structure and culture of DoD’s acquisition community
The negative result of each program developing and encourages unique platforms. This must stop. The current
deploying unique computing hardware and software platforms model is driving up IT development and support costs
is truly massive costing DoD hundreds of millions of dollars and significantly delaying delivery of capabilities to DoD
each year. Most ironic is the fact that these unique platform users. What is needed is ruthless standardization of IT
configurations are each composed of commercially-available infrastructure and mandatory use of standard platforms by
off the shelf (COTS) products, albeit uniquely configured all IT programs. DoD already has a number of platforms from
for a particular acquisition program. Analyzing, configuring, which to choose as initial standard platforms. The challenge
testing, certifying, and deploying a unique platform for a is not a technical one, it is a cultural one. It is recommended
specific program takes a lot of time, often a year or more. that DOD quickly establish a set of standard platforms and
During this time, the program is not delivering the mission mandate migration to this supported set of standard platforms.
capabilities that the program has been charged to deliver.
The time and cost of building a unique platform is a total The desire for use of standard platforms aligns well with
waste of taxpayer money. Moreover, once a unique platform the desire to take advantage of IT capabilities being provided
is fielded, this unique configuration significantly drives up as a service through what is called a “cloud” model. A cloud
life cycle support costs. It simply costs a lot more to support is simply a collection of IT resources that can be used on an
a variety of configurations due to lack of economies of scale as-needed basis. Cloud services can include platform services
in purchasing hardware and software, suboptimal utilization (PaaS) and software service (SaaS) in addition to hardware or
of the platform resources, and the need for additional staff data, or applications as a service. For DoD, it makes sense
to main the unique platform. to move to a cloud environment which can reduce the cost
of unique services as well as to improve standardization and
A few years ago, I convened three DoD IT acquisition interoperability. Fortunately, each of the military services,
program offices and their contractor support teams to DISA, and many of the other DoD agencies are large enough
investigate why they were each developing unique hardware that they can offer their own cloud capabilities provided
and software platforms. In this case, all three contractor either in DoD facilities or in commercial facilities and achieve
teams were from the same company. Each program team was world class economic results. It is recommended that DoD
developing a unique “services oriented architecture (SOA)” mandate use of appropriately secured cloud environments
for their program. Perhaps not surprisingly, each program (i.e., a ‘cloud first’ policy).
team was very proud of what they had accomplished and
had plans to complete their SOA platform over the next 12 Point 4: Integrate and streamline T&E and C&A
to 24 months. When asked why all three programs could processes
not use a common SOA platform, the chief architect for The processes used for testing and for certifying the security
one program quickly boasted that “my program is a real- of IT systems often becomes the “long pole” in getting
time space application”, thereby implying that the other needed IT capabilities in the hands of DoD users. Clearly,
program platforms would not be capable of supporting the it is important to test capabilities before placing them in the
56 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
field and the growing security threats necessitate a strong added after the fact (most often in a suboptimal manner).
focus on cyber security. However, the testing and security Instead of addressing security after an IT capability is
certification processes typically employed for IT capabilities completed, certification assessments and concurrence by
fails to recognize the realities summarized in Table 4. the accrediting authority must be done incrementally
and in parallel with the IT development process. The
requirement should be that once an IT capability has
Table 4: Realities of IT Test and Security
completed operational testing by users, certification must
Certification also be complete.
• Users make the best testers
• Manual security assessments are ineffective A final recommendation in this area follows from the fact
• Security is best evaluated when a capability is that security is best assessed in an operational environment.
operational The reason for this is that security threats continue to
evolve and IT systems are constantly changing as a result of
interactions in the operational environment. Therefore, it
Agile development methods recognize the importance of is recommended that the majority of security focus for IT
continuous user involvement in the testing and evaluation capabilities should be applied after operational deployment
processes for IT capabilities. Unfortunately, DoD’s acquisition and using continuous monitoring with automated tools. The
processes which were developed for weapon systems typically practice of focusing most security resources prior to system
require professional testers to perform operational testing. deployment or in periodic paper based reviews is ineffective and
If end users are effectively involved in the development and should be abandoned immediately. NIST Special Publication
testing of IT capabilities, the marginal benefits of additional 800-37 [Ref 12] encourages the use of automated monitoring,
testing by independent professional testers is small and the time and provides that it can be the basis for periodic security
delay in getting capabilities to the users becomes unacceptable. recertification.
A more prudent approach is to rapidly deploy capabilities
that have been subjected to testing by actual end users Point 5: Employ acquisition templates
(perhaps through virtual connectivity to the development The final point of Phase 1 of the Roadmap is the
team) in an incremental manner. This can be achieved by recommended adoption of tailored templates that can
starting with a small subset of actual users and expanding the guide program offices as they are strive to tailor DoD’s
user community after confidence has been achieved through 5000 Directives to suit information technology acquisition
the smaller deployment. Testing by professional testers should programs. The templates provide a point of departure for
be performed after substantial capabilities have been fielded IT program offices to quickly determine how their program
and are in use. This professional testing effort would be to should be structured. Four templates have been developed
provide a formal assessment of the effectiveness of the fielded under DoD sponsorship. These templates were summarized
capabilities against the user requirements and to provide and endorsed in the December 2010 Report to Congress and
recommendations for future development efforts (i.e., modify, align with the major types of IT acquisitions:
expand, or cancel).
1. Application Software Development
Utilization of formal methods and automated tools for 2. Commercial Off the Shelf (COTS) Capabilities
security certification is essential. Security certification done 3. Integrated COTS
by a review of documents only is of almost no value. The 4. IT Services
commonly-used approach of doing security certification after
a system is fully developed is also ineffective and costly in As an example, the templates reflect the fact that an
time and money. After an IT capability has been developed, acquisition program that is to develop application software
the certifiers often assume the philosophy of “how can we (on a standard platform) has different activities, risk areas, and
improve security” rather than “what security controls are indicators of progress when compared to the procurement of
required to achieve an adequate risk posture”. The result is a COTS solution. However, experience has shown that by
a cycle of recommendations by the certifiers and negotiations following DoD 5000 processes, DoD program offices typically
with the developers with delays in fielding and increased costs migrate from a COTS solution approach to a developed
due to scrap and rework as additional security controls are solution approach. This should not be surprising; DoD 5000
is targeted for weapon system development. Templates help A New Model for Acquiring Government Information Technology
to avoid this mistake. [Ref 13] for additional insight into the recommended
templates.
A quick review of the history of programs such as Net-
Centric Enterprise Services (NCES) or the Navy- Marine Figure 1 contrasts a few of the top-level characteristics and
Corps Internet (NMCI) shows what happens when IT processes for the Application Software Development Template and
programs attempt to use a DoD 5000-based approach to the COTS Template. It should be noted that this abbreviated
acquire commercial IT capabilities. In the case of NCES, the comparison does not show the iterative nature of the
objective of rapidly procuring COTS software products evolved Development and Demonstration (in the case of Application
into a lengthy program to acquire and then modify COTS Software Development Template) and Demonstration and
products. Likewise, NMCI was treated, not as an albeit large Deployment (in the case of the COTS Template). It can
contract for commercial services, but as a developed program be seen that the tasks prior to Milestone B are significantly
that required formal acquisition milestones, independent different, with the COTS Template focusing on assessing the
OT&E, and other acquisition processes appropriate for a commercial marketplace rather than on prototypes and the
developmental program. In both instances, the envisioned Milestone B decision being a procurement decision rather
acquisition of commercial products and services evolved into than a build decision in the case of the Application Software
developmental programs significantly delaying fielding of Development Template.
important capabilities and dramatically increasing risk and
cost. While NMCI and NCES may be some of the most Key elements of the Application Software Development Template
visible examples of inappropriate or failure to tailor DoD are as follows:
acquisition processes, there are many other examples where
well intended program offices and oversight bodies have • Participation by the end user throughout the process.
failed to recognize the unique needs of different types of IT • Recognizing the evolving nature of IT requirements,
acquisition programs. significantly streamlined predevelopment analysis,
prototyping, and documentation focused on the initial
The specific characteristics of the templates are only described increment (rather than on the full scope of requirements).
generally in this paper. The reader is recommended to review • Close linkage of risk reduction/prototyping and
COTS
Template
MS
A
MS
B
MS
C
IPR
RDD
Procurement
Post
Implementa*on
Decision
Review-‐IPR
RELEASE
1
Architectural
Commercial
Market
Opera*ons
Business
Case
ICD
Alignment
Analysis
Demonstra*on
&
Deployment
And
Analysis
Support
DoD
user
involvement
Integrated
DT
/
OT
Weeks
to
Months
1
to
12
Months
58 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
incremental development such that there is no loss of 804 of the 2010 NDAA and the subsequent Report to
continuity and no break in progress around the Milestone Congress, there are a number of major improvements that
B decision. can be made quickly and easily. The five points recommended
• Rapid, iterative increments of software development for immediate implementation will have a significant impact
(12-18 months) with cost, schedule and performance on improving IT acquisition efficiency and effectiveness.
characteristics assigned as each increment is undertaken. Moreover, implementation of these five points does not require
• Fielding of (agile) software iterations in weeks or months rewriting of DoD 5000 or other major DoD policies which
as they are approved by users during development. can take a years. Rather, they can be implemented quickly
• Use of frequent in process reviews (IPRs) to monitor status with simple clarifying guidelines, one-page policies, and, most
and adjust development if necessary importantly, visible emphasis by DoD leadership that the status
quo is no longer acceptable.
Key elements of the COTS Template include the following:
There is no claim that the five points reflect entirely new
• Recognition that the objective is procurement of a product thought. Clearly, there has been discussion about shorter
rather than development. development cycles, more agile contracting, and standard
• After procurement, the unmodified COTS product is IT platforms for years. Likewise the concepts of tailored
rapidly demonstrated and then deployed to end users. templates and streamlined test and certification have been
• If the user requirements cannot be adequately satisfied with proposed before. The five points do, however, reflect a small
(unmodified) COTS solutions, the program is stopped subset of the concepts proposed in the Report to Congress and
rather than evolving into a development program. in other documents. That is, they provide focus! Moreover,
the primary observation in proposing these five points is
The third template, Integrated COTS, addresses the fact that that implementing just this small set of actions can have
DoD often procures multiple COTS products that have been an enormous impact on reducing IT acquisition costs and
proven individually, but never configured as an integrated improving the timelines and quality of the products delivered
capability. This template, therefore, addresses the need for to DoD customers.
integration of the COTS components and incremental fielding
of the integrated COTS capability prior to a full fielding The primary challenge therefore is to the DoD leaders who
decision. The fourth template, IT Services, recognizes the are encouraged to embrace the five points and to quickly act
unique need to define service levels based on market research on them as a first phase of DoD’s IT acquisition reform effort.
and customer analysis as well as the importance of focusing on It is not recommended that other elements of the broader IT
ways after contract award to ensure in a continued reduction acquisition reform vision be abandoned. Rather, they should
in the cost of services through employment of evolving be undertaken in a phased manner to permit achievement of
technology and process improvement. some significant progress in the near term while continuing
pursuit of the full reform agenda.
Individual programs and projects may also require a
combination of templates. For example, enterprise resource End Notes
planning efforts (ERP) often have a procurement acquisition 1. House Armed Services Committee Panel on Defense
component for a COTS ERP package (i.e., appropriate for Acquisition Reform, Interim Findings and Recommendations,
the COTS Template) as well as either an applications software DAR Interim Report, March 4, 2010.
acquisition component (i.e., employing the Application
Software Development Template) or a need to integrate several 2. National Research Council, Committee on Improving
software packages (i.e., using the Integrated COTS Template is Processes and Policies for the Acquisition and Test of
appropriate). Using the templates as a point of departure, a Information Technologies in the Department of Defense,
program or project office can quickly adapt them to suit the Achieving Effective Acquisition of Information Technology in
specific needs of an individual program or project. the Department of Defense, 2010.
60 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
Introducing...
...the newest member of the Quanterion Automated Reliability Toolkit family...
QuART PRO
QuART ER
QuART
❯❯❯ With over two dozen new or improved tools!
$99 $189 $399
Reliability Advisor No Yes Yes
General Knowledge
Enhancing Reliability Reliability Program Cost No Yes Yes +
Reliability Imp rovement Cost No Yes Yes
Warranty Cost No Yes Yes
Quanterion Automated Reliability Toolkit
Statistical Distributions No Yes Yes +
Checklists No Yes Yes
Definitions Yes Yes Yes
Acronyms Yes Yes Yes
Reliability Potential Yes Yes Yes
Concept
Reliability Allocation No No Yes
Reliability Tailoring Yes Yes Yes
Reliability Approach Assessment No No Yes
Derating Yes Yes Yes
Design Analysis
Thermal Design No Yes Yes
Failure Modes No Yes Yes +
FMECA Worksheets No No Yes
Material Durability Improvement No No Yes
Parts Count Analysis Yes Yes Yes
Software Reliability Prediction No No Yes
Redundancy Modeling Yes Yes Yes +
Reliability Adjustment Factors Yes Yes Yes
Interference Stress Strength Analysis No No Yes
Availability Calculator No No Yes
Benefit of Reliability No No Yes
Testing
QUANTERION
SOLUTIONS INCORPORATE D
Sparing Analysis (Graphical)
Spares Analysis (Tabular)
Yes
Yes
Yes
Yes
+ indicates improved features or functions
Yes
Yes +
quanterion.com
(315)-732-0097/(877) 808-0097 Affordable tools for improving reliability…
Quanterion Solutions in a team member of the operation of the Reliability Information Analysis Center (RIAC)
Q
This is a paid advertisement.
Data & Analysis Center for Software (DACS) 61
Article Submission Policy
Vol.14 No.1
January 2011
NEWS
technews.com
www.software
dacs
http://iac.dtic.mil/ on
ibuti
Unlimited Distr
Unclassified and
The DACS Journal is a theme-based quarterly journal. In the past DACS has typically solicited specific authors to participate in
developing each theme, but we recognize that it is not possible for us to know about all the experts, programs, and work being
done and we may be missing some important contributions. In 2009 DACS adopted a policy of accepting articles submitted
by the software professional community for consideration.
DACS will review articles and assist candidate authors in creating the final draft if the article is selected for publication.
Note that DACS does not pay for articles published. Note also that submittal of an article constitutes a transfer of ownership
for First Publication Rights from the author to DACS for a period of ninety days following publication. After this ninety day
period full copyright ownership returns to the author.
Although the DACS Journal is theme-based, we do not limit the content of the issue strictly to that theme. If you submit an article that DACS
deems to be worthy of sharing with the community, DACS will find a way to get it published. However, we cannot guarantee publication
within a fixed time frame in that situation. Consult the theme selection page and the Author Guidelines located on the Journal web site
(see https://journal.thedacs.com/) for further details.
62 Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
ABOUT THE JOURNAL OF SOFTWARE TECHNOLOGY
Thomas McGibbon
DACS Director
Quanterion Solutions, DACS
Morton A. Hirschberg
Army Research Lab (retired) ARTICLE REPRODUCTION
Images and information presented in these articles may be reproduced as long as
Dr. Kenneth E. Nidiffer the following message is noted:
Software Engineering Institute
“This article was originally published in the DACS Journal of Software Technology,
Dr. David A. Wheeler Vol.15, No.1 February 2012. “
Institute for Defense Analyses Requests for copies of the referenced journal may be submitted to the
following address:
Dennis Goldenson
Software Engineering Institute Data & Analysis Center for Software
100 Seymour Road
John Scott Utica, NY 13502-1348
RadiantBlue Technologies
Phone: 800-214-7921
Dr. Richard Turner Fax: 315-732-3261
Stevens Institute of Technology E-mail: news-editor@thedacs.com
An archive of past newsletters is available at https://journal.thedacs.com.
In addition to this print message, we ask that you notify DACS regarding any document
that references any article appearing in the DACS Journal.
Journal of Software Technology 15-1 February 2012: Cost Estimation and Systems Acquisition
IN THIS ISSUE
Tech Views
Data as a Critical Service in Acquisition
By Thomas McGibbon, DACS Director......................................................................................................................................... 3
Outcome-Based Acquisition
By Roger Stewart and Lew Priven.................................................................................................................................................. 44