CSIAC

Cyber Security and Information Systems Information Analysis Center

/ Journal Issues / Understanding Cyber Risks and Security Management / An Overview of the Schedule Compliance Risk Assessment Methodology (SCRAM)

An Overview of the Schedule Compliance Risk Assessment Methodology (SCRAM)

Published in Journal of Cyber Security and Information Systems
Volume: 1 Number: 4 - Understanding Cyber Risks and Security Management
Authors: Adrian Pitman, Elizabeth K. Clark, Brad Clark and Angela Tuffley
| Leave a Comment

Schedule slippage is an unfortunate reality for many large development programs. The Australian Defence Materiel Organisation Schedule Compliance Risk Assessment Methodology (SCRAM) provides a framework for identifying and communicating the root causes of schedule slippage and recommendations for going forward to Program and Executive-level management. It is based on a repeatable process that uses a root cause analysis of schedule slippage model to locate factors that impact program schedule along with a “health check” of the documented schedule, assessing its preparation and probability distribution of completion dates. SCRAM can be used at the commencement of a program to validate a proposed schedule and identify potential risks, during program execution as a “health check”, or as a diagnostic tool to identify root causes when schedule slippage occurs. To date, SCRAM has been applied to a number of major development acquisition programs in Australia and the United States. According to one documented report, seventy-eight percent of US Department of Defense Programs have experienced some form of schedule slippage [1]. Schedule slippage is a symptom of any number of problems or causes occurring on a project. Examples include:

Optimistic, unrealistic estimates Conflicting views among stakeholders
Evolving or unstable requirements Poor subcontractor performance
Use of immature technology Dependencies not realized and/or often not scheduled
Poor monitoring of changing workloads Poor quality work leading to unanticipated
or unplanned rework
Incurring Technical Debt with no plans to repay Inadequate staffing
Lack of adequate planning and preparation for System Integration Artificially imposed deadlines
Poorly constructed schedules Lack of Technical Progression
Poor management communication Lower than estimated productivity

Trying to identify root causes of schedule slippage is not always easy but is necessary if schedule slippage is to be remedied and managed.

This paper introduces the Schedule Compliance Risk Assessment Methodology (SCRAM) used by the Australian Defence Materiel Organisation (DMO) to identify and quantify risk to schedule compliance. SCRAM is an assessment approach and product suite developed by the authors and funded by the Australian DMO to facilitate remediation of troubled acquisition projects.

This paper describes the Root Cause Analysis of Schedule Slippage (RCASS) model used in SCRAM. Next the techniques used in SCRAM to estimate the most likely schedule completion date are discussed; these include Monte Carlo Schedule Risk Analysis and Parametric Software Modeling. Finally the methodology for collecting, organizing and communicating information is briefly described.

References

[1] Edmound Conrow, “An Analysis of Acquisition Cost, performance, and Schedule Characteristics for DOD Programs,” Acquisition Community Connection, Defense Acquisition University, 2003.

[2] John McGarry, David Card, Cheryl Jones, Beth Layman, Elizabeth Clark, Joseph Dean, and Fred Hall, “Practical Software Measurement: Objective Information for Decision Makers,” Addison-Wesley, 2001.

[3] Barry Boehm, “Section 2: Risk Management Practices: The Six Basic Steps,” from Software Risk Management, IEEE Computer Society Press, 1989.

[4] Ricardo Valerdi, “The Constructive Systems Engineering Cost Model (COSYSMO): Quantifying the Costs of Systems Engineering Effort in Complex Systems,” VDM Verlag, 2008.

[5] International Organization for Standardization; ISO/IEC 15504.2:2003 – Information Technology Process Assessment – Part 2: Performing an assessment

Endnotes

[1] COTS: Commercial Of The Shelf; MOTS: Modified Of The Shelf; NDI: Non-Developed Item (previously existing); GFE: Government Furnished Equipment

Authors

Adrian Pitman
Adrian Pitman
Mr. Adrian Pitman is the Director Acquisition Engineering Improvement in the Standardisation Office of the Australian Defence Materiel Organisation (DMO). He has over 45 years military systems experience, including 20 years as a member of the Royal Australian Air Force and 25 years in capital equipment acquisition in various engineering, project management and quality assurance management roles. Throughout his career Adrian has focused his work on implementing organizational improvement including his role as a foundation member of the DMO Software Acquisition Reform Program and as Director Quality Systems in the Australian Department of Defence. Adrian obtained his engineering qualifications at the Royal Melbourne Institute of Technology and is a SCRAM Lead Assessor, a former DMO CMMI Lead Assessor, ISO 9001 Lead Auditor and a Certified International Software Configuration Manager.
Elizabeth K. Clark
Elizabeth K. Clark
Dr. Elizabeth (Betsy) Clark is President of Software Metrics, Inc., a Virginia-based consulting company she co-founded in 1983. Dr. Clark is a primary contributor to Practical Software Measurement (PSM). Dr. Clark was also a principle contributor to the Software Engineering Institute’s (SEI) core measures. Dr. Clark is a Research Associate at the Center for Systems and Software Engineering at USC. She collaborated with Dr. Barry Boehm and Dr. Chris Abts to develop and calibrate the COCOTS model. She is a consultant to the Institute for Defense Analyses and the Software Engineering Institute. She is also a primary contributor to SCRAM. Dr. Clark received her B.A. from Stanford University and her Ph.D. in Cognitive Psychology from UC, Berkeley.
Brad Clark
Brad Clark
Dr. Brad Clark is Vice-President of Software Metrics Inc. – a Virginia based consulting company. His area of expertise is in software cost and schedule data collection, analysis and modeling. He also works with clients to setup their own estimation capability for use in planning and managing. He has also helped clients with software cost and schedule feasibility analysis and cost estimation training. Dr. Clark received his Master’s in Software Engineering in 1995 and Ph.D. in Computer Science in 1997 from the University of Southern California. He is a co-author of the most widely used Software Cost Estimation model in the world, COCOMO II. This model estimates the effort and duration required to complete a software development project Brad is a former US Navy A-6 Intruder pilot.
Angela Tuffley
Angela Tuffley
Ms Angela Tuffley is the Director of the RedBay Consulting, an Adjunct Senior Lecturer with Griffith University and Software Engineering institute (SEI) Visiting Scientist. She has over 30 years of industry experience, both in Australia and overseas, providing expert professional services in training, assessment and advice for the acquisition, engineering and support of software intensive systems. She is a co-developer of the Schedule Compliance Risk Assessment Methodology (SCRAM) and provides consultation on SCRAM, the adoption of the Capability Maturity Model Integration (CMMI) and ISO/IEC 15504 Information Technology Process Assessment (SPICE). She is a CMMI Institute Certified CMMI Instructor and has a Bachelor of Science and a Graduate Diploma in Software Quality from Griffith University.

Reader Interactions

Leave a Comment