Engineering Process Compliance Review Template
advertisement
ESC/EN Engineering Process Compliance Procedures August 2002 Engineering Process Compliance ESC/EN Four major steps to compliance - Conduct Process Self-Assessment - Complete Engineering Process Compliance Templates - Submit Completed Templates and Selected Process Assets - Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets Conduct Process Self- Assessment Prepare Compliance Templates Submit Templates and Selected Assets Collect Process Assets 2 Present Result to EN Comp Bd Engineering Process Compliance Step 1 - Conduct Process Self-Assessment ESC/EN Four major steps to compliance - Conduct Process Self-Assessment - Complete Engineering Process Compliance Templates - Submit Completed Templates and Selected Process Assets - Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets Conduct Process Self- Assessment Prepare Compliance Templates Submit Templates and Selected Assets Collect Process Assets 3 Present Result to EN Comp Bd Conducting the Self-Assessment ESC/EN Complete Program Baseline Questionnaire - Provide an understanding of your program Unique circumstances or conditions Stakeholders etc. Provide data needed to understand the gaps in the ESC/EN Process Concepts when compared to you business model Complete the Risk Manage Self Assessment Survey If your program has implemented a risk management process, this checklist can help us decide how well the process meets the CMMI goals and specific practices. Assist in the adaptation of the ESC/EN Process Concepts to your program. - 4 Risk Management Self Assessment Survey Example ESC/EN Complete All Sections: SG 1 - Prepare for Risk Management SG 2 - Identify and Analyze Risk SG 3 - Mitigate Risks GG 1 - Achieve SGs GG 2 - Institutionalize a Managed Process GG 3 - Institutionalize a Defined Process GG 4 - Institutionalize a Quantitatively Managed Process GG 5 - Institutionalize an Optimizing Process Collect Artifacts Helpful if Completed and Delivered Electronically 5 Risk Management Self Assessment Survey Example (Concluded) ESC/EN Specific Goal Artifacts Described Questions Your Comments Specific Practice Collect Artifacts (i.e.Evidence) to Support Self Assessment 6 Program Baseline Questionnaire (Risk Management) Example ESC/EN Complete All Sections: 1 - Program Data 2 - ESC/MC POC 3 - MITRE POC 4 - Brief Program Description 5 - Contractor Information 6 - Program Status 7 - Risk Management Process 8 - Risk Management Data 9 - Contracting 10 - Other Comments Attach Support Material if Necessary Helpful if Completed and Delivered Electronically 7 Program Baseline Questionnaire (Risk Management) Example (Concluded) ESC/EN Section Use Space Needed Data Requested Complete All Blanks Provide Narratives Attach Artifacts (i.e.Evidence) as Applicable 8 Engineering Process Compliance Step 2 - Complete Engineering Process Compliance Templates ESC/EN Four major steps to compliance - Conduct Process Self-Assessment - Complete Engineering Process Compliance Templates - Submit Completed Templates and Selected Process Assets - Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets Conduct Process Self- Assessment Prepare Compliance Templates Submit Templates and Selected Assets Collect Process Assets 9 Present Result to EN Comp Bd Engineering Process Compliance Templates ESC/EN This template was created to assist in the development of ESC/EN Compliance Board Briefing charts. It is based on the ESC/EN Engineering Process Self- Assessment . The Chief Engineer should brief, as a minimum, program baseline information, the results of the self-assessment survey and a review of selected process assets. The Chief Engineer should address the topics as outlined in the Process Compliance Template charts as appropriate for a complete understanding of the state of process implementation in the program. The template should be tailored to meet your program business environment and practices. Process Compliance Templates are Shown in the Following xx Charts 10 Process Compliance Template - Chart 1 x ESC/EN x [Program Name] [Name of Process] Compliance Status [Chief Engineer Name] [Date] 11 Process Compliance Template - Chart 2 Overview ESC/EN Part 1 - Program Baseline - Background - Program Description - Contractor Information - Program Status - [Process Name] Process Background - Program [Process Name] Data Part 2 - [Process Name] Self-Assessment - Assessment Summary - Process Gaps and Gap Filler Solutions - Practice Adoptions - Assessment Details - Assessment Conclusions For Illustration Purposes the Risk Management Process Self Assessment Survey will be used to form Templates for Part 2 and 3 Part 3 - Review of Selected [Process Name Assets] 12 Process Compliance Template - Chart 3 Part 1 - Program Baseline Program Background ESC/EN Program Data Program Name: Acquisition Organization: Users: ACAT Level Program Manager Name Address Phone Fax E-Mail Chief Engineer Name Address Phone Fax E-Mail 13 Process Compliance Template - Chart 4 Part 1 - Program Baseline Program Description ESC/EN Narrative or Graphic Description 14 Process Compliance Template - Chart 5 Part 1 - Program Baseline Contractor Information ESC/EN Name Contractor Information Location Role History Prime Sub 1 Sub 2 Sub 3 Contracting (indicates types of risk mitigation actions available): Type of contract: duration, basis for payment (include awards and incentives): Government/Contractor, relationship: CAIV? TSPR? Role and involvement of user organizations: Any other important features of contract or contracting process Describe how you incorporate Contractor Risk into your Risk Management Program. 15 Process Compliance Template - Chart 6 Part 1 - Program Baseline Program Status ESC/EN Primary Purpose of Acquisition New Start Program Status Upgrade Migration YES NO YES NO YES NO Description of Other: Next Major Milestone Milestone Date Purpose 16 Other (Describe Below) Process Compliance Template - Chart 7 Part 1 - Program Baseline [Process Name] Process Background ESC/EN [Process Name] Describe Your Current [Process Name] Process IPT (if so, which (Use additional Charts as Required) (Use additional Charts as Required) organizations participate and how often do they meet?) Describe how [Process Name] process data are reported and managed. What [Process Name] Tools are used? Is [Process Name] Training given? (If, Yes, describe) Does your program have a [Process Name] Plan? (Describe) Other Comments about your [Process Name] Process. (Use additional Charts as Required) (Include Internal Program, Contractor, and Cross Programs) (Use additional Charts as Required) (Use additional Charts as Required) (Use additional Charts as Required) (Use additional Charts as Required) 17 Process Compliance Template - Chart 8 Part 1 - Program Baseline Program [Process Name] Data ESC/EN [Process Name] Data What key metrics are available to you under the contract or otherwise concerning contractor performance? What information does the government use regularly to manage the contract and oversee the progress and direction? What assessments have been done (Red Teams, other), by whom, and what were the results? What redirection or replanning has been done, when? (show all replans, schedule slips, when announced)? 18 Process Compliance Template - Chart 9 Part 2 - [Process Name] Self-Assessment Assessment Summary ESC/EN KEY: CMMI Goal SG 1 SG 2 SG 3 GG 1 GG 2 GG 3 GG 4 GG 5 YES NO Partially Description Prepare for Risk Management: Preparation for risk management is conducted. Identify and Analyze Risks: Risks are identified and analyzed to determine their relative importance. Mitigate Risks: Risks are handled and mitigated, where appropriate, to reduce adverse impact on achieving objectives. Achieve Specific Goals. (Capability Level 1 - Performed) Institutionalize a Managed Process. (Capability Level 2 Managed) Institutionalize a Defined Process. (Capability Level 3 Defined) Institutionalize a Quantitatively Managed Process. (Capability Level 4 – Quantitatively Managed) Institutionalize an Optimizing Process. (Capability Level 5 – Optimizing) Risk Management Process Example 19 SPO Summary Fill in Boxes with Appropriate Color Process Compliance Template - Chart 10 Part 2 - [Process Name] Self-Assessment Process Gaps and Gap Filler Solutions ESC/EN GAPS GAP Filler SG1 SG2 SG3 GG1 GG2 GG3 GG4 GG5 Risk Management Process Example 20 Process Compliance Template - Chart 11 Part 2 - [Process Name] Self-Assessment Practice Adoptions ESC/EN SG1 SG2 SG3 GG1 GG2 GG3 GG4&5 - Install process support tools (SP1.1 & SP1.2) - Establish Program RMP policy and procedures (SP1.3) - Separate risk management from issue management (SP1.3) - Implement standard risk management toolbox (SP2.1) - Implement standard identification and analysis tools. (SP2.2) - Formalize the mitigation planning and incorporate into program plans and execution. (SP3.1) - Establish monitoring procedures and regular review cycle for mitigation plans.(SP3.2) - Complete RMP Implementation (GP1.1 and GP1.2) - Maintain current RM Team structure and establish recurring training. (GP1.1 and GP1.2) - Implement suggested Policy (GP2.1) - Implement suggested Operating Instruction (GP2.2, GP2.4, GP2.5) - Maintain current RMP Team Structure (GP2.3) - Incorporate Risk Management Products into Configuration Management process (GP2.6) - Implement Standard RMP Guide (GP2.7), (GP2.8) - Perform regular RMP Self Assessments (GP2.9) - Incorporate activities, status and results of the RMP in program, directorate, and command reviews. (GP2.10) - Implement recommendations of GG2 (GP3.1 and GP3.2) - As GG2&3 is being satisfied, consideration should be given to the GG4&5 goal at the JPO level. Risk Management Process Example 21 Process Compliance Template - Chart 12 Part 2 - [Process Name] Self-Assessment Assessment Details ESC/EN Assessment Team: Name Organization Role Assessment Period: Assessment Problems: Recommendations for Future Assessments: 22 Process Compliance Template - Chart 13 Part 2 - [Process Name] Self-Assessment Assessment Conclusions ESC/EN Overall Assessment Rating Level: (e.g. 0,1,2,3,4,or 5) Summary of Findings: Corrective Actions Needed: 23 Process Compliance Template - Chart 14 Part 3 - Review of Selected [Process Name] Assets [Process Name] [Asset Name] ESC/EN Relates to Goal and Practice: (e.g. SG2, SP2.1) Question Answered: (e.g. If yes, what are the indicators that risks are identified and documented?) Description of Asset: Note The Number of Assets to Review will be determine by the EN Compliance Board after Receipt of Templates and Selected Assets How the Asset Answers the Question: 24 Process Compliance Template - Chart 15 Template Backup Charts ESC/EN BACKUP CHARTS 25 Process Compliance Template - Backup Chart 1 Part 2 - [Process Name] Self-Assessment Assessment Details SG 1 ESC/EN CMMI Goal SG 1 Practice Description hyperlink SP 1.1 SP 1.2 SP 1.3 YES Response NO Partially Prepare for Risk Management: Preparation for risk management is conducted. Determine Risk Sources and Categories: Determine risk sources and categories. Do you have an approach to determining risk sources and categories? Define Risk Parameters: Define the parameters used to analyze and classify risk s, and the parameters used to control the risk management effort. Do you have an approach to defining the parameters used to analyze and classify risks, and the parameters used to control the risk management effort? Establish a Risk Management Strategy: Establish and maintain the strategy and methods to be used for risk management. Have you established and are you maintaining a strategy and a set of methods to be used for risk management? Comments Risk Management Process Example 26 Process Assets Collected Process Compliance Template - Backup Chart 2 Part 2 - [Process Name] Self-Assessment Assessment Details SG 2 ESC/EN CMMI Goal SG 2 Practice Description hyperlink SP 2.1 SP 2.2 YES Response NO Partially Identify and Analyze Risk s: Risk s are identified and analyzed to determine their relative importance. Identify Risk s: Identify and document the risk s. Do you identify and document the risks? Evaluate, Classify, and Prioritize Risk s: Evaluate and classify each identified risk using the defined risk categories and parameters, and determine its relative priority. Do you evaluate and classify each identified risk using the defined risk categories and parameters, and determine its relative priority? Comments Risk Management Process Example 27 Process Assets Collected Process Compliance Template - Backup Chart 3 Part 2 - [Process Name] Self-Assessment Assessment Details SG 3 ESC/EN CMMI Goal SG 3 Practice Description hyperlink SP 3.1 SP 3.2 YES Response NO Partially Mitigate Risk s: Risk s are handled and mitigated, where appropriate, to reduce adverse impact on achieving objectives. Develop Risk Mitigation Plans: Develop a risk mitigation plan for the most important risk s to the project, as defined by the risk management strategy. Do you develop risk mitigation plans for the most important risks to the project, as defined by the risk management strategy? Implement Risk Mitigation Plans: Monitor the status of each risk periodically and implement the risk mitigation plan as appropriate. Do you monitor the status of each risk periodically and implement the risk mitigation plan as appropriate? Comments Risk Management Process Example 28 Process Assets Collected Process Compliance Template - Backup Chart 4 Part 2 - [Process Name] Self-Assessment Assessment Details GG 1 ESC/EN CMMI Goal GG 1 Practice Description hyperlink GP 1.1 GP 1.2 YES Response NO Partially Achieve Specific Goals. (Capability Level 1 - Performed) Identify Work Scope: Identify the scope of the work to be performed and work products to be produced for risk management, and communicate this information to those performing the work . Have you identified the scope of the work to be performed and work products to be produced for risk management, and communicate this information to those performing the work? Perform Base Practices: Perform the base practices of the risk management process to develop work products and provide services to achieve the specific goals of the process area. Are you performing the base practices of the risk management process to develop work products and provide services to achieve the specific goals of the process area? (Satisfying all of the 3 specific goals and associated practices listed above) Comments Risk Management Process Example 29 Process Assets Collected Process Compliance Template - Backup Chart 5 Part 2 - [Process Name] Self-Assessment Assessment Details GG 2 ESC/EN CMMI Goal GG 2 Practice Description hyperlink GP 2.1 GP 2.2 GP 2.3 YES Response NO Partially Institutionalize a Managed Process. (Capability Level 2 Managed) Establish an Organizational Policy: Establish and maintain an organizational policy for planning and performing the risk management process. Have you established and are you maintaining an organizational policy for planning and performing the risk management process? Plan the Process: Establish and maintain the requirements and objectives, and plans for performing the risk management process. Have you established and are you maintaining the requirements and objectives, and plans for performing the risk management process? Provide Resources: Provide adequate resources for performing the planned process, developing the work products and providing the services for the risk management process. Are you providing adequate resources for performing the planned process, developing the work products and providing the services for the risk management process? Comments Risk Management Process Example 30 Process Assets Collected Process Compliance Template - Backup Chart 6 Part 2 - [Process Name] Self-Assessment Assessment Details GG 2 (Continued) ESC/EN CMMI Goal GG 2 Practice Description hyperlink GP 2.4 GP 2.5 GP 2.6 GP 2.7 YES Response NO Partially Institutionalize a Managed Process. (Capability Level 2 Managed) Assign Responsibility: Assign responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process. Have you assigned responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process? Train People: Train the people performing or supporting the risk management process as needed. Have you trained the people performing or supporting the risk management process as needed? Manage Configurations: Place designated work products of the risk management process under appropriate levels of configuration management. Have you placed designated work products of the risk management process under appropriate levels of configuration management? Identify and Involve Relevant Stak eholders: Identify and involve the relevant stak eholders of the risk management process as planned. Have you identified and involved the relevant stakeholders of the risk management process as planned? Comments Risk Management Process Example 31 Process Assets Collected Process Compliance Template - Backup Chart 7 Part 2 - [Process Name] Self-Assessment Assessment Details GG 2 (Concluded) ESC/EN CMMI Goal GG 2 Practice Description hyperlink GP 2.8 GP 2.9 GP 2.10 YES Response NO Partially Institutionalize a Managed Process. (Capability Level 2 Managed) Monitor and Control the Process: Monitor and control the risk management process against the plan and tak e appropriate corrective action. Are you monitoring and controlling the risk management process against the plan and taking appropriate corrective action? Objectively Evaluate Adherence: Objectively evaluate adherence of the risk management process and the work products and services of the process to the applicable requirements, objectives, and standards, and address noncompliance. Do you objectively evaluate adherence of the risk management process and the work products and services of the process to the applicable requirements, objectives, and standards, and address noncompliance? Review Status with Higher-Level Management: Review the activities, status, and results of the risk management process with management and resolve issues. Do you review the activities, status, and results of the risk management process with management and resolve issues? Comments Risk Management Process Example 32 Process Assets Collected Process Compliance Template - Backup Chart 8 Part 2 - [Process Name] Self-Assessment Assessment Details GG 3 ESC/EN CMMI Goal GG 3 Practice Description hyperlink GP 3.1 GP 3.2 YES Response NO Partially Institutionalize a Defined Process. (Capability Level 3 Defined) Establish a Defined Process: Establish and maintain the description of a defined risk management process. Has your organization (e.g., ESC) established and is it maintaining the description of a defined (standardized) risk management process? Collect Improvement Information: Collect work products, measures, and improvement information derived from planning and performing the risk management process to support the future use and improvement of the organization’s processes and process assets. Is your organization (e.g., ESC) collecting work products, measures, and improvement information derived from planning and performing the risk management process to support the future use and improvement of the organization’s processes and process assets? Comments Risk Management Process Example 33 Process Assets Collected Process Compliance Template - Backup Chart 9 Part 2 - [Process Name] Self-Assessment Assessment Details GG 4 ESC/EN CMMI Goal GG 4 Practice Description hyperlink GP 4.1 GP 4.2 YES Response NO Partially Institutionalize a Quantitatively Managed Process. (Capability Level 4 – Quantitatively Managed) Establish a Quality Objectives: Establish and maintain quantitative objectives for the risk management process about quality and process performance based on customer needs and business objectives. Has your organization (e.g., ESC) established and is it maintaining quantitative objectives for the risk management process about quality and process performance based on customer needs and business objectives? Stabilize Subprocess Performance: Stabilize the performance of one or more subprocesses of the risk management process to determine its ability to achieve the established quantitative quality and process performance objectives. Has your organization (e.g., ESC) stabilized the performance of one or more subprocesses of the risk management process to determine its ability to achieve the established quantitative quality and process performance objectives? Comments Risk Management Process Example 34 Process Assets Collected Process Compliance Template - Backup Chart 10 Part 2 - [Process Name] Self-Assessment Assessment Details GG 5 ESC/EN CMMI Goal GG 5 Practice Description hyperlink GP 5.1 GP 5.2 YES Response NO Partially Institutionalize an Optimizing Process. (Capability Level 5 – Optimizing) Ensure Continuous Process Improvement: Ensure continuous improvement of the risk management process in fulfilling the relevant business goals of the organization. Does your organization (e.g., ESC) ensure continuous improvement of the risk management process in fulfilling the relevant business goals of the organization? Correct Common Cause of Problems: Identify and correct the root causes of defects and other problems in the risk management process. Does your organization (e.g., ESC) identify and correct the root causes of defects and other problems in the risk management process? Comments Risk Management Process Example 35 Process Assets Collected Engineering Process Compliance Step 3 - Submit Completed Templates and Selected Assets ESC/EN Four major steps to compliance - Conduct Process Self-Assessment - Complete Engineering Process Compliance Templates - Submit Completed Templates and Selected Process Assets - Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets Conduct Process Self- Assessment Prepare Compliance Templates Submit Templates and Selected Assets Collect Process Assets 36 Present Result to EN Comp Bd Engineering Process Compliance Step 3 - Submit Completed Templates and Selected Assets ESC/EN Complete Templates in Step 2 and Submit them to ESC/EN one week prior to the date of the EN Compliance Review Complete the following Process Assets to ESC/EN two weeks prior to the date of the EN Compliance Review Risk Management Process Selected Asset List Requirements Process Selected Asset List Electronic Submittal is Preferred 37 Engineering Process Compliance Step 4 - Appear Before EN Compliance Board ESC/EN Four major steps to compliance - Conduct Process Self-Assessment - Complete Engineering Process Compliance Templates - Submit Completed Templates and Selected Process Assets - Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets Conduct Process Self- Assessment Prepare Compliance Templates Submit Templates and Selected Assets Collect Process Assets 38 Present Result to EN Comp Bd Engineering Process Compliance Step 4 - Appear Before EN Compliance Board ESC/EN Compliance Board Agenda - Introductions - Chief Engineer Presentation - Comments By Program Management (Optional) - Question and Answer Period - Assignment of Action Items Board Duration - One Process 1 - 2 hours - Two Processes 2 - 4 hours Participants - Chief Engineer - Process Facilitator(s) - Support (as required) - Program Management (Optional) 39 Engineering Process Compliance Points of Contact ESC/EN EN Compliance Board Secretary - Name / Phone / E-Mail EN Compliance Board Members - Chair: Name / Phone / E-Mail - Member: Name / Phone / E-Mail - Member: Name / Phone / E-Mail - Member: Name / Phone / E-Mail - Member: Name / Phone / E-Mail EN Engineering Process Improvement Team - Jeff Higginson / 16137 / higginso@mitre.org - Mike Bloom / 13387 / mjbloom@mitre.org - Joe Duquette / 16373 / joe@mitre.org - Jen Anderson /15466 / jeanders@mitre.org 40
