An application assessment is an automated, objective analysis of the structural and architectural quality of applications in your IT portfolio.
Lacking an understanding of what's inside your software, is commonplace and extremely risky as poorly constructed software can degrade performance, stability and security, while driving-up maintenance costs, delaying releases and at worst, bringing down entire systems.
Software Intelligence platforms, like CAST, have the ability to analyze multi-technology, multi-layer applications and provide visibility and understanding of these complex systems. An application assessment is the first step to helping delivery teams do a better job communicating with business partners, an important first step towards alignment and satisfaction of business constituents.
Set and Measure Application Assessment Objectives
Clearly identify the objectives of the engagement. CAST recommends establishing clear objectives for both the technical and business aspects of the assessment.
Some example application assessment objectives include:
Define Assessment Scope & Frequency
Typically an application assessment for an average business application will take about two weeks. Assessment activities and some potential durations include:
A reassessment of the application can be advised to understand the level of improvements made by in-house or outsourced teams.
It is advisable to start planning the post-assessment next steps as you are planning the assessment itself (what will you do with the data, who will be involved in remediation, etc.?), in order to make the process actionable.
Identify Key Stakeholders
Multiple stakeholders need to be available for an assessment to be completed, stakeholders that cannot be accessible during the assessment process may cause for the process to be delayed. The scope of your assessment will determine the number of stakeholders, but the basic roles are almost always the same. Typical roles to consider include:
Ensure Teams & Vendors are Prepared
If the scope of the assessment includes code that is managed by third parties, be sure you will have access to the latest relevant source code from your vendor(s). It is also important to ensure that vendor SMEs are available and prepared to support the discovery portion of the assessment. In some cases they will be needed to help define application boundaries, to separate application tiers and validate transaction boundaries.
Most times during an assessment, especially when performed by a third party, you may see some sensitivities and internal resistance. Technical colleagues will be sensitive about putting a measure on the quality of anything they have had a hand in developing. Development is a team sport, often handed off from one team to the next – communicate that the focus is not to score anyone, but to find ways to improve the asset (the application) on behalf of the company.
Be sure to reinforce that this assessment is neutral, objective and based on industry best practices and software engineering principles. Prepare key stakeholders to act on the data once it has been prioritized and a business case has been put together for refactoring/remediation.
Application Assessment Deliverables
Below a list of potential deliverables from the application assessment:
Learn more about gaining insight into your most sensitive and critical applications, here.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.