An application assessment is an automated, objective analysis of the structural and architectural quality of applications in your IT portfolio.
Lacking an understanding of what's inside your software, is commonplace and extremely risky as poorly constructed software can degrade performance, stability and security, while driving-up maintenance costs, delaying releases and at worst, bringing down entire systems.
Software Intelligence platforms, like CAST, have the ability to analyze multi-technology, multi-layer applications and provide visibility and understanding of these complex systems. An application assessment is the first step to helping delivery teams do a better job communicating with business partners, an important first step towards alignment and satisfaction of business constituents.
Set and Measure Application Assessment Objectives
Clearly identify the objectives of the engagement. CAST recommends establishing clear objectives for both the technical and business aspects of the assessment.
- Establish objectives – are you just doing a benchmark, or do you need to fix a specific problem?
- Ensure buy-in to the objectives with key stakeholders
- Make sure there is a specific outcome (one or several) from the assessment and document the desired outcome via email to all stakeholders
Some example application assessment objectives include:
- Improve production stability by identifying coding mistakes and improve end user experience
- Identify the critical violations in the latest release of the application
- Understand what transactions are suspect for performance issues
- Compare application quality characteristics across portfolios to identify problem areas, or teams
- Understand the structural quality of an application to verify the delivery performance of an outsourced team or justify maintenance budgets
Define Assessment Scope & Frequency
Typically an application assessment for an average business application will take about two weeks. Assessment activities and some potential durations include:
- Socialization, planning and objective setting – 1 day
- Application discovery & analysis – 3-4 days
- Final assessment generation & portal publishing – 1 day
- Results review with SMEs and stakeholders – 1 day
- Finalize assessment report and readout – 1 day
A reassessment of the application can be advised to understand the level of improvements made by in-house or outsourced teams.
It is advisable to start planning the post-assessment next steps as you are planning the assessment itself (what will you do with the data, who will be involved in remediation, etc.?), in order to make the process actionable.
Identify Key Stakeholders
Multiple stakeholders need to be available for an assessment to be completed, stakeholders that cannot be accessible during the assessment process may cause for the process to be delayed. The scope of your assessment will determine the number of stakeholders, but the basic roles are almost always the same. Typical roles to consider include:
- Sponsor - Every project needs a champion to serve as the driver in your company, rallying support and resources for your implementation. Assisted by a Project Manager he/she will ultimately ensure clarity of scope, objectives and priority.
- Application Owner - Your assessment team should also include a representative from each of your application areas, such as key users, managers, architect , etc. If you don’t take the time to enroll your users before assessment you’ll definitely hear about it after and jeopardize action based on results. This team will also play a vital role with the ongoing success of the initiative.
Ensure Teams & Vendors are Prepared
If the scope of the assessment includes code that is managed by third parties, be sure you will have access to the latest relevant source code from your vendor(s). It is also important to ensure that vendor SMEs are available and prepared to support the discovery portion of the assessment. In some cases they will be needed to help define application boundaries, to separate application tiers and validate transaction boundaries.
Most times during an assessment, especially when performed by a third party, you may see some sensitivities and internal resistance. Technical colleagues will be sensitive about putting a measure on the quality of anything they have had a hand in developing. Development is a team sport, often handed off from one team to the next – communicate that the focus is not to score anyone, but to find ways to improve the asset (the application) on behalf of the company.
Be sure to reinforce that this assessment is neutral, objective and based on industry best practices and software engineering principles. Prepare key stakeholders to act on the data once it has been prioritized and a business case has been put together for refactoring/remediation.
Application Assessment Deliverables
Below a list of potential deliverables from the application assessment:
- Dashboard– A private, secure portal that contains the assessment results.
- Assessment Report – A concise report containing the key insights and summary of the assessment results.
- Detailed Action Plan – Your action plan contains a prioritized list of artifacts causing critical violations.
- Onsite Assessment Debrief – A CAST-certified assessment professional will walk through the assessment results and key insights to you and your stakeholders.This session presents a valuable opportunity to engage CAST consultants to enhance insights and develop next steps.Typically the Assessment Debrief is delivered as a workshop immediately after assessment report delivery.
Learn more about gaining insight into your most sensitive and critical applications, here.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.