CAST

The Tech Babel Fish for CFOs

Jul 26, 2012 by Pete Pizzutillo

Any advocate for better software quality knows that one of the biggest challenges is helping the CIO reach the CFO. When your team needs a budget for an important project, those conversations often break down. Thanks to the unavoidable technical complexity of IT, oftentimes the CIO might as well be speaking Esperanto to the CFO.

When it comes to budgeting, IT might be the least-understood department in your organization. And what the CFO doesn’t understand, he doesn’t budget for. Instead, capital that should rightfully go towards IT growth and innovation is allocated to other groups and initiatives. That dulls the organization’s competitive edge, and can have a toxic effect on system quality overall.

This is why I advocate software estimation as a budget-winning process for IT leaders. It clearly correlates software quality and technical debt in ways that a CFO or CEO can understand. “Technical debt” is a useful term that helps people outside of IT understand that application risk can be measured, and has a cost that gets paid for one way or the other.

The difficult part comes in where the rubber meets the road. Your CIO has intimate knowledge of the inner-workings of your IT department; you just need to equip him with the proper metrics to interface with the CFO.

Rather than getting technical, the CIO must decode what the IT teams do and translate it into the language of planning and budgeting -- with a focus on being responsive, adding new capabilities, and reducing maintenance costs and risk per head. This is one place where our technology can help -- with metrics like:

  • Software maintenance effort over time. This metric tracks the estimated software maintenance effort of your most critical applications broken down over fiscal quarters. It gives you an immediately identifiable visual into which applications require the most upkeep, and which are actually becoming more efficient.

  • Change in risk and size over the last four quarters. This report shows how many applications increased or reduced their risk to the organization; and also shows which applications increased or decreased in size. A great way to tell if your bloated applications are becoming a risk to your structural quality.

  • Estimated vs. planned maintenance effort. This is another great metric which compares the planned maintenance per application against the estimated effort. The application size, number and type of technologies, complexity, and quality are all drivers of the estimated maintenance effort.

  • Top 10 applications by high risk technical debt. This might be the most telling metric to bring to your CFO. This report shows the proportion of technical debt in your application portfolio that’s driven by dangerous coding patterns and should be addressed first to minimize business risk exposure.

With all the dimensional views an organization can get through our Application Intelligence Platform and Highlight reports, they can boil down high bandwidth conversations to a place where finance and IT can intersect. And armed with those key KPIs, your CIO will have rock solid metrics -- in the CFO’s language -- that can foster a dialogue both can understand.

Filed in: Risk & Security Software Analysis Software Measurement Technical Debt
Tagged: Application intelligence Coding patterns Risk software maintenance Software Quality Technical Debt
Get the Pulse Newsletter Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors — CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys — and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice. Forrester Wave: Static Application Security Testing, Q4 2017 Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report
Pete Pizzutillo
Pete Pizzutillo Vice President
Pete Pizzutillo is Vice President at CAST and has spent the last 15 years working in the software industry. He passionately believes Software Intelligence is the cornerstone to successful digital transformation, and he actively helps customers realize the benefits of CAST's software analytics to ensure their IT systems are secure, resilient and efficient to support the next wave of modern business.
More Posts from Pete >>
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|

Get a Demo    •    Contact Us    •     Support    •     The Software Intelligence Pulse    •     Privacy Policy    •     SiteMap    •     Glossary    •     Archive

Copyright - CAST | All Rights Reserved