Whitepaper – APO, ITMI, Archer 01/17/2011
Whitepaper – APO, ITMI, Archer
By Peter Lechner
This whitepaper describes Computer Aid Inc.’s (CAI) products Automated Project Office (APO), IT Management Insight (ITMI) and EMC’s Security Division (RSA) Archer eGRC Solutions. The objective is to provide the reader with an understanding of their key components, key benefits, strengths and weaknesses.
Page 1This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
Table of ContentsI. Executive Summary Page 3
II. APO, ITMI, Archer at a Glance Page 5
III. Key Components Page 9
a. APO Page 9
i. Scope Management Page 9
ii. Quality Page 9
iii. Integration Page 10
iv. Human Resource Management Page 10
v. Communications Page 10
vi. Risk Management Page 11
vii. Procurement Page 11
viii. Methodology Page 12
b. ITMI
i. Metrics Page 12
ii. Dashboard Objects Page 12
iii. Data Elements Page 12
iv. Data Collection Page 13
c. Archer Page 13
i. Audit Management Page 13
ii. Policy Management Page 13
iii. Risk Management Page 13
iv. Compliance Management Page 13
v. Enterprise Management Page 13
vi. Incident Management Page 13
vii. Vendor Management Page 13
viii. Threat Management Page 14
ix. Business Continuity Management Page 14
IV. Pricing, Deployment, Support Page 14
a. APO Page 14
b. ITMI Page 14
c. Archer Page 14
V. Summary Page 14
Page 2This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
I. Executive Summary
The Information Technology (IT) industry is very quick to label a product as a
complete Project Management Office (PMO) support tool. It’s important to first define
what a PMO is. Thomas Clark, founder of Project Success, Inc. (PSI), describes a PMO
as a staff function that builds, maintains, and improves the project management policies
and procedures in the organization. A PMO supports project managers and their teams in
the effective application of sound project management principles and techniques to
achieve project success. PMO’s often perform tasks that are normally the responsibility
of other functional groups, such as procurement, quality assurance, legal, human
resources and financial departments. The bottom line is that a PMO’s mission is to
ensure that projects succeed every time.
EMC’s Security Division (RSA) Archer eGRC Solutions provide the frameworks,
and the services to help enterprises identify and manage different forms of risk through
an automated PMO. Its emphasis is specifically on:
Enterprise Governance
Risk Management
Compliance
Archer provides flexible, powerful tools for managing content, streamlining workflow,
monitoring controls, and measuring and reporting compliance. It can be implemented via
Software as a Service (SaaS) or installed directly at the client site at no additional cost. It
is priced competitively and is very customizable. Archer's SmartSuite Framework
delivers out-of-the-box solutions. It also provides wizards and intuitive administrative
pages that enable clients to model and automate their unique business processes.
Computer Aid Inc.’s (CAI) Automated Project Office (APO) is a PMO tool that
enables the PMO to manage aspects of projects not addressed by any other application.
APO’s concentration is on:
Best Practices
Leveraged Knowledge
Proper Governance
Quality Assurance
Page 3This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
Risk Management
Total Visibility
APO is an intellectual system that was designed by industry experts and collegiate
educators. APO starts with questionnaire responses and data fed from these answers to
provide insight into a project’s health. APO has the flexibility to be configured without
programming. APO’s dashboards allow you to manage scope, quality, integration,
human resources, communications, risk, procurement and methodology. Implemented
via Software as a Service (SaaS), APO can be deployed in five business days and costs
approximately ½ a FTE. APO is customizable with other data sources like Microsoft
Project. APO is built on the Advanced Management Insight (AMI) development
platform. AMI is extremely customizable. It allows a customer to create their own
solution.
CAI’s IT Management Insight (ITMI) will focus on all aspects of an IT
organization. Its goal is to improve the effectiveness of IT management. ITMI will
include 20+ integrated ‘applications,’ including APO and project portfolio management.
Additional ITMI applications include: Executive Information System, Issues
Management, Unit and Individual Performance Assessments, Voice of the Customer,
Process Assurance, Cost Benefit Analysis, Capacity Planning and Operations Support
Assessment. The key structural components of ITMI are: metrics, dashboard objects,
data elements and data collection. ITMI defines IT as a collection of domains. Each
domain is broken down into a series of activities. Activities are monitored and measured
by a number of data feeds, assessments and plug-in tools. ITMI will cost less than $1.00
per project per day. ITMI will also be built on CAI’s AMI development platform
allowing it to be very customizable.
Archer and APO are definitely similar products. Especially when focusing on risk
management. Both use targeted questionnaires that are automatically sent out to pre-
defined project stakeholders. APO is only one application within ITMI. The APO
application within ITMI is also similar to Archer. However, there are some applications
within ITMI that aren’t included in any of the Archer solutions. For example: Proposal
Submission, Proposal Validation, Portfolio Balancing and Project Monitoring. The
power behind APO and ITMI is the flexibility of its Advanced Management Insight
Page 4This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
(AMI) platform. It allows a customer to tailor their own solution specific to their
business need.
Archer’s pricing is very similar to APO’s. It is apx. 50K-100K a year with a three year
contract. APO’s is 60K a year with a two year contract. Archer allows unlimited users
the capability to view its dashboard reporting. While APO allows 10 named users the
capability to view its dashboard reporting. More are allowed but at an additional cost.
EMC recently purchased Archer and while Gartner states that Archer is a total
risk management solution it also warns that EMC will be challenged to maintain the
independence of the Archer product line because it integrates data from many third
parties. Gartner went on to say that Archer could be challenged to have successful
feature releases because they have acquired too many other products along the way.
This whitepaper will describe and compare the scope and functionality of CAI’s
APO, Clarity and ITMI. It’s a non-competitive market place given the robust PMO
audience.
II. APO, ITMI, Archer at a Glance
a. APO
i. To address the needs of the IT organization specifically application
development, Computer Aid Inc. (CAI) developed the Automated Project
Office (APO) tool. It is implemented as an ‘application’ which is powered
by Automated Management Insight (AMI). The tool offers a unique,
practical solution for managing scope, quality, integration, human
resources, communications, risk, procurement and methodology. These
categories can be displayed in either a data grid or a graphical output
specific to each category.
ii. The core of APO starts with questionnaire responses and data fed from
these answers to provide insight into a project’s health and potential risks.
It is a ‘control room’ that measures health of your project providing early
warning. The question sets were designed around several years of
experience with insight from collegiate educators and industry experts.
They incorporate existing or company-specific practices and processes.
Page 5This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
APO has been assembled with the summation of numerous key features
into a unique tool.
iii. APO alerts you to issues before they become catastrophic problems,
giving you the time you need to address them.
iv. APO provides at-a-glance project health and status, letting you focus your
attention where it's needed the most.
v. APO allows you to identify where project costs can be saved, quality
improved, and customer satisfaction boosted.
b. ITMI
i. IT Management Insight (ITMI) is currently in the conceptual stage. It is
really an extension of APO to be used across all aspects of IT
Management.
ii. The ITMI Architecture is based on five domains organized into two
interlocking process loops; one for Service Delivery and one for Process
Improvement.
Page 6This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
iii. The two loops above can also be depicted individually as wheels where
each domain is represented by a 1/3 wedge of the wheel. This is shown
below.
iv. Each domain, Project Portfolio Management being an example, is broken
down into a series of Activities (light blue) and these in turn are supported
by a number of data feeds (brown), assessments (green) and plug-in tools
(orange) which provide the substance to those activities.
c. Archure
i. EMC’s Security Division (RSA) Archer eGRC Solutions provides nine
core solutions that are fully integrated and designed to facilitate the
Page 7This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
automation and administration of enterprise risk and compliance
management processes. While each of these solutions can be deployed
independently to address specific business requirements, implementing
them together forms a powerful, cohesive system. They are as follows:
Audit Management, Policy Management, Risk Management, Compliance
Management, Enterprise Management, Incident Management, Vendor
Management, Threat Management and Business Continuity Management.
ii. Archure provides customizable services to help enterprises identify and
manage different forms of risk. Allowing for fast access to specific
information so an informed decision can be made. In addition to IT Risk,
its services allow the entire organization to manage all forms of risk.
Their primary focus is on Governance, Risk and Compliance (GRC).
Archure promises visibility and communications across the entire
enterprise.
iii. Archer empowers organizations to automate and manage these processes
through a set of comprehensive, integrated solutions. The main solution is
the creation and delivery of targeted risk assessments to determine an
existing compliance level. It identifies areas of inherent risk. A central risk
repository with project management capabilities, key risk indicators and
loss events allow for this to be made possible.
iv. The question sets were created over years of industry experience. Unique
question sets can also be created.
v. Archer maps policies and control standards to the authoritative sources
that govern your enterprise.
vi. The reports can be filtered in almost any way. A few examples are: risk
rating, date range and business unit.
Page 8This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
III. Key Components
a. APO
i. Scope Management
The knowledge area of Scope Management includes the processes
required to ensure that the project includes all the work, and only the work
required to complete the project successfully. It is primarily concerned
with controlling what is and what is not in the scope. APO allows you to
manage scope by monitoring the project’s scope stability and scope
adherence. This is viewed on the APO Score Card Dashboard.
ii. Quality
The high-level views of the performance of the projects within a portfolio
as well as indicators of potential quality problems can be easily reviewed
and leveraged. The drill-down capability of the portfolio management
components allows the manager to distinguish the source of a given
problem and where potential quality problems may reside. This provides
the project manager with an ‘early warning’ of potential problems and at
the same time gives them a method to investigate issues with the proper
level of detail. If quality is slipping the Service Level Agreement (SLA)
will not be met. This is monitored on the APO Dashboard Score Card by
Page 9This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
showing whether or not the SLA’s are being me. Quality is also
monitored on the Quality Assurance Graphs showing requirement
adherence, test case success and defects logged.
iii. Integration
Incorporated in the APO is a repository of project data. As projects are
created their attributes provide information for classification and best
practices advice. This classification and advice is based on data that is
collected from the questionnaires. The project integration management
knowledge area ensures that all project components are coordinated.
Areas that are crucial for project completion are most critical. On the
APO Dashboard Score Card this includes Lost Time and Turn Over.
iv. Human Resource Management
Human resource management includes the processes required to
coordinate the human resources on a project. Such processes include
those needed to plan, obtain, orient, assign and release staff over the life of
the project. This is monitored on the APO Dashboard Score Card by
showing turn over, staff capability and morale. This is drilled down even
further via the Staffing View. Items such as task accomplishments,
whether or not the tasks are understood and morale KPI over time are all
monitored. APO allows changes to be made once these items become a
problem.
v. Communications
Each person on the project will be answering the same questions
dependent on their role and the phase of the project. This ensures that
everyone understands what is being asked of them. Communications are
thus clear and consistent. The project stakeholders are selected to answer
these specific question sets via APO. Careful communication planning
and setting the right expectations with all the project stakeholders is
extremely important. Many times today ‘management by walk around’
can no longer occur. Communication can no longer occur face to face.
APO allows ‘management by walk around’ to occur on a consistent basis.
Page 10This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
vi. Risk Management
One of the problems with the risks associated with developing and
maintaining applications is that they are often not recognized until they are
realized. Or, if they are recognized early, they are often left to chance.
The APO takes steps to fix this. By providing a base set of intuitive
questionnaires, the APO helps project managers to recognize potential
risks early. The questions are in a simple multiple choice format that
addresses potential risks in conjunction with the current phase of the
SDLC. The answers are weighted, and through a series of thresholds the
APO identifies the areas of the project that are of concern for the well-
being of the project as a whole. In addition, APO provides the user a
series of assessments. The warnings, which are displayed in a simple
‘stop-light’ format, draw attention to problem areas. Customizable
questions can be added to the initial set with weights assigned to highlight
the most critical risks. The question sets apply to all projects of a common
type.
The APO also provides the ability to perform risk analysis from the
viewpoint of different personnel associated with the project. Besides the
primary set of questions that is directed towards the project manager, there
is also the ability to tailor additional question sets for other project
members, such as a quality assurance manager or business owner.
Risk is monitored on the APO Score Card.
vii. Procurement
Project Procurement Management is part of the project management
process in which products or services are acquired or purchased from
outside the existing associate base of which would work on the project in
order to complete the task or project. Physical assets, delivery issues,
contractual situations, vendor management can all be monitored as long as
the question set within APO is modified.
Page 11This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
viii. Methodology
A project methodology tells you what you have to do, to manage your
projects from start to finish. For example: did you create a project plan?
What has been the time spent? How many resources are being used and
are they right for that particular project? APO drives adherence to the
methodology that has been set within an organization.
b. ITMI
i. Metrics
Metrics are one of the structural components of ITMI. They are reported
by calculating Risk Scores from assessment results which compute a
defined Risk Score. This includes: A Risk Score for each of the
predefined risk categories; An overall risk score—which is the weighted
sum of the category risks; An Opportunity Score for each of the
predefined opportunity categories; An overall Opportunity Score for the
project—which is the weighted sum of the category opportunities.
ii. Dashboard Objects
Dashboard Objects are a Risk/Reward comparator that plots the inherent
riskiness of projects against their projected benefit. It is another structural
component of ITMI. The size of the data point is indicative of the
financial cost of the project. Charts depicting the distribution of
dispositions for proposals that can be grouped by business unit or other
category variable
iii. Data Elements
Data Elements are generic risk data that is collected almost exclusively
through assessment questionnaires. Project sponsors, PMO and senior
project staff are posed a series of questions that—in aggregate—assess
various categories of risk. Risks are typically not identified until the
project is approved and is in flight. However, any that do happen to be
identified prior to the project starting are logged and added to the risk
profile for the project.
Page 12This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
iv. Data Collection
Data Collection is the final structural component of ITMI. It is defined by
project scoring data to be collected via a questionnaire distributed to
assessors who have reviewed the proposal documentation. If there is a
financial justification for the project, that data will typically come from
external sources. It could be collected via a questionnaire if-and only if-
questionnaire data can be used to populate profile fields. If not a web
services call will be required
b. Archer
i. Audit Management
Measures the complete audit lifecycle by enabling governance of ongoing
audit-related activities.
ii. Policy Management
An infrastructure for creating policies and control standards, and mapping
them to corporate objectives, regulations, industry guidelines, and best
practices.
iii. Risk Management
Identifies risks against corporate objectives, evaluate the likelihood and
impact of those risks, and relate them to mitigating controls.
iv. Compliance Management
Enables an organization to automate and manage compliance initiatives.
v. Enterprise Management
Provides a central repository of information on business hierarchy and
enterprise infrastructure.
vi. Incident Management
Provides a case management solution for reporting cyber and physical
incidents, and categorizing them and determining the appropriate response
procedures.
vii. Vendor Management
Facilitates risk-based vendor selection, relationship management, and
ongoing compliance monitoring.
Page 13This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
viii. Threat Management
Provides a centralized repository of threat data, reporting of activities
related to threat remediation, and threat management process.
ix. Business Continuity Management.
Provides a centralized, automated approach to business continuity and
disaster recovery planning.
IV. Pricing, Deployment, Support
a. APO
i. $5,000 a month for 1st 10 named users with a 2 year commitment
ii. $2,000 for 2nd 10 named users
iii. $1,000 for each 10 named users there after
iv. Saas (software-as-a-service), standalone installation also available at an
additional cost
v. 5 days or less install
vi. Unlimited Assessment takers in or out of your organization
vii. Robust training & support included
b. ITMI
i. TBD
c. Archer
i. $50,000 - $100,000 per year with a 3 year commitment
ii. Saas (software-as-a-service) or standalone installation
iii. 3 week install
iv. Unlimited Assessment takers in or out of your organization
v. Unlimited users can view all reports at anytime
vi. Training & support included
V. Summary
a. APO is a robust, intellectual system that is very easy to use. The application itself
is fast and easy to implement, requiring minimal startup effort. It can be
customized if needed. APO provides the ability to have ‘project office’ reviews
of all projects. It provides a proactive and quantitative approach for identifying
and mitigating project risks before they are realized. It collects data and shows
Page 14This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Whitepaper – APO, ITMI, Archer 01/17/2011
metrics based on how pre-defined specific questions are answered. While ITMI
focuses on all aspects of an IT Project. It looks at very detailed metrics. ITMI is
projected to include 20+ unique ‘applications.’ Archer is very easy to use. It
allows you to build an efficient, collaborative enterprise governance, risk and
compliance (eGRC) program across IT, finance, operations and legal departments.
The solution enables users to tailor solutions to their specific requirements.
Archer is very flexible. It allows the customer to have a standard installation or to
pick and choose what makes sense for their organization. There is some overlap
between APO and ITMI with the Project Management Methodology. APO and
Archer are very similar especially when comparing APO to the ‘Risk
Management’ Component of Archer. Like APO there is some overlap between
Archer specifically its ‘Risk Management’ Component and ITMI. APO and ITMI
are implemented by CAI while Archer is implemented by EMC.
Page 15This document is the exclusive property of Computer Aid, Inc. (CAI) It contains proprietary information and may not be disclosed to others for any purpose without written permission from CAI
Top Related