Kansas Department of Administration

GROUP FOUR (4) SCOPE - Independent Validation & Verification (IV&V) Services for Information Technology Projects

Posted on 10/21/2021 at 12:51 PM by Kansas Department of Administration

Independent Validation & Verification (IV&V) services for Information Technology projects. The State also occasionally needs professional Quality Assurance (QA) services for Information Technology projects.  

IV&V Services to be provided:

The state occasionally requires that IV&V services be engaged for larger IT projects or other selected projects. These types of projects usually possess significant risk in their development or implementation or present other abnormal risks to an agency or the state thereby warranting an additional level of project oversight.

IV&V activities most often used by the state would be considered full, in-phase engagements where the IV&V contractor is brought into the project as early as possible. Oftentimes, the IV&V contract is executed concurrently with an implementation contract or shortly after the approval of the project’s High-Level plan. The engagements are expected to continue through project close out.

On occasion, an agency will independently elect to use an IV&V contractor as part of a project. More often, the Executive Branch Chief Information Technology Officer (CITO) will require an agency to have an IV&V contractor for a project.

The state expects an IV&V contractor for a project shall have technical, managerial, and financial independence relative to the project. We further expect that the IV&V contractor shall have a competence level on at least the same skill level as the prime contractor engaged for a project. Since IV&V activities are most often seen in projects that already are acknowledged to have high risk factors, it is imperative that the IV&V contractor be already recognized in the industry as possessing substantial IV&V credentials. References that demonstrate this exemplary level of capability for large (>$20,000,000) projects are critical.

To mitigate some of the risk inherent in projects, the state has established a Project Management Methodology (PMM) and a reporting process for all projects in the state with any significance. The current project management methodology is documented at https://oits.ks.gov/kito/kito-home. The methodology, when properly executed, creates at least the following for each project:

  • Designated Project Team
  • Designated Project Manager
  • Designated Project Sponsor
  • Project Steering Committee
  • Configuration Management Function
  • Internal Quality Assurance Function
  • Risk Management Function
  • Project Statement
  • Project Plan
  • Project Budget
    • Project Estimate Summary
    • Cost at Completion Report

  • Project Schedule
    • Activity Tracking Reports
  • Work Breakdown Structure
  • Work Product Identification
  • Configuration Management Plan
  • Requirements Traceability Table
  • Project Staffing Plan
  • Resource Loading Profiles
  • Project Organizational Chart
  • Risk Management Plan
  • Internal Quality Plan
  • Issues Management Function
  • Project Start-Up Checklist
  • Project Database
  • Change Manager
  • Change Control Board
  • Project Status Meetings

A chosen IV&V Contractor shall at least review all the above and additional relevant information for a project on a continuous basis to produce at least monthly independent reports about project status. These reports shall be delivered directly, independently, and simultaneously to the:

  • Project Manager
  • Project Steering Committee
  • Project Sponsor
  • Kansas Information Technology Office (KITO).
Each report shall include at a minimum:

Project risk assessment: Contractor will evaluate the overall project structure and controls. The project will be evaluated from the following perspectives: project management, user involvement, organization, technology, scope, oversight, business impact, cost-benefit, implementation, and consistency with the state’s PMM. The risk assessment will include specific action items to address area that have the greatest potential for impacting the project.

Monitoring of Design and Development Process: Contractor will maintain a level of involvement in the design and development process that will enable Contractor to identify issues and make recommendations to address specific areas of concern.

Monitoring of Project Schedule and Resources: Contractor will monitor the project schedule and resource allocation plan to ensure the project is progressing as planned and adequate resources are available when needed. Contractor will address the project team’s effectiveness in addressing critical issues that could impact the schedule or resource use. Monthly summaries will be included in the Monthly status report that present an assessment of progress relative to baseline schedule.

Monitoring of Project Budget and Issues: Contractor will monitor the project budgets, both in terms of resources and expenditures, and document any variances from the project plan. Contractor will monitor issues handling within the project and maintain an understanding of the project sufficient to allow Contractor to identify issues that may pose a risk to the project but have not been included within the project’s issues management activity.

Activities: The report will include a description of the previous month’s IV&V activities and planned IV&V activities.

QA Services to be provided:

Contracted QA activities in the state are less frequently seen and usually engaged at the agency level as a specialized type of staff augmentation or as an independent, external control for critical project activities.

Most often, the QA contractor will be duplicating the work of project staff, to ensure deliverable evaluations are being properly conducted by replicating the testing performed on the deliverables and verifying that the deliverable meets pre-agreed-upon specifications. Occasionally, the QA contractor will be solely responsible for the acceptance of deliverables for a project.

Review of Project Deliverables: Contractor will develop a set of evaluation criteria for each deliverable that ensures that it; delivers required functionality, is consistent with other deliverables, conforms to the overall architecture, followed a sound development process, has an adequate level of stakeholder involvement and review. Contractor will recommend if the deliverable should be accepted or returned. For each major deliverable the Contractor recommends returning, the Contractor will produce a specific deliverable evaluation report, outlining where the deliverable is incomplete or where it does not satisfy predefined acceptance criteria.

Firms proposing to do QA work should preferably have a strong, verifiable history of performing rigorous scientifically and statistically based QA work on a professional basis, probably specializing in it as a primary line of business rather than as a sideline endeavor.

Comments
There are no comments yet.
Add Comment

* Indicates a required field

© 2022 Kansas Department of Administration. All rights reserved.