Professional Documents
Culture Documents
V1.1
Contract #: K5642
Engagement #: P0047671
Public Consulting Group, Inc. Washington State Employment Security Department (ESD)
Monthly Status Report Paid Family Medical Leave (PFML) Tech nology Implementation Project
Report Date: November 13, 2019
RE: ESD PFML Project Quality Assurance Report – as of November 10, 2019 (Contract #K5642)
Thank you for the opportunity to provide QA services to this project. Please let me know if you have any
questions or comments.
Sincerely,
Dana McLean
Dana McLean
Engagement Manager
Public Consulting Group Technology Consulting
Document History
Version Date Brief Description of Modifications
1.0 11/13/2019 Initial submission of the Monthly QA Status Report
1.1 11/19/2019 Incorporation of edits
Document Reviewer(s)
Name Title
Linda Kleingartner PFML Project Manager
Carla Reyes PFML Director
Lisa Kissler PFML Technology Manager
Dana Josephs PFML Contracts Manager
Document Receiver(s)
Name Title Signature Date
Carla Reyes PFML Director
3. GLOSSARY ............................................................................................................................... 6
4. SCOPE ...................................................................................................................................... 7
5. APPROACH .............................................................................................................................. 7
6. ASSESSMENT .......................................................................................................................... 8
6.1. Project Integration Management .............................................................................................. 8
6.2. Project Scope Management..................................................................................................... 8
6.3. Project Schedule Management ................................................................................................ 9
6.4. Project Cost Management ..................................................................................................... 10
6.5. Project Quality Management ................................................................................................. 10
6.6. Project Human Resource Management................................................................................. 11
6.7. Project Communications Management .................................................................................. 12
6.8. Project Risk Management ...................................................................................................... 13
6.9. Project Procurement Management ........................................................................................ 13
6.10. Project Stakeholder Management ......................................................................................... 14
6.11. Project Technical Management ............................................................................................. 15
TABLE OF TABLES
Table 1: Project Trending Status ............................................................................................................... 3
Table 2: Risk Priority Definitions ............................................................................................................. 19
Table 3: Issue Priority Definitions ........................................................................................................... 20
TABLE OF FIGURES
Figure 1: Risk Rating Matrix..................................................................................................................... 19
Public Consulting Group, Inc. Washington State Employment Security Department (ESD)
Monthly Status Report Paid Family Medical Leave (PFML) Tech nology Implementation Project
Report Date: November 13, 2019
1. EXECUTIVE SUMMARY
Following is a summary of the monthly Quality Assurance (QA) risk assessment report
conducted by the Public Consulting Group (PCG) QA team for the Washington State
Employment Security Department (ESD) and the Paid Family and Medical Leave (PFML)
Project.
HIGH
Project Status/Summary during the Reporting Period:
PCG maintained the risk level as high during the reporting period ending November 10, 2019.
PFML was able to reach feature complete by the target date of October 28th, 2019, which
has set the project on track to delivering Benefits v1.0 in January 2020 when the program is
mandated to begin accepting and processing benefit applications and claims. PFML has
continued to refine the release schedule to ensure that all key activities can be completed
before the Benefits v1.0 launch.
PFML continues to work to ensure that updates to the schedule and applicable plans (such
as the Release Timeline(s) and the Communications Plan) are complete.
PCG remains concerned around PFML’s ability to execute the complete scope of the project,
for releases after the Benefits v1.0 launch. The project has met a longstanding goal of having
three sprints worth of stories ready placement, and it appears release 1.1 is now fully
populated with feature sets. This is clearly a positive accomplishment.
Below is a high-level summary of the changes made within the report during the current
reporting period:
• Integration Management:
o PCG closed QA05, which was being tracked as a low risk because PFML's
Integrated Project Schedule is being updated on a regular basis, including
accurately tracking and capturing tasks and resource allocations.
• Scope Management:
o PCG reduced QA04 to medium. This scope risk was related to PFML’s ability to
have enough ready stories in the backlog to achieve the required scope. As of the
current reporting period the minimum viable product (MVP) for Benefits v1.0
development is complete.
• Quality Management:
o PCG rewrote the description of QA38. PCG initially thought that QA38 was isolated
to System Operations and Development teams, but it appears that other
workstreams such as the Customer Care Team (CCT) and the Product team are
also included. This medium risk is related to the lack of coordination and
disconnect between workstreams such as: CCT, System Operations, Product and
Development.
• Human Resource Management:
o PCG opened QA42, which is a low risk. As a result of no defined date to migrate
to the Cloud, the Technology workstream is at risk of burnout, which could impact
future development post Benefits v1.0.
• Risk Management:
o PCG opened QA43 as an observation. This observation is related to the internal
audit that PFML is undergoing.
In summary, as of November 10, 2019 PCG is tracking four (4) high risks, seven (7) medium
risks, two (2) low risk as well as two (2) issues (that are archived) and two (2) positive
observations. The details on each of these risks as well as the highlighted findings noted
above can be found in Section 6 of this report and in Table 3 (QA Status Highlights by
Assessment Category) and within the risk log.
Schedule QA28
Management
Quality QA38
Management
QA18, QA42 (new)
Human Resource
Management
Communications QA41
Management
Procurement -
Management
QA23, QA29, QA34
Stakeholder
Management
QA20, QA22, QA27, QA33
Technical
Management
The following table below includes a description of the QA Status Assessment rankings used by PCG.
Table 2: QA Status Assessment Legend
The table below includes a summary of each assessment area (i.e., category). Additional
details on each of the findings that are being tracked in these areas can be found in Section
6 of this report.
Table 3: QA Status Highlights by Assessment Category
PCG closed QA05, which was a low risk related to the lack of maintenance to the
Integration Integrated Project Schedule. PCG has observed that the Project Schedule is being
Management updated regularly and no longer includes overdue tasks or resource allocations.
Low
Refer to Section 6.1 Project Integration Management for additional information.
PCG continues to track Schedule Management as a high risk. Although PFML has
an updated, baselined Integrated Project Schedule that is being updated on a weekly
Schedule
basis, it remains unclear if PFML will be able to deliver on time given the amount of
Management
High work to be done. Refer to Section 6.3 Project Schedule Management for additional
information on one (1) high risk (QA28) which PCG is tracking in this area.
PCG continues to track the Cost Management assessment area as a low risk. PCG
notes that QA24, which is a low risk around Earned Value Management (EVM)
Cost doesn’t appear to be impactful to the project.
Management
Low Refer to Section 6.4 Project Cost Management for additional information on one (1)
low risk (QA24) which PCG is tracking in this area.
PCG continues to track one (1) risk related to Quality Management. During the
current reporting period, PCG rewrote the description of QA38 to also include
additional workstreams such as Product and the Customer Care Team. This risk is
Quality ensuring that the product is being built with coordination between all workstreams.
Management Med
Refer to Section 6.5 Project Quality Management for additional information on one
(1) medium risk (QA38) which PCG is tracking in this area.
PCG opened QA43 as an observation related to the internal audit that is being
conducted by ESD on the PFML project.
Risk
Low Refer to Section 6.8 Project Risk Management for additional information; however,
Management
PCG not currently tracking any risks or concerns in this area as of this reporting
period.
PCG maintains the Procurement Management assessment area as a low risk. At this
point in time, it does not appear that any contract amendments will need to be made
Procurement for the launch of Benefits v1.0.
Management Low
Refer to Section 6.9 Project Procurement Management for additional information on
one (1) issue (QA26) which PCG has archived but continues to monitor in this area.
PCG maintains Stakeholder Management assessment area as a high risk. PFML has
incorporated two user tests to be held during the month of November and continues
to plan to include feedback earlier within the development process. Until that has
Stakeholder been executed there continues to be a risk that the product being built is built with
Management consideration around time constraints rather than usability and stakeholder feedback.
High Refer to Section 6.10 Project Stakeholder Management for additional information on
two (2) medium risks (QA29 and QA34) and one (1) high risk (QA23) which PCG is
tracking in this area.
PCG continues to track the Technical Management assessment area as a high risk.
PCG remains concerned around PFML's ability to complete end to end testing for
future releases but notes that sufficient time appears to have been built into the
High schedule for the Benefits v1.0 launch considering the recent changes to MVP and
scope for the Benefits v1.0.
Technical
Management Refer to Section 6.11 Project Technical Management for additional information on
the two (2) high risks (QA20 & QA33) and two (2) medium risks (QA22 & Q27) which
PCG is tracking in this area.
2. REFERENCE DOCUMENTS
This section provides a list of documents referenced in the development of the Monthly
Status Report:
• Project Management Institute’s (PMI) Project Management Body of Knowledge (PMBOK®)
• PCG Eclipse QATM Methodology and Framework
• PCG Eclipse AgileTM Methodology
• PCG Quality Assurance (QA) Plan
• IEEE Std.730, IEEE Standard for Software Quality Assurance Processes
• ISO/IEC/IEEE 16326, Systems and Software Engineering
• IEEE Std. 1490, Adoption of the PMI Standard A Guide to the PMBOK®
• IEEE Std. 1012, Standard for Software Verification and Validation
• IEEE Std. 1061, Standard for Software Quality Metrics Methodology
• CMMI Capability Maturity Model Integration (CMMI) Standards
• PFML Investment Plan – Signed – 2018 2 21
• PFML Charter V2.0
• PFML Program Charter - Draft 1
• PFML Level 1 Governance Draft
• PFML Level 2 Governance Draft
• PFML Program Charter Milestone Plan
• PFML Budget Reconciliation Process 2018 01 09
• PFML Project Plan – Draft
• PFML Decision Log
• PFML Stakeholder Register
• Volume 1 Technical Proposal Deloitte 103117
• Volume 2 Financial Proposal Deloitte 103117
• WA ESD Implementation SOW FINAL
• WA ESD Microsoft Master Contract Final
• WA ESD Support SOW Final
• WA ESD Admin Account RFP 2017 115 Vol 1 Tech Proposal Final
• WA ESD Admin Account RFP 2017 115 Vol 2 Financial Proposal Final
• WA ESD BAFO Letter DG for Docusign
• PFML Project Management Plan
3. GLOSSARY
The table below lists the acronyms that appear within this Monthly QA Status Report.
Table 4: Acronyms and Definitions
Acronym Definition
AX Accounting Software
BA Business Analyst
BDS Business Design Specialists
CMMI Capability Maturity Model Integration
CRM Customer Relationship Management
ESD Employment Security Department
HR Human Resource
Acronym Definition
IEC International Electrotechnical Commission
IEEE Institute of Electrical and Electronics Engineers
IP Investment Plan
ISO International Organization for Standardization
ITSD Information Technology Services Division
KPIs Key Performance Indicators
MVP Minimum Viable Product
OCIO Office of the Chief Information Officer
OCM Organizational Change Management
PFML Paid Family and Medical Leave
PCG Public Consulting Group
PMBOK® Project Management Book of Knowledge®
PMI Project Management Institute
PMO Project Management Office
PMP Project Management Plan
PO Product Owner
PQMP Project Quality Management Plan
QA Quality Assurance
RFP Request for Proposal
SMART Specific, Measurable, Achievable, Relevant, and Time bound
VSTS Visual Studio Design Services
4. SCOPE
The PCG QA team has provided an independent monthly assessment of the work
products and the planning, management and control processes that directly support the
successful implementation of the PFML Project. As part of this assessment and project
oversight activities, the PCG team will maintain a findings log and work collaboratively
with the PFML project team to develop and implement recommendations for
improvement that support the overall success of the project. The scope of project
activities assessed includes the following areas:
• Project Meetings
• Key Project Management Activities
• Key Project Documents
• Agile Methodology
• Visual Management
• Daily Stand-ups and Agile Ceremonies
5. APPROACH
PCG follows a proven four-step approach to completing each Monthly Status Report.
However, as applicable, this approach is tailored to be consistent with the current
schedule and activities being conducted by the project. PCG’s standard approach is as
follows:
6. ASSESSMENT
Following is the detailed analysis and associated findings that resulted while completing
the monthly QA risk assessment for the reporting period September 11, 2019 through
October 10, 2019. Each section includes findings and recommendations that PCG has
identified as critical to the PFML Project’s success. A cumulative list of all QA findings is
maintained in a separate QA Findings and Recommendations Log. This cumulative list
includes updates made to existing, open findings and new findings identified during the
current reporting period.
PCG reduced QA04 to a medium risk. This risk is around the project’s ability to
maintain enough stories in the backlog that can be completed by the teams to
deliver the required scope. During this reporting period improvement has been
achieved and exhibited in the story creation and grooming for the Benefits v1.0
launch, and development was completed within schedule expectations. Sprint
planning work is in progress for v1.1 through 1.5.
The project team achieved a long-standing goal of having 3 sprints worth of stories
beyond the current sprint allowing for the planning of v1.1 release. This resulted in
the reduction of this risk. Continued ability to have enough stories groomed and
ready through the next few releases will result in further reduction in this risk.
QA Within the current defined Service PCG recommends that PFML focus on story
Risk
04 Delivery Roadmap, features required for development. PFML should have at least three
each release lack all necessary sprints worth of stories ready in the backlog at all
supporting User Stories and acceptance times.
criteria to achieve feature complete for
the remaining releases. Without these Medium
supporting Stories it may be unclear what
exactly is to be developed within the
given time.
Significance:
The project burnup chart should indicate if the current average velocity development
is on pace to deliver all in-scope items by the defined delivery date. Without all
necessary supporting User Stories and acceptance criteria for each feature in the
upcoming release, features may not be completed on time.
QA28 Based on the Integrated Project Schedule it PCG recommends the project continues to
Risk is unclear if PFML can deliver on time. update the project schedule. Updates should
continue to be done via daily check ins with
the scrum master with formal updates
High
happening at least weekly.
Ensure that the Project is accurately
capturing within the updated project
schedule, project goals and objectives,
timeline, milestones/deliverables, risks and
dependencies. PCG would want to see
details of the working software that ESD
plans to produce within each Sprint. ESD
should keep in mind that working software
will generally include work across multiple
subsystems.
Significance:
The project continues to face tight timelines and a legislative mandate. Not delivering
on time will impact the project cost, employee morale and confidence from
stakeholders.
QA24 The project is not using Earned Value PCG continues to recommend the expansion of
Risk
Management (EVM) to track Schedule EVM into the technology workstreams using an
Variance and Budget Variance. Low Agile EVM scorecard. This will allow the project
to present a total project performance picture to
stakeholders that may not be familiar with Agile
development methodologies.
(no change since last reporting period)
Significance:
This may make the project appear to be on or under budget when additional costs
are deferred due to schedule and/or deliverable delays.
teams, it is evident that other workstreams such as the Customer Care Team (CCT)
and customer insights, and thus has rewritten this risk.
There appears to be a disconnect between what the developers are building and what
the CCT is needing and/or expecting, with a noted lack of coordination via the Product
team. The newly formed UX (User Experience) Team has been established and
although their role isn’t explicitly intended to ensure coordination between all
workstreams, their efforts are noted. PCG will observe the work efforts of the UX
Team and next steps. Ultimately, PCG recommends that the Product team works to
ensure that all workstreams are aware of the work to be done and efforts to alleviate
this risk. System Operations is continuing to take the opportunity to attend various
standups and is attempting to gain a greater knowledge and understanding of what
is being built. PCG will continue to monitor. PCG believes the desired level of
collaboration and coordination isn’t happening due to the tight timeframes and other
prioritized work of the developers. System Operations continues to explore ways to
engage early with development, or key development teams.
PCG recommends that PFML System Operations works with the Development teams
in critical design and build meetings and deliverable reviews to minimize rework and
potential problems. Additionally, PCG encourages the Product Team to continue
efforts to bridge any gaps between Production, Development, System Operations and
the CCT. PCG encourages PFML to define a triage and support plan and not 'manage
by emergency;' document how to troubleshoot what is being built with inclusion of
PFML System Operations, CCT and all Development Operations teams to lessen
rework and potential production problems. PCG will maintain QA38 as a medium risk
until a product support plan is implemented, along with determining if PFML is
ensuring sprint capacity is being subtracted from available capacity to ensure the
proper support is provided.
QA38 There is a risk that the end product is being PCG recommends that PFML System
Risk
built without coordination between all PFML Operations, CCT, Product and Development
workstreams to ensure a quality product is teams are included in critical design and build
Med
being built to support necessary functionality meetings and deliverable reviews to minimize
as well as future growth and flexibility. rework and potential problems. PCG
encourages PFML to define product support
plan and not 'manage by emergency;'
document how to troubleshoot what is being
*Risk re-written as of 11-10-2019 built with inclusion of all applicable
workstreams to lessen rework and potential
production problems.
Significance:
Rework impacts the project schedule/timeline and resource efficiency.
to ensure utilization is being addressed and burn out is avoided. PFML has continued
the process of onboarding new CCT staff for the anticipated volume of calls during
January following the Benefits v1.0 launch. PCG will continue to monitor resource
utilization, including meeting with key staff resources, the organizational change
manager and agency leadership.
PCG opened one (1) new risk during the current reporting period related to Human
Resource Management. This risk is the result of not having a defined date to migrate
to the Cloud. The Technology workstream is at risk of burnout due to the significant
time needed for development and deployments, which could impact future
development post Benefits v1.0. Additionally, on-premise development requires
increased operational inefficiencies, and additional maintenance and operations
overhead. Ultimately, this risk is related to Human Resources. Currently, PFML has
not clearly communicated when this shift may happen and the Technology
workstreams have expressed concern with burnout. PCG recommends that
Leadership clearly define and articulate when Cloud migration will take place. This
will ensure all staff are clear on the path forward and hopefully reduce the risk of
burnout. PCG will continue to monitor this risk until a formal decision is made and
after we have assessed the potential impact(s) to staff.
Significance:
Resources (Customer Care, Policy and Treasury staff, etc.) may still find themselves
too much work for the time available. Insufficient staff capacity for Human Resource
Management can contribute to the overall schedule challenges the project is
experiencing.
Leadership has made a decision not to migrate to the Cloud before January 2020.
Without a clear path forward there is a risk that significant time and cost to scale
development work as well as an increased downtime for deployments and
maintenance and easier deployments. This ultimately impacts the development
teams' utilization.
able to be present. Please see Section 6.10 (Stakeholder Management) for PCG’s
concerns related to managing Stakeholder messaging. PCG will continue to review
and assess Communications Management as it relates to the PFML Project.
Significance:
Considering who/why/when for meeting participants and output of communications
ensures all PFML staff and contractors are kept informed and properly engaged.
Additionally, it ensures that there is an appropriate cadence and sequence of
meetings, i.e.; having enough time to prepare for meetings given the information
received.
PCG is not currently tracking any risks related to Risk Management. PCG will
continue to validate that there is a documented Risk Management process that
adheres to project management best practices and asses the project risk and issue
management activities. PFML continues to hold regularly scheduled Risk Review
meetings for all of the workstreams and keeps an up to date risk register, including
risk owner, next steps and updates.
PCG opened one new observation related to Risk Management during the current
reporting period. This observation is related to the internal audit that is being
conducted by ESD. PCG has met with the internal auditor and will continue to work
cooperatively with internal audit as requested.
this issue within the risk log. QA26 should be monitored only for additional contract
amendments (if needed) and will not be reported within the monthly report, unless
needed. QA26 can be referenced within the monthly risk log.
Significance:
The project could incur delays as a result of contract renegotiation(s) and/or
amendments.
involvement early in the development cycle, demo software early and get customer
feedback quickly. The project risks features
there is a risk that the product being built is identified by product owner(s) may result in
incorrect. High user stories that don't reflect user needs.
QA29 The Product Acceptance Testing (PAT) PCG recommends PAT be integrated into
Risk
timeline remains tight and the Agency is every stage of the agile development cycle so
considering a 'just in time' approach with that continuous feedback is received. The
PAT. Customer engagement and Med earlier bugs or issues are discovered, the
involvement may not be enough. cheaper they are to fix.
QA34 Managing external stakeholder expectations PCG recommends that PFML continue to
Risk
as it relates to PFML Project messaging. execute the communications plan taking into
consideration any changes that may impact
Med stakeholder expectations.
Significance:
Insufficient stakeholder feedback could cause rework and schedule delays.
Without adequate customer engagement and involvement, the project may be
creating a product that does not meet the needs or expectations of the end
customer. Insufficient stakeholder feedback could cause rework and schedule
delays.
The number of stakeholders creates a challenge to adequately provide updated
communications to all stakeholders.
QA20 The systems integration testing timeline PCG recommends using a refined post
Risk
may pose a risk to a fully functional end- development work approach that includes
to-end product resulting in sub-systems High repeated cycles of sufficient time consistently
that lack full integration. allotted to monitor the systems integration
testing timeline as it applies to Technical
Management.
QA22 There continues to be an observation of PCG continues to recommend planning for
Risk
variance from established norms for integration even at the story level and providing
Agile development which require a demonstrations which include work across all
correction. It should be noted that these teams at the end of each sprint rather than only
are not due to a lack of hard work and one piece of the functionality for a story, i.e.
dedication on the part of the team, but Med they may currently be demonstrating the User
rather the increased demands on their Interface (UI) or Customer Relationship
time and a short-cutting of proper Management (CRM) layer, but not both. PCG
processes. This finding is an opportunity also recommends continued focus on
to course correct and help the teams preparedness for Sprint Planning and having all
work smarter, faster, and more efficiently tasks defined and committed to as the output
for future releases. from sprint planning, and the indicator that the
sprint is ready to start.
Additionally, PCG recommend that PFML
ensure rigor around getting development work
done earlier to ensure there is adequate time to
test and include customer input.
QA27 The Agency has determined that their PCG recognizes that this is an Enterprise level
Risk
batch management framework (EBMS) concern and recommends that PFML continue
is unproven in this product configuration to work with ITSD to ensure that EBMS experts
and lacks maturity for the ESD service are available to troubleshoot any issues for
Med
delivery model. EBMS currently only premiums.
processes one job in a production
environment.
QA33 PFML is not able to perform end-to-end PCG recommends using agile reports such as
Risk
testing since certain elements of the the burnup chart to drive decisions to
software (CRM & AX) are not complete. determine whether to change the scope or
The inability to perform end-to-end schedule.
functional testing poses a risk to the
entire system being built which may PCG recommends continued use of daily check
cause critical functionalities such as ins with the testers, and elements that are
High
communication between subsystems, behind schedule/blockers are reported.
interfaces and databases to behave PCG recommends that the project use a three-
unexpectedly. step design framework for end-to-end testing to
include user functions, conditions and test
cases. User functions should include listing
software features and tracking actions
performed for each feature. Conditions should
be built based on user functions; every user
function should have a set of conditions. Test
cases should be created for every user function
based on user scenarios and every condition
should have a separate test case.
Significance:
The time allotted for the end to end testing is minimal and may negatively impact the
User Acceptance testing timeline. Without completing end-to-end functional testing,
it is uncertain whether the flow of the system is performing as designed from end-to-
end.
Without following Agile processes consistently, it increases the likelihood of not
delivering features on time and of expected quality for desired business value(s).
ESD won't be able to process complex batch jobs using EBMS in all environments,
impacting schedule and acting as a blocker to development teams. Without the use
of an exact replica production environment in the release process users may expose
unknowns usually found via exploratory QA testing done in a staging environment.
Without completing end-to-end functional testing, it is uncertain whether the flow of
the system is performing as designed from end-to-end.
A priority is assigned to all risks and issues. Once a priority is assigned to a risk or issue,
it will be reassessed during each subsequent reporting period as part of the routine QA
project monitoring activities and documented in the QA Findings and Recommendations
Tracking Log.
C.1 Risks
A risk is “an uncertain event or condition that, if it occurs, may have a positive or
negative effect on a project’s objectives”. The PCG QA team will identify risks
with negative effects and expand the definition to include both conditions which
may occur and those which may not occur (e.g. lack of a well-defined
requirements traceability process could lead to delivery of an incomplete system,
requiring costly and time-consuming rework).
A key to risk management is understanding the potential risks to the project and
ensuring that these risks and risk mitigation strategies are communicated to key
project stakeholders on an ongoing basis. Risk analysis should begin early
during project planning by determining or identifying the factors that may affect
the project. Risk can impact a project in many ways: project quality, scope, cost,
and schedule. Proper risk identification seeks to determine how the risk may
affect the project and to document the project area(s) impacted by the identified
risk.
Once risks are identified and characterized, both qualitative and quantitative
factors are examined. Figure 1: Risk Rating Matrix
The following table defines the risk priorities that will be used when identifying
risks.
Table 2: Risk Priority Definitions
C.2 Issues
An issue’s priority is determined by its impact on the project. The following table
defines the issue priorities that QA uses when assigning a priority to an issue.
Table 3: Issue Priority Definitions