Enterprise IT Maturity Assessments

From EITBOK
Jump to: navigation, search
Welcome to the initial version of the EITBOK wiki. Like all wikis, it is a work in progress and may contain errors. We welcome feedback, edits, and real-world examples. Click here for instructions about how to send us feedback.
Ieee logo 1.png
Acm logo 3.png

 

1 What Is a Maturity Assessment

Capability maturity for EIT refers to IT's ability to reliably perform. Maturity is measured by an organization’s readiness and capability expressed through its people, processes, data and technologies and the consistent measurement practices that are in place. The organization’s maturity directly relates to the ability to execute the IT strategy; therefore, there is a need to assess maturity as an input to a realistic plan and as a guide to maturing IT to desired levels. In other words, unless the IT organization "knows itself," it can’t make plans to do more or to improve. Adoption of “lessons learned” is a key improvement strategy. Mature EIT organizations collect “lessons learned” during each project as it is executing and build the results into organizational improvements on a regular basis. When reviewed and areas prioritized by management, a maturity assessment is an input to the EIT strategy formulation, since its results may highlight its performance constraints.

Maturity assessment involves scoring the organization against defined criteria and a ranking scheme. This assessment is generally organized in ascending steps with strategies on how to move up the maturity scale. Scales are often defined in a 1–5 range that indicates increasing levels of maturity. Some schemes allow for scoring that includes decimal points (such as 2.5). A common scheme defines the five levels in the following way:

  1. Performed: Activities are performed in an ad hoc manner.
  2. Managed: Activities are performed with managed processes.
  3. Defined: Activities are defined so the organization can perform them in a uniform manner.
  4. Measured: Oversight is given to the performed activities to ensure performance and uniformity.
  5. Optimized: Continuous improvement processes are in place on the defined and measured processes.

A typical description of organizational maturity was developed by Stanford’s SLAC National Accelerator Laboratory, as shown in the table below:

  Level 1
Performed
Level 2
Managed
Level 3
Established
Level 4
Predictable
Level 5
Optimizing
People
  • Success depends on individual heroics.
  • “Fire fighting" is a way of life.
  • Relationships between disciplines are uncoordinated, perhaps even adversarial.
  • Success depends on individuals and management system supports.
  • Commitments are understood and managed.
  • People are trained.
  • Project groups work together, perhaps as an integrated product team.
  • Training is planned and provided according to roles.
  • A strong sense of teamwork exists within each project.
  • A strong sense of teamwork exists across the organization. Everyone is involved in process improvement.
Process
  • Few stable processes exist or are used.
  • Documented and stable estimating, planning, and commitment processes are at the project level.
  • Integrated management and engineering processes are used across the organization.
  • Processes are quantitatively understood and stabilized.
  • Processes are continuously and systematically improved.
Technology
  • The introduction of new technology is risky.
  • Technology supports established, stable activities.
  • New technologies are evaluated on a qualitative basis.
  • New technologies are evaluated on a quantitative basis.
  • New technologies are proactively pursued and deployed.
Measurement
  • Data collection and analysis are ad hoc.
  • Planning and management data is used by individual projects.
  • Data is collected and used in all defined processes.
  • Data is systematically shared across projects.
  • Data definition and collection are standardized across the organization
  • Data is used to understand the process qualitatively and stabilize it.
  • Data is used to evaluate and select process improvements.

Periodic reassessments are performed to gauge progress against the baseline assessment and prior periods. Adjustments to the efforts to maintain and improve maturity can then be made against possible strategic priority changes, governance initiatives, and roadmap resets.

Maturity assessments on internationally recognized frameworks generally involve external auditors with certification and recertification requirements. Engagement in the maturity assessment and improvement process requires a minimum level of organization self-awareness to the issues and commitment to the improvements necessary. A cultural readiness, resistance, and capability assessment may be built into a maturity assessment. The set of standards centered round ISO/IEC 33001 attempt to provide an overall general structure for process assessment related to software development.

1.1 Capability Maturity Model Integration (CMMI)

Capability Maturity Model Integration (CMMI) [1] is a standard reference model for process improvement with cross-sector applicability with special focuses:

  1. Product and service development — CMMI for Development (CMMI-DEV)
  2. Service establishment, management, — CMMI for Services (CMMI-SVC)
  3. Product and service acquisitionCMMI for Acquisition (CMMI-ACQ)
  4. Data management — CMMI for Data (CMMI-DMM)

1.2 People Capability Maturity Model

In addition, the CMMI Institute provides the People CMM (https://www.sei.cmu.edu/reports/09tr003.pdf) which describes five levels of maturity for workforce management. It progresses from inconsistent management, to people management, to competency management, to capability management and ends with continually improving management practices. It is designed for continuously improving individual competencies, developing effective teams, motivating improved performance, and shaping the people capabilities the organization needs to accomplish its future plans.

1.3 IT-Capability Maturity Model (IT-CMF)

Getting better at EIT strategy and governance requires both organizational change in how IT is managed and the development of individuals. The IT-Capability Maturity Model (IT-CMF) takes an organizational management approach to improving IT capability rather than a one focused on processes and thus is very complimentary to CMMI. IT-CMF (https://ivi.ie/) helps organizations to measure, develop, and monitor their IT capability maturity progression for maximum benefit in their particular context. It consists of 35 IT management capabilities and these are organized into four macro capabilities: managing IT like a business; managing the IT budget; managing the IT capability; managing IT for business value. Its 35 Critical Capabilities (CCs) are defined in as “A defined IT management domain that helps mobilize and deploy IT-based resources to effect a desired end, often in combination with other resources and capabilities” [2]. Each has five different levels of maturity starting from "initial" and going up to ‘optimizing’. The IT-CMF includes questionnaires to assess current maturity and a suite of practice recommendations to improve maturity.

2 References

[1] Capability Maturity Model Integration (CMMI) Version 1.2 Overview, http://www.sei.cmu.edu/library/assets/cmmi-overview071.pdf, Software Engineering Institute, Carnegie Mellon University, 2007.

[2] IT Capability Maturity Framework (IT-CMF): The Body of Knowledge Guide. 2015. Eds. Martin Curley, Jim Kenneally, Marian Carcary. Van Haren Publishing