William Hackos, Jr., PhD
Vice President, Comtech Services, Inc.

You are probably familiar with the concept of process majority as promoted by JoAnn Hackos. Some of you may have had process maturity audits done for your information-development department. JoAnn has emphasized that although good writing can come out of any kind of environment, good, repeatable documentation requires a level of management maturity within the department.

JoAnn developed her ideas about the Information Development Process Maturity Model (IPMM) as an analogy to the Software Engineering Institute’s Capability Maturity Model (CMM). A process maturity model for outsourcing, the Outsourcing Management Maturity Model (OMMM), has been defined by Wissam Raggoul and was first published by the Meta Group on February 8, 2002.

What do these process maturity models have in common and what are their differences? Is there some commonality of all process maturity models that we might call the General Process Maturity Model (GPMM)?

The IPMM and the OMMM are based on the methodology first created for the CMM. Each model has five levels of maturity based on some defined attributes. Each model makes the assumption, based on careful observation, that some sort of maturity exists in the discipline and that departments or companies mature through particular phases, just as people mature from infants to children to adults to senior citizens. We can determine the maturity of people by observing their behavior. We know that all people mature through the same stages. Similarly, we can determine the maturity of an organization by observing its behavior.

All of the models have a list of traits that define the maturity level. However, each model has a different approach to defining these traits. The CMM, developed by the Software Engineering Institute, prescribes specific key process areas to define each level. CMM Level 1 (Initial) is defined as chaotic because few if any formal processes exist. At Level 2 (Repeatable), basic management processes are established to track cost, schedule, and functionality. At Level 3 (Defined), the processes for both management and engineering activities are documented and integrated into a standard software-development process. Further process improvements are made for Levels 4 and 5.

For the IPMM, developed by JoAnn Hackos at the Center for Information-Development Management, eight key practices are defined. They are

  • Organizational Structure
  • Quality Assurance
  • Information Planning
  • Scheduling and Estimating
  • Hiring and Training
  • Information Design
  • Cost Control
  • Quality Management

The maturity levels are defined based on the level of development of each of these eight key practices. Level 1 (Ad Hoc) has little if any development for any of the key practices while higher levels have greater and greater development of these same key practices. By using the eight key practices, Hackos does not need to make the assumption that the CMM makes: all organizations mature at the same pace and in the same way. Instead, Hackos allows for diversity among organizations. For example, a high maturity level in scheduling and estimating might balance an immaturity in the area of quality assurance.

The outsourcing model is organized differently than either the CMM or the IPMM. In the OMMM, each level is defined by the conditions that must be met to reach that level. For Level 2, some of the conditions are to “Establish a relationship management structure to create a winning relationship” and “Establish SLAs

[service level agreements] for all outsourced services to quantify service outcome.” It’s difficult to use these conditions to evaluate the level of OMMM maturity for a given organization. The OMMM is organized more like a prioritized list of actions to achieve outsourcing success rather than as a model.

The differences between the three models are partly due to the motivations for the models. The CMM was developed because the federal government was having trouble hiring competent software vendors and wanted some way to measure vendor competence. The CMM is a certification that is used to market vendor services—hence its stress on formal documented processes and its lack of stress on quality. The IPMM stresses quality as well as process because information-development departments use it to demonstrate the value of their organizations to management. The OMMM is a priority listing of conditions that must be met jointly by management and outsourcing vendors. Outsourcing is primarily a management and contractual relationship rather than managing an organization of technical people.

However, despite their differences, the three models have much in common. All three describe a range of management competencies for their disciplines. All three describe how to improve and move up the maturity scale.

Can We Describe a General Maturity Model for an Organization?

All three models have ranges of processes from none to informal to documented to optimized. All three move from isolation to awareness of industry standards. All three range from no control to effective control. All vary from keeping the status quo to effectively improving practices.

Based on what is common among the three models, we can define a general process maturity model (GPMM). In GPMM terms, the lowest level is an organization with little if any process, nothing written down, no idea what goes on in similar organizations, little or no control over its output, and no clue that there is any need for improvement.

At the highest level is an organization that has well-documented formal processes, is constantly benchmarking against similar organizations, has effective quality control in place, and is always trying to optimize its processes.