Posted December 6th, 2011 by Roman Jouravlev

Lost in translation… again.
We talk, write and read a lot about process measurement and assessment. Various models have been developed to assess IT processes from various perspectives. We try to measure effectiveness, efficiency, maturity, compliance, capabilities and other interesting aspects of processes’ life. But do we always understand what exactly we measure? Do you think you can tell maturity from capability? Effectiveness from efficiency? Compliance from maturity? Blue sky from pain? Free democratic elections from dirty buffoonery? …Sorry, I’ve lost the point for a moment.

Back to the processes. A month ago ITGI and ISACA published a complimentary guidance for COBIT – a farewell laughter before the retirement of 4.1 and a kind of trailer for upcoming COBIT5 under one cover. This time it was the Process Assessment Model (PAM). Like any of COBIT-related publications PAM is a witty combination of fragments of COBIT framework itself and some other stuff – ISO 15504 in this particular case. Nice structure, useful tool, much-needed glossary of process outputs and – attention! – capability model instead of maturity model.

Writing a post for our website to announce this new publication I faced a problem of finding an adequate translation for the term Capability. Not because of lack of vocabulary but because of lack of  personal ability to explain the difference to Russian audience – since the meaning and purpose of the model is practically the same to the old good maturity model made up by Carnegie Mellon and happily used in COBIT for several years. So I had to define what do these words mean and why do we need different models to assess process capability and process maturity – not to tell about CMM designed to assess both.

Through this linguistic and process management investigation I finally came to my own structured model of process measurement and assessment. It seems to be a useful tool for those who get lost in the complicated world of IT- and non-IT processes. I tried to define purpose and specific characteristics of various dimensions of process management and governance and to link those dimensions to widely used models and frameworks.

Big picture
There are four dimensions to measure and assess:

  • Capability
  • Maturity
  • Effectiveness
  • Efficiency

Capability is a measure of the ability of a process to fulfill a specific purpose. Maturity is a measure of the ability of a service provider to govern the processes and management system in a whole. Together capability and maturity are used to express the potential of a services provider. An analogy to service utility and warranty may help to understand the difference.

Effectiveness is a measure of achievement of the goals set for a process. Efficiency is a measure of the cost of effectiveness. Together effectiveness and efficiency express the factual achievements of a service provider.

Capability and Effectiveness answer to “what” questions: what can a process achieve and what it has achieved. Maturity and Efficiency help to answer “how” questions: how does a service provider ensure the capability will be effectively applied and how much did it cost to achieve the result.

Details
For each dimension I tried to define its purpose, target audience, sources of assessment criteria and specific methods of assessment.


For me it brought a significant clarification of the process measurement and assessment instruments. Of course it doesn’t remove the ambiguity of C and M in CMM and does not add sense to use of “capability” in terms of ISO 15504 and COBIT 5 (and COBIT4.1 PAM) since process capability in “my” meaning is assessed only at level 1 of those models whereas levels 2-5 express process maturity (again, in “my” meaning). But as soon as one has a structured big picture in one’s head he or she doesn’t bother too much with names of the tools used – only with their … ehh… utility.
 

You are not watching this post, click to start watching
Your rating: None Average: 5 (6 votes)

Comments

Aale Roos (08/12/2011)

Quite interesting and useful.

One question. Isn't ISO 20000 a maturity assessment? The standard does not measure service quality, it only assesses the management system.

Roman Jouravlev (08/12/2011)

Thanks, Aale!
In terms of the system described, ISO20000 - if you mean Part 1 - is a capability assessment. ISO20k requirements specific to the processes specify service management capabilities. Requirements to the management system address maturity to some extent but there are no sound maturity specifications there...

In fact, nothing in this scheme measures service quality - all four parts are about "process quality" but assessed from different perspectives. The sysytem may be applied to a particular process or to a management system in a whole. The choice demends on the set of criteria in "potential' part of the square and on the set of goals in the "factual" (wright) part.

Jan van Bon (09/12/2011)

ISO20000 indeed is not a maturity measuring system.

You could use a maturity leveling approach to assess how 'good' the various practices are done in the practice of a specific organization. ISO20000 only describes the outcome an organization should comply with. By nature, it's an auditing instrument. The biggest mistake you can make, it to use it as an instrument to set up an organization.

Most important: there is no such thing as process maturity. Only organizations or functions of organizations can have a 'maturity'.

Roman Jouravlev (13/12/2011)

Well, Jan, it seems we need to define what does maturity mean.
In the column I defined it as "the measure of the ability to govern the processes and the management system in a whole... defined in terms of specific control practices and outputs forming the assurance in stable and predictable execution of the process(-es or the Management System)"

By this definition a process may be "more mature" than another one. For example, in most organizations support processes are governed in more formal and structured manner than, say, risk management process. As long as organization is "immature", it may have "more" and "less" mature components inside. And only after centralized QMS develops, it starts to rule the processes and common "organization maturity" arises as measurable and managable characteristic.

Since many organizations are still on the way to such QMS and still trying to build separate processes, a measure of maturity seems to be applicable for those processes.
Or not?

Jan van Bon (13/12/2011)

Roman,
imho you contradict yourself.

"Processes" are subject to governance.
Maturity is some kind of "ability" to govern these processes. This means that maturity is a qualification of the governing body - whatever that may be.

Since processes are subject to this governing body, processes cannot govern themselves. Ergo, processes cannot have 'maturity'.

Note: processes ARE.
An organization may be more or less aware of these processes. The organization can then determine whether or not to use and apply these processes in a more or less formalized way, and manage them more or less explicitly.
We tend to think that "more formalized control" is "more mature governance".

My conclusion still is: processes HAVE no maturity. Only organizations do.

Roman Jouravlev (14/12/2011)

Hey, folks!
Is anybody in there?
Just nod if you can hear us :)

What do you think on this matter? Do processes have maturity?

****
Jan, if we don't call it maturity, what is the measure of process formalization and control? How would you call it?

And do I understand correctly that in your picture one organization at a given moment can demonstrate different levels of maturity towards different processes?

Anonymous (17/12/2011)

Yeah, I believe somebody is still here. Roman, as we discussed this topic before I tend to agree with Jan.
I do believe processes bring some facilities for fulfilling functions. To achieve that those processes have some capabilities. The more structured process approach is, the more capable processes to fulfill their purpose, the more mature organization using them.
A simple exercise here is to try to apply these terms to organization which only does incident management in a controlled manner (as a managed process). Let's suppose the incident management process works pretty well - controlled, measured, optimized. So it's capabilities are quite strong. Yet I doubt you will say this organization is mature since the only thing it does effectively is fire fighting. To become more mature you need to identify and resolve problems / errors, manage risks when implementing changes, plan IT capacity in advance, have a strong partnerships with IT-users and so on.
Don't you agree?

Jan van Bon (16/12/2011)

Roman,
on the two questions:

Organizations can decide to actively manage the activities in a process. They can also chose to ignore or skip certain activities. And they can even be unaware of the existence of activities.
E.g.: in theory, an organization could never do any TESTING in a CHANGE ("we never test, we believe"). Or they could skip the PRIORITIZATION step ("we do our best"). Organizations that DO manage these activities are normally called 'more mature' re the CHM process. Organizations that are not even aware of these activities tend to be classified as "less mature".
The "maturity" could be expressed in the level of detail of the process, combined with the explicit choices to manage these activities.

In my practice we teach organizations to grow into this, using a stepwise approach. We know the end-level of detail of the process, and we coach organizations in improving their grip on process management, starting at their local initial level of control.

And yes: organizations can clearly have different levels of "maturity" towards the grip they have on their processes. E.g. they can completely miss any SLM, but still have a high level of control on their Incident Management.

Roman Jouravlev (25/12/2011)

Well, if "organizations can clearly have different levels of "maturity" towards the grip they have on their processes", than maturity can be mesured in the context of particular process(es). So the model I offered in the column may be valid if we replace "maturity of a process" with "maturity towards a process" or "maturity of a process governance".
The process will not be the subject of assessment in this case but will provide a context or scope for assessment of the management sysytem (or organization).
Do you find it correct this way?

Jan van Bon (25/12/2011)

Now we're talking! And Merry Christmas to you, Roman...

Anonymous (11/01/2012)

very interesting column. I am looking to develop a process assessment questionaire for our manufacturering suppliers of various commodities.
I believe the IT framework could work with some refinements.
Thank you for th einfo.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <br><p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.