One way to keep big IT programs out of trouble

Capability Maturity Model could help agencies improve the management of their service delivery programs

Jeffrey D. Sacks is CIO and chief technology officer at Access Systems.

As the Obama administration steps up oversight of high-risk IT projects, contracting organizations must take greater responsibility to provide a level of confidence in the services they offer. That is where one of the latest offerings from the Software Engineering Institute at Carnegie Mellon University can help.

SEI’s various Capability Maturity Models are designed to improve the development and management of large programs by ensuring that organizations are building and documenting repeatable processes that can be applied to any number of programs. An organization is rated on a scale of one to five, with the higher numbers indicating that its processes are more mature and continuously improving.

In general, both government and industry have widely adopted the CMM approach for software development and acquisition. In some cases, federal agencies soliciting bids on large development projects specifically ask for bidders with a certain CMM level of certification.

Ironically, however, the government is spending billions of dollars more each year on services, which suggests the need for more comprehensive and rigid standards for executing service delivery. SEI provided just that when it introduced the Capability Maturity Model Integration for Services (CMMI-SVC) in February 2009.

Traditionally, efforts to improve the delivery of large program and project services have focused on one key resource: the program or project manager. CMMI-SVC changes that chemistry by improving and documenting service delivery-related processes across an entire organization.

The model helps integrate traditionally separate organizational functions, sets process improvement goals and priorities, provides guidance for quality processes, and offers a point of reference for appraising current processes. It can give an added level of confidence to any organization that is executing large-scale plans. The model even encompasses processes that extend to an organization’s client. This makes it possible for the two organizations to share information, establish metrics and make real-time course corrections.

However, obtaining a CMMI-SVC rating is not an easy process. It’s time-intensive and demands a one- to three-year investment. It requires multiple audits, each of which could take a full week of work to complete. Many organizations have not yet begun the audit process for CMMI-SVC, believing International Organization for Standardization certification is sufficient. Although ISO is important, it is a generic quality management standard that focuses on the consistency of processes in general rather than project and service-delivery processes in particular.

Plus, the added benefit of project and process management speaks directly to recent moves by the administration to ensure better performance from the contractor community.

In August, federal CIO Vivek Kundra spoke publicly about 26 IT projects recently dubbed high risk by the Office of Management and Budget. On June 28, OMB had halted spending on financial systems modernization projects. Kundra said the projects, which span 15 federal agencies and exceed $30 billion in life-cycle costs, require thorough review and better management planning.

The concentration of in-depth documentation required by CMMI-SVC illustrates that contractors can demonstrate an institutional commitment to best practices, which are audited and certified by an objective third party. That standard involves the individual contractor delivering a singular view of best practices to an expansive best-in-class service-delivery model, with processes that are defined and repeatable.

Having contractors’ processes identified, clearly managed, continuously improved and optimized to deliver best-in-class services will ensure that entire organizations are committed to providing the highest levels of service and transparency to the government. That builds higher confidence in the government that the contractor community is embracing certified service-delivery processes while bringing a more proactive and informed management discipline to each effort.

About the Author

Jeffrey D. Sacks is CIO and chief technology officer for Access Systems.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Wed, Sep 12, 2012

CMMI for Acquisition is absolutely a waste of time and money. If the government regulations are followed and adhered to, CMMI is already be done. Isn’t that why the regulations are in place? If the leadership in government organizations enforce the rules then what is the problem. What added value does some "CMMI Level" give to a government organization? Why would a Government organization waste taxpayer money to get to a specific level? Bragging rights for the leadership or something to put on their resumes for their higher paying next position at an unnecessary cost to taxpayers? Stop wasting precious resources and do your jobs, enforce what is already on the books.

Mon, Nov 1, 2010 Frank DC

Documentation only gets you the lowest levels of CMMI. The higher the level the more you are using CMMI to manage the business through metrics and statistical process control. Predictability is the name of the game, not heroics to meet a schedule. Of course the flip side of this is that a high CMMI company knows what it will take to do a job and price their proposals accordingly. They can easily be undercut by companies who just want to win.

Mon, Oct 25, 2010

We had a CMMI level 3 self certified subcontractor and they failed to deliver documentation and software. Yeah works great! HA. No more process documentation, we need people who can manage a team and not lie thru their teeth to management, and we need management to stop hearing what they want to hear and listen to the worker bees. They are the real ones that know what state the project is really in.

Fri, Oct 22, 2010 Mike TX

In my experience its up to the gov't PMO to perform the due diligence when it comes to CMMI claims by a contractor. Its not necessarily so that the contractor can perform, but the fact the gov't side is so ad hoc and, dare I say immature with their own work processes that causes the problems. It has a detrimental effect when you have an acquirer-supplier mismatch. Some contractors do actually "walk the talk" when it comes their the CMMI maturity levels and processes, while others seem to be more interested in getting the contract and any awards first. CMMI is not meant to be a "heavy weight" process that is documentation-centric. If a company has implemented it in that manner then I would argue is a poor interpretation and implementation of the model.

Fri, Oct 22, 2010 Bob McPherson

The recurring theme throughout all of the process management methodologies from PMBOK to CMMI to ISO to EVM is a focus on spending time documenting the administration of the work. None of this activity is value added because it does not result in a finished prodcut. We need to work management execution systems. Execution is the name of the game, not more documentation. Theory of Constraints is a good starting point. And yes I am a card carrying member of the PMI!

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group