Tuesday, June 1, 2010

DO INFORMATION TECHNOLOGY COMPANIES NEED BOTH CMMI AND ISO 9001 STANDARDS- AN OPEN DISCUSSION?



 

Conceptual
ISO 9001 is an "audit standard" and CMMI is a "process model". Hence, conceptually, they are quite different- it is almost like Apples and Oranges and hence cannot be compared, even though ISO 9001 standard is also based on "process approach".
CMMI focuses on engineering and project management processes whereas ISO's focus is generic in nature.
While, CMMI is a set of related "best practices" gathered from many product engineering and software development organizations, ISO 9001 standard is a certification tool that certifies businesses, whose processes conform to the laid down standards and is focussed on product and Service Quality
CMMI requires ingraining processes   into business needs so that such processes become part of corporate culture and do not break down under the pressure of deadlines. ISO specifies to conformance and remains oblivious as to whether such conformance is of strategic business value or not.
Although CMMI focuses on linkage of processes to business goals, customer satisfaction is not a factor in the ranking whereas customer satisfaction is an important part of ISO requirements.
Neither CMMI nor ISO requires the establishment of new processes. CMMI compares the existing processes to industry best practices whereas ISO requires adjustment of existing processes to confirm to the specific ISO requirements.
The comparison of CMMI Vs. ISO reveals that while CMMI is more focused, complex, and aligned with business objectives, ISO is flexible, wider in scope and not directly linked to business objectives.
ISO 9001 QMS- Strengths
The ISO 9000 Standards is a very practical management system, that ensures good quality of product or service in any business environment. The ISO 9001 Certification is recognized worldwide as a hallmark of professionalism and commitment to quality. The latest version, the ISO 9001:2008, is especially relevant to the Services Sector, focused on fulfilling customer expectations, improving the quality of an organization's business and management processes, so that when a job is done it is done well, first time, every time.


The ISO Certification process is extremely significant, as it is taken just once in the lifetime of any organization.


 

Benefits from an in-depth ISO 9001 implementation
ISO 9001:2008 provide a tried and tested framework for taking a systematic approach to managing your Business activities. To get customers – and to keep them satisfied- your product or service needs to meet their requirements.
The ISO 9001 standards give organizations an opportunity to increase value to their activities and to improve their performance continually, by focusing on their major processes. The standards place great emphasis on making quality management systems closer to the processes of organizations and on continual improvement. As a result, they direct users to the achievement of business results, including the satisfaction of customers and other interested parties.

 


CMMI is meant to help organizations improve on their capability to consistently and predictably deliver the products, services, and sourced goods their customers want, when they want them and at a price they're willing to pay. From a purely inwardly-facing perspective, CMMI helps companies get from estimates to actuals in the black, keep customers happy, and purchase the right things the best way.

Strengths of CMMI


CMMI is just a model, it's not reality. Like any other model, CMMI reflects one version of reality, and like most models, it's rather idealistic and unrealistic -- at least in some ways. When understood as *just* a model, people implementing CMMI have a much higher chance of implementing something of lasting value. As a model, what CMMI lacks is context, specifically, the context of the organization in which it will be implemented for process improvement.
Putting it all together: CMMI is a model for process improvement from which (astute) organizations will abstract and create process improvement solutions that fit their unique environment.The Practices (which are much more numerous) are "expected" elements of the model. That means that the SEI expects that an organization will have to perform all of those Practices in order to achieve the Goals. Organizations occasionally employ "alternative practices" to achieve the Goals, and when they do, that is OK. As long as each Goal is achieved, the actual Practices that are employed are not an issue.


The Sub-Practices and other information in the CMMI are merely "informative" elements of the model. That is, they are there to provide additional information to help the reader to understand the intent of the Goals and Practices. There is no requirement (or even expectation) that an organization will perform all of the Sub-Practices.


Naturally, if your organization is not under a mandate to achieve a Maturity Level rating, then the Practices, and even the Goals in the CMMI take on more of a suggestive flavor.

The SEI designed the CMMI to be a roadmap for process improvement. When the CMMI is used by an organization that has no interest in process improvement, its use can (and often does) become abuse. Processes are written solely to satisfy a CMMI Appraiser, but with little or no thought for how they will affect the organization's work. Paperwork grows seemingly without bounds, and people feel that they are drowning in "process for process' sake".

In these organizations, the CMMI's primary purpose (a roadmap to improvement) is lost, and it becomes a straightjacket for the organization and its people. It becomes abusive as it is abused by those whose primary objective is a Maturity Level rating. And many of these organizations end up with no more than they sought: a Maturity Level rating and process binders sitting on shelves gathering dust while business goes on little improved from its starting point.


 

Supplementing strategy

 

A company having both CMMI and ISO 9001 has the advantages in running its Software processes to the optimum as well as having the product quality- the end result, in tact and with continual improvement in customer satisfaction and hence they are supplementary in nature. While the process mapping is in the domain of CMMI, process auditing is the backbone of ISO 9001.

 

Internal Auditing for conformance to ISO 9001 standards provides a framework for maintaining product/service quality. The internal auditing ensures that the business processes are stable, consistent, and followed as per the laid down requirements.

 

Hence, as a strategy, it would be a better option to maintain CMMI with a strong ISO 9001 internal Auditing. As an extended strategy, outsourcing of internal auditing helps to provide valuable inputs to the management on the health of the QMS standards.

 

Outsourcing Internal Audits

 

Although organizations consider that the third-party ISO 9001 Annual Surveillance Audits provide independence, integrity and value, their outcome is often simply permission to conduct business as usual. Competitive cost pressures have created a commoditized, streamlined environment where these audits focus narrowly on adherence to specific quality, safety, environmental or financial standards. As a result, these audits too often leave companies with a handful of persistent performance problems and unidentified business risks that can erode shareholder value.

In respect of Internal Quality Audits, the companies find that the findings initiated by their own company's employees, trained as internal auditors, were minor and did not add any value. Findings were of the document control type, incomplete tags which didn't move the company towards continuous improvement activities. These findings simply weren't important to them.

There is an option of making this Internal Auditing more effective, more value-adding and providing a business overview- outsourcing this function.

In the paper and presentation seen at the ASQ Audit Conference in October, 2008, "Effective Internal Audits: Is Outsourcing the Answer?" Denis Devos reveals results of his study which shows that "there is a growing tendency for organizations to rely on the services of professional auditors to perform audits". In his study, Denis completed a survey of 155 companies. 76% - 86% (nonautomotive companies vs. automotive companies) of the companies surveyed had outsourced the internal audit function, even though there was an "internal" audit team in place.

Today, experienced auditors go beyond the conformity by identifying levels of compliance with – and the effectiveness of – a company's own established best practices, management processes and business excellence framework. The detailed, customized analysis generated, gives business leaders a genuine insight into how effectively their current business management systems are performing and how they can use them to create even more value for customers and shareholders. Importantly, they also provide a road map for the continual improvement that many standards require and that is necessary to build and maintain competitive advantage. This can also be an effective tool for measurement of performance excellence


Conclusions

 

A sensible approach would therefore be to have both CMMI and ISO 9001 and reap the best of both thro' a strong ISO 9001 Internal Auditing

No comments:

Post a Comment