One way to keep big IT programs out of trouble

Jeffrey D. Sacks is CIO and chief technology officer at Access Systems.

As the Obama administration steps up oversight of high-risk IT projects, contracting organizations must take greater responsibility to provide a level of confidence in the services they offer. That is where one of the latest offerings from the Software Engineering Institute at Carnegie Mellon University can help.

SEI’s various Capability Maturity Models are designed to improve the development and management of large programs by ensuring that organizations are building and documenting repeatable processes that can be applied to any number of programs. An organization is rated on a scale of one to five, with the higher numbers indicating that its processes are more mature and continuously improving.

In general, both government and industry have widely adopted the CMM approach for software development and acquisition. In some cases, federal agencies soliciting bids on large development projects specifically ask for bidders with a certain CMM level of certification.

Ironically, however, the government is spending billions of dollars more each year on services, which suggests the need for more comprehensive and rigid standards for executing service delivery. SEI provided just that when it introduced the Capability Maturity Model Integration for Services (CMMI-SVC) in February 2009.

Traditionally, efforts to improve the delivery of large program and project services have focused on one key resource: the program or project manager. CMMI-SVC changes that chemistry by improving and documenting service delivery-related processes across an entire organization.

The model helps integrate traditionally separate organizational functions, sets process improvement goals and priorities, provides guidance for quality processes, and offers a point of reference for appraising current processes. It can give an added level of confidence to any organization that is executing large-scale plans. The model even encompasses processes that extend to an organization’s client. This makes it possible for the two organizations to share information, establish metrics and make real-time course corrections.

However, obtaining a CMMI-SVC rating is not an easy process. It’s time-intensive and demands a one- to three-year investment. It requires multiple audits, each of which could take a full week of work to complete. Many organizations have not yet begun the audit process for CMMI-SVC, believing International Organization for Standardization certification is sufficient. Although ISO is important, it is a generic quality management standard that focuses on the consistency of processes in general rather than project and service-delivery processes in particular.

Plus, the added benefit of project and process management speaks directly to recent moves by the administration to ensure better performance from the contractor community.

In August, federal CIO Vivek Kundra spoke publicly about 26 IT projects recently dubbed high risk by the Office of Management and Budget. On June 28, OMB had halted spending on financial systems modernization projects. Kundra said the projects, which span 15 federal agencies and exceed $30 billion in life-cycle costs, require thorough review and better management planning.

The concentration of in-depth documentation required by CMMI-SVC illustrates that contractors can demonstrate an institutional commitment to best practices, which are audited and certified by an objective third party. That standard involves the individual contractor delivering a singular view of best practices to an expansive best-in-class service-delivery model, with processes that are defined and repeatable.

Having contractors’ processes identified, clearly managed, continuously improved and optimized to deliver best-in-class services will ensure that entire organizations are committed to providing the highest levels of service and transparency to the government. That builds higher confidence in the government that the contractor community is embracing certified service-delivery processes while bringing a more proactive and informed management discipline to each effort.