In our last entry “How to turn compliance requirements into business success” we developed a model that greatly reduces the complexity of the topic and allowed us to get a clear view on what is important when implementing compliance rules.
We spoke of two different ways to use the model.
- The qualitative classification of processes
- The KPMG self assesment
Today we’re diving a little deeper. How can companies measure and improve internal structures and processes to reach the goals of our compliance-model? Let’s have a look at the method of qualitative classification. For that we will use the widely accepted model: Capability Maturity Model Integration (CMMI)
It contains these five steps:
- The lowest to be achieved maturity level is 1 (initial). The processes are carried out ad hoc. Project success is primarily based on the skills of the project manager. The same project could fail with another project manager. Planning is incomplete and there is no consistent monitoring of success.
- Level 2 is reached when the basic project management processes for planning and controlling time and costs are in place. It is sufficient if these processes are implemented in a rudimentary way. It is important that the processes are actually “lived”.
- From level 3 on, it is no longer about individual processes, but about the organization as a whole. The processes must be standardized within the company or authority. Documentation of the processes is also required.
- For level 4, the processes within the organization must be standardized. In addition, it is necessary to measure the quality of the processes using KPIs (Key Performance Indices) and to make predictions for the course of the project.
- In the highest level 5, the processes must be continuously improved. One tool for this is the regular search for weak points in the processes.
An example of practical maturity levels is the support of a management system – an information management system according to ISO 27001. With each recertification, a maturity level is applied that is the same as the last audit. This can be done by automating workflows with a comparably small reputation of a different maturity level – one of the advantages of digital transformation.
You will find a detailed analysis of the process of qualitative classification on our YouTube-channel. In our next entry we will look at the KPMG self assesment in order to get some tangible improvements for your business processes.
For more information contact us via phone, e-mail or on social media.
Follow us on LinkedIn to stay updated on the latest compliance news!