Alternative Frameworks for Process Improvement: A Small Business Guide to Major Frameworks

Dr. Jim Kane addressed the Capability Maturity Model Integration (CMMI), ISO 9000, Information Technology Infrastructure Library (ITIL) and Six Sigma alternative frameworks for process improvement for a small business at AFCEA’s Small Business Committee meeting. He described the characteristics of each, including which certifications make sense, particularly a defense-oriented small business. Kane focused his remarks on the business aspects pertinent to evaluating each framework and deciding which one is appropriate in different situations.

Small businesses were advised to perform a comprehensive analysis of the pros and cons before undertaking a process improvement effort. Taking an unusual approach, Kane suggested that a small defense-oriented business might actually begin by considering the case against adopting a process improvement framework. In general, he stated, the major process improvement frameworks are really more appropriate for larger organizations. Finally, the investments involved with each are substantial. All of the frameworks require some mix of dedicated resources beyond the direct costs that include leadership time, staff hours and additional external resources. Be cognizant of the impact this expense will have on income statements, he advised. No formal U.S. Defense Department policy requires adherence to these frameworks, he pointed out.

Once small business owners have determined the actual costs and other pertinent factors, Kane suggests they carefully evaluate the case in favor of process improvement. One powerful argument is the significant value that can be realized by achieving the ideal mix of people, technology and processes. Additionally, process improvement should help the organization better comply with request for proposal requirements. Demonstrating a strong process improvement framework also might increase a company’s attractiveness as a potential teaming partner. Finally, small business owners should consider the possible beneficial impact on their balance sheet. The question is whether a prospective buyer would be willing to pay more for a business because of its investment in process improvement.

Kane described CMMI as a benchmarking type model used to gauge an organization’s systems and software development activities against industry best practices. The Software Engineering Institute (SEI) at Carnegie Mellon University is the custodian of CMMI, and the model can be used to appraise internally for process improvement or externally for contract awards. The CMMI can be applied in a staged approach to achieve Maturity Levels 1 through 5. The time investment is approximately 18 to 24 months for each level of maturity. Additionally, 2 percent to 5 percent of current staffing levels are usually devoted to improvement efforts.

ITIL is a set of specialized organizational capabilities for providing value to customers in the form of services. Capabilities take the form of functions and processes for managing services over a life cycle to deliver quality, cost-justified services. ITIL is often the best match for information technology service organizations of any size and information technology service providers to both internal and external customers, Kane said. Although ITIL is not required to achieve Six Sigma, measurement is important to service management. There is no organizational certification for ITIL, so those desiring an organizational certification should use ISO 20000 for information technology service management. Investment costs for ITIL depend on how many new processes the organization needs to implement. The organization should assess current processes and determine the gap between current processes and which ITIL processes the organization needs to implement. Other important considerations are the size and culture of the organization. Kane advised that small business owners address items such as the number of clients, services, staff and readiness for change.

ISO 9000 is a family of standards for quality management systems that is maintained by the International Organization for Standardization (ISO) and administered by various accreditation and certification bodies. ISO 9001:2000 is the standard that most organizations are measured against and is intended for use in any organization that designs, develops, manufactures, installs and/or services any product or provides any form of service. Some of the requirements in ISO 9001 include a set of procedures that cover all key processes in the business; monitoring processes to ensure these processes are effective; adequate recordkeeping and output checking for defects, with appropriate and corrective action where necessary; regular review of individual processes and the quality system for effectiveness; and continual improvement.

ISO 9001 is used primarily when required by a contract or in a business venture. The purpose is to provide a level of assurance to customers that suppliers can provide quality in the products and services they produce. Companies are registered as ISO 9001:2000 by a certified registrar through an audit against the standard. Initial registration audits are expected to be roughly equivalent to the cost of CMMI appraisals. Typically, investment in time and resources include 18 to 24 months of time invested prior to the first registration audit and 2 percent to 5 percent of current staffing levels usually devoted to improvement efforts after that.

Six Sigma is an improvement approach and a toolbox of improvement techniques that grew out of total quality management and other improvement best practices. Often, it is combined with “lean” techniques that focus on eliminating waste and making business improvements. There are two predominant approaches to applying Six Sigma. The first is define, measure, analyze, improve and control (DMAIC). This toolbox of improvement techniques is used at appropriate phases such as critical-to-quality (CTQ) trees, statistical process control, analysis of variance (ANOVA) and design of experiment (DOE).

The second approach is Design for Six Sigma (DFSS). This is similar to DMAIC but uses a different process and some different tools, including more use of quality function deployment, failure model and effects analysis (FMEA) and TRIZ. Six Sigma can be applied to operations or engineering and design. Different approaches and methods apply to each: DMAIC applies to operations and ongoing projects, while DFSS applies to engineering and design activities.

Six Sigma does not involve appraisals or certifications; it is an internally focused improvement approach and toolbox. The approximate time and resources investment can vary widely depending on how and where the method and toolbox are applied. Training one Black Belt usually costs approximately $2,000 and four weeks; training one Green Belt usually costs approximately $1,000 and two weeks. The training period for both can be spread over several months. Expect to train one Black Belt per 100 people and approximately five Green Belts, Kane stated. As with most of the other frameworks, small business owners should plan for 2 percent to 5 percent of current staffing levels to be devoted to improvement efforts thereafter.

Kane also mentioned an additional consideration, as there is a possible process improvement tie-in to Sarbanes-Oxley, the law requiring public companies to verify that they have control over their financial systems. Control Objectives for IT (CoBit) are the high-level objectives most often used in information technology organizations in which Sarbanes-Oxley requires proof of control of information technology systems, especially those that have an impact on their financial systems. CoBit is usually implemented through ITIL for information technology services and CMMI for software and systems development.

Presentation materials, including a podcast of this presentation, are available on the Small Business Committee site.