A business process is a collection of related structural activities that produce something of value to an organization, its stake holders or its customers. Each business process has inputs, operations and outputs.
Process Management is the application of knowledge, skills, tools, techniques and systems to define, visualize, measure, control, report and improve processes with the goal to meet customer requirements profitably.
CMM stands for Capability Maturity Model. Capability Maturity Models enable an organization to identify the level of maturity achieved by their processes and to design and implement a continuous improvement plan that will raise their process maturity level to one appropriate for their business objectives.
The Capability Maturity Model (CMM) is a method for evaluating and measuring the maturity of processes of organizations on a scale of 1 to 5. The Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh created a number of CMMs in the mid-1980s to assess and improve capability maturity for Software Development, Systems Engineering and Product Development. In 2000 the SEI revised and integrated these CMMs into what is now known as the CMMI. The CMMI is composed of the Capability Maturity Model for Software (SW-CMM), the Systems Engineering Capability Model (SECM), and the Integrated Product Development Capability Maturity Model (IPD-CMM). The purpose of CMM Integration is to provide guidance for improving an organization's processes and ability to manage the development, acquisition, and maintenance of products or services.
There are five levels of the CMM. An organization can use this scale to map their current and intended maturity level:
NB An IT Service Capability Maturity Model is currently in development that is a maturity growth model aimed at providers of IT services, such as management of hardware and software, operations, and software maintenance. The structure of the model is similar to that of the Software CMM. The contents of the IT Service CMM, however, are key process areas needed for mature IT service provision. IT Service CMM Version RC1 has been available since January 28, 2005.
CMM for Software <http://www.sei.cmu.edu/cmm/>
IT Service CMM <http://www.itservicecmm.org/download.html>
The Control Objectives for Information and related Technology (COBIT) is a framework for IT management risks created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). COBIT provides a set of control objectives to assist in the use and benefit of information technology as well as developing the appropriate IT governance and control in a company.
COBIT consists of six elements: management guidelines, control objectives, COBIT framework, executive summary, audit guidelines and an implementation toolset. All are documented in separate volumes. There are thirty four high level control objectives in COBIT, one for each IT process grouped into its four domains:
This structure covers all aspects of information and the technology that supports it.
COBIT was developed by the ITGI and the ISACF in 1992 when the control objectives relevant to information technology were first identified. The first edition was published in 1996; the second edition in 1998; the third edition in 2000, and the on-line edition became available in 2003. The fourth edition of COBIT is due for imminent release.
The COBIT mission is "to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors." Managers, auditors, and users benefit from the development of COBIT because it helps them understand their IT systems and decide the level of security and control that is necessary to protect their companies' assets through the development of an IT governance model.
The COBIT Framework is the basis of the COBIT approach and the foundation for all of the other COBIT elements.
COBIT's Control Objectives component provides more than 300 generic control statements that define what needs to be managed in each IT process to address the business requirements of ensuring: that IT delivers value, that risks are managed and that requirements are met.
Control Practices provides guidance on why controls are needed and what the best practices are for meeting specific control objectives. Control Practices help ensure that solutions put forward are likely to be more completely and successfully implemented.
COBIT Management Guidelines provide tools to help IT managers improve IT performance and link IT objectives to business objectives.
Audit Guidelines outline and suggest which assessment activities should be performed for each of the thirty-four high-level IT control objectives, providing helpful guidance on who to interview, what questions to ask, and how to evaluate control, assess compliance and finally, substantiate the risk of the controls not being met.
Changes from previous versions <http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=22287&TEMPLATE=/ContentManagement/ContentDisplay.cfm>
COBIT on the Information Systems Audit and Control Association (ISACA) Website <http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=55&ContentID=7981>
IT Governance Institute <http://www.itgi.org>
COBIT Quick Start Guide <http://www.isaca.org/Template.cfm?Section=bookstore&Template=/Ecommerce/ProductDisplay.cfm&Productid=501>
SPICE is the Software Process Improvement and Capability dEtermination standard intended to standardize and improve existing software assessment methodologies. The standard addresses software acquisition, development, operation, supply, maintenance and support. SPICE is an emerging standard and its first draft was published in 1995 containing concepts, process reference models, assessment models, improvement guides, qualifications of assessors and a guide for supplier process capability.
ISO/IEC 15504, which is titled "Information Technology - Software Process Assessment", consists of the following parts:
SPICE Portal <http://www.isospice.com/>
Software.org <http://www.software.org/quagmire/descriptions/isoiec15504.asp>
ISO Site <http://www.iso.org/iso/en/StandardsQueryFormHandler.StandardsQueryFormHandler?scope=CATALOGUE&sortOrder=ISO&committee=ALL&isoDocType=ALL&title=true&keyword=15504>
Six Sigma is a quality management practice designed to achieve very high levels of quality in any given process with almost no defective outputs. Six Sigma was developed at Motorola in the mid-1980s to raise the quality and standard of their manufacturing processes. Once established other manufacturing companies such as Ford, General Electric, Honeywell, Raytheon, Seagate Technology, and Microsoft adopted Six Sigma into their own quality management practices, helping the practice become a globally accepted standard for quality management. Six Sigma can be applied wherever the control of variation is required; however the practice is being applied increasingly in the service industry.
DMADV is the basic methodology of designing and introducing new processes and stands for Define, Measure, Analyse, Design and Verify.
DMAIC is the basic methodology to improve existing processes and stands
for Define, Measure, Analyse, Improve and Control.
There are three levels of training in the Six Sigma quality system:
Six Sigma Master Black Belts are Six Sigma quality experts who will ensure the integrity and effectiveness of a Six Sigma implementation. Master Black Belts are responsible for training and mentoring Black Belts and Green Belts as well as an organization's Six Sigma strategy.
Six Sigma Black Belts are on-site Six Sigma implementation experts who will launch and run Six Sigma projects. Black Belts are directly responsible for the execution of projects in a Six Sigma organization.
Six Sigma Green Belts are employees throughout an organization who implement Six Sigma as part of their overall jobs. Green Belts have two primary tasks: ensuring the success of Six Sigma techniques, and leading small-scale improvement projects within their respective roles.
Six Sigma Portal <http://www.isixsigma.com>
General Electric Six Sigma Whitepaper <http://www.ge.com/sixsigma/>
Six Sigma Toolkit <http://www.sixsigmamk.com>
Westgard Six Sigma Whitepaper <http://www.westgard.com/essay35.htm>
The Six Sigma theory is based on mathematics related to the normal distribution bell curve which is used in statistical modeling. Six Sigma evolved in order to manage and raise the quality of electrical manufacturing processes to almost eradicate the creation of defective products.
Using the normal distribution bell curve, the expected output of a given manufacturing process is represented by the mean (the central point of the bell curve) with the deviations from the mean populating the rest of the curve. The deviations exist on the basis that identical reproduction is not possible.
Using the mathematics of the normal distribution bell curve it is possible to calculate how many results occur within x standard deviations of the mean and hence calculate, as part of a manufacturing specification, the quality of the output of the process. For example 4.5% of results in the normal distribution bell curve fall outside 2 standard deviations of the mean, therefore a process operating at 2 standard deviations is producing 45,400 Defects per Million Outputs (DPMO). Furthermore, 0.27% of results fall outside 3 standard deviations of the normal distribution bell curve. Hence a process running at 3 standard deviations is producing 2,700 DPMO and so on.
The Six Sigma practice aims to achieve levels of quality such that there are only 3.4 DPMO. What is confusing is that this figure relates to the 0.00034% of results that fall outside of 4.5 standard deviations (3.4 DPMO) rather than the 0.0000002% of results that fall outside of 6 standard deviations (0.002 DPMO). The figure of 3.4 DPMO is used to account for model inaccuracies, since defects in manufacturing processes do not always correspond to the normal distribution bell curve. Processes often drift with time, causing the mean to shift and the majority of errors to fall on one side of the normal distribution bell curve which in turn produces a higher defect rate than 3.4 DPMO if no shift were used. Therefore with Six Sigma methodology if the process drifts by 1.5 standard deviations, the level of quality will remain within 3.4 DPMO.