This chapter assesses what role maturity models can play in enterprise IT governance. Frameworks that are well known in the IT industry, such as the Capability Maturity Model, make it possible to assess maturity in key areas. The author describes additional maturity models that have no formal association with a comprehensive framework, the application of which represent significantly less overhead than the larger frameworks that include a maturity model component. The author seeks to present a broad perspective on maturity models that enterprises can use as a preliminary means of evaluating what tools are available to them. As such, this overview of maturity models is intended to facilitate the selection of a model that can bring about improved IT governance in one or more focus areas.
Organizations have a number of tools and techniques at their disposal to facilitate governance of the enterprise, and one of their chief areas of focus continues to be how best to govern information technology (IT). Although the corporate scandals of recent years have invited greater scrutiny over enterprise business practices, it has been clear for quite some time that there is a need for greater oversight via corporate governance, and by extension, IT governance. During the mid-1980’s, when the application of enterprise-wide IT to business problems was still a relatively new phenomenon, it was already becoming apparent to some industry leaders that there was a need for greater oversight over IT activities. As noted by McGovern, Ambler, Stevens, Linn, Sharan, and Jo (2004), one of the outcomes of that need for greater oversight was the development of the Capability Maturity Model (CMM) at Carnegie Mellon University’s Software Engineering Institute (SEI) (2006). Since the introduction of the CMM, numerous variations of the original model have emerged, culminating with the merger of several of those models as the Capability Maturity Model Integration, or CMMI. Meanwhile, numerous other frameworks have emerged that include a capability maturity model component, as well as specialized maturity models that are not part of a formal framework. The purpose of this chapter is to introduce the most significant maturity models, to compare those models, and to assess the extent to which the various models can facilitate IT governance activities in the corporations of today and tomorrow.
Although a detailed treatment of corporate governance is beyond the scope of this chapter, a brief introduction to the topic is necessary to place IT governance within the larger governance context. Gottschalk (2006) suggests that it is necessary to consider three distinct views of the enterprise when preparing to assess and implement corporate governance and IT governance practices. According to what he calls the “resource-based view”, differences in enterprise performance are directly attributable to differences in resources and capabilities, while the activity-based and value configuration-based views focus on enterprise performance in terms of measurement of resource flows within activities and measurement of business processes in terms of the creation of business value for customers, respectively. By way of contrast, Cingula (2006) diverges from what he sees as the standard view of corporate governance where the focus is typically on financial regulations or decision making frameworks driven by legal considerations, instead changing the focus to the most important processes in the enterprise. Cingula goes on to suggest that some of the most important processes from a corporate governance perspective include strategic planning, financial reporting, controlling, and public relations processes.
Even if IT governance were not the focus of this volume, no discussion of corporate governance is complete without mention of IT governance. In a 2005 study completed by the United Kingdom Office of Government Commerce (OGC), the IT Governance Institute (ITGI), and the IT Service Management Forum (itSMF), the authors identify numerous business reasons for defining and following IT best practices. Examples of these business reasons include greater interest in and oversight over IT spending and return on investment, a growing body of regulatory and compliance instruments in industries such as finance, pharmaceuticals, and health care, and the need to exercise great care when selecting business partners such as those who specialize in service acquisition and outsourcing.
Because IT governance activities are typically broad in scope, it can be helpful to conceptualize the application of IT governance to an organization’s day-to-day activities in terms of business processes. Betz (2007) describes what he considers the three most important process frameworks, which, in addition to the aforementioned CMMI, are the ITGI’s Control Objectives for Information and related Technology (COBIT), and the OGC’s Information Technology Infrastructure Library (ITIL), in particular, the two ITIL volumes that focus on IT Service Management (ITSM). What follows is an introduction to maturity models in general, followed by an overview of these three key maturity model frameworks.