The Capability Maturity Model was not widely adopted by U.S. companies outside of government or military projects even 6 years ago. But CMM and now Capability Maturity Model Integration, or CMMi, has been a strategic component of the Indian offshore companies. A testament to their commitment to quality and proof they should be trusted to build software as outsourced projects with resources half a world away.
It seems to have been part of a winning strategy. Outsourced software development organizations around the world increased their focus on CMM in reaction to the Indian companies. But is working this way the best path?
The Software Engineering Institute (SEI) of Carnegie Mellon University developed CMM for software development from 1986 to 1990. The model is being phased out as of 2002 and replaced with CMMi. The models contain five certification levels representing maturity of process. Higher maturity is thought to produce higher quality results with more predictability to hit schedules and deliver features as defined.
When I was with EDS in the mid to late 1990’s, CMM Level 3 was the objective. It did not receive a lot of attention or priority. As late as 2004 it seems that Australian companies were not giving CMM much attention either. And yet Wipro was the first software services company to achieve CMM Level 5 back in 1999. Their announcement includes a great graphic overview of CMM levels. Wipro was also first to be certified at Level 5 on CMMi. Most if not all of the firms in India used CMM as a differentiator and a proof point.
What I have found most interesting about this is that established companies in established economies gave the ideas lip service while upstart companies in upstart economies took the process as fact…the only way forward. This is similar to how Japanese manufacturers took up the Deming quality processes as the only way to work while U.S. companies did not take up the same quality cause.
Made in Japan went from a joke about cheap, poor quality products to a serious manufacturing threat. It seems that quality process adoption is effective when you adopt it fully and unquestioningly.
This reminds me of a movie that came out right around the time that Wipro was achieving CMM Level 5. In 1999 Galaxy Quest was released. If you do not know the movie, it is about aliens intercepting TV broadcasts of a Star Trek like show called Galaxy Quest. They thought the show was real and imitated every detail of the show from the ship to the weapons to the strategies to deal with foes. They took it as the one way to work and actually invented many technologies that were only science fiction in the TV show. They thought they were just implementing working technology and strategies from a historical record.
So here is the connection…while the aliens made huge technology strides because they just adopted what they saw on the TV show, they missed many subtleties in the process. The best example is near the end of the movie when the self destruct function of the space craft is activated. There is a struggle to cancel the self destruct function and the correct button is pushed with 5 seconds remaining. But the timer keeps running. It counts down to 1 second before it stops, even though the button was pressed with 5 seconds remaining. The aliens made the self destruction cancel feature work like it did on the TV show, always stopping the destruct cycle at the last second. Good for a suspenseful TV script, but not a representation of life in the real world.
Much like the aliens in Galaxy Quest, the Indian outsourcers adopted the CMM model completely. They built their businesses around it while established players more or less kept the status quo. So the Indian companies achieved great strides in quality. But they also missed some subtleties of the real world. The process made for well planned projects. But any change along the way is often forced backed through the process, creating inflexible teams and great overhead for the inevitable changes. Check out this blog for comments on CMM by several U.S. programmers.
So the morale of this story is that process is good, but must be implemented with a dose of reality to remain flexible. Implementing it blindly will result in some strange side affects. This applies to COBIT, to ITIL and to how auditors interpret Sarbanes-Oxley 404 compliance requirements. Picking vendors because they adopt these models is not a bad strategy, but make sure they keep it real too.