Throughout the history of business, most firms have built their own processes for almost everything that needed to be done. Producing widgets. Paying vendors. Administering payroll. Whether the processes involved were critical to the organisation's strategy or incidental to it, they were generally performed by people within the organisation. Sometimes they were done well, sometimes they were done badly - but since a company had no way of determining how well an outside business might perform these processes, they were kept in-house.
In the 1970s and 1980s, companies improved their processes with total quality management. In the 1990s, they attempted to radically advance them through business process reengineering. In the current decade, many firms have returned to process improvement with Six Sigma programs.
Yet the process improvements often don't deliver quick cost reductions or balance-sheet enhancements. Toward the end of the 20th century, the idea of outsourcing processes and capabilities began to gain currency as a means to achieve more rapid benefits.
Companies may have previously outsourced a few ancillary activities like building maintenance or specialised legal work, but now they were beginning to outsource major capabilities involving thousands of people.
The first step in this evolution occurred when firms such as Kodak and DuPont outsourced their information technology management.
Later came business process outsourcing when companies such as AT&T and BT outsourced human resource administration processes like payroll, pensions, and benefits management; recruiting; and HR advisory and information services.
Companies such as BP and Procter & Gamble outsourced major pieces of their finance and accounting functions, and Nike and Hewlett-Packard outsourced their manufacturing to a substantial degree, often sending it overseas.
These companies were drawn to the idea of outsourcing processes largely because of the potential for reduced costs and leaner balance sheets, but they gained greater flexibility and access to specialised expertise as well.
Most recently, companies have begun to internationalise much of their outsourcing, sending not just manufacturing but also service work to India, China, the Philippines, and other countries with low labour costs.
Lack of standards
Despite the trend toward outsourcing, however, most companies have remained in do-it-yourself mode for most processes. Because of a paucity of process standards, it would be risky to do otherwise.
With the exception of IT system development, there is generally no clear basis by which companies can compare the capabilities provided by external organisations with those offered in-house, or to compare services among multiple outside providers.
As a result, firms that choose to outsource their capabilities have to proceed on two criteria: Faith that the external provider will do a good job, and cost. Given the lack of comparability, it's almost surprising that anyone outsources today. But it isn't surprising that cost is by far the primary criterion that companies apply in evaluating outsourcers, and that cost reduction is their primary objective.
The lack of standards may also explain why, in the few broad studies of satisfaction with outsourcing, many companies - up to half in some studies - are dissatisfied with their outsourcing relationships.
However, a new world is coming, and it will lead to dramatic changes in the shape and structure of corporations. A broad set of process standards will soon make it easy to determine whether a business capability can be improved by outsourcing it. Such standards will also make it easier to compare service providers and evaluate the costs versus the benefits of outsourcing.
Eventually these costs and benefits will be so visible to buyers that outsourced processes will become a commodity, and prices will fall dramatically.
The low costs and low risk of outsourcing will accelerate the flow of jobs offshore, force companies to look differently at their strategies, and change the basis of competition. These changes are already happening in some process domains, and there are many indications that they will spread across virtually all commonly performed processes.
Three types of process standards
A business process is simply how an organisation does its work - the set of activities it pursues to accomplish a particular objective for a particular customer, either internal or external. Processes may be large and cross-functional, such as order management, or relatively narrow, like order entry (which could be considered a process in itself or a subprocess of order management).
The variability in how organ-isations define processes makes it more difficult to contract for and communicate about them across companies.
Firms seek to standardise processes for several important reasons. Within a company, standardisation can facilitate communications about how the business operates, enable smooth handoffs across process boundaries, and make possible comparative measures of performance.
Across companies, standard processes can make commerce easier for the same reasons - better communications, more efficient handoffs and performance benchmarking. Since information systems support processes, standardisation allows uniform information systems within companies as well as standard systems interfaces among different firms.
Standard processes also allow easier outsourcing of process capabilities. In order to effectively outsource processes, organisations need a means of evaluating three things in addition to cost.
First is the external provider's set of activities and how they flow. Since companies have not reached consensus on just what comprises cost accounting or HR benefits management, for example, it remains ambiguous what services should be performed between buyers and providers. Therefore, organisations need a set of standards for process activities so that they can communicate easily and efficiently when discussing outsourced processes.
These process activity and flow standards are beginning to emerge in a variety of businesses and industries. Some are the result of efforts by process groups such as the Supply-Chain Council, which has more than 800 businesses as members.
It has developed the Supply-Chain Operations Reference (SCOR) model, which lays out a top-level supply chain process in five key steps: plan, source, make, deliver, and return. The model also specifies typical activities for second-, third-, and fourth-level subprocesses with increasing levels of detail.
For many activities, the council also has defined key metrics (but not benchmarks) such as "fill rate" or "returns processing cost." Hundreds of organisations (from Alcatel to the US Navy) have begun to use the SCOR model to evaluate their own processes; software vendors such as SAP have begun to incorporate SCOR flows and metrics into their supply chain software packages.
Some companies have already benefited greatly from a SCOR-based analysis of their supply chain processes: Of course, a process standard by itself doesn't achieve such benefits. The SCOR model is only a catalyst for change and a framework for analysis. As with any approach to process improvement, firms must still make difficult changes in how they do their work and to associated systems and behaviors.
Some process activity and flow models are for multiple processes. For example, a few years ago a group of researchers at MIT created the Process Handbook, an online library of more than 5000 processes and activities.
Several companies have applied MIT's model to their own operations. Dow Corning, for instance, used the handbook to model its own processes during a large SAP implementation and then added its own new process flows to a repository (and also created a Dow Corning-specific version of the SCOR model).
The APQC (American Productivity and Quality Centre) created a Process Classification Framework that describes all processes in an organisation; the group has used this framework to organise the process benchmarks it has collected for more than a decade. A number of telecommunications companies around the world, organised as the TeleManagement Forum, have created the eTOM process flow standard for business processes in telecomms firms.
Following on the success of the SCOR model, a number of organisations (including representatives from the Product Development Management Association, firms such as Hewlett-Packard and Intel, and several consulting firms) are together attempting to create a SCOR-like model for all major processes in organisations.
In addition to the supply chain, it will address processes for product development, customer relationship management, and customer service, as well as support processes such as finance, accounting, and HR management.
A second set of needed process evaluation approaches are process performance standards. Once companies in a particular industry achieve consensus about which activities and flows constitute a given process, they can begin to measure their own processes and compare their results with those of external providers.
If there is agreement, for example, on what it means to "process a new employee," managers can analyse how much it costs the internal HR function to provide that service, on average, and how long it takes. They can also have an informed discussion with external service providers about their process performance measures.
Again, this sort of performance bench-marking is beginning to occur. Benchmarks for the SCOR model are already available, and more are being gathered. The APQC is working with a consortium of companies called the Open Standards Benchmarking Collaborative to create one standard public database of process definitions, measures, and benchmarks to help organisations worldwide quickly assess and improve their performance.
Organisations as diverse as Bank of America, Cemex, IBM, Shell Oil, and the World Bank are participating. It's clear that there will eventually be good performance benchmarks for each major process in an organisation.
Finally, organisations need a set of process management standards that indicate how well their processes are managed and measured and whether they're on course for continuous improvement. Because this third type of process standard doesn't require consensus on process activities and flows, it is the easiest to create and the most widely available today.
Process management standards are based on the assumption that good process management will eventually result in good process flows and performance. In some domains such as information technology and manufacturing, these standards are already in wide use (via the Software Engineering Institute's Capability Maturity Model and the ISO 9000 series, respectively).
They are beginning to lead to the commoditisation of capabilities that will eventually transform organisations.
As an example of the differences between types of process standards, let's consider order management, an important process for many organisations. Process activity and flow standards for order management (which have not yet been agreed upon) would address what the key activities in order management should be - perhaps beginning with order entry and concluding with the receipt of cash.
Process performance standards for order management would posit how much time, money and other resources it should take to perform the order management process and its key subprocesses - suggesting, maybe, that a company should have a certain number of full-time employees per million dollars of revenue who are dedicated to entering, processing and tracking orders.
A process management standard for order management would specify what constitutes good handling of the order management process, including how it is measured, controlled, and documented.
The standards-driven commoditisation of software d
Software development is a good example of a process that needs an overhaul. Whether done internally or externally, software development is error-prone, expensive, and time-consuming.
The overall level of software quality is low; a 2002 study from the US National Institute for Stan-dards and Technology estimated that software bugs cost the US economy almost US$60 billion a year. Software quality is particularly unpre-dictable when purchased from a provider - and virtually every organisation buys software.
There are many providers of software - package vendors, consultants, and lower-cost 'body shops' - each with uncertain quality levels.
One reason for quality and cost problems is the way - or ways - in which software is usually developed. There has been no standard method or approach for software development or engineering; it is normally a 'craft' process.
Some individual software developers are much more productive and offer much higher quality than others. Some development shops have standard methods and tools, but most don't.
The variations in both practice and outcome are enormous, in part because no process activity and flow standards or process performance standards exist. In addition to the quality problems with software, poorly managed processes often result in late projects and high costs.
The Standish Group estimated in 2003 that only 34 per cent of software projects were implemented on time and within budget.
Carnegie Mellon's Software Engineering Institute (SEI) has developed the Capability Maturity Model (CMM) to address a number of these problems. The model, created in 1987, has become a worldwide standard for software development processes and is now embedded within many government and industry organ-isations.
It has provided an objective basis for measuring progress in software engineering and for comparing one software provider's processes to another's. This in turn has facilitated the growth of offshore providers in India and China by commoditising software development processes and making them more transparent to buyers.
The CMM is a process management standard, not a process flow or process performance standard. It doesn't require that organisations follow a particular process for software development or that they achieve a certain number of 'lines of code per day' or other metric - only that they have processes in place for addressing quality issues. Each of the five levels (initial, repeatable, defined, managed, and optimising) defines greater degrees of management control and sophistication.
Level one describes a very ad hoc software organisation that has few defined processes. Organisations that reach level two have basic, repeatable approaches to project management that track costs, schedules, and functionality. Level three organisations embed basic tenets of both good management and good software engineering, such as quality assurance, into a standard software process.
Level four organisations collect detailed measures of software process and quality. And level five organisations have all of the previous capabilities but also an environment that encourages continuous improvement, with learning from quantitative feedback and controlled experiments.
The SEI offers training courses on the Capability Maturity Model and its derivatives and has created processes to authorise appraisers (though the SEI does not conduct appraisals itself). Since 1987, more than 2700 certified appraisals have been performed on organisations in 51 countries - from Argentina to Latvia to Vietnam. Indeed, the number of appraisals in a particular country is a good measure of its ambitions in the software industry.
The United States has had the largest number of appraisals since 1987 with 1896. India is second with 359. China is third with 182. The UK is fourth with 135, and Japan fifth with 131.
It's clear both Indian and Chinese companies see CMM certification as key to their software industry objectives. Indian companies dominate the list of published level five appraisals, with more than twice as many as US-based organisations.
If a country wants to establish sufficient credentials in software development so that global customers might hire its programmers unseen, there are few better ways to do this than to qualify for Level five of the CMM. In India, CMM level five certification is becoming so common that software providers say they typically compete only with other level five providers for software outsourcing business - a sure sign of commoditisation.
SEI's appraisal data on the CMM also suggest that there has been global progress in the software industry. The number of appraisals has increased from fewer than 50 in 1990 to more than 500 in 2003.
This is clear evidence that using the CMM leads to improvement in software development processes and that this once-chaotic process is becoming more predictable and commodity-like. As other evidence, software used by the US military, for which CMM level three compliance is required, has error rates one-sixth to one-tenth that of commercial software.
How does a process standard become successful?
A process standard has impact only if the world adopts it. Therefore, it's important to understand why a process model like the CMM has been so influential in improving software processes around the world.
One major factor in the CMM's success is the simplicity of the idea. The five-level rating system is easily understood and offers a clear indication of progress, or lack thereof. Of course, there is some complexity beneath the five levels - for example, there are 18 key process areas, such as software quality assurance and software subcontract management, that can be evaluated with respect to their maturity. But the simplicity of the overall model makes it possible for nontechnical workers and managers to understand and apply it.
Another factor in the CMM's growing influence and success is the support of the US government and defence sectors. Certain divisions within the Defence Department advanced the CMM further by making it a requirement among contractors. A major player in another industry, such as Wal-Mart in consumer products, could mandate compliance with a process in a similar fashion.
Finally, a key reason for the popularity of the CMM is the flexibility of its use and application within organisations. It provides a framework for improvement but doesn't specify how an organisation should improve. The CMM supports both process-heavy methods, in which there are detailed specifications for each aspect of software engineering, and agile process methods such as extreme programming, in which the process is largely left up to developers.
Generalising process management standards
The successful adoption and implementation of process standards in software development seems to be providing inspiration in other business domains. The five-level maturity model has been modified by the SEI, for example, to assess HR management practices, software acquisition, and other forms of engineering. At one point, the SEI was supporting five different types of CMMs.
Brett Champlin, a process improvement manager at Allstate, has recently identified more than 180 versions of capability maturity models. Some, such as one from the IEEE (Institute for Electronic and Electrical Engineers), employ alternative capability models for software development. Others, such as one from the Electronics Industries Association, focus on development of software-intensive products.
Others have nothing to do with software and deal with process management maturity in general. Several academics, consultants, and process-oriented companies are attempting to establish a standard for process management maturity.
The SEI has decided to implement a broader approach to process standards that can be used for any engineering process, not just software development. Called CMMI (the 'I' stands for integration), the new model is a suite of standards that allows for the addition of new processes in a modular fashion. For example, the SEI is currently working on adding a module for the Department of Defence acquisition community.
CMMI already includes standards for software development and engineering, systems engineering, software product development, and supplier sourcing. There is, of course, a risk to broadening the CMM; its clear focus on software development processes was a key element of its appeal. Thus far, however, adoption rates for the CMMI are 10 times as rapid as those for the software CMM, so in practice this broader application appears to be working.
Other process management standards
The CMM is not the only process management standard that has transformed its industry. A variety of such standards are now in use around the world. Perhaps most prominent among them are the ISO 9000 family of quality standards for product manufacturing.
These standards primarily assess whether certain processes and systems are in place. The broadest ISO quality standard, ISO 9000, involves the design, development, production, installation and servicing of products. Unlike the CMM five-level standard, the ISO 9000 standards are binary - an organisation either passes or it doesn't.
The ISO 9000-9003 were created by the International Organisation for Standardisation, a global consortium of national standards bodies. These criteria have been applied and certified in more than 130,000 firms around the world.
The ISO has created more than 14,000 standards - for manufacturing everything from screw threads to telephone and bank card formats - since its founding in 1947. The SEI has been collaborating with the ISO to create an international standard for software development quality, called ISO 15504.
Certain industries have created tailored versions of these ISO standards. For example, the US automotive industry has created the QS-9000 standard for the certification of supplier quality. If an automotive supplier wants to sell to GM, Ford, or Daimler-Chrysler, it must meet the QS standards. Virtually all suppliers have qualified, which means greater commoditisation of the automotive supply industry.
Other standards focus less on the management process itself and more on the output of the process. The well-known Six Sigma standard, for example, focuses on defect reduction to a high level of statistical reliability. Unlike the CMM and the ISO standards, however, organisations certify themselves as meeting Six Sigma standards; there are no external certifiers. Therefore, Six Sigma is less likely to lead to changes in how organisations buy and sell process capabilities to each other.
Where will process standards lead us?
Process standards could revolutionise how businesses work. They could dramatically increase the level and breadth of outsourcing and reduce the number of processes that organisations decide to perform for themselves.
With objective criteria to evaluate whether a company can save money or get better process performance by outsourcing, it's likely that more firms will take advantage of external capabilities. As the global market for process services matures and providers learn what it takes to succeed with a process according to the standard, the number of providers will undoubtedly increase, and the prices of their services will likely drop. In turn, this external market for capabilities will force companies to look more closely at their own strategies. What processes are truly core to our organisation? If another firm has been certified as doing the work better, why not let that firm do the work? And if our company can't certify a particular capability as being world-class, what is the value of that capability to customers?
Once process capabilities have become commoditised, providers of process outsourcing services will have to find other sources of differentiation. Perhaps they'll begin to supply not only the efficient execution of business processes but ideas, insights, and innovations for how to perform them better. It's increasingly common, for example, for IT outsourcers to be evaluated not just on their CMM level or their costs but on their ability to identify and implement innovative IT-enabled business initiatives for their clients.
The standardisation and commoditisation of processes will also require changes in strategy. As an increasing number of processes become common within and across industries, executives will need to revisit the basis for competition in their businesses. They'll have to decide which of their processes need to be distinctive in order to make their strategies succeed and which can be performed in a relatively generic and low-cost fashion.
Even in today's environment, most executives have yet to decide what processes are core and non-core, but doing so will become much more critical in the future. Process standardisation may also mean that it's feasible to combine certain processes with competitors'; if these processes offer no competitive advantage, why not? Creating shared-services processes across companies can offer scale efficiencies. BP and several other oil firms have already combined and outsourced certain finance and accounting processes for their North Sea exploration activities. When process standards take off, we're likely to see more collaboration among competitors. <p/>Process standards will also change how information systems are bought and implemented (and not just because of the CMM).
Today, many systems are custom-built to support local and idiosyncratic processes. Even when a company buys a packaged system, it often has to customize it or adapt its processes to suit the package. In a world of widespread process activity and flow standards, software vendors can make available standard packages that support processes that customers have already adopted. Unless a process needs to be unique to a company for strategic reasons, it will become much easier to buy and employ systems in the future. In fact, it makes a lot of sense to ask key software vendors to get involved in standard-setting initiatives at an early stage; a process design is far less valuable without software to enable it.
Though I've described several areas of business where process standards are emerging, many other areas still conspicuously lack them. The growth of the business process outsourcing industry has been inhibited by the fact that there are virtually no standards for how most business processes should be performed. An organisation wishing to outsource human resource management, billing and collections, or a call centre would like to ensure that providers have well-honed capabilities in these domains that exceed their internal capabilities. Yet there is no defined approach for evaluating or certifying potential providers of those services.
The speed at which some businesses have adopted process standards suggests that many previously unscrutinised areas a
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.