New Guidelines for IT Procurement May Prove Intimidating

Two of the world's largest technology users, General Motors and the U.S. Department of Defense, are backing a proposed set of best-practices guidelines for IT purchasing based on a new version of the Capability Maturity Model Integration framework.

Two of the world's largest technology users, General Motors Corp. and the U.S. Department of Defense, are backing a proposed set of best-practices guidelines for IT purchasing as a way to help organizations reduce the risks and costs of projects.

But it's uncertain whether the multiyear effort to create a new version of the Capability Maturity Model Integration (CMMI) framework that is focused on the acquisition of IT products and services will convince many companies to change their internal processes. The guidelines are spelled out in a daunting document and, as with other CMMI process standards, could take several years for users to master.

"It's 441 pages of process methodology talk, and very few outside of the largest organizations and IT shops are going to have the time and energy to invest in that," said Jeff Muscarella, a partner at management consulting firm NPI Inc. in Atlanta. "You have to be kind of a process zealot to want to wade through it."

The CMMI for Acquisition, or CMMI-ACQ, standard was announced by the Carnegie MellonSoftware Engineering Institute during a teleconference held on Nov. 7. The Pittsburgh-based SEI developed the guidelines with IT users and vendors in response to the increasing use of packaged software and external services.

The first public release, called Version 1.2, is based on a draft that GM submitted to the SEI last year. Ralph Szygenda, the automaker's CIO and the leading advocate for the standard, said during the teleconference that he is confident that it "will fast become the model of choice for IT acquisition and supply chain management."

"I think this has gone a long way to standardize some processes, so that both the supplier and acquirer are speaking the same language," Szygenda said.

His advocacy for having a purchasing standard was sparked by GM's decision to outsource most of its IT operations to multiple vendors, a process that culminated early last year when the company awarded six vendors contracts worth a total of about $7 billion. To avoid a Tower of Babel situation, GM defined a set of standard IT processes that all of the suppliers must follow.

Before it did so, GM was "buying more than we were building but didn't have the acquisition standards" to make the purchasing process as efficient as it could be, Szygenda said. So in 2004, he began working with the SEI, believing that a standardized approach could help GM and other companies.

Intensive Guidelines

The CMMI-ACQ document provides a broad overview of process methodologies and then goes into exhaustive detail about IT purchasing procedures. For instance, it moves from advising organizations to make sure that they have the required funding, facilities, skills and tools in place to discussing methods for keeping track of and addressing product defects.

But Muscarella and other analysts said that the prescribed processes may be too exhaustive for many technology users and that the guidelines will work only if both users and suppliers agree to follow them.

Companies typically focus on individual projects, Forrester Research Inc. analyst Alex Cullen said. Most, he added, have only recently begun thinking of managing overall purchases from vendors and service providers "as a skill or competency that they had to be good at."

Cullen said that to gain broad adoption of CMMI-ACQ, the SEI and other backers of the proposed standard need to "come up with a lightweight-package version of this thing."

Szygenda acknowledged that the purchasing approach called for by the guidelines "is new for a lot of companies." But standardizing IT acquisition on a global basis "will improve productivity, quality and reliability," he said. "We have very few programs that get into trouble, very few programs that are late and very few programs that run over."

The warnings included in the guidelines couldn't be clearer. Citing studies indicating that as many as 50% of large IT projects fail within five years, the CMMI-ACQ document says that "many organizations have not invested in the capability necessary to effectively manage projects."

According to the document, IT managers often "disengage from the project" once a supplier is hired. After having done so, they may discover too late that "the project is not on schedule, deadlines will not be met [or] the technology is not viable," the document says.

The CMMI framework traces its roots to the 1980s, when the Department of Defense was looking for a way to assess the work being done by the contractors it relies on for software development. The SEI said that CMMI-ACQ is meant to complement the existing CMMI for Development and that the two standards have many similarities.

The U.S. government has continued to be the largest supporter of process methodologies perhaps partly because it has seen some spectacular project failures, such as the FBI's scuttling in 2005 of a case management system on which it had spent $170 million.

In particular, the U.S. Government Accountability Office has called for the adoption of recognized best practices. Keith Rhodes, the GAO's chief technologist, said during the SEI's teleconference that he sees merit in the CMMI-ACQ standard. "Anyone who is interested in process improvement, especially in the acquisition world, should consider adopting CMMI for Acquisition," he said.

Lorrie Scardino, an analyst at Gartner Inc., said she thinks CMMI-ACQ's early adopters will be IT departments that have heavily outsourced their operations but are getting inconsistent results from vendors. "I can see some leading organizations being in the first wave of looking at this," she said.

The DOD is a prime example. But even within the military, adoption of the guidelines isn't assured.

Kristen Baldwin, the Pentagon's deputy director of software engineering and system assurance, said that the DOD has conducted a CMMI-ACQ pilot program and plans to make the purchasing standard available for use internally. It also will provide training on using the guidelines, she said.

However, DOD officials won't require that the standard be used, said Baldwin. "We simply want to approach it as a way to distribute the knowledge of good acquisition best practices."

This story, "New Guidelines for IT Procurement May Prove Intimidating" was originally published by Computerworld.

Related:
New! Download the CIO March/April Digital Magazine