Process Frameworks | PROCESS OVERVIEW

Although quality initiatives have existed in businesses for many years, process improvement in IT is a newer area of focus for most organizations. While companies in Europe focused on IT process improvement slightly earlier, U.S. organizations did not jump on board until the late 1990s and early 2000s. There are various frameworks and guidelines that companies use for IT process improvement, including:
  • Information Technology Infrastructure Library (ITIL). ITIL is a high-level framework or foundation of recommended practices for IT operations. It is a customizable framework of checklists and procedures. You adopt and adapt ITIL in different ways according to the needs of your organization. Version 3 was released in 2007 and includes service strategy, service design, service transition, service operation, and continual service improvement. ITIL information is available at the user group itSMF, the Office of Government Commerce, or
  • Control Objectives for Information and Related Technology (COBIT). First released in 1996, COBIT is a set of recommended practices for IT governance and control. COBIT ensures that services and information meet quality, fiduciary, and security needs. COBIT 4.1 has 34 processes that cover 210 control objectives organized in four domain areas. The domains are planning and organization, acquisition and implementation, delivery and support, and monitoring and evaluation. It is a control and audit framework providing a set of key goal and performance indicators, and critical success factors for each of its processes. COBIT leverages ITIL to identify control points. COBIT information is available at
  • International Organization for Standardization (ISO). ISO provides international standards for quality management systems and specifies the requirements for products, services, processes, materials, and systems. It is a global network ensuring quality, ecology, safety, economy, reliability, compatibility, interoperability, efficiency, and effectiveness.
  • Capability Maturity Model (CMM). CMM is a method for evaluating and measuring the maturity of the software development process. It identifies five levels of process maturity: initial, repeatable, defined, managed, and optimizing. Within each of the maturity levels are key process areas for goals, commitment, ability, measurement, and verification.
  • Capability Maturity Model Integration (CMMI). CMMI provides guidance for improving processes to manage the development, acquisition, and maintenance of products or services. CMMI information is available at
  • Six Sigma. As you are probably aware, Motorola originally implemented Six Sigma to improve quality by controlling and removing defects and variation. Sigma is a standard deviation and notes that if you have six standard deviations between the mean and the limit, you will have practically no failures. As the process standard deviation increases or moves away from the center of tolerance, fewer standard deviations will fit between the mean and the limit, increasing the likelihood of items outside of specification. It is about improving and innovating processes. Six Sigma information is available at or
  • Lean IT. For years, manufacturing has used lean techniques. IT is recently adopting lean techniques to eliminate the waste from the value stream and improve the cost, quality, speed, and agility of IT processes. Individuals such as Henry Ford, Edward Deming, and Kaoru Ishikawa, and companies like Toyota, defined and perfected these principles. Core principles of lean include focusing on the customer, continuously improving, planning for change, automating processes, empowering the team, designing quality in the processes, and optimizing the whole.
  • Sarbanes-Oxley (SOX). Initiated in 2002, these are standards for accountability in business practices for public companies valued at more than $75 million. It includes the requirement that the CEO approve the verification of financial numbers, an annual assessment of internal financial controls, and real-time reporting of events that could materially affect financial results. Although SOX is usually extra work when compared to process efficiency improvement, it is a requirement and a methodology to integrate with your processes.
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO is a framework for financial controls to address regulatory compliance. It provides guidance on governance, business ethics, internal controls, risk management, fraud, and financial reporting. Find COSO information at
  • Microsoft Operations Framework (MOF). MOF is a structured approach to help customers achieve operational excellence on the Microsoft platform. It includes recommended practices, principles, and models for high availability, reliability, and security for mission-critical systems. ITIL is the foundation for MOF. Release 4.0 was completed in 2008 and integrates governance, risk and compliance activities, management reviews, and recommended practices. MOF includes three phases: plan, deliver, and operate, with a foundational layer for managing. MOF information is available at
  • ISO/IEC 20000, British Standard (BS 15000). This is an international standard for IT Service Management. It is complimentary with ITIL but also uses components of COBIT and MOF. It includes a specification and a code of practice. It is based on the ISO principle of document what you do and do what you document. BS 15000 information is available at or
  • Project Management Body of Knowledge (PMBOK). PMBOK is an internationally recognized standard that provides fundamentals for project management. It uses five process groups: initiating, planning, executing, controlling and monitoring, and closing. Information on the project management institute and PMBOK is
Rather than adopting any single framework, use elements from all these frameworks and methodologies as there are useful components from all of them to help you. ITIL and COBIT seem to be the most used frameworks at this time. Figure 1 shows how one company integrated the various frameworks and explained how they would each apply to improve processes and reduce costs. Bob Lewis, in his latest book, A Manifesto for 21st Century Information Technology has several excellent chapters discussing processes and practices.

Figure 1: Process Frameworks