Section: Information System Acquisition, Development and Implementation
Explanation/Reference:
Level 5 is the optimizing process and focus on process innovation and continuous integration.
For CISA Exam you should know below information about Capability Maturity Model Integration (CMMI)
mode:
Maturity model
A maturity model can be viewed as a set of structured levels that describe how well the behaviors,
practices and processes of an organization can reliably and sustainable produce required outcomes.
CMMI Levels
A maturity model can be used as a benchmark for comparison and as an aid to understanding - for
example, for comparative assessment of different organizations where there is something in common that
can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison
would be the organizations' software development processes.
Structure
The model involves five aspects:
Maturity Levels: a 5-level process maturity continuum - where the uppermost (5th) level is a notional ideal
state where processes would be systematically managed by a combination of process optimization and
continuous process improvement.
Key Process Areas: a Key Process Area identifies a cluster of related activities that, when performed
together, achieve a set of goals considered important.
Goals: the goals of a key process area summarize the states that must exist for that key process area to
have been implemented in an effective and lasting way. The extent to which the goals have been
accomplished is an indicator of how much capability the organization has established at that maturity level.
The goals signify the scope, boundaries, and intent of each key process area.
Common Features: common features include practices that implement and institutionalize a key process
area. There are five types of common features: commitment to perform, ability to perform, activities
performed, measurement and analysis, and verifying implementation.
Key Practices: The key practices describe the elements of infrastructure and practice that contribute most
effectively to the implementation and institutionalization of the area.
Levels
There are five levels defined along the continuum of the model and, according to the SEI: "Predictability,
effectiveness, and control of an organization's software processes are believed to improve as the
organization moves up these five levels. While not rigorous, the empirical evidence to date supports this
belief".[citation needed]
Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat
process.
Repeatable - the process is at least documented sufficiently such that repeating the same steps may be
attempted.
Defined - the process is defined/confirmed as a standard business process, and decomposed to levels 0, 1
and 2 (the last being Work Instructions).
Managed - the process is quantitatively managed in accordance with agreed-upon metrics.
Optimizing - process management includes deliberate process optimization/improvement.
Within each of these maturity levels are Key Process Areas which characteristic that level, and for each
such area there are five factors: goals, commitment, ability, measurement, and verification. These are not
necessarily unique to CMM, representing - as they do - the stages that organizations must go through
on the way to becoming mature.
The model provides a theoretical continuum along which process maturity can be developed incrementally
from one level to the next. Skipping levels is not allowed/feasible.
Level 1 - Initial (Chaotic)
It is characteristic of processes at this level that they are (typically) undocumented and in a state of
dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events.
This provides a chaotic or unstable environment for the processes.
Level 2 - Repeatable
It is characteristic of processes at this level that some processes are repeatable, possibly with consistent
results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing
processes are maintained during times of stress.
Level 3 - Defined
It is characteristic of processes at this level that there are sets of defined and documented standard
processes established and subject to some degree of improvement over time. These standard processes
are in place (i.e., they are the AS-IS processes) and used to establish consistency of process performance
across the organization.
Level 4 - Managed
It is characteristic of processes at this level that, using process metrics, management can effectively
control the AS-IS process (e.g., for software development). In particular, management can identify ways to
adjust and adapt the process to particular projects without measurable losses of quality or deviations from
specifications. Process Capability is established from this level.
Level 5 - Optimizing
It is a characteristic of processes at this level that the focus is on continually improving process
performance through both incremental and innovative technological changes/improvements.
At maturity level 5, processes are concerned with addressing statistical common causes of process
variation and changing the process (for example, to shift the mean of the process performance) to improve
process performance. This would be done at the same time as maintaining the likelihood of achieving the
established quantitative process-improvement objectives.
The following were incorrect answers:
Level 4 - Focus on process management and process control
Level 3 - Process definition and process deployment.
Level 2 - Performance management and work product management.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 188
