process maturity in determination of risk process maturity scoring provides a metric to communicate...
TRANSCRIPT
![Page 1: Process Maturity in Determination of Risk Process maturity scoring provides a metric to communicate the capability of an organization to mitigate risks](https://reader035.vdocuments.site/reader035/viewer/2022072008/56649d6f5503460f94a504a1/html5/thumbnails/1.jpg)
Process Maturity in Determination of Risk
• Process maturity scoring provides a metric to communicate the capability of an organization to mitigate risks in terms of
– Prevention– Detection – Response
• The five point scale, from CMMI, is well known in Motorola
• Our operational definitions for scoring will be based on the methods used by CGISS to win the Malcolm Baldridge award several years ago
• We will need to design, and pilot test our process to gain a ‘proof of concept’
![Page 2: Process Maturity in Determination of Risk Process maturity scoring provides a metric to communicate the capability of an organization to mitigate risks](https://reader035.vdocuments.site/reader035/viewer/2022072008/56649d6f5503460f94a504a1/html5/thumbnails/2.jpg)
Level 1 – Initial
• Unpredictable environment where activities are not designed or in place
Level 2 – Repeatable
• Activities are designed and in place, but are not adequately documented
• Activities mostly dependent on individuals
• No formal training or communication of activities
Level 3 – Defined
• Processes are designed and in place
• Processes are documented and communicated to employees
• Deviations from processes will likely be detected
Level 4 – Managed
• Standardized processes with periodic testing for effective design and operation
• Automation and tools may be used for support
Level 5 – Optimizing
• Integrated internal control framework with real time monitoring for continuous improvement
• Automation and tools support controls and allow for rapid changes if needed
Initial
Initial
RepeatableRepeatable DefinedDefined ManagedManaged OptimizingOptimizing
Process Maturity Assessment Tool
Institutionalization starts at Level 4 – Managed level of process maturity.
![Page 3: Process Maturity in Determination of Risk Process maturity scoring provides a metric to communicate the capability of an organization to mitigate risks](https://reader035.vdocuments.site/reader035/viewer/2022072008/56649d6f5503460f94a504a1/html5/thumbnails/3.jpg)
Risk Heat Map Model
Optimized Managed Defined Repeatable Initial
Low
Medium
High
(Sustain) (Road Map to Mitigate)
(Long Term Plan)
Maturity Level
$ Im
pact
or
Sco
re