Research

Publication Date: 29 July 2008 ID Number: G00159882

Maturity Model Overview: Application Organizations

Susan Landry, Matthew Hotle

This maturity assessment for application organizations enables CIOs, application leaders and managers to assess the critical disciplines that are key indicators of the overall maturity of the application organization. This research can be used to assess the entire application function, or it can be used multiple times to assess the relative maturity of individual application groups or teams. Key Findings
Eight critical disciplines are essential for an application organization to be effective, along with business engagement. As maturity advances, the interdependency among the disciplines increases. There are clear benefits for most organizations in advancing capabilities and maturity from Level 1 to Level 2 or Level 3. The effort and cultural change required to advance to Level 4 or Level 5 may not be worthwhile for all organizations. It is possible for maturity to degenerate. A merger or major organization realignment may cause a regression, or it may come about by an erosion of management practices. Certification isn't important; improvement and progress are.

Recommendations
Application leaders should use this maturity assessment to assess the capabilities of their application organizations, to determine where improvements will add value and to establish a plan to advance their organizations. High-performing application organizations should regularly conduct reassessments to track progress and pinpoint changes in effectiveness.

2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

ANALYSIS
This analysis lays out the basic concepts of Gartner's maturity assessment for application organizations, gives a brief description of each level and describes the eight disciplines we use to assess an organization's processes. The assessment focuses on the maturity of the major disciplines required to manage and lead an application organization. Organizations of any size and in any industry can use this assessment to gauge their capabilities. It is founded on years of research focused on application management practices, insights gleaned from thousands of engagements and interactions with application organizations around the globe. The intent is to assess management capabilities and not the underlying maturity of the applications. It is entirely plausible for a relatively young organization to have advanced technology and application portfolios but immature application management practices. Immature practices may be effective in the near term, but eventually will erode the effectiveness of the organization and the integrity of its applications. Specifically, mature processes are repeatable, reliable, predictable and measurable. Such processes ensure consistent communication, fluid movement of people among teams or assignments, and consistent metrics and performance measurement. Thus, we find that organizations with mature application management capabilities can deliver optimal results, even via older and less-modern technology. A number of related maturity models examine the maturity of the individual capabilities we discuss in our assessment. Maturity models have long been used in the application world to assess specific disciplines. To assess development capabilities, for example, the Software Engineering Institute's Capability Maturity Model (CMM) was perhaps the first such model, building on total quality management principles to set out a framework. Since then, this approach has been adopted for operations and support, and in project management. Gartner also has published maturity assessments for a number of IT Leader roles, such as enterprise architecture, IT infrastructure and operations, business intelligence and information management, and security. Gartner's Maturity Assessment for Application Organizations addresses the collection of disciplines that makes up the broader role and function of applications, and complements, but does not replace, other assessments that may be in use. There are two major precepts around a maturity assessment: levels and disciplines.

Each Assessment Has a Set of Levels

Levels reflect the range of maturity. This maturity model has five levels, ranging from the lowest maturity (Level 1) to the highest (Level 5): Level 1 Ad hoc. A Level 1 organization does not specify processes and leaves the determination of the right approach to individual contributors; thus, it does not have much repeatability, if any. Every time a certain activity is performed, the team starts anew or "from scratch." There's no learning and no real enhancement, and any improvements are made by specific individuals. When they move on, so do the improvements. A Level 1 application organization depends on individual workers, because they will get the work done no matter how many times they have to do it or how long it takes. Level 2 Repeatable. In a Level 2 organization, processes are established in work teams or departments, but there is little consistency in approach across the application organization. Here, we use the CMM term "repeatable," because it indicates the

Publication Date: 29 July 2008/ID Number: G00159882 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

Page 2 of 6

repeatable nature of discrete processes. The Level 2 organization depends on the leader or manager, and the tools necessary to lead his or her work area. The team or workgroup performs specific, repeatable processes for each major activity. There's not much cross-activity definition; each discipline is conducted independently, like a stovepipe. Little proactive work is done to change or improve things. Level 3 Defined. A Level 3 organization has a set of defined and documented processes across each application discipline category. These processes are communicated across the entire application organization and are followed consistently. The Level 3 organization doesn't do much rework in its processes (typically less than 10%, as compared with up to 30% for Level 1 and Level 2 organizations). It's crucial to note that Level-3-defined processes aren't necessarily "good." As defined, they are followed consistently and obediently in a "just enough" fashion. By this, we mean that process rigor must match the needs of the work output. An organization with only one process in each capability likely will be too rigorous, or too "loose," from a process perspective. Level 4 Quantitatively Managed. A Level 4 organization has a set of measures that indicates whether its processes are working well, or if they need improvement; thus, it clearly understands its limitations. Level 4 organizations have a consistent measurement program that is part of the work process (embedded in the process and based on mostly automated data collection), and they consistently use these measures to identify gaps. Level 5 Optimizing. A Level 5 organization understands its processes, knows its limitations, and has clear accountability and responsibility for regular improvement. The Level 5 organization is consistent, reliable, and regularly improves and changes itself based on measures. An optimizing organization is not static but is always changing.

Assessment Is Based on Performance Against Major Discipline Categories

Each application organization will evaluate its major processes and activities, which are organized into eight major discipline categories. Some categories are directly governance-related; others are not. However, as a whole, these categories represent our vision of the major activities an application organization must perform, and they are the most-significant indicators of application management maturity. Business alignment, engagement and accountability are critical to the success of any application organization. These capabilities contribute directly to an application organization's success in each of the disciplines identified below. Thus, we consider the business relationship within the context of the following disciplines. The maturity assessment for application organizations will provide an overall maturity assessment, an assessment of maturity for each of the eight disciplines and a companion assessment of business alignment, engagement and accountability. Application Portfolio Management (APM): APM is the set of activities that documents and drives how an organization measures and responds to the business value, cost, performance and risk of its portfolio of application assets (see "Maturity Assessment for Application Organizations: Application Portfolio Management"). Project Portfolio Management (PPM): PPM is the set of activities that drives the effective allocation of scarce resources (such as capital and people) on a project-byproject basis (see "Maturity Assessment for Application Organizations: Project Portfolio Management"). This category includes the disciplines of project and program

Publication Date: 29 July 2008/ID Number: G00159882 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

Page 3 of 6

management, and project offices, as well as PPM, which examines the investment and prioritization processes for projects. Management of Staffing, Skills and Sourcing: Because people comprise the singlemost-significant asset in an application organization, the management processes for staffing, skills and sourcing make up this essential discipline. The maturity of an enterprises overall HR management practices will influence the maturity that its application organization can reach in this discipline. Gartner's Maturity Assessment for Application Organizations focuses on those processes that an applications leader or manager can directly control or influence, including role and competency definition, skills and knowledge, training and development, succession and backfill planning, sourcing, retention, productivity and performance management, and culture (see "Maturity Assessment for Application Organizations: Staffing, Skills and Sourcing"). Management of Financial Analysis and Budgets: An application organization must have a set of financial models based on estimation, spending levels by category and other factors (see "Maturity Assessment for Application Organizations: Financial Analysis and Budgets"). Vendor Management: The application function relies on vendors that supply a range of services and products; thus, sound practices are essential to ensure optimal vendor and application performance. Management practices include understanding the vendor's strategy, managing vendor relationships or engagements, sourcing, developing and maintaining commercial processes, and optimizing vendor performance management. Vendors may include external service providers (such as for professional services and system integration), outsourced service providers (such as for offshore staffing or staff augmentation), business applications (such as CRM and ERP, including on-premises, hosted and software-as-a-service deployment models), utilities (such as e-mail) or development tools (such as support tools) (see "Maturity Assessment for Application Organizations: Vendor Management"). Management of Architecture: Although responsibility for the broad realm of IT architecture resides in many groups other than application groups (such as enterprise architecture and security), the applications organization is directly concerned with three primary design viewpoints: business, information and technical. These three viewpoints inherently come together in application solutions. Maturity in application architecture management is determined by the level of effective sharing and execution of application architecture practices, resulting in design efforts that improve the agility (responsiveness to change) and cost-effectiveness of software applications (see "Maturity Assessment for Application Organizations: Management of Architecture" and "Defining the Discipline of Application Architecture"). Software Process: A software process architecture includes a framework level (what must be done), a method level (how software is created, or how an integration effort is done), and a template or quality-assurance level (how to create a deliverable). Typically, an application organization of any size will need between three and 10 major work processes (see "Maturity Assessment for Application Organizations: Software Process" and "Waterfalls, Products and Projects: A Primer to Software Development Methods" for an overview of application delivery methods). Operations and Support Collaboration: Once an application is in production, it must be monitored, supported and managed to ensure that it meets performance requirements. Although most production responsibility is assigned to an infrastructure and operations (I&O) team that is separate from the application organization, the

Publication Date: 29 July 2008/ID Number: G00159882 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

Page 4 of 6

application organization must collaborate and be directly involved with select processes. This maturity assessment evaluates the application organizations' processes (see "Maturity Assessment for Application Organizations: Operations and Support Collaboration"), and "Toolkit: Maturity Assessment for Infrastructure and Operations" considers the I&O-specific processes.

How to Use the Assessment

Application leaders and managers should use the "Toolkit: Maturity Assessment for Application Organizations" to assess their current capabilities, determine where improvements will add value and establish a plan to advance the organization. Although useful to get a point-in-time assessment, high-performing application organizations regularly conduct reassessments to track progress and detect changes in effectiveness. Once you have taken the assessment, compare your results to other organizations (see "Maturity Trends in Applications: 2007 Assessment Results"). Unlike models that assess discrete activities, such as application development, the processes and practices used in the overall management of the application function cover a broader spectrum and touch a greater number of people in the application organization. Maturity of any individual discipline will not guarantee the effectiveness of the application organization, so it is important to assess the full spectrum of disciplines. The processes and practices behind these disciplines also affect relationships with other IT units, business partners and vendors. The eroding impact of aberrant processes may not be recognized for some time, and, likewise, the positive impact of improvements takes time to manifest. This maturity assessment provides an opportunity to proactively recognize and address process improvement opportunities. Most organizations demonstrate some variation in maturity among the eight discipline categories. Even in the most-chaotic application organizations we have reviewed, pockets of maturity exist. An organization can (and might) do well in any major discipline category listed above, or, because of substantial opportunities for improvement, the organization might choose to advance horizontally across one category. Other organizations may choose to use each level to target their improvements. Level 5 may not be an appropriate aspiration for every application organization in every category. Some will see diminishing returns for investing in that degree of advancement. As some have done with CMM/Capability Maturity Model Integrated (CMMI), some application organizations may choose to go beyond Level 3 in a category only on an informal basis and not perform all the activities listed for Level 4 or Level 5. This maturity assessment is intended to assess application disciplines overall and should complement, rather than replace, the IT Infrastructure Library, CMMI, Organizational Project Management Maturity Model or other models that may be used for specific application activities. This maturity assessment provides a summary-level set of characteristics that an organization should ascribe to as it matures.

RECOMMENDED READING
"Maturity Trends in Applications: 2007 Assessment Results" "Toolkit: Maturity Assessment for Application Organizations"

Publication Date: 29 July 2008/ID Number: G00159882 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

Page 5 of 6

REGIONAL HEADQUARTERS
Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 U.S.A. +1 203 964 0096 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo 153-0042 JAPAN +81 3 3481 3670 Latin America Headquarters Gartner do Brazil Av. das Naes Unidas, 12551 9 andarWorld Trade Center 04578-903So Paulo SP BRAZIL +55 11 3443 1509

Publication Date: 29 July 2008/ID Number: G00159882 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

Page 6 of 6