68

should agree on a common goal they want to achieve by implementing the

measures. This corresponds to the choice of how to derive the to-be-status.

• Information sources:The final structural components are the allowed sources of

information. Which persons or positions ought to be interviewed (employees,

managers, executives, etc.) and should external cross-functions also be part of

the process (neighbour departments, suppliers, etc.)? Which IT systems shall

be considered and are there any standard reports that can be used? Usually a

set of data will firstly be put together by the assessed unit itself by using reports

from systems and self-assessments. This could be completed by information

from external parties such as the production departments as internal clients to

allow a double-check. Gathering information from external parties also often

helps to uncover possible weaknesses and create internal awareness of them.

The content describes the criteria that separate a good and a poor execution

of the focal function. The content defines the extension of the topics that are taken

into consideration. Those topics have to be selected, structured and well defined and

represent the heart of the assessment model.

• Covered topics: For example, in purchasing and procurement, five chapters

could be looked at: organisation & competences, goal setting & controlling,

strategic core processes (analysis, strategy, and realisation), supplier management

and process integration. For each of those areas certain criteria must be defined.

Which topics are covered depend very much on what is understood under the

focal function and what the goals of the assessment are or which pain-points

have to be tackled. Reference models such as the SCOR model can help to

define the scope precisely and with a cross-company dimension.

• Best practices: When the covered topics are seen as the vertical axis of a set

of criteria, then the corresponding best practices mark the highest value of the

horizontal axis. This means, for every topic and criterion at least the best possible

characteristic has to be set by a complete maturity assessment model. In case of

CMMI and many other models all of the criteria leading up to this best practice,

have to be met in order to achieve the highest maturity level. An example for

a best practice in the criterion “supplier risk management” as part of supplier

management could be the provision of a thorough risk-analysis for each supplier.

• Documents of evidence: Documents of evidence are mostly used, as the

name suggests, as evidence to proof that certain criteria are fulfilled by an

assessed unit or organisation. The depths of the description depend on the

degree of standardisation of the procedures and documents used. As this

last point is often the goal of maturity assessments, it is crucial to find the

right degree of detail. Sometimes it is necessary to check the documents of

evidence carefully to detect deceit. For example, it might be useful to double

check provided reports with other data in the system or check the creation

date of a document in the properties. A document of evidence for the criterion

“supplier risk management” could be a risk analysis for selected suppliers

(selection criterion: highest purchasing volumes and/or random selection).