In I.T. there are a number of process-based certifications that organizations can obtain based on standards like ISO-9001, ITIL via ISO 20000, and CMMI. The process of qualifying for a certification is similar across these standards: the organization defines and/or revises their internal processes to comply with the requirements of the standard, documents these processes, and then goes through an external audit on a periodic basis to demonstrate compliance and obtain or maintain the certification. I have written previously about the drawbacks of formal audits which is an accompanying issue, but today I just want to focus on my concerns with the idea of organizational process certification in general.
To be clear, I am not talking about process certifications for individuals like the popular Certified ScrumMaster and Project Management Professional. I view these certifications as recognition of a person achieving a certain level of knowledge with a particular process - what the person does with this information is entirely up to them. (The value of these certifications is a completely separate debate I do not want to get into today.)
So what is my key issue with organizational process certification? It stems from my passion for continuous improvement. In my mind there is a fundamental mismatch between a true culture of continuous improvement, such as I have read about regarding Toyota in books like The Toyota Way by Jeffrey Liker, and the requirement to comply with a particular process to maintain certification. Continuous improvement may identify activities or aspects of the process that can be altered or eliminated due to lack of value (waste, in lean terms), but if these aspects are required by the certification, then the certification itself becomes an impediment to change.
One example comes from software development teams starting with Scrum and then inspecting and adapting their process as they proceed (which is a key aspect of Scrum). Some teams end up with an arguably different Agile process such as Kanban that can no longer be called Scrum, and other teams end up with some hybrid version of Scrum that may or may not be as effective, but may be more achievable given the limitations of the organizational context. (Jeff Sutherland, co-creator of Scrum, derisively labels limited adoptions as "ScrumButt".) The frequent debates that occur as to whether such teams are really doing Scrum are lively but largely irrelevant to the more important question of whether such teams are as effective and successful as they can be. This dynamic would look completely different if a team or organization was required to use Scrum via formal certification (something, fortunately, I have not heard of happening.) Then the question of effectiveness would take a back seat to the question of compliance.
The Asian philosophical concept of yin-yang seems to be the source of inspiration for the Japanese attitude that avoids this mismatch between process compliance and continuous improvement. This viewpoint holds that a process represents the best way known at this point in time to accomplish an objective, but to always search for a better process via continuous improvement. In my readings regarding Toyota and lean thinking, it appears that continuous improvement is the ultimate priority which all processes are subordinate to.
Some standards claim to be process-neutral in the sense that they do not require a specific process. For example CMMI specifies many process areas with objectives that must be met (the what), but allows you to specify the process that meets the objective (the how). However, the requirement to meet the objectives and to produce the evidence necessary to demonstrate that the objectives have been met both introduce significant constraints on what your processes are. In addition, in my experience the CMMI appraisers / consultants seem to have a bias towards particular processes being used. As a result pursuing such standards tends to push organizations towards a certain set of practices that may or may not be appropriate.
Just because I do not like process certifications does not mean I do not like the underlying standards. There are a lot of good ideas embedded in standards like ITIL and CMMI. But there are also aspects I think are often inappropriate depending on the context. Certification prevents you from intelligently picking and choosing - the full standard is forced upon you.
If you find this article helpful, please make a donation.