This chapter provides techniques for evaluating and quantifying an organization's maturity in Enterprise Architecture.
Organizations that can manage change effectively are generally more successful than those that cannot. Many organizations know
that they need to improve their processes in order to successfully manage change, but don't know how. Such organizations typically
either spend very little on process improvement, because they are unsure how best to proceed; or spend a lot, on a number of
parallel and unfocused efforts, to little or no avail.
Capability Maturity Models (CMMs) address this problem by providing an effective and proven method for an organization to
gradually gain control over and improve its change processes. Such models provide the following benefits:
They describe the practices that any organization must perform in order to improve its processes
They provide a yardstick against which to periodically measure improvement
They constitute a proven framework within which to manage the improvement efforts
They organize the various practices into levels, each level representing an increased ability to control and manage the
An evaluation of the organization's practices against the model - called an "assessment" - determines the level at which the
organization currently stands. It indicates the organization's ability to execute in the area concerned, and the practices on which
the organization needs to focus in order to see the greatest improvement and the highest return on investment. The benefits of CMMs
to effectively direct effort are well documented.
The Software Engineering Institute (SEI) - www.sei.cmu.edu operated by
Carnegie Mellon University - developed the original CMM (Capability Maturity Model) for Software (SWCMM) in the early 1990s, which
is still widely used today. This CMM provided a framework to develop maturity models in a wide range of disciplines.
The increasing interest in applying these techniques to other fields has resulted in a series of template tools which
The state of the architecture processes
The organization's buy-in to both
The main issues addressed by these models include:
Process implementation and audit
They involve use of a multiplicity of models, and focus in particular on measuring business benefits and return on
A closely related topic is the Architecture Skills Framework (see 46. Architecture Skills
Framework), which can be used to plan the target skills and capabilities required by an organization to successfully
develop and utilize Enterprise Architecture, and to determine the training and development needs of individuals.
45.3 US DoC ACMM Framework
As an example of the trend towards increased interest in applying CMM techniques to Enterprise Architecture, all US Federal
agencies are now expected to provide maturity models and ratings as part of their IT investment management and audit
In particular, the US Department of Commerce (DoC) has developed an Architecture Capability Maturity Model (ACMM)
to aid in conducting internal assessments. The ACMM provides a framework that
represents the key components of a productive Enterprise Architecture process. The goal is to enhance the overall odds for success
of Enterprise Architecture by identifying weak areas and providing a defined evolutionary path to improving the overall
The ACMM comprises three sections:
The Enterprise Architecture maturity model
Enterprise Architecture characteristics of operating units' processes at different maturity levels
The Enterprise Architecture CMM scorecard
The first two sections explain the Architecture Capability maturity levels and the corresponding Enterprise Architecture element
and characteristics for each maturity level to be used as measures in the assessment process. The third section is used to derive
the Architecture Capability maturity level that is to be reported to the DoC Chief Information Officer (CIO).
45.3.2 Elements of the ACMM
The DoC ACMM consists of six maturity levels and nine architecture elements. The six levels are:
The nine Enterprise Architecture elements are:
Senior management involvement
Operating unit participation
IT investment and acquisition strategy
Two complementary methods are used in the ACMM to calculate a maturity rating. The first method obtains a weighted mean
Enterprise Architecture maturity level. The second method shows the percentage achieved at each maturity level for the nine
45.3.3 Example: Enterprise Architecture Process Maturity Levels
The following example shows the detailed characteristics of the Enterprise Architecture maturity levels as applied to each of
the nine elements. For example, Level 3: Defined, point number 8 (Explicit documented governance of majority of IT investments)
shows Maturity Level 3's state for Element 8 (Architecture Governance).
Level 0: None
No Enterprise Architecture program. No Enterprise Architecture to speak of.
Level 1: Initial
Informal Enterprise Architecture process underway.
Processes are ad hoc and localized. Some Enterprise Architecture processes are defined. There is no unified architecture
process across technologies or business processes. Success depends on individual efforts.
Enterprise Architecture processes, documentation, and standards are established by a variety of ad hoc means and are
localized or informal.
Minimal, or implicit linkage to business strategies or business drivers.
Limited management team awareness or involvement in the architecture process.
Limited operating unit acceptance of the Enterprise Architecture process.
The latest version of the operating unit's Enterprise Architecture documentation is on the web. Little communication exists
about the Enterprise Architecture process and possible process improvements.
IT security considerations are ad hoc and localized.
No explicit governance of architectural standards.
Little or no involvement of strategic planning and acquisition personnel in the Enterprise Architecture process. Little or no
adherence to existing standards.
Level 2: Under Development
Enterprise Architecture process is under development.
Basic Enterprise Architecture process is documented based on OMB Circular A-130 and Department of Commerce Enterprise
Architecture Guidance. The architecture process has developed clear roles and responsibilities.
IT vision, principles, business linkages, Baseline, and Target Architecture are identified. Architecture standards exist, but
not necessarily linked to Target Architecture. Technical Reference Model (TRM) and Standards Profile framework established.
Explicit linkage to business strategies.
Management awareness of architecture effort.
Responsibilities are assigned and work is underway.
The DoC and operating unit Enterprise Architecture web pages are updated periodically and are used to document architecture
IT security architecture has defined clear roles and responsibilities.
Governance of a few architectural standards and some adherence to existing Standards Profile.
Little or no formal governance of IT investment and acquisition strategy. Operating unit demonstrates some adherence to
existing Standards Profile.
Level 3: Defined
Defined Enterprise Architecture including detailed written procedures and TRM.
The architecture is well defined and communicated to IT staff and business management with operating unit IT responsibilities.
The process is largely followed.
Gap analysis and Migration Plan are completed. Fully developed TRM and Standards Profile. IT goals and methods are
Enterprise Architecture is integrated with capital planning and investment control.
Senior management team aware of and supportive of the enterprise-wide architecture process. Management actively supports
Most elements of operating unit show acceptance of or are actively participating in the Enterprise Architecture process.
Architecture documents updated regularly on DoC Enterprise Architecture web page.
IT security architecture Standards Profile is fully developed and is integrated with Enterprise Architecture.
Explicit documented governance of majority of IT investments.
IT acquisition strategy exists and includes compliance measures to IT Enterprise Architecture. Cost benefits are considered in
Level 4: Managed
Managed and measured Enterprise Architecture process.
Enterprise Architecture process is part of the culture. Quality metrics associated with the architecture process are
Enterprise Architecture documentation is updated on a regular cycle to reflect the updated Enterprise Architecture. Business,
Data, Application, and Technology Architectures defined by appropriate de jure and de facto standards.
Capital planning and investment control are adjusted based on the feedback received and lessons learned from updated Enterprise
Architecture. Periodic re-examination of business drivers.
Senior management team directly involved in the architecture review process.
The entire operating unit accepts and actively participates in the Enterprise Architecture process.
Architecture documents are updated regularly, and frequently reviewed for latest architecture developments/standards.
Performance metrics associated with IT security architecture are captured.
Explicit governance of all IT investments. Formal processes for managing variances feed back into Enterprise Architecture.
All planned IT acquisitions and purchases are guided and governed by the Enterprise Architecture.
Level 5: Measured
Continuous improvement of Enterprise Architecture process.
Concerted efforts to optimize and continuously improve architecture process.
A standards and waivers process is used to improve architecture development process.
Architecture process metrics are used to optimize and drive business linkages. Business involved in the continuous process
improvements of Enterprise Architecture.
Senior management involvement in optimizing process improvements in architecture development and governance.
Feedback on architecture process from all operating unit elements is used to drive architecture process improvements.
Architecture documents are used by every decision-maker in the organization for every IT-related business decision.
Feedback from IT security architecture metrics are used to drive architecture process improvements.
Explicit governance of all IT investments. A standards and waivers process is used to make governance-process
No unplanned IT investment or acquisition activity.
As explained in this chapter, in recent years the industry has witnessed significant growth in the area of maturity models. The
multiplicity of models available has led to problems of its own, in terms of how to integrate all the different models to produce a
meaningful metric for overall process maturity.
In response to this need, the SEI has developed a Framework called Capability Maturity Model Integration (CMMI), to provide a
means of managing the complexity.
According to the SEI, the use of the CMMI models improves on the best practices of previous models in many important ways, in
particular enabling organizations to:
More explicitly link management and engineering activities to business objectives
Expand the scope of and visibility into the product lifecycle and engineering activities to ensure that the product or service
meets customer expectations
Incorporate lessons learned from additional areas of best practice (e.g., measurement, risk management, and supplier
Implement more robust high-maturity practices
Address additional organizational functions critical to its products and services
More fully comply with relevant ISO standards
CMMI is being adopted worldwide.
45.4.2 SCAMPI Method
The Standard CMMI Appraisal Method for Process Improvement (SCAMPI®) is the appraisal method associated with CMMI. The
SCAMPI appraisal method is used to identify strengths, weaknesses, and ratings relative to CMMI reference models. It incorporates
best practices found successful in the appraisal community, and is based on the features of several legacy appraisal methods. It is
applicable to a wide range of appraisal usage modes, including both internal process improvement and external capability
The SCAMPI method definition document describes the requirements,
activities, and practices associated with each of the processes that compose the SCAMPI method.
This section has sought to introduce into the TOGAF standard the topic of CMM-based methods and techniques for use in relation
to Enterprise Architecture.
The benefits of using CMMs are well documented. Future versions of the TOGAF standard may include a maturity model to measure
adoption of the TOGAF standard itself.