Interpretation Issues

In general, the team could apply CMMI practices with a comfortable understanding of the intent. The team encountered a few interpretation issues in trying to understand and apply the model. A few times the information contained in the practices caused a bit of confusion or struggle in interpretation. Some of the examples involved the application of generic practices to certain PAs.

One example of an interpretation issue was the application of generic practice (GP) 2.2 in some of the PAs. GP 2.2 states "Establish and maintain the requirements and objectives, and plan for performing the process." The model elaborates the meaning of GP 2.2 with, "In some CMMI PAs, there are specific practices that also talk about developing strategies or plans. This generic practice addresses overall planning for the entire PA, whereas the specific practices address a topic for more detailed or focused planning."

In applying GP 2.2 to the Risk Management PA, it was difficult to distinguish the overall plan for risk management and the strategy for risk management. Elaboration of the PA indicates that the risk management strategy addresses risk sources, categories, parameters, and management control and reporting requirements; whereas the plan for risk management addresses high-level planning for all the risk management activities.

In the Risk Management PA, GP 2.1 discusses documenting policy for the risk management process, specific practice 1.3 discusses documenting risk strategy (typically) in a project risk management plan and specific practice 3.1 discusses documenting risk mitigation plans for (important) risks.

In a documentation hierarchy, it would be expected that project risk documentation would flow in an increasing level of detail from a risk management policy to a risk management strategy (plan) to risk management mitigation plan(s).

It was not clear where the GP 2.2 documentation of requirements, objectives, and plans for risk management would fall in these three document layers. Would it be a higher level than policy, or is policy equivalent to a requirement and objective? Would it fall below policy and above strategy?

USA does not believe in performing activities or creating artifacts for the sake of CMMI satisfaction, but rather in applying the practices in a sensible manner that suits the business. If the CMMI practice is a reasonable practice that would help the business and support achievement of goals, then the practice would be adopted. In this example, the USA documentation exists for the policy, strategy, and risk mitigation plans. However, it was unclear if GP 2.2 would require something more or different.

Note: In CMMI v1.1, additional informative material has been added to clarify, where needed, how the plans described in GP 2.2 relate to the plans described in the specific practices. The Risk Management PA is one example of where this confusion has been addressed.

In addition to GP 2.2, the application of GP 2.8 was awkward at times for some of the PAs. Generic practice 2.8 states "Monitor and control the process against the plan and take appropriate corrective action." In applying GP 2.8 to the Project Monitoring and Control PA, it was difficult to determine what type of monitoring and controlling would be performed for the monitoring and controlling process. This seemed similar to some of the "unnatural" or forced measurement of processes that are not naturally conducive to meaningful measurement, just as some of the "contrived" measurements were awkward in the SW-CMM for measuring the status of activities that may not normally be measured or useful.