Management  Review

Management means Senior Management or High-level Management

The term 'Management' in CMMI-SVC context refers to Senior Management or High-level Management. This includes an individual or group possessing the organizational authority and accountability to:

• Establish, approve, and authorize organizational policies and standards for service delivery.

• Allocate and commit resources (personnel, funds, infrastructure) needed to implement policies and achieve service objectives.

• Resolve issues that are beyond the scope or authority of operational or project management.

They typically review the effectiveness and health of the organization's standard service processes and the overall performance of the service delivery system, rather than engaging in the daily execution or detailed technical management of specific projects or programs.

Large and Medium Sized Organization

In Large or Medium-Sized Organizations, establishing the High-Level Management for CMMI-SVC is based on functional authority, not merely a reporting title. This role, often referred to as Senior Management, is typically held by an individual or group that is:

• Accountable for the organizational business objectives and performance of the entire service delivery domain.

• Authorized to establish, approve, and institutionalize organizational standard service processes (Policy Setting Authority).

• Authorized to commit organizational resources (e.g., infrastructure budget, strategic personnel/training) beyond the scope of a single program or project.

This level is usually one or two steps removed from the day-to-day operational management (e.g., Project/Program Managers). For instance, the Vice President or Director overseeing all service delivery who reports to the C-Suite and holds the policy-setting authority is often the correct choice.

The PMO (Project/Program Management Office) or the Service Management Office is typically excluded from this role, as their function is generally operational (managing execution, resource deployment, and process compliance), lacking the necessary organizational strategic policy and resource commitment authority.

Small Organizations

In Small or Tiny Organizations (where staff take on multiple roles), Senior Management is defined by the individual or small group that possesses ultimate organizational authority over the service delivery function. This could be:

• The CEO, Owner, or Managing Partner.

• The Delivery/Service Head who reports directly to the CEO and has full authority to define the organization's service policies and commit necessary resources.

The Key Criteria Remains Authority: This person or group must be empowered to establish and change organizational standard service processes and authorize significant resource allocation for service improvements.

Crucially, the QA Head typically reports to Senior Management (to ensure independence) but does not generally serve as a voting member of the Senior Management body when that body is performing the high-level decision-making and policy-setting functions required by CMMI. Their input is presented, but their role is assurance, not management resolution.

The frequency of Management Reviews (MR) in a short-cycle service environment is primarily determined by the organizational service cadence and the need for timely governance oversight before systemic issues become irreversible. CMMI supports two primary cadences:

1. Periodic Reviews: These reviews are scheduled to coincide with the natural operational rhythm of the service projects.

   • Typical Cadence for Short Projects: For services spanning one month or less, the periodic review is often conducted Monthly, Bi-Weekly, or, most effectively, at the close of a specified service cycle (End-of-Service Review). This ensures that lessons learned, aggregate resource consumption, and systemic compliance data are reviewed promptly.

2. Event-Driven Reviews: These are mandatory, immediate reviews triggered by high-impact events that threaten business objectives, serving as a critical governance check.

   • Relevant Events: These are often set based on thresholds, such as the breach of a critical organizational performance metric, a major process non-compliance finding by QA, or the initiation of a new organizational strategic objective that requires resource commitment.

The frequency must be high enough to allow Senior Management to govern, not just audit, the service system effectively, given the rapid turnaround of the services.

Caveat for Large and Traditional Organizations

In contrast to the rapid-cycle approach of smaller firms, large organizations and government contractors typically adhere to a more formal and less frequent cadence for Management Reviews (GP 2.10). This approach is necessary due to the hierarchical structure, the complexity of cross-organizational resource allocation, and the long duration of service programs.

1. Periodic Reviews: These are scheduled to coincide with business planning and financial reporting cycles.

   • Typical Cadence: Quarterly (every three months) or Semi-Annually (every six months). This frequency ensures that the Senior Management team reviews summarized, aggregated performance metrics across portfolios or business units, allowing for decisions on large-scale organizational policy changes, infrastructure investment, and long-term risk mitigation.

2. Event-Driven Reviews: These remain critical but are triggered only by events with significant strategic or financial impact on the organization as a whole.

   • Relevant Events: Examples include the failure of a critical service system component, an adverse external audit report, or a major, systemic organizational risk (e.g., security breach, compliance failure) that demands immediate resource commitment from the executive level.

The fundamental difference lies in tempo and scope: large organizations review for strategic stability and organizational governance, while small, rapid environments review for timely tactical adjustment and immediate process health.