Go to top of page

Capability maturity model findings

The second method for assessing and understanding organisational capability in the APS uses a capability maturity model. This seeks to place organisational capabilities into a standard and comparable structure that allows an agency's senior leadership to assess the maturity of a particular capability area to establish priorities for improvement. Critically, this approach applies to all agencies and over time can be used to assess areas of concern arising from the capability review program more systemically. A limitation of the model, however, is that results are based on agency self-assessments.

At the APS level, the capability maturity approach offers:

  • a view of collective areas of capability strength and weakness across the service
  • an understanding of where to target collective effort to improve organisational capability
  • a common language for assessing and benchmarking organisational capabilities across the service
  • a flexible framework that allows new capabilities to be standardised and assessed.

In 2013, agencies were asked to assess their agency against eight organisational capabilities. These capabilities reflect the broad systemic issues identified in the capability review program (as outlined earlier). Where possible, the capabilities were matched to those assessed using a similar capability model approach in 2011. It was possible to match six issues identified by the review program with agency assessments made in 2011—stakeholder engagement, strategic planning, risk management, change management, workforce planning and staff performance management. The remaining two issues—decision making delegation and internal resource allocation—were new capabilities identified through capability reviews.

A five-level maturity continuum was developed for each capability based on these levels3:

  • Level 1 (Awareness)—recognition by the agency that this capability is important but that the agency does not have processes for putting this into practice.
  • Level 2 (General acceptance)—general acceptance across the agency that this capability needs to be developed with pockets of good practice.
  • Level 3 (Defined)—standard methodologies and processes are in place to build the capability.
  • Level 4 (Managed)—the capability is linked with other strategies to drive business outcomes and the organisation frequently consults with stakeholders, academia and key experts in developing policy, delivering service and reviewing outcomes.
  • Level 5 (Leader/Excellence)—the capability is embedded in the agency's culture, it is outward facing, anticipating policy demands and responding with agility. There is a continual process of evaluation and review and readjustments are made that have measurable benefits.

The maturity model allows two views of organisational capability. The first offers a global assessment of current and required maturity in 2013 against the eight capabilities. This provides a systemic perspective of agency capability that allows collective strengths and weaknesses to be identified. It also provides a focus for developing collective approaches to improving performance. The second view examines shifts in capability between 2011 and 2013. While the drivers of these shifts would require more detailed investigation, they offer a perspective on areas where agencies have shown persistent concerns about capability levels.

Figure 10.1 shows that the majority of agencies assessed their current maturity at Level 3 or below across all capabilities. Level 3 refers to a situation where the agency typically understands the business importance of the capability and has policies and processes in place to support the way the capability contributes to achieving agency outcomes. This is also likely reflected in an emphasis on workforce development and the establishment of standard processes. These processes are typically described more rigorously and are more widely adopted across the agency than at lower levels of maturity.

For workforce planning, the majority of agencies assessed their current capability at Level 2 (38%), while another 14% assessed it at Level 1. Level 1 refers to a situation where the agency does not provide a stable environment to support the delivery of workforce planning, expertise is concentrated in a few individuals and success is likely to be due to individual efforts rather than proven processes.

Figure 10.1 Agencies' assessed current maturity, 2012–13

Source: Agency survey

Agencies were also asked to assess the level of maturity they required over the next three years to meet organisational outcomes. Figure 10.2 shows agencies identified that considerable improvements were necessary, with the majority indicating they needed to move from a current capability level of 2 or 3 (Figure 10.1) to required levels of capability of 4 or 5 (Figure 10.2). This represents a considerable organisational shift from having some systemic approaches to managing the capability to having well-defined processes embedded in the agency's operational practice. The largest improvements identified by agencies were for the three capabilities assessed as least developed—staff performance management, workforce planning and change management.

Figure 10.2 Agencies' assessed required maturity, 2012–13

Source: Agency survey

Table 10.2 provides a perspective on the extent to which the capability assessments made in 2011 have matured over the past two years.4

It shows that the proportion of agencies indicating their capability maturity was at an appropriate level to meet their needs increased from 2011 to 2013 on staff performance management, strategic planning and stakeholder engagement. The increase was slight for staff performance management and considerable for strategic planning and stakeholder engagement.

The proportion of agencies reporting they needed to mature two or more levels above their assessment of current capability decreased from 2011 to 2013 for staff performance management, change management, risk management, strategic planning and stakeholder engagement.

Results for workforce planning are discussed in more detail in Chapter 6. The Commission has invested substantial effort into working with agencies to improve workforce planning. There has been a considerable increase in the proportion of agencies with a documented workforce plan—from 27% in 2011 to 42% in 2013—however considerable process and skill gaps are still to be addressed before agency workforce planning capability is consistently delivering value to agency business decision making. The capability comparison between 2011 and 2013 and the persistent finding of weakness in workforce planning through the capability review process suggest that efforts to improve this capability should be sustained.

Table 10.2 Organisational capability assessments, 2011 and 2013
Capability At required level

(% of agencies)
Need to mature one level

(% of agencies)
Need to mature two or more levels

(% of agencies)
2011 2013 2011 2013 2011 2013
Source: Agency survey
Staff performance management 25 27 40 44 34 28
Workforce planning 19 14 34 39 47 47
Change management 26 23 36 44 38 32
Risk management 32 28 48 54 18 16
Decision making delegation n/a 51 n/a 44 n/a 5
Internal resource allocation n/a 29 n/a 52 n/a 16
Strategic planning 23 40 52 39 25 20
Stakeholder engagement 23 32 43 40 33 25

At the APS level, these shifts in capability maturity, when combined, suggest that in the capability areas of staff performance management, strategic planning and stakeholder engagement there has been a general evolution to a higher level of maturity since 2011. However, with change management and risk management capabilities, a considerable proportion of agencies still indicate they need to improve the processes that support delivery of these capabilities.

The maturity model approach to understanding and assessing organisational capability describes an evolutionary path in the development of APS capabilities, which contributes to enhancing the strategic business performance of agencies. The approach allows the systemic issues identified in the more detailed capability review program to be assessed across the broader APS agency population and, in large part, reinforces the view that capability strengths and weaknesses are shared across the service. Both the review program and maturity model methods provide a view on the maturity of the practices and processes that support the development of agency capability and focus, at both agency and APS levels, on prioritising plans that continuously improve performance.

Department of Defence: Enterprise risk management

In 2012–13, Defence strengthened its enterprise risk management framework. Defence has a large number of diverse risks at all levels and uses a range of systems and tools to manage these.

All were based on the international standard and most were reasonable and some best practice. However, Defence did not have a system in place that allowed senior leaders to identify and manage risks from a whole-of-enterprise perspective.

To address this, Defence did not impose a single risk management process or amalgamate all risks within Defence into a few mega-risks. The diversity of work and cultures across the organisation means that different approaches to risk management are appropriate. Instead, Defence focused characterising the material risks to the enterprise as a whole, and on standardising the way in which information on these risks is brought together for senior-level consideration and action. In other words, Defence did not build a risk register, but rather a basis for making decisions around major risks.

Senior leaders are now able to engage in regular, detailed discussion about each of Defence's 12 most significant risks and the controls relied on to reduce vulnerability to these risks. Meetings of the Defence Committee will focus on one risk each time. This is called a ‘deep-dive’ and it builds a robust understanding of the nature of the enterprise risk and what actions are needed to increase the organisation's resilience to the risk. Where control improvements are required, a Senior Executive Service Band 1 is held accountable and must report quarterly against specific benchmarks.

Distinguishing features of Defence's enterprise risk management framework are:

  • early and regular engagement with Defence's most senior leadership
  • focus on a small set of the most critical risks only
  • use of plain English information and a single method and language to enable more productive discussions
  • assess controls as well as risks, since it is largely control that Defence depends on to prevent or minimise unwanted events
  • as it is not shelf ware the risk assessment directly links risk into enterprise planning and resourcing, and control improvements and measures identified through the enterprise risk management process directly inform planning and target-setting decisions, which are then monitored in Defence's annual plan
  • individual accountability for officers (Risk Stewards and Control Owners) explicitly identified as responsible for routinely assessing and managing risks and controls.

Enterprise risk management supports Defence management in numerous ways: it enables the senior leadership team to prioritise resource allocation; it promotes accountability by clearly identifying those responsible for managing risks and controls; and it fosters a culture of cross-functional communication across group and service boundaries. The approach adopted by Defence did not require developing fundamentally new knowledge or complex risk management systems or tools.


3 The eight capabilities assessed in 2013 are included at Appendix 6.

4 The capabilities of internal resource allocation and decision making delegation were not assessed in 2011; consequently, no comparative information is available.