Process Management

Is organizational certification the key to unlocking the true value of processes?

Processes and standards form the backbone of quality, consistency, and innovation in the automotive industry. When they are well-designed, integrated, and used, they become powerful tools for managing complexity, enabling collaboration, assuring quality, and ensuring long-term success.

Yet, many organizations still use only a fraction of the potential which lies in process management. One recurring pattern illustrates this clearly: process improvement initiatives are launched within individual projects, driven by the immediate need for compliance or certification. Once the project goal is achieved, the motivation fades. The processes lose relevance, are not actively maintained, and ultimately disappear from everyday operations.

This isn’t just a theory. It’s a reality that many professionals in the automotive domain have observed, and I have witnessed it myself as well. 

During my time selling process management software, I often encountered this scenario: Customers purchased the software-tool to prepare and pass a certification audit (e.g., ASPICE). Once certified, however, many did not renew the maintenance contract of the software licenses. Why? Because the software, and more importantly, the defined processes within it were no longer being used. The short-term goal was met. But the long-term value of continuous process management was never realized.

The lesson? Certification was seen as an end, not a means to an ongoing improvement journey, although maturity models like CMMI or ASPICE target exactly that.

The Limits of Project-Centric Approaches
Certifications based on projects often only have a limited effect:

• Isolated improvements: Benefits and learnings often remain confined to one project and are not rolled out across the organization.
• Lack of continuity: Once a project ends, there is no structured way to ensure process evolution, or reuse. Roles shift, and process responsibilities are often left behind — unstaffed and quickly forgotten.
• Missing Management Support: Management may not even hear or see much of such initiatives. If they do, they may support the initiative during the project phase but lose interest once the audit is over.

The result? Processes that aren’t embedded or sustained.

Why Process Initiatives Fail to Take Root
From what I’ve observed, there are a few common root causes:

• Process ≠ Practice: Many modeled processes reflect the required standards but not how work is actually done. This leads to poor adoption or even rejection.
• No strategic anchor: Without clear alignment to business goals, initiatives struggle to gain lasting support from leadership.
• Siloed definitions: Processes are often defined by one function (e.g., Engineering or Quality) without cross-functional collaboration.
• Lack of governance: There's no process management infrastructure to ensure ownership and continuous improvement.
• Disconnected interfaces: Process handovers between departments or disciplines are poorly defined, resulting in friction.

These issues are not exclusive to the automotive industry but are especially impactful in complex, regulated environments.

The Case for Organizational-Level Certification
Organizational certifications, such as ASQMS (Automotive Software Quality Management System) or OMM (Organizational Maturity Model), take a broader view. They don’t just look at project success; they examine how an organization as a whole develops and improves over time.

What makes them powerful:

• Strategic alignment: Organizational certifications require traceability to business goals and priorities.
• Leadership engagement: Top-down commitment becomes a necessity, not an option.
• Sustainable structure: These models demand process ownership, KPIs, and improvement mechanisms that extend beyond a single project.
• Cross-functional collaboration: Organizational initiatives make it easier to form cross-disciplinary teams and involve all key stakeholders — from Engineering to Quality to IT.
• Holistic process architecture: handovers between process areas and dependencies are considered as part of a unified process architecture.
• Silo-breaking effects: By working across units, organizational certifications help dismantle fragmented thinking and foster shared responsibility.
• External signaling: A mature, organization-wide certification sends a strong message to customers and partners about long-term capability.

The holistic perspective and the structural benefits mentioned – from leadership involvement to process architecture – facilitate the agility and speed in software development often referred to as "China Speed". Fast development cycles rely on clear processes, distinct responsibilities, and streamlined decision-making. But let’s be clear: even these certifications are not silver bullets. They must be implemented with care, realism, and a focus on long-term cultural change.

Why Organizational Audits Are Still Rare — and Why That Should Change
While organizational-level certifications offer promising solutions, they remain relatively uncommon in practice. Why?

• Significant Investment:Organizational audits are large-scale, resource-intensive undertakings, which consequently necessitate executive buy-in. 
• Lack of awareness: Many organizations are unaware of the long-term strategic benefits and view audits merely as compliance checkpoints.
• Fear of exposure: Broader assessments may reveal systemic weaknesses, which some leaders would rather avoid.

At the same time, companies across all industries must adapt to fast-changing regulatory, technological, and market-specific landscapes. For example, the upcoming EU Cyber Resilience Act (CRA) — binding from 2027 — introduces strict, cross-disciplinary demands that only organizations with integrated, agile quality systems will be able to meet efficiently. Meeting these demands requires the kind of embedded processes, clear responsibilities, and organizational agility that formal maturity initiatives and certifications are designed to establish. However, faced with the aforementioned challenges (significant investment, lack of awareness, fear of exposure), organizations too often limit their improvement efforts to standalone projects or the minimum scope required for project-level compliance. This project-centric approach, while perhaps perceived as less daunting, is inherently short-term focused and fails to build sustainable organizational capabilities. It disregards the inefficiency of repeatedly addressing systemic issues at a project level and prevents the necessary holistic transformation. Organizational certifications like OMM and ASQMS, in contrast, represent a more long-term, strategic decision aimed at building enduring maturity across the entire enterprise. They assess how process maturity is established and sustained across departments, programs, and leadership levels.

What makes ASQMS particularly attractive is its deliberately focused scope. By concentrating on software development, it targets the most pressing transformation challenge the automotive industry faces today. As software becomes the primary lever for differentiation and innovation, excellence in this domain will increasingly determine the success — or survival — of OEMs and suppliers alike.

Final Thought
An organizational certification with a more system-oriented approach than process assessment models and a scope deliberately focused on software — like ASQMS — can be a powerful catalyst for the kind of mindset shift that many companies have long postponed. By zeroing in on software, it addresses the most urgent transformation domain in today’s automotive industry, where innovation and quality increasingly depend on code.

But certification alone doesn’t create lasting change. It takes committed leadership, clear intent, and a shared understanding that process maturity is more than just passing an audit.

It’s up to trainers and consultants to foster this mindset — and up to organizations to approach certification not as a mere formality, but as an opportunity to build something sustainable.

Done right, ASQMS can mark the beginning of true transformation.

Why Process Management Organizations Are More Important Than Tools – A Practitioner's Perspective

Some years ago, an automotive manufacturer was confronted with a major challenge: Software and system development was to be brought back entirely in-house, after this task had been handled by suppliers for years. Stricter regulations and increasing liability risks provided the impetus for this.
The obvious thought: Internal development processes would enable better control, faster reaction to problems, and higher quality. However, reality looked different: Years of outsourcing had led to outdated, unstructured, and often contradictory processes. Furthermore, hundreds of software developers were acquired, who in turn worked according to their own, different processes.
A modern process management tool was intended to eliminate the chaos, but it became clear: A tool alone is not enough.

The Initial Situation: A Process Jungle.
An initial analysis as part of a process improvement project revealed massive shortcomings:

• The existing process documentation was confusing, far too extensive, and inconsistent.
• Responsibilities were unclear, and there was no overarching, uniform structure.
• Consequently, employees had difficulty familiarizing themselves with the processes and following them.

Furthermore, multiple tools and data sources for process management existed, which further complicated the situation. Introducing a uniform process management tool seemed to be the solution – but the real challenge was the process management organization.

What is a Process Management Organization?
A Process Management Organization defines responsibilities along processes instead of along departments – process owners/managers are responsible for the planning, implementation, and optimization of processes. Below are the key roles commonly found in a functioning process management system:

• Process Sponsor:

  • Responsible for strategic goals and budget
  • Supports the initiative and ensures prioritization

• Process Lead:

  • Takes overall responsibility for processes
  • Establishes standards and monitors compliance

• Process Owner:

  • Responsible for the content of specific processes
  • Works closely with experts (Subject Matter Experts, SMEs) who contribute specialized knowledge

• Process Manager or Designer:

  • Responsible for process structure and consistency
  • Defines rules for documentation and review

• Process Architect:

  • Coordinates the overarching process landscape
  • Prevents redundant or contradictory content

• Process Users (Project Teams):

  • Utilize processes in practice
  • Are supported by Process Coaches who answer questions and ensure effective use

• Engineering Process Group (EPG):

  • Central decision-making body for process development
  • Ensures fast decisions and harmonized processes 

The Reality in the Company?
Even though most roles were formally filled, the company faced typical problems: 

• Isolated Work in Silos:
  Subject matter experts worked independently of each other, leading to redundant and inconsistent processes.
• Lack of Decision-Making Structures:
  The EPG was too weak to enforce clear guidelines. Decisions were delayed or not made.
• Insufficient Communication:
  There was a lack of defined channels and structures, leading to misunderstandings and inefficient work.

A tool can make processes more efficient, but it does not replace a functional organizational structure. In other words: The meaningful use of a process management tool requires a functional organizational structure.

Conclusion: Process Management Starts with People.

Well-organized process management is the key to successful process improvement. Implementing a tool can support this – but only if the organizational foundations are sound:

• Clear Responsibilities:
  Each role must be defined and equipped with the necessary authorities.
• Effective Decision-Making Processe:
  A strong EPG ensures that decisions are made and implemented.
• Consistent Collaboration:
  Subject matter experts, process managers, and process architects must work closely together to create a harmonized process landscape.

The right roles, clear responsibilities, and effective communication are crucial for the success of a process improvement project. It is no coincidence that such projects often go hand in hand with organizational change projects – an approach that would have been sensible here but did not receive approval.

How Processes Are Truly Lived: Success Factors for Process Rollout

In many companies, processes are meticulously developed, yet only a few are truly effectively rolled out and used. They often exist only on paper, while employees ignore them or find them impractical. But what's the reason for this? A common cause is shortcomings during the introduction or improvement of processes.

So, what should companies consider if they want to design processes that are adopted and create value?

Involve All Relevant Stakeholders
Often, processes are defined by a small group without involving other stakeholders. Classic examples include:

• Processes developed by the quality department that align more with standards (like cybersecurity) than with the actual way of working in the company.
• Processes created by domain experts who possess deep theoretical knowledge but have little insight into practical implementation.

The consequence: Users don't feel involved and cannot or do not want to use the processes. Unaligned or collaboratively developed processes can actually complicate users' daily work. In the worst case, this leads to a boycott of the processes.
The solution: Processes should be defined in interdisciplinary teams that include all relevant stakeholders: Quality Management, IT, Management, Developers, Architects, and End Users. Only this way can processes be created that meet both standards and practical needs.

Tie Processes to Business Goals
A common practice is for processes to be created in individual departments without ensuring management approval and support. The effort to identify and communicate the value of processes is often avoided.

The consequence: Management views processes as unnecessary bureaucracy and does not actively support them. Without support from leadership, however, non-compliance with processes cannot be escalated or enforced.
The solution: Processes must be defined in a way that their connection to business goals is clear. For example:

• In case of quality problems, processes must be very detailed to reduce deviations and errors.
• In fast-growing companies, processes must be easily understandable so that new, international employees can adapt to them quickly.

The clearer this connection, the easier it is to gain management buy-in – ideally, announcements for the introduction of new processes come directly from top management. But that's not all: Only processes that are consistently aligned with business goals offer sustainable value. When used correctly, they can serve as a tool to steer companies and react flexibly to changing requirements and situations.

Ensure Training and Support
An often underestimated point is the training for processes and tools used for their management. The provision of corresponding budgets is often avoided.

The consequence: Even if processes are well-defined, users lack the knowledge of how to apply them in their day-to-day work.
The solution:

• Allocate time for training to explain processes and process management tools.
• Conduct hands-on training where users actively experience the process.
• Provide a central point of contact for questions and support.

Actively Promote Processes
Many process owners think it's enough to publish processes for them to be used. But that's not the case.

The consequence: New processes or process versions get lost because they are not sufficiently communicated. Employees are unsure whether to use them or don't even know they exist.
The solution: Implement internal marketing measures:

• Have announcements made by management.
• Create short explanatory videos or training sessions that make the process more accessible.
• Organize internal fairs, information booths, and newsletters.
• Integrate gamification elements like quizzes or rewards for the most/fastest feedback.

Plan for Feedback and Continuous Improvement
There is no perfect process. Therefore, it is extremely important that users have a simple means to provide feedback. Unfortunately, the structures and channels for this are often missing.

The consequence: Employees don't feel involved, see themselves merely as process consumers, and have no incentive to suggest improvements.
The solution:

• Create clear, simple ways to report errors, give praise, or submit improvement suggestions.
• Transparency: Users must be able to see how their feedback is processed.
• Regular updates that make improvements visible.

Tailor Processes to Projects and Programs
Many companies use generic, 200 % processes that consider all possible requirements. However, if only this complete process is provided, users get lost in it.

The consequence: Employees don't recognize which process components are relevant for their specific project. The scope of the overall process overwhelms users, leading to processes being neglected.
The solution:

• Processes must be tailored to projects or programs.
• Ideally, specific instances for individual projects are derived from a standard process.
• Example: A software project does not require functional safety. Thus, the corresponding tasks and roles related to security requirements should be removed from the process to make it leaner and more user-friendly.

Conclusion: Process Rollouts Require Strategy and Communication – and Effort
Processes should be developed with the participation of all stakeholders. They must be linked to business goals to gain management buy-in and provide business value. Training and communication are essential for the successful use of processes. Internal marketing measures increase acceptance and application. Processes should be tailored to programs or projects to make work easier for users.

If these principles are heeded, companies have a significantly higher chance that their processes are not just published but also truly lived.

Compliance & Standardization – Why Regulated Processes Foster Innovation Instead of Hindering It

Innovation through rule conformity? In an increasingly digitized world, not only the need for innovative products and services grows, but also the requirements for security, quality, and legal compliance. Companies must prepare for a variety of regulations to secure market access, minimize liability risks, and build trust. Particularly relevant are automotive industry standards such as ISO 21434 (Cybersecurity Engineering for Road Vehicles) and ISO 26262 (Functional Safety). With new regulations like the Cyber Resilience Act (CRA) in the EU or ASQMS in China, industry boundaries are being broken down. The CRA applies cross-industry to digital products, and ASQMS considers software quality and process security in the mobility sector regardless of vehicle system boundaries.

Many perceive these standards as bureaucracy or innovation hurdles. In fact, practical examples show: Those who strategically leverage standardization and compliance can accelerate innovation and secure competitive advantages.

Standardization in Times of Change
The importance of standardized processes is steadily increasing. The reasons for this are manifold:

• Increasing Cybersecurity Risks: Connected products require robust security architectures. Already in 2023, cybersecurity companies registered over 30 billion attacks on connected systems worldwide – equivalent to more than 80 million attacks per day. Standards like ISO 21434 or the CRA provide the basis for withstanding these attacks.
• Protection Becomes Mandatory: The CRA obliges companies to implement security-by-design and continuous security maintenance.
• Global Supply Chains: Uniform processes facilitate international collaborations and supplier audits. Standards like ASPICE form the basis for comparability of the quality of development processes.
• Customer Requirements: Certifications and demonstrable standards are increasingly becoming a market entry requirement. 

New Rules of the Game for Digital Security
With the CRA, the EU sets new standards: Companies must integrate security from the outset into their development processes, provide updates, and be liable for security flaws. The CRA thus joins the ranks of standards like ISO 21434 or ISO 26262 and reinforces the trend towards a binding security culture.

A Holistic Approach from China
The Chinese standard ASQMS (Automotive Software Quality Management Standard), which breaks down classic industry boundaries, is particularly interesting. Unlike many existing standards, ASQMS takes a holistic view of software development in the mobility sector and integrates quality, security, and agility within one framework. By consolidating essential aspects from numerous relevant standards (such as ISO 16949, ASPICE, UNECE regulations), it creates a platform for true innovation – not despite, but because of clearly defined guidelines.

Compliance as a Strategic Asset
Companies that understand Compliance not as an obligation, but as a strategic lever, benefit in multiple ways:

• Market Access & Legal Certainty: Certified processes accelerate product launches and reduce legal risks.
• Trust & Brand Strengthening: Compliant companies are considered more reliable and responsible.
• Quality & Efficiency: Structured processes reduce sources of error and maintenance effort.
• Innovation Capability: Clear standards create space for creative, agile solutions.

How to Achieve the Shift to Proactive Compliance?
The following success factors characterize modern Compliance strategies:

• Early Integration: Security requirements are considered from the outset – through interdisciplinary teams and Security-by-Design.
• Automation & AI: Compliance tools, automated testing, and AI-powered analytics (e.g., with AuditPro® from PEDCO) reduce effort and increase accuracy.
• Culture & Training: Compliance must be embedded in the culture. Training and awareness programs are indispensable.
• Agile Standardization: Standards must not be rigid – they must allow for innovation and remain flexibly adaptable.

Conclusion: Standardization as a Driver for Innovation
The idea that regulations hinder innovation is outdated. Properly understood, they form the foundation for sustainable, secure, and marketable products. Innovation requires freedom, but also a structured environment. Development happens in iterations, from which continuous learning occurs – provided that insights are systematically captured and evaluated. Good processes in conjunction with standards like ISO 21434, the CRA, or the forward-looking ASQMS help companies act more efficiently, faster, and more innovatively, and to continuously improve. Those who understand Compliance as an opportunity can shape the future.