Interesting Facts

Why Process Management Organizations Are More Important Than Tools – A Practitioner's Perspective

Some years ago, an automotive manufacturer was confronted with a major challenge: Software and system development was to be brought back entirely in-house, after this task had been handled by suppliers for years. Stricter regulations and increasing liability risks provided the impetus for this.
The obvious thought: Internal development processes would enable better control, faster reaction to problems, and higher quality. However, reality looked different: Years of outsourcing had led to outdated, unstructured, and often contradictory processes. Furthermore, hundreds of software developers were acquired, who in turn worked according to their own, different processes.
A modern process management tool was intended to eliminate the chaos, but it became clear: A tool alone is not enough.

The Initial Situation: A Process Jungle.
An initial analysis as part of a process improvement project revealed massive shortcomings:

  • The existing process documentation was confusing, far too extensive, and inconsistent.
  • Responsibilities were unclear, and there was no overarching, uniform structure.
  • Consequently, employees had difficulty familiarizing themselves with the processes and following them.

Furthermore, multiple tools and data sources for process management existed, which further complicated the situation. Introducing a uniform process management tool seemed to be the solution – but the real challenge was the process management organization.

What is a Process Management Organization?
A Process Management Organization defines responsibilities along processes instead of along departments – process owners/managers are responsible for the planning, implementation, and optimization of processes. Below are the key roles commonly found in a functioning process management system:

  • Process Sponsor:

    • Responsible for strategic goals and budget
    • Supports the initiative and ensures prioritization

  • Process Lead:

    • Takes overall responsibility for processes
    • Establishes standards and monitors compliance

  • Process Owner:

    • Responsible for the content of specific processes
    • Works closely with experts (Subject Matter Experts, SMEs) who contribute specialized knowledge

  • Process Manager or Designer:

    • Responsible for process structure and consistency
    • Defines rules for documentation and review

  • Process Architect:

    • Coordinates the overarching process landscape
    • Prevents redundant or contradictory content

  • Process Users (Project Teams):

    • Utilize processes in practice
    • Are supported by Process Coaches who answer questions and ensure effective use

  • Engineering Process Group (EPG):

    • Central decision-making body for process development
    • Ensures fast decisions and harmonized processes 

The Reality in the Company?
Even though most roles were formally filled, the company faced typical problems: 

  • Isolated Work in Silos:
    Subject matter experts worked independently of each other, leading to redundant and inconsistent processes.
  • Lack of Decision-Making Structures:
    The EPG was too weak to enforce clear guidelines. Decisions were delayed or not made.
  • Insufficient Communication:
    There was a lack of defined channels and structures, leading to misunderstandings and inefficient work.

A tool can make processes more efficient, but it does not replace a functional organizational structure. In other words: The meaningful use of a process management tool requires a functional organizational structure.

Conclusion: Process Management Starts with People.

Well-organized process management is the key to successful process improvement. Implementing a tool can support this – but only if the organizational foundations are sound:

  • Clear Responsibilities:
    Each role must be defined and equipped with the necessary authorities.
  • Effective Decision-Making Processe:
    A strong EPG ensures that decisions are made and implemented.
  • Consistent Collaboration:
    Subject matter experts, process managers, and process architects must work closely together to create a harmonized process landscape.

The right roles, clear responsibilities, and effective communication are crucial for the success of a process improvement project. It is no coincidence that such projects often go hand in hand with organizational change projects – an approach that would have been sensible here but did not receive approval.

How Processes Are Truly Lived: Success Factors for Process Rollout

In many companies, processes are meticulously developed, yet only a few are truly effectively rolled out and used. They often exist only on paper, while employees ignore them or find them impractical. But what's the reason for this? A common cause is shortcomings during the introduction or improvement of processes.

So, what should companies consider if they want to design processes that are adopted and create value?

Involve All Relevant Stakeholders
Often, processes are defined by a small group without involving other stakeholders. Classic examples include:

  • Processes developed by the quality department that align more with standards (like cybersecurity) than with the actual way of working in the company.
  • Processes created by domain experts who possess deep theoretical knowledge but have little insight into practical implementation.

The consequence: Users don't feel involved and cannot or do not want to use the processes. Unaligned or collaboratively developed processes can actually complicate users' daily work. In the worst case, this leads to a boycott of the processes.
The solution: Processes should be defined in interdisciplinary teams that include all relevant stakeholders: Quality Management, IT, Management, Developers, Architects, and End Users. Only this way can processes be created that meet both standards and practical needs.

Tie Processes to Business Goals
A common practice is for processes to be created in individual departments without ensuring management approval and support. The effort to identify and communicate the value of processes is often avoided.

The consequence: Management views processes as unnecessary bureaucracy and does not actively support them. Without support from leadership, however, non-compliance with processes cannot be escalated or enforced.
The solution: Processes must be defined in a way that their connection to business goals is clear. For example:

  • In case of quality problems, processes must be very detailed to reduce deviations and errors.
  • In fast-growing companies, processes must be easily understandable so that new, international employees can adapt to them quickly.

The clearer this connection, the easier it is to gain management buy-in – ideally, announcements for the introduction of new processes come directly from top management. But that's not all: Only processes that are consistently aligned with business goals offer sustainable value. When used correctly, they can serve as a tool to steer companies and react flexibly to changing requirements and situations.

Ensure Training and Support
An often underestimated point is the training for processes and tools used for their management. The provision of corresponding budgets is often avoided.

The consequence: Even if processes are well-defined, users lack the knowledge of how to apply them in their day-to-day work.
The solution:

  • Allocate time for training to explain processes and process management tools.
  • Conduct hands-on training where users actively experience the process.
  • Provide a central point of contact for questions and support.

Actively Promote Processes
Many process owners think it's enough to publish processes for them to be used. But that's not the case.

The consequence: New processes or process versions get lost because they are not sufficiently communicated. Employees are unsure whether to use them or don't even know they exist.
The solution: Implement internal marketing measures:

  • Have announcements made by management.
  • Create short explanatory videos or training sessions that make the process more accessible.
  • Organize internal fairs, information booths, and newsletters.
  • Integrate gamification elements like quizzes or rewards for the most/fastest feedback.

Plan for Feedback and Continuous Improvement
There is no perfect process. Therefore, it is extremely important that users have a simple means to provide feedback. Unfortunately, the structures and channels for this are often missing.

The consequence: Employees don't feel involved, see themselves merely as process consumers, and have no incentive to suggest improvements.
The solution:

  • Create clear, simple ways to report errors, give praise, or submit improvement suggestions.
  • Transparency: Users must be able to see how their feedback is processed.
  • Regular updates that make improvements visible.

Tailor Processes to Projects and Programs
Many companies use generic, 200 % processes that consider all possible requirements. However, if only this complete process is provided, users get lost in it.

The consequence: Employees don't recognize which process components are relevant for their specific project. The scope of the overall process overwhelms users, leading to processes being neglected.
The solution:

  • Processes must be tailored to projects or programs.
  • Ideally, specific instances for individual projects are derived from a standard process.
  • Example: A software project does not require functional safety. Thus, the corresponding tasks and roles related to security requirements should be removed from the process to make it leaner and more user-friendly.

Conclusion: Process Rollouts Require Strategy and Communication – and Effort
Processes should be developed with the participation of all stakeholders. They must be linked to business goals to gain management buy-in and provide business value. Training and communication are essential for the successful use of processes. Internal marketing measures increase acceptance and application. Processes should be tailored to programs or projects to make work easier for users.

If these principles are heeded, companies have a significantly higher chance that their processes are not just published but also truly lived.

Compliance & Standardization – Why Regulated Processes Foster Innovation Instead of Hindering It

Innovation through rule conformity? In an increasingly digitized world, not only the need for innovative products and services grows, but also the requirements for security, quality, and legal compliance. Companies must prepare for a variety of regulations to secure market access, minimize liability risks, and build trust. Particularly relevant are automotive industry standards such as ISO 21434 (Cybersecurity Engineering for Road Vehicles) and ISO 26262 (Functional Safety). With new regulations like the Cyber Resilience Act (CRA) in the EU or ASQMS in China, industry boundaries are being broken down. The CRA applies cross-industry to digital products, and ASQMS considers software quality and process security in the mobility sector regardless of vehicle system boundaries.

Many perceive these standards as bureaucracy or innovation hurdles. In fact, practical examples show: Those who strategically leverage standardization and compliance can accelerate innovation and secure competitive advantages.

Standardization in Times of Change
The importance of standardized processes is steadily increasing. The reasons for this are manifold:

  • Increasing Cybersecurity Risks: Connected products require robust security architectures. Already in 2023, cybersecurity companies registered over 30 billion attacks on connected systems worldwide – equivalent to more than 80 million attacks per day. Standards like ISO 21434 or the CRA provide the basis for withstanding these attacks.
  • Protection Becomes Mandatory: The CRA obliges companies to implement security-by-design and continuous security maintenance.
  • Global Supply Chains: Uniform processes facilitate international collaborations and supplier audits. Standards like ASPICE form the basis for comparability of the quality of development processes.
  • Customer Requirements: Certifications and demonstrable standards are increasingly becoming a market entry requirement. 

New Rules of the Game for Digital Security
With the CRA, the EU sets new standards: Companies must integrate security from the outset into their development processes, provide updates, and be liable for security flaws. The CRA thus joins the ranks of standards like ISO 21434 or ISO 26262 and reinforces the trend towards a binding security culture.

A Holistic Approach from China
The Chinese standard ASQMS (Automotive Software Quality Management Standard), which breaks down classic industry boundaries, is particularly interesting. Unlike many existing standards, ASQMS takes a holistic view of software development in the mobility sector and integrates quality, security, and agility within one framework. By consolidating essential aspects from numerous relevant standards (such as ISO 16949, ASPICE, UNECE regulations), it creates a platform for true innovation – not despite, but because of clearly defined guidelines.

Compliance as a Strategic Asset
Companies that understand Compliance not as an obligation, but as a strategic lever, benefit in multiple ways:

  • Market Access & Legal Certainty: Certified processes accelerate product launches and reduce legal risks.
  • Trust & Brand Strengthening: Compliant companies are considered more reliable and responsible.
  • Quality & Efficiency: Structured processes reduce sources of error and maintenance effort.
  • Innovation Capability: Clear standards create space for creative, agile solutions.

How to Achieve the Shift to Proactive Compliance?
The following success factors characterize modern Compliance strategies:

  • Early Integration: Security requirements are considered from the outset – through interdisciplinary teams and Security-by-Design.
  • Automation & AI: Compliance tools, automated testing, and AI-powered analytics (e.g., with AuditPro® from PEDCO) reduce effort and increase accuracy.
  • Culture & Training: Compliance must be embedded in the culture. Training and awareness programs are indispensable.
  • Agile Standardization: Standards must not be rigid – they must allow for innovation and remain flexibly adaptable.

Conclusion: Standardization as a Driver for Innovation
The idea that regulations hinder innovation is outdated. Properly understood, they form the foundation for sustainable, secure, and marketable products. Innovation requires freedom, but also a structured environment. Development happens in iterations, from which continuous learning occurs – provided that insights are systematically captured and evaluated. Good processes in conjunction with standards like ISO 21434, the CRA, or the forward-looking ASQMS help companies act more efficiently, faster, and more innovatively, and to continuously improve. Those who understand Compliance as an opportunity can shape the future.