The SEI’s articulation of the CMM was soon followed by a parallel articulation of Software Process Assessments, now officially called CMM-Based Appraisals for Internal Process Improvement (CBA IPI). In 1996, the SEI published a "Method Description" and then a "Lead Assessor Guide" , which together spelled out the basic procedures of a CBA IPI:
The presence of a qualified leader A CBA IPI assessment is led by a licensed, authorized Lead Assessor, expertly trained in the assessment method and in the CMM model and capable not only of instructing an organization in the condensed best practices contained in the model but also of making sure that the spirit is not lost in adherence to a narrow view of the letter of the CMM and the CBA IPI method.
The constitution of the assessment team A CBA IPI assessment is implemented by an assessment team that includes representatives from the organization who know the organization better than any outsider and who can transfer lessons learned back into the organization when the assessment is complete (and help lead the follow-on action plan).
A focus on the whole organization A CBA IPI assessment ascertains the capabilities of the organization as a whole by selecting representative projects to provide a cross-section of the organization’s work. The use of a cross-section of existing projects ensures that the assessment measures the support and knowledge available to all projects and not just a uniquely well- or badly run project on its own.
A concentration on a hierarchy of maturity levels A CBA IPI assessment proceeds with reference to a ladder of maturity levels and their corresponding key process areas (KPAs) that "identify the issues which must be addressed to achieve [a mastery] of the maturity level" . Collectively, the full set of KPAs measures how the organization implements the necessary management and technical parts of any software development project.
The importance of personal interviews A CBA IPI assessment does not rely simply on the verification of organizational practices through a set of paper documents (which may or may not be currently followed by the organization) but rather intensively interviews managers and practitioners to ascertain whether practices recommended by projects and the organization as a whole are properly understood and implemented. Every practice involved in every KPA at every maturity level must be verified in this way.
Confidentiality A CBA IPI assessment examines the process and does not praise or blame individual success and failure. In order to ensure that this is the case, a CBA IPI rigorously adheres to a few basic necessary ground rules concerning confidentiality and the respect of all participants. This includes the requirement that the assessment results will be kept confidential by the assessment team members .
Corroborated information The results of the assessment come directly from corroborated statements provided by organization participants and are even confirmed in draft finding meetings so that there can be no question of the results being a product of the assessment team rather than the organization.
Maturity level ratings The capability maturity level is assigned at the very end; it represents a summation of all the statements of the organization and a clear consensus both of the assessment team and of the statements from the organization on which the judgment of the assessment team is based.
Recommendations Results exist in the context of recommendations for improvement. They are not an abstract or general ranking but rather a specific set of proposals for raising software development procedures to an attainable next stage.
Results presented The results, including the capability maturity level, are announced at a final general meeting of the participants and are addressed to the participating senior manager. They therefore necessarily represent the voice of the organization spoken in a way that cannot be disregarded.