From our Mittelstand projects the pattern repeats: managing directors order a maturity audit, receive an 80-page report, and end up without a decision they can act on. The problem is not the model — it is the unreflected transplant of corporate logic into a Mittelstand context.
What Is a Maturity Model? — Definition and the 5-Level Logic
A maturity model maps processes, organisations, or technologies to one of typically five maturity levels — from ad-hoc to continuously improved. The graded scale makes the development stage comparable, identifies gaps, and supplies a roadmap. It rests on three building blocks: maturity levels (stages), dimensions (assessment areas), and indicators (measurable criteria per stage and dimension).
The term originates in software engineering and the Capability Maturity Model (CMM) developed at the Software Engineering Institute of Carnegie Mellon University from the late 1980s. Today the concept is established across industries — as CMMI V3.0 (CMMI Institute, ISACA) for process capability, as ISO/IEC 33020:2019 (SPICE Process Capability Framework) for normative process assessments, or as a digital maturity model for evaluating digital progress.
The classical five-level logic reads similarly in any textbook:
- Initial (Level 1) — processes are ad-hoc, dependent on individuals, undocumented. Results are unpredictable.
- Repeatable (Level 2) — basic process discipline is established. Similar projects lead to similar results.
- Defined (Level 3) — processes are documented, organisation-wide, and applied consistently.
- Managed (Level 4) — processes are quantitatively steered. KPIs are collected and used.
- Optimising (Level 5) — continuous improvement is embedded. Processes evolve on the basis of data.
Beyond the stages, every maturity model carries dimensions — classically strategy, process, technology, culture, and people. The acatech Industrie 4.0 Maturity Index UPDATE 2020 uses four structural areas and six stages (computerisation, connectivity, visibility, transparency, predictive capacity, adaptability). The Bitkom Maturity Model Digital Processes 2.0 assesses five dimensions (technology, process data, process quality, customers, skills and culture) and is designed cross-industry for the Mittelstand.
The boundary with the audit matters: a maturity model is an assessment instrument, not a certification procedure. Only in combination with an appraisal method (such as SCAMPI for CMMI) does it become a certification-grade procedure.
Why Maturity Models Matter in the DACH Mittelstand in 2026
Three drivers turn the maturity model into a steering instrument for the Mittelstand in 2026: regulatory pressure on digital evidence, acute investment pressure on ERP and cloud modernisation, and the need for a defensible position assessment without a corporate audit.
First, regulatory pressure. Funding programmes, balance-sheet documentation obligations, and rising cybersecurity and ESG reporting demands increasingly require a documented self-assessment of digital maturity. The BMWK-funded Mittelstand-Digital DigitalCheck and Maturity Report 2023 offers a free self-assessment across seven dimensions. The report puts the German Mittelstand at an average score of 3.04 — strongest in organisation and IT, weakest in customers, products, and environment.
Second, investment pressure. Mittelstand companies face the replacement of legacy ERP landscapes, the integration of cloud and AI components, and the consolidation of historically grown silo systems. A sound maturity assessment guards against two typical mis-investments: buying an over-sized solution for a company not yet ready to absorb it, and incrementally modernising an architecture that ought to be re-thought from scratch.
Third, the defensible position assessment. From over 1,200 projects we know most managing directors do not want a six-week audit engagement. They want a clear answer to “where do we stand and what is the next step?” — in days, not months. A pragmatic maturity model fits exactly that need.
Field Example: Southern German Engineering Firm, ca. 320 Employees
In a pre-clarification mandate with a southern German engineering firm we deliberately set the maturity assessment against the corporate audit format — five questions instead of a five-week engagement, a red/amber/green light instead of an 80-page report. After 18 working days the board had an actionable architecture statement.
An engineering firm of around 320 employees, three plants, and an ERP landscape introduced in the late 1990s faced the choice: ERP modernisation or a prior architecture cut. A previous maturity audit by a large auditing firm had produced a report stating “Level 2.3” per process area. The board could draw no decision from it. We were called in to restart.
The diagnosis was uncomfortably simple: the audit had measured the wrong variables. It assessed functional coverage, documentation depth, and tool usage — not master-data ownership, integration maturity, or the distinction between commodity and differentiating processes. We understand the process first, then the system.
We then ran a five-question self-assessment — adapted from the format proven in our Mittelstand EAM methodology for ERP selection. Each question carried a red/amber/green light, each answer an architecture consequence. After 18 working days: an actionable statement on the architecture cut, a prioritised list of four pre-clarification steps, and a requirements-document skeleton that answers the master-data question before the tool question.
In a second project with a components manufacturer from Baden-Württemberg (around 180 employees) we anchored the format internally. The board, head of IT, and three process owners completed the self-test together and now update the maturity picture themselves every six months. Train-the-trainer in maturity logic: show, coach, self-maintain.
What Maturity Textbooks Leave Out
Three points that barely appear in the textbook literature, but in the Mittelstand decide whether a maturity assessment is worth running at all.
1. Why CMMI Level 5 Is the Wrong Target for 200-Person Firms
“We want Level 5” is a reflex statement. Whoever wants Level 5 wants quantitative process management and statistical process control as an organisation-wide standard. In a 200-employee engineering firm with four IT staff, the upkeep cost outweighs the value. Pragmatic Mittelstand rule: Level 3 in differentiating processes, Level 2 in commodity processes. What is formalistic in a corporation becomes pragmatic in the Mittelstand — once you know what you can leave out.
2. Integration Maturity as the Decisive Dimension
Public maturity models list “IT” as a dimension — yet the decisive question goes unanswered: how integrated are your systems along the end-to-end processes? Ask three departments how an order is processed and you get three answers and three systems. Integration maturity is high when master data lives in one place; low the moment Excel becomes the connecting link. The Fraunhofer SCS Digital Maturity Measurement treats IT systems as a dimension; the Maturity Report 2023 exposes the integration gap behind it. For the ERP architecture decision, integration is the decisive dimension.
3. A Pragmatic Five-Question Self-Assessment Instead of a Corporate Audit
The multi-week audit is not the right tool for the most frequent boardroom question: “Are we mature enough for an ERP modernisation?” From over 1,200 projects we derived a five-question self-assessment completed in two hours. Each question carries a red/amber/green light.
- Business model: Can you describe your business model on one Business Model Canvas page — and is it compatible with your IT architecture?
- Master-data ownership: Is it clear who owns customer, product, and supplier master data — and is it maintained consistently?
- Requirements-document origin: Does your requirements document come from the business side, or is it an adopted vendor template?
- Differentiation vs. commodity: Which processes are competitive advantage, which industry-standard? Do you separate these classes in the architecture decision?
- Target architecture: Do you have a picture of how your system landscape should look in five years — or are you selecting an ERP before that picture exists?
Three or more red lights mean: pre-clarification before ERP selection. One or two red lights: targeted rework. No red lights: the architecture decision can be taken on a sound base.
Our take
A maturity model without Mittelstand adaptation is an expensive translation of corporate logic into a context where it does not fit.
How We Run Maturity Assessments in the Mittelstand
We run maturity assessments in four phases: target picture before measurement, five-question self-assessment instead of an audit, integration maturity as the decision-relevant dimension, and train-the-trainer handover to the internal owners. Methodical clarity decides — not the model.
In our vendor-neutral ERP consulting we treat maturity assessments as a pre-clarification step ahead of ERP and system selection. A four-stage approach has proven itself:
- Target picture before measurement — what is the assessment supposed to answer? Investment decision, funding-programme evidence, internal position assessment. Clarify first, then measure.
- Five-question self-assessment — board, head of IT, and three process owners complete the test in two hours. A red/amber/green light per question.
- Integration-maturity analysis — we map where media breaks emerge between ERP, CRM, Excel, and email. That is the decisive dimension for the architecture decision.
- Train-the-trainer handover — we train the internal owners to update the self-test every six months. First show, then coach, then self-maintain.
The difference from corporate audit formats: we deliver an architecture statement, not a level statement. We use a format validated across more than 1,200 projects to reconcile maturity statements with the operational reality inside the company — the outcome is a basis for decision, not a report. Otherwise the Mittelstand receives a report that is formally correct and practically useless.
Common Mistakes in Maturity Assessments
Four error patterns recur in Mittelstand maturity assessments. All are avoidable — if the target picture is clarified upfront. None has its root in the maturity model itself.
Mistake 1 — corporate audit format in the Mittelstand. A 200-person company runs a six-week audit and receives an 80-page report whose granularity does not match the board’s decision depth. The main problem in more than half our restart engagements.
Mistake 2 — wrong variables. What gets measured is functional coverage and documentation depth — not master-data ownership, integration maturity, or commodity-vs-differentiation. The Fraunhofer IAO success factors of operational digitalisation emphasise that maturity assessments without underlying capability-building remain ineffective.
Mistake 3 — assessment without internal anchoring. An external consultant runs the assessment and leaves. Six months later nobody inside the company can update the statements. The fix: plan the train-the-trainer handover from the start.
Mistake 4 — maturity without architecture consequence. The report ends with “we recommend reaching Level 3”. What that means for ERP selection stays open. Maturity assessments take effect only when they feed back into investment steering.
Our take
The mistakes are rarely model-bound. They are methodical and organisational — and that is exactly where vendor-neutral consulting earns its keep.
Frequently Asked Questions
A maturity model is an assessment instrument; an audit is an assessment procedure with certification character. The model supplies scale and indicators; the audit supplies formal confirmation through an accredited assessor. In the DACH Mittelstand the self-assessment on the basis of a recognised model is usually enough — an external audit only becomes warranted when regulation, contract, or a funding scheme requires it.
A pragmatic self-assessment takes two hours for the assessment and around two weeks for analysis, consolidation, and the architecture-consequence derivation. A classical audit under CMMI or SPICE logic runs six to twelve weeks. Mittelstand companies choose the pragmatic path when the target picture is an investment decision; the formal audit becomes relevant when certification is required.
The range depends on the chosen format. A free self-assessment such as the Mittelstand-Digital DigitalCheck is methodically sound for an initial position check. A guided maturity assessment with workshop and architecture consequence typically sits in the low five-figure range. A certification-oriented CMMI or SPICE audit is markedly more expensive because of assessor days and documentation reviews. We always size against the target picture of the assessment.
The Maturity Report 2023 of the Mittelstand-Digital Zentrum Berlin puts the German Mittelstand at an average score of 3.04 — strongest in organisation and IT, weakest in customers, products, and environment. From our practice a 200-person company is very well placed at Level 3 in the differentiating processes and Level 2 in the commodity processes. Level 5 is rarely a sensible target in the Mittelstand.
Integration maturity is the decisive dimension for the ERP architecture decision. A high overall digital maturity says little while the media breaks between ERP, CRM, Excel, and email remain hidden. The honest answer to how many places maintain your customer master data yields more insight than most formal maturity statements.
Next Steps
Before an ERP or architecture decision, a two- to four-week pre-clarification step on maturity assessment usually pays off — with a clear target picture, a pragmatic self-assessment, and an architecture consequence. If you want to run the format yourself, start with our piece on Mittelstand EAM and ERP selection, which sets out the five-question self-test in full. Complementary reading: our overview of digitalisation services and our ERP consulting page. Method-adjacent wiki entries are ERP systems and value stream mapping for the end-to-end process perspective.
30 minutes with Dreher Consulting
A structured assessment of your digital maturity and the architecture consequences — vendor-neutral, built on more than 1,200 projects in the DACH Mittelstand.
