One way to do it for a given process is to group its setup and maintenance activities like this:
Startup – Here you can put process description including roles. Don’t go too far – you want people to understand it. Most processes have one or two key well-defined deliverables that can signal the initiative and make it easier both sharing and get momentum for next phase. Here you concentrate on documenting (proof of intention).
Ongoing – This is where regular activities are defined. They may exist already and just need formalization in order to facilitate newbies adoption and further refinement. Besides the typical process activities you must ensure control is in place (focused on outcomes and measured with metrics)
Improve – Depending on what processes exist, one can focus on integration between them. Also, a good vehicle to make sure improvements do happen, a Service Improvement Program subject to Change Management (or at least under a simple recording and approval procedure).
Take Security Management:
Startup – Security Policy and roles (Security Officer and Security Analysts). Check how well you’re doing against ISO 27001 for each domain.
Ongoing – Risk analysis (the first iteration can be pushed to the Startup phase), Asset classification, All users training and awareness, technical training. Also, Incident Security Management.
Improve – Integrate with Incident and Change Management. Check process maturity regularly.
It’s a simplified approach similar to the ITIL v3 service lifecycle. One can give time frames for each phase and assign one accountable person for it. Bear in mind that the right processes to start with (or functions) may vary even though Incident and Change emerge as the first incumbents.