The Four Big Questions ITIL Doesn’t Answer

January 30, 2009 By Rob England

In many ways ITIL v3 is more complete than ITIL v2, but there are still a lot of basic questions that you need to answer for yourself, writes ITSM Watch columnist Rob England.

There are still many people who are under the illusion that ITIL provides a prescription or plan for implementing IT service management (ITSM). It doesn’t. In fact, the more important the decision you need to address, the less likely there is guidance for it.

When we want to know how to, say, measure a service desk, we can find quite exact guidance from several sources including ITIL. But the depth and usefulness of advice is inversely proportional to the importance of the question. Consider the most important decisions you need to take as you embark on an ITIL initiative, the Big Questions. In this article, we will look at the most important four.

The first and biggest decision of all is whether you should even do ITIL. What are the gating criteria specific to ITIL? What special factors should we look out for? Surely, ITIL defines them? No.

Or look at the next most important Big Question: how far should we go?

To answer this, the standard consulting approach used in ITIL is to determine the current "as-is" state through assessment, then decide the "to-be" state, and then work on the gap. ITIL v3 still fails to provide an as-is assessment model, though COBIT does. So too do many consulting firms. So, we can find the as-is readily enough, especially if we pay for it. But what about the other half? How do we pick the target "to-be" state?

Very often the as-is and to-be are defined as some composite capability maturity model (CMM) level from 1 to 5 (Actually, 0 to 5. I've met zeroes.). A consultant will give you the as-is to two decimal places, but how do we determine the to-be? The standard model is to extract a number from a suitable orifice. If you're a basket case you'll go for Level 2. If you are mainstream you'll shoot for a 3. If you want to swagger you'll aim for 4. And if you want to use the result in marketing your company's services you'll find a consulting firm that will certify you as a 5.

This is not exactly scientific or rigorous, and there is no process other than a brief gaze at the navel. Why do we have whole books of guidance from multiple sources on lesser issues but when it comes to setting the broad scope, the ambition (and of course the cost) of the initiative, we allow someone to pick a number? On what basis? With what advice and guidance? Reached through what reasoning and methodology? None. Not in ITIL v3 anyway. Nor in COBIT.

The Journey Begins

So, we pull some numbers out of … umm …. the air, and we embark on the ITIL journey. We look at ITIL v3 and it is huge. Even ITIL v2 towers above us as we look at all 10 or 11 or 13 processes. Surely, we won’t try to do it all at once?

Advice exists that says pick the processes off one or two at a time but this is patently rubbish. Processes are intertwined and interdependent. We need to go into a number of processes at once, in a phased manner. Many times there is a crying need for a bit of all of them. Now if ITIL v2 was a line of processes, v3 is a plane. It has the extra dimension of the lifecycle of the services. And we certainly are not going to attempt that entire dimension at once. Nor are we going to do each of the five ITIL v3 books (which map that dimension) one by one. They are just as intertwined. So, we need to implement pieces from all five, at the same time, in a phased manner.

Which brings us to Big Question Three: how to determine what goes in each phase? How to measure whether a phase is done? How to get from one phase to the next? How to project manage the implementation of ITIL? Surely, ITIL gives some guidance on that? Well it does, a bit; accidentally. It describes how to implement services, so there is some guidance there that can be applied to implementing anything. But directly about how to implement the ITIL systems to run the lifecycle to implement those services, it provides nothing. Nada. Bupkis.

The analogy of a house blueprint is often used to describe ITIL. But don’t make the assumption that it is for your house. It is the blueprint for a generic McMansion; with gothic columns and three floors and a quadruple garage and stables. It has an automated building management system and marble stairs. Even if you want a house that fancy, you are bound to want the rooms arranged differently. Most of us will want something a little simpler.

To use the blueprint you will need to modify it considerably to your preferences and site and budget. There are no instructions for this, so you had better get the site professionally surveyed and the plans re-drafted. Then you will need to estimate it and a builder to build it—because there are no instructions for those activities either. Even if a house came as a kit pile of timber and stone and a fat book of directions, most people would not be so foolhardy as to attempt assembling themselves. Asking your staff to assemble the house in their “spare time” is especially not a good idea.

Once you spend all the money to build the house, you will need to demonstrate to local authorities that it was done properly. And so we arrive at Big Question Four: does it meet the standard? How do we asses the completeness (not to mention quality) of an ITIL implementation? What does ITIL tell us? Guess! No checklists. No minimum criteria. No standards.

There is something closer to what we want: ISO/IEC 20000. But it is only close. The authorities will say you have assessed your house against the standard for a ski lodge or small shop or something not quite exactly the same. It might do, it might not. Likewise with using COBIT to assess ITIL: it covers all of ITIL (pretty much), and lots more. But ISO/IEC 20000 and COBIT only look at ITIL from the outside, as a black box. They only assess the exterior of the house. Explaining all these moot points to the Board will not go down well. They want to know if ITIL was done properly, and they want to know how well. And you can’t tell them other than offering some expensive consultant’s subjective opinion.

If you want to know the best way to run a Change Advisory Board, ITIL will tell you. If you want to know best practice in analyzing problems, ITIL will tell you. But there are still four Big Questions where you are on your own:

• Should you do ITIL?
• To what level should you do it?
• How do you do it?
• How do you show you did it?

Rob England is an IT industry commentator and consultant, and nascent internet entrepreneur, best known for his blog The IT Skeptic.

Research Indicates Continued ITSM Growth in 2009

January 7, 2009
By ITSM Watch Staff

CIOs will advance ITSM programs to better align IT with business drivers.

Despite the unsteady economy, 87% of IT professionals are planning strategic, enterprise-level ITSM programs with the support of senior management. This is one of the key findings of a new Enterprise Management Associates (EMA) report: 2009 Trends and Best Practices Advice for ITSM Technologies and Processes.

"The coming year will certainly be a critical, pivotal year for IT executives,” said Chris Matney, EMA consulting director and study leader, in a press release. "Fiscal pragmatism will be weighed against the increasing challenges of IT, and IT leaders must carefully balance both. Successful CIOs will continue to advance ITSM maturity while closely watching business drivers and the corporate balance sheet.”

According to the survey, mid-size companies showed the highest levels of ITSM adoption. Smaller companies typically rely on traditional service/help desk implementations, while the largest enterprises continue to work through the challenges of complexity and scalability. Most companies are in a transition phase with their ITSM maturity, between an "active” and a "proactive” approach.

EMA believes that the most successful companies will push through the economic recession with IT advancements and investment, while unsuccessful organizations will adopt a more passive "business as usual” approach.

Additional key findings from the survey include:

- IT budgets are not in a total free-fall, but a growing number of IT organizations are cutting budgets by 10% to 25%.

- Change management was the most important ITSM initiative for companies of all sizes, followed by the other ITIL service support disciplines.

- Only three percent of respondents reported that all ITSM initiatives have been completed, and 80% said some have been finished.

- Most (74%) of respondents place primary responsibility for strategic ITSM planning on C-level executives, IT vice presidents and IT directors.

- Most (67%) of respondents are not planning to replace their ITSM tools. For those that are, functionality limitations are the primary drivers for mid-sized companies and lack of scalability is the motivation for enterprise organizations.

- ITIL is the biggest area of investment for advancing the adoption of ITSM best practices, with 62% of companies expecting to undertake training in 2009.

EMA believes short-term projects will gain favor in 2009 due to longer term budget uncertainties. Most ROI break-even expectations for ITSM projects are between six and 18 months. Some of the best practices recommended by survey respondents included creating an incremental ITSM plan and securing executive and business support early in the process.

Sign up here for the free Webinar on January 8 titled, "Make the Most of ITSM in 2009: Best-Practice Advice from Your Peers”

Methodology

For this report, EMA surveyed 143 IT professionals to uncover success factors and pitfalls of ITSM initiatives and recommended best practices based on real-world deployments.