ITIL/ITSM Governance Lacking

March 13, 2009
By ITSM Watch Staff

Survey finds most organizations do not define, implement or enforce ITSM governance.

Without formal IT governance, results are not measurable and IT is not aligned with the business. In its 4th annual IT Service Management (ITSM) Industry Survey, Consulting-Portal, an ITSM consulting firm, found that regulatory compliance (e.g. Sarbanes Oxley) is driving the requirement for IT controls. As a result, most organizations have adopted ITSM as the underpinning framework for meeting regulatory requirements. However, it is disconcerting that as little as 29% of surveyed organizations have defined implemented and enforced ITSM governance.

Failure to govern IT processes can cause an IT operation to lose focus resulting in lost productivity, diminished reputation and reduced revenue. A focus on governance results in a stable and consistent IT service delivery.

Some additional findings from this year's survey:

• Only 24% of respondents have actionable metrics that are used for continuous improvement.

• Only 38% of respondents have implemented a configuration management database (CMDB).

• 71% of respondents do not have defined, implemented and enforced ITSM governance.

Methodology

The ITSM survey contained 35 questions covering the topics of sponsorship, training, organization and governance, best practices, measurement and audit, continuous improvement and supporting tools. This year Consulting-Portal obtained 183 responses to the survey from medium-sized to fortune 500 companies from various industries. For a copy of the survey results white paper please visit: http://www.cportalinc.com/downloads.php.

Upcoming ISO 20000 Classes For April

If you or a colleague are looking for your ISO Consultant or Auditor certification - please email us at info @ nouriassociates.com or visit http://www.nouriassociates.com

ISO 20000 for Auditors plus Exam - click here for more info

The ISO/IEC 20000 Auditors course is an intensive 2-days workshop training relevant for professionals who play a role in auditing the ISO/IEC 20000 standard.

Course Description
This course is designed for professionals and certified auditors who would like to learn how to perform auditing activities as either internal or external auditors based on the ISO/IEC 20000 standard. At the end of the 2-day classroom training, the ITSMF certification exam, which is a multiple-choice exam, can be taken. This training does not cover audit techniques or the issues involved in preparing an organization for an audit. The certificate is awarded to candidates passing the relevant examination, which can only be taken as part of an accredited training course. The course covers the interpretation and application of the ISO/IEC 20000 standard. The exam consists of a closed-book, 25-question, multiple-choice, paper-based test. To pass, candidates must answer 18 or more questions correctly.

ISO1024 - ISO20000 for Consultants plus Certification Exam - click here for more info

SO 20000 for Consultants is an intensive case study oriented 3 days workshop designed for internal auditors and consultants who play a role in the ISO 20000 implementation or in providing support around ISO 20000 implementations. Practical examples and real life case studies are used to guide you through the implementation route and prepare you to conduct a ISO 20000 assessment or audit.

Course Description
This interactive workshop leading to ISO 20000 consultant’s examination is designed to provide a basic level of knowledge in the ISO 20000 IT Service Management standard and its application. It is aimed at practicing IT Consultants who wish to assist organizations to prepare for certification under the itSMF's ISO 20000 Certification Scheme. The course covers the interpretation and application of the ISO 20000 standard and enables consultants to develop the Service Management capability of an organization and assess its readiness for certification within the itSMF's ISO 20000 Certification Scheme. Internal auditors involved in preparing an organization for ISO 20000 Certification may find this course more appropriate than the Auditor course. The exam will be conducted at the end of the training.

We hope to hold these courses the last week of April / first week of May - depending on candidate schedules.

NAI focuses on well known IT process frameworks which organizations use to develop competent and world-class IT organizations. NAI’s focus areas include:

• IT Service Management (ITIL Best Practices, EXIN Accredited Course Provider)
• Software Development Life Cycle (CMMI Best Practices)
• Project Management (PMBOK Best Practices)
• International IT Service Management Standard (ISO 20000)
• IT Governance and Control (COBIT)
• Applied ITSM Standards (MOF - Microsoft Operations Framework)

Defending ITIL’s Value

March 20, 2009
By George Spafford

ITIL is on the verge of being labeled a fad due to great promises and few returns, writes ITSMWatch columnist George Spafford of Pepperweed Consulting.

We should be able to read about all sorts of success stories with metrics yet most articles are about promise, theory, and application. Why is this? Why aren’t there more reports of success and why are both IT and business leaders starting to become jaded when it comes to the IT Infrastructure Library (ITIL)? Part of the problem is in how ITIL is viewed and how it is implemented.

ITIL isn’t simply about a collection of processes listed in books. It’s about IT service management (ITSM) and the belief that IT must deliver services to the business that meet requirements. In a sense, IT is playing catch-up with manufacturing. Following WWII, the Japanese were quick to embrace quality management led by the likes of Deming and Ishikawa. In the 1980s, U.S. manufacturing realized they needed to fundamentally change how they conducted business in order to compete with the Japanese. Now, it is IT's turn. This means that not only IT but the business also must change how IT is wielded in order to successfully enable IT’s mission of value creation and protection.

Goals and Objectives

Functionally, IT is a shared service that provides IT related services to other business units to help those groups attain their objectives. IT doesn’t do these things on their own – or at least they shouldn’t. That is how alignment problems come into existence. For example, IT helps generate revenue by enabling sales, not by circumventing them. IT helps lower costs by empowering manufacturing and procurement through services that enhance productivity while simultaneously mitigating risks.

The point is that IT plays a supporting role as force magnifier to other business units.

To do this, the strategic direction of the business and service requirements must be understood, documented, and agreed upon. New and/or changed business and IT services must then be designed, transitioned into production, maintained and supported in operations and all the while IT and business must pursue continuous service improvement.

While creating and supporting IT services it is important to understand that ITIL’s ultimate value does not lie in isolated processes. The value lies in the ITSM philosophy and the creation and protection of value around objectives that support the goals of the organization. IT organizations that say they are using ITIL to design and operate the service desk and incident management are only scratching the surface of what could be done.

Processes and functions performed in isolation without an overarching ITSM process to coordinate activities will rapidly encounter diminishing returns because there are limits to the benefits they can achieve. For example, incident management doesn’t fundamentally improve the services IT is providing to enable the business, it only helps streamline the reaction to deviations, or potential deviations, from standard operation of the service. To truly improve the service requires the coordinated use of multiple processes.

Without formal IT governance, results are not measurable and IT is not aligned with the business. In its 4th annual IT Service Management (ITSM) Industry Survey, Consulting-Portal, an ITSM consulting firm, found that regulatory compliance (e.g. Sarbanes Oxley) is driving the requirement for IT controls. As a result, most organizations have adopted ITSM as the underpinning framework for meeting regulatory requirements. However, it is disconcerting that as little as 29% of surveyed organizations have defined implemented and enforced ITSM governance.

Process Makes Perfect: How to Turn IT Process Automation into Business Growth

From: www.cio.com

Process Makes Perfect: How to Turn IT Process Automation into Business Growth
– Stephen Elliot, CIO

March 11, 2009

Stephen Elliot, VP of strategy for CA's Infrastructure Management and Data Center Automation business units, is speaking at this week's AFCOM Data Center World conference on data center efficiency. He shared this advice on the topic for CIO.com readers.
2009 will likely go down in history as a tough year for the global economy, and a tougher year for most IT organizations. CIOs are being asked to further reduce budgets and increase staff efficiencies, while maintaining and often increasing the quality and number of IT services. However, as Albert Einstein once said, "in the middle of difficulty lies opportunity"; IT is full of them.

The rise of virtualization, policy-based networking, process standardization, automation, and SOA has positioned IT at a critical inflection point in achieving business efficiency and effectiveness. As IT and business leaders, we must seize these opportunities. To "get more out of less," CIOs are prioritizing investments into technologies that offer business impact and continuous cost containment. One of these areas is IT process automation technologies, whereby solutions ensure the automated workflow of a series of tasks, potentially triggering an action based on a series of inputs. Often, many of these projects start with a change or configuration process while success is measured on basic ROI metrics. What's interesting is that ROI is not enough. Measuring the business impact of IT process automation is where savvy CIOs are investing time and resources, using ROI as a baseline for time to value.

Recent customer conversations show this to be true:


A large financial service firm is working towards delivering business process impact by integrating their virtual and physical management solutions into a service view, while mapping the service and application topology to the key customers' groups and utilizing chargeback for the services.


A large insurance company is linking the number of agents to the number of policies created per day. The availability of this system is paramount, as is the data accuracy and capture.

A retailer is linking their pricing and POS systems to the ability to execute workload automation. This helps to maintain accurate price points and ensure a balance between profitability and inventory management.

A large service provider is managing SOA-based applications to high levels of availability and service levels, based on in-depth root cause analytics of application performance solutions.

A large bank is looking to compress change and configuration costs and fragmented processes by standardizing process workflows across separate IT groups.

The common theme for all of these examples is efficient use of technology, notably IT process automation, to drive the business outcome. As a stand-alone solution, IT process automation has limited value. But when paired with solutions such as service desk or data center automation, they become an integral part of the foundation for business growth and IT's ability to directly measure and generate it.

However, technology alone does not generate these business returns. In about 55% or so of our customer conversations, the IT organization has adopted multiple IT processes, often based on ITIL or CoBit. The most common ones include problem, change, incident, and configuration management. More recently, CIOs have asked us to map solutions to support financial and release management. In a few cases, some aggressive CIOs are evaluating ITILv3. In all cases, the notion of managing a "service," upon which ITILv 3 is espoused, is prevalent.


Getting Started
CIOs should consider the following recommendations to drive success in IT process automation and consider that the trifecta of IT staff, process standardization, and technology are required to create a sustainable competitive advantage and successful business outcomes. To achieve this, CIOs should:

• Purchase an IT process automation solution: Consider the workflow engine the most important purchase criteria; integration across a vendor's portfolio and with third party solutions is a close second.

• Integrate the tool with a data center automation strategy: The ability to automate workflows will be a paramount requirement for on-going cost savings and efficient IT operations.
  

• Utilize virtualization: Effective use of process automation will take place in both physical and virtual infrastructure; integration into a seamless, singular workflow is the goal.

• Adopt ITIL process standardization: Go beyond the foundational processes and adopt financial management and release management; automate the processes.
  

• Get small "wins" first: Automating IT change and configuration management processes are a great way to reduce costs; start within an IT silo and build out across teams.

• Add process automation to data center consolidation projects: Automation must be a key requirement of any data center project to fully realize on-going cost and efficiency benefits.

• CIOs should recognize that IT process automation is more than just deploying a purpose-built tool. It requires IT staff buy-in and CIO leadership to drive automation and standardization of process workflows with specific business objectives. Example of objectives include the reduction in the number of trouble tickets, an improvement in IT service availability, or key business process outcomes such as those outlined in the examples above.

ROI as a Success Factor: Don't Sell Yourself Short
It's easy in this economic environment to rely solely on ROI, and in fact ROI is a great starting point. But, increasingly we are working with clients to establish business cases that are for "continuous cost containment." For example, while IT process automation can drive much efficiency, the real value is getting multiple teams to understand their role in the process as it becomes automated, and to measure the impact of this automation. As process standardization takes hold, the behavior and time allocation to certain tasks for IT changes. CIOs must work with IT staff to identify the key stakeholders, create buy -in for the new processes, and measure their success. Communicating these key factors to the staff is imperative. IT process automation is but one initiative that should be considered in tough times. However, CIOs should use this as a stepping stone to larger efficiency measures that bring teams together, improve efficiencies, and establish a foundation for business growth.

Stephen Elliot is vice president of strategy for CA's Infrastructure Management and Data Center Automation business unit. In this role, he is focused on key areas such as business unit technology, strategy creation, analyst relations, market positioning, partner development, and customer deals. Prior to CA, Mr. Elliot was a noted software industry analyst at IDC, Hurwitz Group, Gartner, Instat, and Forrester.

Hiring for IT-Business Alignment at Wyeth

From: www.cio.com
Hiring for IT-Business Alignment at Wyeth

– John Mann, CIO

March 17, 2009
Jeffrey Keisling takes great pride in the relationship between his 1,800-person IT organization and the business at Wyeth: "One of the greatest measures of our success is that the employees in IT are indistinguishable from their business colleagues," says the drug-maker's vice president of corporate information systems and chief information officer.

MORE HIRING MANAGER INTERVIEWS:

* USPS VP of IT on Making Sound Hiring Decisions Under Pressure
* Starbucks' CIO Seeks "Pillars of Strength During Economic Storm
* You Don't Have to Golf to Get an IT Job at the USGA.

The IT-business alignment of which Keisling is so proud begins with the company's hiring process. Business executives participate in interviews with candidates for senior leadership positions in Keisling's IT organization. Likewise, Keisling says he interviews candidates for positions outside of IT.

Further promoting IT-business alignment at Wyeth (which Pfizer is acquiring) is the fact that 11 of Keisling's 12 direct reports are members of line executive teams at the $22.8 billion pharmaceutical company. So they report both to Keisling and to the individual line executives they support. Keisling and the line executives participate equally in performance reviews for the 11 direct reports.

Another reason why IT employees are "indistinguishable" from their business counterparts is that many of them come from the business to work in IT. Keisling says he's hired employees from Wyeth's commercial and manufacturing groups to head up business intelligence and operational effectiveness initiatives.

With the emphasis Keisling places on IT-business alignment, it should come as no surprise that Keisling looks for candidates who are businesspeople first when he's hiring. He seeks employees who've had a clear impact on the organization's they've touched and who "lead with a clear sense of purpose."

Here, Keisling explains how he makes hiring decisions and offers his advice for acing a job interview.

John Mann: What are some of the IT challenges you face now and how does hiring figure into them?

Jeffrey Keisling: I think it is fair to say that every chief information officer in every industry today is challenged to improve the operational performance of the company while lowering costs in IT. What's interesting is that everyone has the same tools. Everybody can buy the same technology, whether applications or infrastructure, and the only thing that really makes a difference is the quality of the people. Across Wyeth, not just in IT, it is all about finding and retaining talent and strong leaders. Our leaders can and do move across the company, and in- and outside of IT. We have a long history of developing people, and we have a very comprehensive and mature model for managing talent across the enterprise.

Have you brought people into IT who have been with the company or in the industry, but who may not have had a strong technical background?

Absolutely. It's bi-directional. People who have come out of our commercial organization are now leading up business intelligence initiatives, and people who came in from our manufacturing group are heading up operational excellence efforts in IT. With the high degree of professional scientific and medical talent we have on staff, it is very common for us in IT to bring in people who can apply their knowledge of science and medicine to technology.

What types of positions are you currently recruiting for?

It is all depends on the level, but in general, we are very focused on two areas: One is business analysis, and the second, which is complimentary, is business process skills.

What is the process for interviewing a candidate for a job in your IT department?

With a senior leader in IT, we have a very deliberate approach. It would be a series of one-to-one formal interviews. For example, if we were hiring someone who would line up with Wyeth's public affairs department, the vice president of public affairs and one or two of his direct reports would interview the IT candidate. I would do the same thing with my shop in IT.

For a middle manager or someone in a business analysis role, we have more recently used panel interviews. I think that has served us pretty well. It tends to bring a diverse set of views and is pretty efficient.

Do you ever interview candidates for non-IT positions?

Yes. There is a strong sense of collaboration in our company, which is one of our values, so it is natural for me to interview candidates for positions outside of IT and vice versa.

Who was the first person you ever hired?

The first person I hired was when I was a manager many years ago. I have worked with this woman now in three different companies. I have hired her twice. She is working on our team here today, but I did not hire her here. I would have, but she was here before me.

What did you base your hiring decisions on when you first started hiring, and how does that compare to today?

Fifteen to twenty years ago, as a first-level line manager, I placed much more emphasis on technical competency. Today, I ask three things. One is about the candidate's impact. What is this person's history of driving change, leading change or delivering value to the company? Two is, What kind of leader do we think they are going to be? Three is about the candidate's values.

I think broadly about how a person fits into the overall team. It is much more obvious to me [now] what the non-negotiables are—the things I will never compromise on. Some of my non-negotiables include trustworthiness, forthrightness, and how enjoyable it will be to work with the candidate. There are a lot of talented people who have very strong technical skills who cannot work in a team environment.

Diversity is also a major factor. Our markets and customers are diverse, so we have to have people who can work across the enterprise, cultures and languages.

What do you consider a successful hire?

Someone who is a good businessperson first, who puts the members of their team ahead of themselves, doesn't take credit for others' accomplishments, leads with a clear sense of purpose and has impact.

What is the biggest hiring mistake you've made, and what did you learn from it?

In general I've learned not to compromise on talent. "Good enough" never works out to be very good at all.

Have you ever had a case where you really liked somebody you interviewed, but your team didn't?

Yes. We have always found that discussion and debate among the team members, including the business partners who are working with us during the hiring process, yields a better answer. So we frequently do not have a unanimous decision. Discussion ultimately leads to the best answer.

What should candidates wear to an interview?

What a candidate wears is not a major factor for me, but my advice would be to wear a suit. First impressions are not over-rated. However, if I were interviewing with Google, I probably would not wear a tie for that interview. You have to be sensitive to the culture of the company you are interviewing with.

What advice would you give someone interviewing with a CIO or to be a CIO?

The answer is the same for both: Be yourself and be clear about the impact you've had on the businesses that you have been a part of. A candidate should talk about what they have accomplished vis a vis what is expected in the position. Talk about how you lead and the values you bring that will make the company the best place to work.

Do you have any pet peeves during an interview?

All too often, the person who you are interviewing does not simply say, "I want this job, and I believe I am the best person for it." I find it striking that someone would not express that during the interview.

What advice can you offer candidates about their résumés, thank-you notes and cover letters?

In a résumé, I am looking for information about the person being an "impact player." Again, I see a lot of people who are technically qualified, but I like to see some expression of what the person has managed or accomplished. Thank you notes are fine, but they don't make much of a difference to me.

If someone is a quality candidate, would they have a better shot contacting you directly, or should they go through human resources?

In general, neither. I would advise going through the networking process and then [contacting me] directly. Someone I hear about through one of my colleagues here in the company will get a lot of attention in a very short period of time. We encourage our people to bring that kind of thinking to us, and they do a good job. I think it is more important than ever, particularly in this economy, for people to use that channel.

Do you find that most of the people you hire come from networking or internal referrals?

I would say that 80 percent or more of our hires come through networking.

What three interview questions do you always ask and why?

1. Tell me about one or two of your accomplishments that you are most proud of and that describe who you are?
2. Can you provide an example of a professional risk you took that worked out great and one that did not, and what did you do about it?
3. What do you do for fun? I ask this because we emphasize people having balance in their lives and because it shows how a person "ticks." People open up about themselves in striking ways.

John Mann is associate director of The Alexander Group. He is based in the executive search firm's Houston office.

Will Tough Economy Drive or Derail ITIL Initiatives?

by Ann All, IT Business Edge

As a CIO, you likely understand the value of making your IT processes more consistent and repeatable, a primary objective of the IT Infrastructure Library (ITIL) framework. But will you be able to convince your CFO? While process standardization is a worthy goal, it’s not easy to quantify, and quantifiable benefits are what finance folks want to see in the current economy.

Companies are looking for service management initiatives relating to IT asset management or other programs that offer quicker and easier payoffs, says IDC analyst Fred Broussard, author of an HP-sponsored white paper on IT service management needs and adoption trends. The 600 global IT organizations he surveyed for his paper cited reducing costs as one of their highest-priority initiatives for 2008, along with aligning to the business and improving service performance.

“ITIL helps you manage services better and work across organizations more smoothly, so you make fewer errors. It’s hard to think about that in a way that saves the company money,” Broussard says. “Money not spent in tracking down errors is much softer than reducing the number of servers or software licenses you are buying.”

“Unless there’s a strong direct link to core elements of an organization’s business strategy, and/or IT can demonstrate and commit to a positive ROI within 12 months, projects are being shelved,” says Bob Mathers, a principal consultant for Compass Management Consulting. “Both are pretty difficult to show for most ITIL implementations.”

“You need a CIO or VP of operations to come in and give a mandate.”

Matthew Schvimmer, HP Software & Solutions

Mathers believes companies will still embark on ITIL initiatives, though he’s not sure many will advance beyond incident management, problem management and change management, the first three areas most companies choose to tackle with their IT service management efforts.

“The investment is fairly low and the benefits fairly clear for those starting out,” Mathers points out, noting that many companies already possess required tools such as a ticket system and see obvious value in lowering the number of service incidents and responding to them more quickly. But Mathers believes some ITIL users may balk at more advanced concepts, such as creating a configuration management database, a repository that illustrates the attributes of and relationships between elements of IT infrastructure.

Though ITIL initiatives require a considerable investment of time and energy, organizations don’t have to throw money at them, says Tracy Schroeder, vice president of information technology for the University of San Francisco, which has been using ITIL for nearly five years.

Rather than purchasing software and engaging an ITIL consultant, Schroeder recommends first attending training sessions and using what you learn to analyze and document your organization’s processes. “I’ve found that consultants can give you general advice and steer you in the right direction, but you have to figure out how ITIL makes sense in your organization and which ITIL principles you can apply.”

The university didn’t invest in a new tool until nearly three years into its ITIL initiative. It now uses several tools from Service-now, a provider of on-demand service management solutions, including tools for incident, problem and change management, plus a basic level of configuration management. The university integrated the latter tool with LANDesk to populate it with its desktop and laptop assets, and with its SunGard Banner ERP system for creating users, says Schroeder.

Taking the time to develop and understand processes beforehand helped, she adds. “That way, when you get to the tool, you know what you want it to do and it’s serving you rather than you shaping yourself around it.”

Can ITIL Do It All? Uh, No

Posted by Ann All

A few weeks ago, I spoke with Sheila Upton, a member of the Innovation Value Institute, about the institute's new IT Capability Maturity Framework, a five-stage maturity model used to organize and structure a framework for mapping IT improvement efforts. One of my questions to Upton: Why, with existing frameworks like the IT Infrastructure Library (ITIL), did CIOs need another one? Upton told me that members of the institute believed there was a gap in what existing frameworks did and what IT organizations, especially CIOs, needed.

I gleaned some similar insights from sources whom I interviewed for my recent story on ITIL. For instance, Bob Mathers, a principal consultant for Compass Management Consulting, told me it's not uncommon for organizations to integrate ITIL with other improvement frameworks such as COBIT (Control Objectives for Information and Related Technology). "That came out of their realization that ITIL wasn't necessarily going to solve everything they thought it might solve," Mathers said.

After putting in some of ITIL's core processes, some organizations "stepped back and realized they needed to be more realistic about the benefits any process framework can give them," he said. "ITIL may work quite well for some areas but be lacking in others."

Bad news, guys and girls. There is no magic formula for solving all of your IT ills. ( I feel a little like a jerk telling Virginia there is no Santa Claus.)

Version 3 of ITIL, introduced in 2007, attempts to address some of the perceived shortcomings of earlier versions of ITIL, said Mathers. But some organizations simply adopted aspects of COBIT or other frameworks to create a kind of hybrid framework. ITIL is most often the "foundation" for these hybrid frameworks, he said.

IDC analyst Fred Broussard, who wrote an HP-sponsored white paper on IT service management needs and adoption trends, told me ITIL adoption levels were higher in organizations using other types of process improvement frameworks such as COBIT or Six Sigma. That's likely because it's easier to "sell" ITIL to senior management at organizations already on board with the idea of structured process improvement, Broussard said.

Predisposition to improvement frameworks also may help explain why ITIL is most popular with large enterprises, which are more likely than their smaller counterparts to use other frameworks, said Matt Schvimmer, head of products, IT Service Management and Project Portfolio Management, for HP Software & Solutions. "Large organizations are generally able to be more proactive and devote more time to process effectiveness work. As you go downmarket, you get more into survival mode and find yourself doing more firefighting," he said.

All of my story sources agreed on the inherent value of ITIL and other IT service management initiatives. For a contrarian view, I found some thoughts from Robert Lewis, author of "Keep the Joint Running: A Manifesto for 21st Century Information Technology" and six other books, included in an interesting CIOZone.com piece.

One of ITIL's key tenets is to treat internal business units and their employees as "customers" consuming IT services. That's a mistake, said Lewis, as it diverts IT's focus from "real, paying, external customers."

Simply responding to the needs of internal customers prevents IT from assuming a leadership role when it comes to identifying new technologies that can solve business problems. The better approach, said Lewis, is one of working together to achieve corporate goals.

I also unearthed a link to a two-year-old discussion I had Hydrasight Managing Director Michael Warrilow in which he made the point that, for most IT organizations, best practices should be viewed as an ideal rather than a realistic target. Why? He said:

... When it comes to IT operations, the aim is quite simply "to do more with less" — as the saying goes. Why? Because the generally accepted rule of thumb is that more than 70 percent of IT expenditure currently goes to "keeping the lights on." There should be no doubt in anyone’s mind that best practice will increase the cost of IT operations within the vast majority of organizations, and hence increase the risk of doing less with more.

Making ITIL Work

by Ann All

I recently wrote an article and a follow-up blog post based on discussions I had with several IT analysts and with IT professionals on the IT Infrastructure Library (ITIL). They offered lots of great advice on how to effectively implement ITIL, only some of which made it into the article. I'd like to recap some of the advice in the article and mention some of the suggestions that didn't make it. Hopefully other folks with ITIL experience will join the discussion and share some suggestions of their own.

• Start with realistic expectations. If you start out thinking ITIL will help you cut IT costs in half, you will be disappointed.
  
• Begin with a solid baseline, looking at unit costs, quality and productivity.
• Measure in granular enough detail so improvements can be tied directly to an ITIL process or tool.
• Concentrate on your most critical business processes. Ask users to help you determine which processes are the strongest candidates for improvement.
• Enlist a strong executive-level sponsor.
• Invest time in educating users about ITIL's benefits, preferably with diagrams showing how workflows can be streamlined.
• Reassure staff that their roles won't be automated out of existence. Rather, ITIL will allow them to apply their time and energy to more strategic issues. They shouldn't have to spend as much time firefighting, and firefighting will become less stressful for them, when necessary, if processes are better defined.
• Focus on achieving small, incremental wins, and the momentum will take care of itself.
• ITIL is an organizational effort and thus cannot be confined to IT.
• Training is important. Make sure users understand how to use ITIL tools and processes.
  
• Change management can get costly if and when users try to circumvent ITIL processes. With the CIO's blessing, send a weekly e-mail listing all of the 'emergency' changes made the prior week.
• Pick and choose the ITIL principles that will benefit your organization. You don't have to adopt them all.
• Promote posiitve results to create enthusiasm.

Scoreboard: Who are the highest rated leaders in the tech industry?

Who is the best judge of a tech leader’s performance? It’s not Wall Street analysts or the general public, it’s the people inside the company. Based on ratings from Glassdoor.com, see how the tech industry’s top leaders, from Steve Ballmer to Larry Ellison to Steve Jobs, are rated by the people who work for them.

——————————————————————————————————————————————————

When I looked up technology executives on Glassdoor.com to see how they were rated by their employees, I was surprised at how they naturally divided themselves into two groups. I picked 14 leaders and they ended up dividing evenly between seven rated 62% or higher and seven rated 48% or lower.

I had already planned on making 50% the natural dividing line (and it was), but it turned out that none of the leaders fell in the 49%-61% window. To me, that meant that tech industry employees were generally not ambivalent about their leaders. The leaders were either widely admired or couldn’t gain approval from even half of their employees.

Before we dive into the list, keep in mind that Glassdoor.com is not scientific, but it is statistically significant (because nearly all of these tech companies have over 100 responses). The data is based on anonymous feedback from employees, who self-select themselves to participate. Glassdoor’s methodology requires participants to go through a fairly rigorous submission process, and that naturally limits the amount of false submissions. However, because it is anonymous, there’s no verification process to determine that the participants are legitimate company employees.

Nevertheless, the information from Glassdoor is extremely interesting, and in most cases it is consistent with information I’ve read or heard from insiders at the companies mentioned.

In the lists of the highly-rated and poorly-rated tech leaders below, I’ve listed them from high to low based on their approval rating. I’ve linked the company names to the full company profiles on Glassdoor.com, where you can see the updated numbers and lots of additional comments from the employees who participated. And I’ve also included the ratings that employees gave to their respective companies, beyond just the leaders.

Highly-rated

Steve Jobs, Apple: Approval: 90%, Company Rating: 3.8

Eric Schmidt, Google: Approval: 88%, Company Rating: 4.0

John Chambers, Cisco: Approval: 78%, Company Rating: 3.6

Mark Benioff, Salesforce.com: Approval: 73%, Company Rating: 3.7

Jim Balsillie, RIM: Approval: 70%, Company Rating: 3.8

Larry Ellison, Oracle: Approval: 63%, Company Rating: 3.2

Paul Otellini, Intel: Approval: 62%, Company Rating: 3.5

Poorly-rated

Michael Dell, Dell: Approval: 48%, Company Rating: 3.0

Steve Ballmer, Microsoft: Approval: 44%, Company Rating: 3.7

Sam Palmisano, IBM: Approval: 42%, Company Rating: 3.2

Mark Hurd, Hewlett-Packard: Approval: 41%, Company Rating: 2.8

Ed Colligan, Palm: Approval: 36%, Company Rating: 3.2

Jonathan Schwartz, Sun Microsystems: Approval: 25%, Company Rating: 3.1

Greg Brown, Motorola: Approval: 10%, Company Rating: 2.6

Commentary

It’s not surprising that Steve Jobs (right) is at the top of the list. He and Apple have been on an amazing run over the past decade with the rise of the iPod and iTunes, the resurgence of the Mac, and of course, the launch of the iPhone. Plus, he is an almost cult-like leader who inspires–and requires–absolute loyalty.

It’s also not surprising that Eric Schmidt and John Chambers are so highly regarded, since their companies have been on multi-year hot streaks. These three top-rated CEOs have widely divergent leadership styles, which shows that successful leadership is not about methodology or personality type.

Conversely, on the poorly-rated list it’s not surprising to see it dominated by CEOs whose companies have been in a tailspin. Palm, Sun, and Motorola have all been stuck in reverse, even before the current economic downturn, so it’s not much of a shock to see their chief executives mired at the bottom of this list.

However, it is a little surprising to see Mark Hurd (right) from HP in the lower list. After all, HP has jumped to the number one spot in PC and server sales under Hurd’s watch and produced a series of strong financial results. Despite all that, Hurd has a low 41% approval rating and employees gave the company a 2.8 rating, the second worst on this list. Only Motorola is rated lower.

When you have a leader who drives top-tier results but still has a company morale problem, that person is often called a “scortched-earth” leader–someone who gets things done but burns everyone out in the process. That could be what’s going on with Hurd.

The other mild surprise is Microsoft’s Steve Ballmer, who only had a 44% approval rating among his troops. While Microsoft’s stock price has been stuck in neutral for years and the company’s reputation in the general public is mixed, during the past decade Microsoft continued to grow its revenue and its product lines and expand its workforce. Its employees even rated the company at 3.7–only Google, Apple, and RIM scored higher.

The biggest problem Ballmer (right) may face with Microsoft employees is that he’s not Bill Gates. While Ballmer has been the Microsoft CEO since 2000, he remained in the shadow of Gates until mid-2008 when Gates retired from his full-time role at the company. While Gates was a visionary, Ballmer is simply a businessman. They complimented each other well, but without Gates what is Ballmer’s vision for the company and the computing industry? It’s unclear. And that is likely the culprit for his lukewarm endorsement from the Microsoft rank and file.

Beyond Survival – Thriving on Innovation in a Down Economy

from Metastorm

Introduction

Not everyone is affected equally by economic crisis, but regardless all organizations are facing a wealth of challenges and unpredictability as a result of the dynamic market environment that lies ahead in 2009. The initial and logical reaction is to hunker down, cut costs, and just get through it – survival at the expense of anything else. However, recent research by Gartner Inc. analysts Betsy Burton and John Rizzo echoes the need to continue to move toward the future. In their October 2008 report entitled, IT Innovation Will Be Key to Turn Economic Crisis Into Opportunity, they state: “Innovation is crucial as we transition from short-term crisis management to recovery.¹”

As many organizations struggle to control costs, increase revenue, and maintain their competitive status, it is easy to look at the perceived cost of IT and business initiatives and cut, cut, cut. But to do so without an eye to the future blinds many organizations to the opportunities that do exist to selectively expand and enhance their ability to meet future challenges. It is critical for organizations to find the balance between controlling costs, spending smartly, and continuing to create opportunities for growth. Innovation may seem counterintuitive during lean economic times, but it is during these times when it is most important, as innovation not only generates opportunities for new revenue, but can also be a key to creating value and controlling costs. This is also the time when the competition is in survival mode, and you have an opportunity to leap ahead.

Innovation

Innovation – it is often cited as a top priority of senior management to expand markets, grow revenue, and increase the competitive edge; however, it often falls to the bottom of the priority list. During down economic times, the focus may change from growth and innovation to down-sizing and efficiency. But innovation and efficiency do not have to be mutually exclusive. Innovation leads to new ways of thinking which in turn can lead to controlling costs by creating more efficient ways to develop products, fostering creative ways to collaborate with outside resources, or improving business processes in ways that reduce spending while also improving performance and outcomes. While reducing costs, all of these examples can also lead to growth and set an organization up for accelerated success when the economy recovers. The secret is in knowing what to focus on, making the right decisions with the right information, and continuing to look forward.

It is important to understand the kinds of innovation that an organization may undertake in order to understand how it can be used as a growth engine that can reduce cost.

* Process – Organizations can innovate their business processes to find more efficient ways to do things, lower costs, increase productivity, speed time to market, or enhance customer service.
* Market – Organizations can innovate to engage in a new market with a new or existing product or service, leveraging existing assets to drive new revenue.
* Business Model – Organizations can look for new ways to engage with customers and partners that can enhance relationships, foster collaboration, and optimize the extended value chain with the least cost and disruption to existing infrastructure.

Those organizations that have successful and sustainable innovation activities also have a solid foundation that includes: an understanding of their strategy, core capabilities, and business processes; active engagement of the company's network of partners, customers, and suppliers; and adherence to an effective set of repeatable, effective business processes.

Today’s environment provides the perfect opportunity for organizations to look beyond cost cutting and instead look for ways to be both more efficient and more effective while capitalizing on select opportunities to grow the business and position for future success.

Refine Business and IT Strategies

Innovation is often spurred by trying to do something in a new or better way. Ford’s assembly line, the first iPod, and the Toyota production system are all examples of innovations that borrowed from processes or solutions that already worked. Each brought new revenue, new markets, and greater efficiency with limited risk and faster time to value. By looking at existing business strategies, organizations can take a fresh look at their goals, objectives, and the underlying people, processes and technology that support them to find ways to create efficiency and improve business performance to address today’s issues while preparing for tomorrow’s opportunities.

To do this, companies need to be able to “see” the whole of the enterprise, and its underlying infrastructure to understand how it works. A series of questions needs to be asked in order to expose the relationships across the business:

* What are the top organizational goals and objectives?
* How are these tied to business processes and metrics?
* What systems support these processes?
* What will be impacted if a change is made to any of these corporate assets?

The best tool to provide the answers to these questions and to model a complete understanding of the enterprise is Enterprise Architecture (EA).

Figure 1 – A view of relationships
Source: Metastorm

Using EA and Business Process Analysis (BPA) tools to model the strategies, people, goals, information and technology of the enterprise presents a picture of the business that can be refined, manipulated, and analyzed to create new ways of doing things – optimizing use of the resources you have today and identifying the resources you need to support future objectives.

EA and BPA tools allow the analysis of how well processes are supporting the business strategy and how well the strategy is meeting goals. A view of the relationships across people, technology and information is made very clear and is a means to refine models and simulate “what if” scenarios to gauge the impact of any change prior to implementation. The business is spared radical shifts until the right scenario is found, thus lowering risk and increasing the likelihood of success. New business strategies and goals can be assessed and virtually implemented to gain the understanding of the value an innovation will actually bring.

Look Ahead

Once strategies have been reviewed and refined, it is necessary to plan for the transition to move from where you are now to where you want to go. As organizations rebound from the challenges of the current economy, the ability to react quickly and smartly to take advantage of new opportunities will propel well-prepared organizations into a leadership position. Planning, innovating and optimizing the use of your existing resources now will allow stronger companies to quickly take advantage of new opportunities and prosper when the economy rebounds. Those that concentrate only on survival cost reduction will be forced into a maintenance and rebuilding effort that leaves them behind.

Looking at the state of your enterprise via models, roadmaps, application portfolios and impact analysis reports allows decisions to be made quickly and more accurately. These decisions may include a change in IT direction, retirement of legacy system, consolidation of data centers, the creation of an enterprise service from an existing capability, elimination of duplicate functions, streamlining of product lines, or simply analyzing the impact of ongoing change to the business. EA and BPA tools and disciplines provide the most complete view of the whole enterprise, which provides information needed to develop new sources of revenue and/or to cut and control costs.

This is also a good time to reassess how use of technology and IT services can be improved to create a flexible a platform that can accommodate or anticipate change while minimizing disruption to daily activity. As the recovery takes hold, there will be a need to comply with new regulations, develop new opportunities, and respond to new market pressures. Business Process Management (BPM) technology can be leveraged to develop a flexible platform that provides automation, visibility, audit ability, and the ability to quickly respond to changes in business strategy, goals, and objectives.

BPM technology is a quick way to automate and respond to internal and external change. The use of BPM software in conjunction with Business Process Analysis, allows an organization to model, simulate and execute a business process in a matter of days or weeks with minimal disruption to underlying infrastructure. When a process is changed in response to a regulatory requirement, a new strategy, or a competitive pressure, this change can be modeled, simulated and implemented quickly.

Control Costs but Prepare for Growth

Most organizations are looking for ways to control costs, do more with less, and minimize disruption caused by reduced budgets. In most organizations, it is the CIO who is asked to cut IT initiatives and spending. While cutting would seem to be a simple task in down times, it must be done with an eye toward future growth and innovation. CIOs should rely on their Enterprise Architects to provide the big picture needed to understand the short-term and long-term impacts of any cuts not only on IT, but also on the business. Using this big picture, Enterprise Architects understand how to simplify and streamline the IT environment and how to reduce system overhead while avoiding impact to current and future business opportunities.

Figure 2 – Portfolio view of IT projects
Source: Metastorm


Enterprise Architects have a view across the portfolio of business processes and the applications that drive them. These applications are instantiations of business processes. Using this view provides the means to rationalize processes, applications, and systems and reduce redundancy and cost. EA and BPA tools provide a means to analyze the impact of any proposed changes. While this is seen as cost control, innovation is also possible as there is the opportunity to create new ways of doing business or new ways of using existing assets that will reduce cost, increase maintainability, and enhance business performance.

Enterprise Architects can analyze data regarding application complexity, underlying data stores, frequency of access, performance and capacity considerations, backup requirements, and a host of other factors that inform the planning process. Much of the discussion regarding how IT can provide value to the business can be centered on how the application portfolio will enable the business strategy and deliver the foundation for growth as the economy moves toward recovery.

Make It Happen

Aligning your understanding of the business and all of its resources and assets – Enterprise Architecture – with the effective execution of the business processes that drive results is critical to both smart cost reduction and the ability to effectively innovate.

By offering a unique and integrated software portfolio that combines market-leading Enterprise and Business Architecture, Business Process Analysis, and Business Process Management capabilities on a single platform, Metastorm Enterprise™ allows organizations to improve business results by unifying strategy, analysis and execution.

Strategy – Metastorm ProVision® provides a complete suite of enterprise modeling tools for both Enterprise Architects and business analysts. Key enterprise assets – including systems, data, resources, finances, products and suppliers – and their inter-dependencies can be modeled, shared and refined in a standalone or collaborative environment. Metastorm ProVision provides the platform to model strategy, goals, processes and the metrics that will be used to measure success.

Analysis – Metastorm ProVision also provides robust Business Process Analysis and simulation capabilities to define critical business processes and associated dependencies, facilitate requirements analysis, simulate multiple scenarios, and optimize processes and related enterprise assets against strategic objectives. Metastorm ProVision’s BPA capabilities help determine the best way to compose processes to optimize results, achieve goals, cut costs and create an agile framework that supports goals of the enterprise strategy.

Metastorm delivers powerful process discovery tools, as well. As part of the Metastorm ProVision offering, Metastorm Discovery™ replaces traditional methods of gathering as-is process information and formalizes process discovery activities. Metastorm Discovery eliminates the problem of having insufficient or inaccurate data to optimally leverage improvement efforts.

Execution – Metastorm BPM® is a highly-scalable, enterprise BPM suite designed to support automation, deployment, integration, analysis, monitoring, and improvement of both human and system-based processes within and across organizations. Metastorm BPM allows you to put your enterprise models into action – delivering value faster and allowing for change on a real-time basis.

By implementing Metastorm Enterprise to align EA, BPA and BPM initiatives, you gain a cross-functional platform that provides the strategic, tactical, and operational level views you need to identify risk across the organization, take advantage of opportunities for innovation, and improve business performance.

If there is a silver lining to the economic downturn, it may be the resulting need for aggressive change which can lead to innovations in products, services, and the way an organization operates.

Developing Actionable ITIL Processes

March 5, 2009 By Mike Tainter and Kristy Smith

A sound framework coupled with cultural transformation and results tracking are essential for successfully implementing ITIL, write ITSMWatch columnists Micheal Tainter and Kristy Smith of Forsythe.

Effective adoption of ITIL requires not only the application of ITIL best practices, but also a sound process development framework. Coupled with a campaign of cultural transformation and consistent measurement and results tracking, solid process development techniques will yield repeatable, integrated and actionable processes for managing services and operations across the IT organization.

The Pitfalls of Haphazardness

Haphazard processes can perpetuate inefficiencies, if not chaos, in an IT organization. For example, the complete set of knowledge of an IT organization's activities is usually spread among its many employees. This applies to process documentation, which is too often located in disparate repositories—such as hard drives, shared drives, email folders and people's memories—and is typically stored in many formats such as Word, Visio, PowerPoint, or not documented at all.

Thus, critical process intelligence can be lost or get out of sync when staff members leave, or when the organization grows, restructures or merges. The result is haphazard process development. Haphazard processes may have no clear entry or exit point, too much (or too little) detail, crossing lines, wordy or ambiguous procedure names, undefined roles and ownership, and a lack of clearly defined inputs and outputs to and from other processes.

Figure 1. Haphazard process development

A Sound Framework

A sound process development framework to support development of actionable ITIL v3 processes brings many benefits: centralized knowledge capture, repeatable results, reduced defects, increased collaboration, and a shared process language across the organization. It facilitates continual process improvement, and provides a consistent baseline for measurements, results tracking, and change control.

A good process development framework comprises an online tool built around a multi-layered process model. As depicted in Figure 2, each layer of the model parses the process into progressively lower levels of detail, leading the end user in an intuitive fashion to the specific actions required for thorough ITIL process implementation.

Figure 2. Multi-layered process framework

The four layers of the process framework are: process, procedures, steps, and work instructions and tool tips. Processes, procedures, steps and work instructions are housed within the online tool. The highest and lowest layers, policies and work flows physically reside outside of the online tool, but are still an integral part of an actionable process model. Each layer of an actionable process model is described in detail below.

Policies - A policy is a high-level overall plan that covers general objectives and expectations. For example, a common policy for Incident Management is to use the service desk as a single point of contact for all incidents, while common policies for change management are to establish a change advisory board (CAB) and to define rules for executing different types of changes such as emergency, standard, normal, etc.

Policy development is a responsibility and activity of management. It occurs outside of the process framework, and provides the goal posts toward which all process development is aimed.

Processes - Processes are high-level activities required to meet the policies and objectives of the organization during various phases of the IT service management lifecycle. The major activities for each process can be derived from the various books in the ITIL v3 service lifecycle. This is where it all starts and where ITIL paves the way.

Procedures - Each process should also outline the procedures that establish the set of steps required to complete the process activities. For example, the Incident Management process would have a set of procedures to identify and log; categorize and prioritize; investigate and diagnose; resolve and recover; monitor, track and communicate; and close the incident. Procedures are repeatable and static regardless of the particular incident or change request involved. A procedure is an action—its name always begins with a verb. Every procedure is triggered by a specific event or input, and results in a specific output.

Steps - Each procedure comprises a set of steps, arranged in flowchart fashion, that are followed to complete the procedure. For example, Incident Management contains a procedure to categorize and prioritize the incident. To complete this procedure, you would complete the following steps: determine the request type, record the incident details, identify the impacted configuration item, and determine the priority of the incident.

Work Instructions - Each step contains work instructions which document repeatable, role-based instructions for completing the step. Work instructions are where the processes and procedures meet the IT service management tool; as they explain how to utilize the tool to execute the step, when applicable.

To continue our example above, the work instruction for the step determine the priority of the incident would contain specific information about impact and urgency levels and criteria, and would describe how to indicate the incident's priority within the tool.

Work Flows - The lowest level of detail is the work flow. Work flows are repeatable, role-based instructions for executing a change, fixing a problem or producing a work product. Work flows are dynamic, consisting of the details tailored for each task that IT performs for the business. Documented work flows often reside in the IT service management tool in a pre-populated model or template, and are also referred to as standard operating procedures (SOP).

An example of a work flow is an incident resolution template, an automated service desk template that pre-populates an incident record with appropriate instructions for resolving a recurring incident. Other examples of work flows are standard change; a prescribed set of instructions for building, testing and implementing a repeatable change such as a password reset or a new employee setup; and a test script, a specific test scenario for confirming automated functionality.

Fostering Actionable Processes

Ensuring that ITIL processes are actionable is a challenge that goes beyond process development and documentation. The organization must recognize that a cultural transformation is required to foster acceptance of ITIL and to anchor new behaviors. In addition, a measurement strategy must be employed to track results of the ITIL implementation, to determine levels of adoption, and to promote continual improvement.

An ITIL initiative, like any change initiative, can potentially fall victim to the "dead salmon" syndrome: salmon swim upstream against the flow, lay their eggs and, ultimately, end up dead in the water. An ITIL initiative that is constantly swimming upstream against the cultural flow will likely meet a similar fate.

In his book Leading Change, John Kotter discusses an "eight stage process of creating major change" to effectively lead an organization through cultural transformation. The eight stages are:

1. Establishing a sense of urgency

2. Creating the guiding coalition

3. Developing a vision and strategy

4. Communicating the change vision

5. Empowering broad-based action

6. Generating short-term wins

7. Consolidating gains and producing more change

8. Anchoring new approaches in the culture

According to Kotter, stages 1 through 4 of the transformation process help break the status quo. Stages 5 to 7 introduce new practices. And stage 8 grounds the changes in the culture to help them stick.

The pressure to produce quick results often leads to a desire to skip stages or to execute them out of order. Don't be a dead salmon. It is important that all eight stages are followed sequentially. To curtail the desire of individuals to work against the impending change, and to actually nurture enthusiastic support, follow best practices for creating successful change before going down the road of ITIL implementation. Establish a steering committee, form a good foundation of management support, and communicate the vision before proceeding to introduce process and procedural change to the organization.

Change Through Measurement

An essential part of any ITIL implementation is to monitor technical and business results—such as process performance, quality, customer satisfaction, and levels of compliance—utilizing rationalized metrics, reports and auditing. Determine and baseline a set of critical success factors (CSF) with supporting key performance indicators (KPI) and operating metrics (OM). Determine a reporting strategy and schedule. These will be utilized by the steering committee, process owners and managers to measure process conformance, quality and performance.

Keep in mind that it is not reasonable to expect that process will be followed without proper inspection for conformance and performance. You can't expect what you don’t inspect.

Just as important is to measure cultural adoption of ITIL by surveying and interviewing IT staff to learn their attitudes. Are they realizing practical benefits as a result of the ITIL initiative, and does it seem worth the effort so far? Do they have an idea to contribute, or do they want clarification of an issue? This is crucial to making processes actionable and to ensure continual process improvement.

Mike Tainter, Forsythe’s ITSM practice director, has been managing technology and large-scale IT projects for more than 20 years, including IT service management, ITIL,operations management, process design, IT operations support system development, and IT logistical requirements. Tainter holds the Foundation Certificate in IT Service Management and the Manager's Certificate in IT Service Management.

Kristy Smith, ITSM associate consultant at Forsythe, has an extensive background in accounting as well as more than 10 years of IT experience including experience managing IT service management and ITIL implementations and developing ITSM methodologies. Smith holds the Foundation Certificate in IT Service Management.

Undervaluing the Need for Risk Management Is Risky

by Lora Bentley, IT Business Edge

As recently as last week, Yale University behavioral economics professor Robert Shiller told reporters the current mess in the financial markets results in part from a failure to manage risk. Last year, the Securities and Exchange Commission offered new guidance on a risk-based approach to Sarbanes-Oxley section 404 implementation. In between, companies like CA began offering governance, risk and compliance (GRC) products and services, and Standard and Poor's even began tracking enterprise risk management as a key to evaluating a company's financial health.

Risk management is the new hot topic in today's economic climate. Businesses are doing everything they can to ward off the fraud that caused Enron to collapse, Bernard Madoff's clients to lose everything, Lehman Brothers to enter bankruptcy, and so on. Ethics and Compliance Officer Association Executive Director Keith Darcy says his organization has more than doubled its membership in the last eight years alone. In that time, he says, the markets have seen a "flight to integrity." People are investing in businesses they trust and pulling their money out of those they don't trust.

But more than panic is driving the trend toward ethics and risk management positions in the executive suite. It's also good business. Jeff Smith, who serves as legal officer and risk officer for the Michigan-based Consulting Services Support Corp., says, "Once a number of companies begin to better manage and mitigate their own unique risks of loss, it only makes sense that other corporations that wish to retain competitive advantage and attractiveness to shareholders would follow suit." That, he says, results in the wealth of risk management and ethics-centered positions that are available today.

“The first challenge is often to help others realize that they have a reason to learn from you...”Jeff Smith, Consulting Services Support Corp.

The positions will differ a bit in terms of title, salary levels will vary, and some may have a broader set of responsibilities than others. For instance, Inter-American Development Bank in Washington, D.C., is seeking a "principal integrity officer." The person's responsibilities? Planning and executing fraud and corruption investigations. Smith's responsibilities at CSSC, however, run the gamut. He says simply, "I manage risk in the areas of insurance, law, compliance, ethics and any other areas that my CEO or I may identify within the organization."

Protiviti managing director Paul Schulz notes that the most effective risk and ethics officers are those, like Smith, at the executive level. He says, "Overall direction and management of enterprise risk is the key role... In essence, CRO and equivalent roles are at the fulcrum of creating and managing the mechanisms that cut across organizational and business unit boundaries to identify, manage, and mitigate risks in a wide variety of categories."

Darcy agrees. "The chief ethics and compliance officer must have C-suite status. They must have independence," he says, "They must have unfiltered access to the board, and they must have a seat at the strategy and policy table because that's where the big decisions are made."