ITSM | ITIL | CobiT | ISO 2000 | itSMF | PMI News

Service Desk at Core of ITSM Initiatives

2009-05-25T15:09:00.000-07:00

April 23, 2009
By ITSM Watch Staff

Enterprises are achieving cost savings and operational efficiencies through consolidation, process improvement and deployment of more robust technologies.

The help desk has evolved beyond its role of simply recording and responding to IT user issues, according to a new study, The Aging Help Desk: Migrating to a Modern Service Desk, released by Enterprise Management Associates (EMA). Today's help/service desk is at the core of IT service management (ITSM) initiatives.

"EMA has long believed that the service desk represents an area of investment for the enterprise," said Lisa Erickson-Harris, EMA research director and study leader, in a press release. "Our research confirmed that even in this down economy companies view the help/service desk as a place where spending can drive returns through technology automation, the introduction of self-service and consolidation in operations."

Some of the key findings include:

Service Desk Part of Overarching ITSM Strategy: Sixty two percent (62%) of participants are either already making the help/service desk part of the company's overarching ITSM solution or are planning to move in this direction.

Use of Multiple Help/Service Desk Tools: Fifty six percent (56%) of respondents from large enterprises are managing or planning to manage multiple help desks. The vast majority of organizations managing multiple help/service desks will consolidate their operations.

Consolidating Service Desk with Corporate Customer Service: Integrating customer service operations with the IT service desk promises financial savings as both groups require similar training, tool sets, processes and automation capabilities. Thirty percent (30%) of respondents have been able to take advantage of this opportunity.

ITIL Disciplines Identified as Important: Sixty four (64%) of respondents have deployed or are planning to deploy ITIL v3. Incident, problem and change management are the most frequently-deployed ITIL disciplines and remain the most critical for help/service desk operations.

Service Catalog a Key Growth Area: Fifty six percent (56%) of respondents have already deployed or are planning to deploy a service catalog. Clearly, there is value in putting IT service offerings front and center in the hands of managers and users via the service catalog.

Self-Service a Top Priority: Self-service is a strong area of investment because of its ability to lower call volume and resolution time at the service desk. Surprisingly, only 32% of respondents indicated that they had already implemented password reset technology while 41% are planning to do so.

"While the help/service desk has a lot on its plate," Erickson-Harris said. "There are clear opportunities for significant operational cost savings. EMA believes that efforts to expand the footprint of the service desk will also improve the user experience and raise the credibility of IT throughout the organization."

Methodology

For this study, EMA surveyed 158 IT professionals with help/service desk responsibility and familiarity with their organization's ITSM initiatives. This quantitative data was complemented by 14 in-depth telephone interviews. The research examined major initiatives taking place in corporate help/service desk operations and explored topics such as best practices, operational metrics, management priorities and integration needs.

Seven Tips to Rapid Service Transformation

2009-05-25T14:49:00.000-07:00

May 15, 2009
By Martin Likier

No ITSM methodology can guarantee success, but there are ways to shorten time to implementation and ensure you get it right the first time, writes ITSM Watch guest columnist Martin Likier of Forsythe.

Once your organization has made the decision to implement an IT service management (ITSM) discipline, you can quickly become overwhelmed.

A litany of books, terms, processes, functions, roles and responsibilities is the first wave that hits you. Then a second wave hits you, which includes communicating with the business, defining services, service level agreements and the gruesome task of trying to develop critical success factors, key performance indicators and operational metrics.

It is enough to make anyone feel like they're drowning, but it doesn't have to be that way. While there is no methodology that can guarantee success, there are seven tips that will shorten your time to implementation, while helping ensure you get it right the first time.

Tip One: Start with a Framework

Frameworks help people avoid reinventing the wheel and overlooking something that will rear its ugly head sooner or later. If you already have a framework in place, you have a choice to make: continue with that framework or choose a new framework. For those who are thinking about choosing a framework path, you may want to consider the following frameworks.

ITIL has become the de facto global standard for IT service management. ITIL provides a set of best practices for managing all phases of the IT service lifecycle. ITIL's best practices encompass services, people, processes and technology, implemented from a life cycle point of view, focused on integration with the business. Because it is public and non-proprietary, it is cost effective and provides the fastest path to making your framework actionable.

Alternatives to ITIL like Microsoft Operations Framework (MOF) do exist but can be based on proprietary or a specific vendor's knowledge which can make them far more difficult to adopt and adapt, and their focus can be either too broad or too narrow. If you are considering an alternative to ITIL, be sure you have determined that it fits your organization’s service management requirements and that you are aware of where gaps may exist between its capabilities and your requirements.

Tip Two: Effective IT Service Management Program is Proactive versus Reactive

Most IT departments spend a great portion of their day operating tactically by reacting and responding to one IT fire after another. Due to this turmoil, reactive organizations generally wait for a directive from the business before they move forward. Proactive organizations are always looking for ways to improve and provide better service. They understand the importance of integrating IT into the business and being viewed as a strategic partner. IT departments that successfully transform into a service oriented culture are able to maintain a proper balance between being proactive versus reactive.

Being extreme in either case can cause problems, but being more proactive helps position IT organizations as true advocates of the business. The business will appreciate you more and value you more highly if they see you being proactive in trying to address and even prevent problems.

Tip Three: Implement Best-Practice Processes and Document Them Properly

Whether it’s a down economy (potentially losing staff) or a thriving economy (potentially gaining staff), it is important for everyone to know what is expected of them and how to accomplish their tasks. Implementing a formalized and documented process model based on best practices will lead to consistent performance of your IT staff day-in, day-out. This holds true whether you are a new hire asked to perform a task on day one or you are a 20-year veteran. Each process should have an identified owner and include role-aligned procedures and tool-aligned work instructions. Using an informal process approach leaves too much to interpretation and runs the risk of not getting it right the first time.

Tip Four: Establish a Governance Committee

Establishing a formal governance (or steering) committee will ensure the continued evolution of an IT service management initiative. Such committees take a holistic view of the entire portfolio of IT programs and recommend and prioritize which improvements should be made and when. Without a formal committee, governance will typically be ad-hoc and driven by silo requests. Ad-hoc governance rarely considers the integration of processes, people and technology to provide improved services to the customer.

Tip Five: You Must Be Able to Explain, Monitor and Evaluate Your IT Processes in Terms of How They Support Your Business and its End-Users

Albeit the challenge in doing so, IT departments must start to view themselves as providers of business services and not just the supporters of applications, servers, networks and storage arrays. While the latter is true, business users and customers are generally not concerned about the details of making technology work, but rather they are concerned about whether an agreed-upon service is available or meeting their expectations. Understanding a new or existing service’s utility (what a service does) and its warranty (how well it does it) will help ensure that the service meets the requirements of the business. With that knowledge you should be best positioned to document repeatable and integrated processes for managing your services and operations.

Tip Six: Structure Your Support Organization into Integrated Teams versus Isolated Support Silos

In many IT organizations, day to day support is provided and managed by technology groups such as Windows Support and Unix Support. Most often these independent support silos operate independently with a myopic focus on technology outcomes such as server uptime. However siloed organization and behavior makes it much more difficult to reach business goals or targets due to alignment with IT-focused Operational Level Agreements rather than business-focused Service Level Agreements. This leads to less-efficient use of staff resources and poor interdepartmental communication.

Best results are often achieved when companies break down isolated support silos and work to create integrated support teams. Integrated support teams collaborate to support a service end-to-end, from desktop (or user!) to server, and focus on achieving business outcomes.

Tip Seven: Establish Service-based versus Operational Metrics

Don’t expect what you don’t inspect, and when you inspect, ensure you are measuring what really matters. A formal reporting and measurement program is a key component to quickly identify areas for improvement. The trick here is not to get bogged down at the lowest level of a reporting strategy by only viewing operational metrics. A good reporting strategy should include operational metrics, key performance indicators and critical success factors which encompass an end-to-end service operation. This effort can be further expanded by introducing a sound Continual Service Improvement process. By doing so your organization's ITSM measurement and reporting activities will provide the basis for identifying and prioritizing IT service improvements.

Summary

To assist with guiding your IT service transformation’s passage through the rough waters of implementation, these seven tips can help ensure that you not only get off to the right start, but can ease the concern of how to get there. This approach leverages the integration of services, process, people, and tools which leads to infinite synergy. By understanding this and executing on these tips, you can calm and navigate the waters of IT service transformation without drowning.

Mr. Likier is an ITIL V3 Expert certified consultant within Forsythe's IT Service Management Professional Services Group. Most recently, he has been responsible for the delivery of IT Service Management best practices which provide value to customers in a wide range of vertical markets. His experience encompasses ITSM, ITIL, and process design/implementation and project management.

Understanding and Maximizing Your ITSM Investment

2009-05-25T14:48:00.000-07:00

May 22, 2009
By David Mainville

It’s more than a matter of faith, writes ITSMWatch guest columnist David Mainville of Consulting-Portal.

Throughout my 29 years of service management experience I never once doubted the value of having well defined and well implemented IT processes. Over time, it became part of my belief system. I had faith that IT service management (ITSM) provided real value to an organization even though that faith was sometimes hard to explain to others.

However, just because I had faith in ITSM, it didn’t stop senior management from asking “What’s the ROI?” That got me to thinking about my own experiences with ITSM. As a young field engineer fixing mainframes I was on the front lines of incident management.

No one ever argued about the value of getting a client back online quickly.

As a service support manager I learned to look at trends and, in one specific situation, our team identified the root cause of a serious problem. By implementing a simple low-cost engineering fix, we were able to save the company millions of dollars in component replacements, employee overtime and, not to mention, customer goodwill.

No one ever doubted the value of saving money.

As an owner of an ITSM consulting firm, I count on having well defined processes, supported by metrics and continual service improvement, to grow my business. I’m happy to say that my investment in processes has paid off and we are celebrating 10 years in business. So, why do people still question the value of ITSM? I believe it’s because people confuse “adopting a framework” with the hard work of “managing the details”.

Going back to my earlier examples, the true value comes from working the processes. Take incident management as an example. The only way you benefit from an incident management system is if it helps you resolve incidents quicker, reduces the cost of an incident or helps you avoid incidents altogether.

In order to realize maximum benefits from incident management, system data needs to be captured, analysis must be performed and improvements must be identified and implemented. Getting to those improvements is where both the value and the hard work lie. Unfortunately, far too many organizations have gone down the path of writing process documents that sit on the shelf or jump from one ITSM tool to another because they never get the implementation right. Thus, when they fail to derive value from ITSM, the blame is placed on “a faulty framework” and never on the lack of execution.

When people question their faith in ITSM they need to remind themselves that it’s easy to define a process or buy a tool. What always tends to be missing is the willingness, governance and the hard work required to get the value. It is my unfortunate experience that many IT organizations have lost sight of what ITSM is all about. ITSM is not a fad, it’s not a “nice to have” and it’s surely not something from which to calculate ROI. ITSM should be at the core of every IT organization. Ask yourself the question: Why do IT organizations exist? I believe it’s for one reason: to service the business. So, why is there so much dissatisfaction with IT organizations?

Back in 2005 Nicholas Carr, in his bestselling book, asked the question “Does IT matter?” Is the trillions of dollars invested annually into corporate IT actually providing a competitive advantage? That book set off a firestorm of debate, a debate that was held over the backdrop of outsourcing, off-shoring and “on-demand” services.

I believe the reason that argument resonated with so many people is there was already serious doubt about whether IT provided any real value to an organization. All one had to do was follow the endless stream of outsourcing announcements to see there was obviously a powerful chord of dissatisfaction with IT. You may disagree and argue that outsourcing was driven purely by the bottom line. However, it’s been my experience that organizations flirt with outsourcing when the business is dissatisfied and feels that IT is being non-responsive and un-supportive. Outsourcing starts with dissatisfaction and is justified by dollars.

Whether we like it or not the latest generations of business users are computer savvy and used to getting things on-demand. These folks, brought up on YouTube, FaceBook and Google have much higher expectations. So, when IT says it will take months to provision a service or make a change to an application they are tempted to go out on the Internet and find something they can use right away.

We can shrug and say "The business just doesn’t get it―they don’t understand the complexity we have to deal with,” or we can use the discipline of ITSM to find ways to better communicate with the business, improve cycle-times and reduce cost. When we lose sight of the SERVICE in ITSM we are just putting our companies, our co-workers and our own livelihoods at risk.

Nuts and Bolts

So, how does an organization go about maximizing its investment in ITSM?

Realize that ITSM is not something new, but it’s something you already do. The important thing is taking what you do and making it better. In order to accomplish that you need to understand your services, you need to track your performance and you need to take corrective action.

Don’t waste your time trying to justify ITSM―that’s like justifying breathing. Take it on faith that the discipline of ITSM is a given. Focus on communicating with your clients, on having clear and measurable services, on making your supporting processes actionable and on making your people accountable.

Get everyone on the bus and point that bus in a single direction. You can’t have your organization driving different ways to get to the same point. Agree on a plan for improving services, implement processes to support the services and measure the outcomes. Don’t be afraid to tell someone they need to get on a different bus. For that you need leadership.

Educate and automate. Communicate the value of improving services, communicate how the processes will provide value and automate the processes wherever possible so that people are guided through the steps. Leave nothing to chance.

Lastly, don’t fall into the trap that a tool will solve all your problems. There are no silver bullets. The value will come from developing a culture of service and the discipline of measurement and continual service improvement.

I’ll wrap up this article by asking you to do one thing for me: look at your own personal experiences and think of a service provider that consistently provides you with an outstanding service experience. Now think of one who provides the opposite. The difference between organization A and B is the degree to which they practice the discipline of ITSM. Now which organization do you want to be?

David Mainville is CEO and co-founder of Consulting-Portal, an ITSM consulting and ITIL training company focused on helping Fortune 500 and mid-size companies assess, design and implement robust IT Service Management processes. Consulting-Portal also offers a full curriculum of ITSM education including: ITIL, ISO and CobiT.

The (Ongoing) Evolution of the ITIL Request

2009-04-25T14:52:00.000-07:00

April 27, 2009
By Rob England

From no standing at all to an equal peer of Incident, the humble Request has grown in importance with each new version of ITIL, writes ITSMWatch columnist Rob England (a.k.a., The IT Skeptic).

Two years ago, we looked at the evolution of the ITIL Request here on ITSMWatch. Since then, discussions on my blog have reshaped some of the ideas. Let's revisit them:

In ITIL v1, there was no recognised “process” for Incident Management, just a function called Help Desk, which was responsible for “first level incident support, advice and acts as a day-to-day contact point for users of IT services”. So, only Incidents were recognised as a processed object

In ITIL v2, Incident Management became a recognised process. (Whether or not this is a correct use of the word process is a discussion for another day). Mentioned in passing was the possibility of a call being a Service Request rather than an Incident, at which point the process branched to ... well, nothing. The Service Request branch hung into space, dangling wires and reinforcing steel into the void. Service Request process was never defined.

What came first was never defined either. When someone calls, is the call an Incident until proven to be a Service Request? Or is it a Request until it reveals itself to be an Incident? Or is it something else (a call, a contact) until it yields to classification? This was left to the implementers (or software vendors) to decide.

Now ITIL v3 elevates the Service Request to equal billing with the Incident. In fact, if importance can be measured by number of pages then Service Requests get slightly more of the “Peas Book” (Service Transition) than Incidents do.

This is a great step forward but I believe it is not the final word. v3 still delineates between Incident and not-Incident as the two categories. That is, Service Requests are some kind of miscellaneous category for everything that is not actually an unexpected interruption to service. The two processes are quite separate. This does not fit well with my experience of reality. Admittedly, my reality has a few kinks, but in this case I speak on behalf of clients who feel the same way. For many service desks, Incidents are not the main part of their function.

I predict that ITIL v4 (if there is one) will finally recognise that the service desk deals with generic Requests/Tickets/Issues. These Requests have multiple categories or classes. Each class is a variant of a more general process that applies to all of them, in much the same way as there are several categories of Change, which all undergo variants of the general Change process.

I published a list in the article two years ago. Since then, I realised that the list had missed one―Fault. So, I thought I'd update the list for you. This revised list is constructed based on the concept that each class of request exists because it is a variant of the core Request Fulfilment Process, e.g., Complaints will be dealt with differently to Proposals. Different people and groups, different procedure, different reporting, different service levels. That is, I derived the different classes or categories based on the process being different. If two types of request use the same process then I decided they are synonyms.

New Taxonomy

After discussions on the blog, I also decided they needed to be re-grouped into a newly named hierarchy. I came up with three groups:

Action: I'd like to say “Service” but man is that an exhausted word!

Support: not everything will be/needs to be fixed so not Repair

Input: the user is contributing

Here is my taxonomy of these new Request classes:

Action -

Provisioning
Booking
Ordering
Change
Work
upport -

Incident
Fault
Help
Advice

Input -

Proposal
Suggestion
Feedback
Complaint

Let’s elaborate a little on what some of these mean:
Provisioning: User requires access to a service or part of a service, e.g., a security permission, a menu option, a token, a digital certificate, a client install, a desktop device, a phone, etc.
Booking: Scheduled attendance at training, seminar, meeting, reservation of a resource, annual leave.
Ordering: Books, desks, catering, stationery, travel.
Change: as defined by Change Management, typically means change to a configuration item (CI). Some organisations allow users to open RFCs directly, others have some form of prior request entity.
Work: tasks that falls outside change management. Run a report. Move a PC. Install a projector.
Incident: an unplanned interruption to an IT service or reduction in the quality of an IT service.
Fault: failure or detected imminent failure of a CI; no service impact (yet). Only users within IT would be expected to report these, or an automated tool. If confirmed, it will spawn a Problem. This class was much debated on the blog. An Incident is by definition something that has already impacted the Service, a Fault hasn’t. Both have varying priorities and urgencies and impacts. But the processes differ. If you are uncomfortable with this, ignore me and treat Incident and Fault as synonyms. Twelve is a nicer number of classes than 13 anyway.
Help: correcting data arising from user error (NOT from a Problem). Restoring a deleted file, untangling a mess.
Advice: how do I … ? Should I … ? Which is the best way to … ?
Proposal: the service desk can be a front-end to the demand component of project portfolio management. Think of it as a Request For Project.
Suggestion: idea, requirement, request. Something less formal or evolved than a proposal but might lead to one.
Feedback: praise, reported experience, remarks.
Complaint: poor experience. (Of course, Complaint had to be #13.)
Based on the principle of distinguishing classes by differing processes, the first three classes (Provisioning, Booking, Ordering) could well break into a number of subclasses. There are other types of contacts to the Service Desk that aren't requests at all. The classic is a follow-up on a request. Feedback that doesn't require action would also not be a request.
Once we come to see an Incident as just one class of a more general Request, then the service desk’s Request Management process will make more sense and map better to reality. SLAs will define responsiveness in terms of the classes of Request. (I think restoration of service should be defined as part of the Availability Service Level Objective, not the Responsiveness Service Level Objective). Management of Incidents (the restoration of service, incident matching) may still fall to a specialist Incident Manager, or it might be part of the role of the Request Manager.
Incidentally (no pun intended), I still encounter examples of SLA objectives for Restoration of Service. Outages will be prioritised based on their severity, but they will be restored as soon as they can be restored and no sooner. “Priority 1 incidents must be resolved within one hour” is like saying “Fires must be extinguished within three minutes” or “Missing climbers must be found within an hour”.
We’ll find them when we find them. It makes sense to define responsiveness by severity/priority/impact, but not restoration. That is, we define how much resource will be assigned to it, how the communications plan changes, how escalation and supervision will be heightened, and other aspects of how we respond. We can’t promise timeframes.
From a narrow focus on restoration of service, the understanding of the service desk has grown with each revision of ITIL, and with it the importance of the Request. Extrapolating the trend suggests that next time ITIL is revised the Request will truly have its day.
Along with the IT Skeptic, the IT Swami is an alter-ego of the author, who resides on the IT Skeptioc Blog and offers prognostications about IT’s future to the few who listen.

Doing More with Less: IT Framework Integration

2009-04-17T14:56:00.000-07:00

April 17, 2009
By George Spafford

Understanding how the many IT frameworks work together is the first step towards using them appropriately, writes ITSMWatch columnist George Spafford of Pepperweed Consulting.

With the economic downturn organizations are pushing to drive down costs while improving quality. To shorten the learning curve and improve the likelihood of success, proven business and IT frameworks relating to quality and other disciplines are being reviewed for insights on how to improve effectiveness and efficiency. IT groups not familiar with the various frameworks and how they may integrate are apt to make wrong decisions or allow business management to make wrong decisions.

Given the plethora of frameworks that IT may be involved with, it only makes sense to review some of the most common ones at a very high-level and then discuss how they can work together. The following are common frameworks that IT may well encounter:

Control Objectives for Information and related Technologies (COBIT) – This identifies controls that are used in process design to mitigate risks. Once an organization understands risks and wants to identify how to mitigate those risks, then COBIT can help.

Information Technology Infrastructure Library (ITIL) – This collection of five books codifies IT Service Management (ITSM) and the associated lifecycle of IT services with supporting best practice processes. The ITIL guidance begins with Service Strategy, then Service Design, Service Transition, Service Operation and Continuous Service Improvement.

ISO/IEC 20000:2005 – This is the international standard for ITSM. It is split into two parts: 20000-1 identifies the standard itself and what an organization must do to be accredited; 20000-2 is the code of practice that identifies opportunities for improvement. At this time, it is based on ITIL v2 and whereas ITIL does not have a certification associated with it, ISO 20000 does.

ISO/IEC 27000:2005– This is the international standard for information security and at this time has two parts also and there are plans to add more in the future. 27001 outlines the requirements for the standard. The 27002 Code of Practice document gets into more details around the controls.

ISO 9000 – This generic name relates to a collection of standards that help define a quality management system. While it originated in manufacturing it can be found in many different types of organizations.

Lean Six Sigma (LSS) – This is a combined quality management approach that blends Lean’s desire to move faster and create value with Six Sigma’s approach to reduce defects and re-work. As a result, LSS addresses defects and time wasted as it seeks to increase overall speed while reducing cost.

Leveraging the Frameworks

In reviewing the above, we can make some broad groupings. ISO 9000 and LSS can be found in organizations around the world and are not IT centric. The others are specific to IT so let’s begin there:

COBIT is used to mitigate controls and recommends what to do but doesn’t give details around how to design the control. In fact, controls need solid processes to be effective and then that raises the other frameworks. ITIL provides very good guidance on IT Service Management processes. For perspectives on how to design processes that embody controls relating the change management, release, incident management and other areas relating to service, ITIL is very good.

Now, ISO 20000 and ITIL do overlap. Right now, they are also a bit disparate because of ISO 20000’s grounding in ITIL v2. Groups pursuing ISO 20000 may benefit from the additional guidance that can be found in ITIL v3 but still must make sure they follow the requirements set forth in the standard in order to be certified. For groups looking to show their clients they are focused on providing quality services, an ISO 20000 certification is one way to do that.

To be clear, ITIL is very much focused on improving the quality of services that IT provides. It’s drawback is that it does not carry a certification. For example, when a tool claims to be “ITIL Compliant”, that is just a marketing term because no such certification exists. Likewise, a practitioner company can be assessed and receive objective recommendations on how to improve but there isn’t a certification like there is for ISO 20000.

Returning to COBIT and process guidance, if controls around information security are needed, then ISO 27000 can be used for additional guidance. For organizations that want to market their attention to information certification, becoming certified in ISO 27000 and identifying such is one approach.

ISO 9000, Lean, Six Sigma or LSS are all quality management frameworks the overall organization may be pursuing. Many business managers and executives have formal training and experience with these approaches to quality. What they do not have exposure to is ITIL. If there is pressure to stop an ITIL implementation because LSS is being pursued, for example, then it needs to be explained that ITIL can provide reference practices for groups pursuing process improvement. If ITIL is not used, then process improvement will be limited. For instance, it may be identified that the handling of incidents needs to be streamlined. Without referring to ITIL, the stakeholders involved can only try to improve their approach based on what they know.

In closing, there are many frameworks in the world today; far more than the handful mentioned in this article. IT groups seeking to improve their processes would do well to understand what other groups are doing, both within the firm as well as in the industry, and the direction the overall organization is taking. IT can then plan how to best continuously improve the services that they provide to create and protect value for the organization.

George Spafford is a principal consultant with Pepperweed Consulting and a long-time IT professional. George's professional focus is on compliance, security, management and overall process improvement.

New ITIL Adoption Slowing

2009-04-15T15:13:00.000-07:00

March 24, 2009
By ITSM Watch Staff

A new report shows that companies are less inclined to embark on ITIL; right when they could benefit from it most.

IT management has been in transition for some time, from a focus on managing the technology itself to using technology to help a business achieve its strategic objectives.

In theory, imposing disciplines on IT processes should improve productivity and make IT more responsive to the business. Many organizations are turning to the Information Technology Infrastructure Library, better known as ITIL, to accomplish this goal, said research firm Computer Economics in a February research note summarizing the report ITIL Implementation Trending Up, But Adoption May Slow.

Large IT organizations are continuing to expand ITIL initiatives at a healthy pace, but new adoption may be slowing. The obstacles to adoption are real, and benefits are sometimes difficult to quantify. Furthermore, the current economic crisis is not favorable to investment in long-term improvement programs such as ITIL. On the other hand, a downturn in business volume may be the best time to make changes to IT processes and services, as personnel may have more time for such initiatives.

The CE study does find some indication that organizations already engaged with ITIL have been accelerating their investments. CE sees this as a good sign, as they believe that, in the long run, organizations focused on continuous improvement will survive and ultimately prosper.

Why U.S. Navy is Standardizing IT Strategy Around ITIL

2009-04-05T15:01:00.000-07:00

April 3, 2009
By Dave Perera

Facing multiple problems from multiple directions, the U.S. Navy turned to ITIL to help right the ship.

In 2006, EDS had a problem. A big problem. The company was facing rampant and voluble dissatisfaction of its $9.9 billion contract to manage the Navy and Marine Corps’s land-side IT infrastructure, better known as NMCI for Navy/Marine Corp. Intranet. The solve this migraine of a headache, EDS, now a division of HP, turned to ITIL. Initially applying it to high-visibility areas such as change and incident management, EDS expanded ITIL over the next 27 months across its areas of responsibility, which cover everything from seat management to network command and control.

“Proactive issue resolution, streamlining the process in those functional areas so that the system felt more responsive to end user – that was the target” during the ITIL roll out, said Steve Heidt, the company’s VP for Navy/Marine Corps Intranet Operations. Parts of the EDS’s support organization have adopted ITIL version 3 (v3) but when the contract runs out in September 2010, it’ll end with a mixture of the version 2 (v2) and v3 frameworks in place, Heidt added.

The Navy's unhappiness with the outsourcing effort – called NMCI for short – was obvious to anyone witnessing the mid-decade raft of “NMCI Sucks” bumper stickers or the forest of snide online comments. More recently, however, the percentage of satisfied users has reached the high 80s, according to surveys conducted by EDS. Some of the dissatisfaction may have been inevitable. EDS was tasked to hammer around 6,000 separate networks managed by 28 different commands into a single, coherent whole for about 700,000 users. Still, the degree of discontent went deep and high in the ranks.

“I believe that EDS was not prepared to handle the implementation,” said Lt. Gen. Edward Hanlon in 2004 when he was the commanding general of the Marine Corps Combat Development Command.

Post ITIL, relations between EDS and Navy have improved, Heidt said. “We interact much better with them in a more rigored structured process that helps them get visibility and control faster,” he explained.

Moving Forward

Now the Navy is looking past NMCI to its next IT contracting vehicle and vowing not to repeat old mistakes. The Navy calls its next procurement the Next-Generation Enterprise Network (NGEN) and is in the process of finalizing its acquisition strategy. Regardless of what final approach emerges after the Pentagon okay's the analysis of alternatives, the Navy is making it clear that ITIL will be its management framework of choice. In NMCI, the Navy essentially handed over to its entire infrastructure to EDS; even abdicating command and control of land-side networks to the company.

No one in the military, or even in EDS itself, reasonably expects that to happen again with NGEN , although a NMCI-like model officially remains a possibility, said Navy Capt. Tim Holland, NGEN’s program manager.

Regardless, the NGEN concept of operations document specifically calls for ITIL. That’s because the Navy wants a common language to speak with industry when it comes to integrating their support with Navy command and control, Holland said.

“Industry is familiar with it. We can have more than one industry partner and we’ll all be talking the same language,” he added. The Navy will use ITIL across the totality of NGEN. “It’s a lot more than help desks. Help desk is just one service within ITIL." The analysis of alternatives should be complete within the next few months, Holland added. Ashore IT infrastructure isn’t the only area where the service has found ITIL beneficial. Components of the Naval Network Warfare Command (NETWARCOM) started using it about two years ago in its ship-to-shore communications, said Navy Lt. Cmdr. Dave Purkiss, an ITIL advocate who works for NETWARCOM's readiness directorate. ITIL has allowed the Navy to standardize what once were different IT management procedures across NETWARCOM’s major shore communication stations covering the Pacific and Atlantic oceans, the Mediterranean and the Persian Gulf, he said.

Before, a ship or crew crossing from one region to the next would be met with different sets of prioritization schemes for incident management, Purkiss said. Very often, a single person would manage incidents from start to finish and “that lack of specialization created a lot of inefficiencies,” he added. The tracking methodology for outages was just paper messages on desks. Demand for a standardized framework to better manage incidents came from the ground up, Purkiss said.

At the same time, it proved difficult at times to get Navy personnel to embrace ITIL, which carried a reputation as a corporate strategy and which seeks to make decisions cost efficient. Military personnel think in terms of combat readiness and “it’s hard to put a cost value on a pound of command, control, communications, computers and intelligence,” Purkiss said. "The balance sheet is what’s difficult. The cost sheet is easy, but the return on that investment is the hard part. That’s what we’re struggling with, Navy-wide,” he added.

There’s only so much individual components can do to resolve that problem, Purkiss said. At some point the major commands or the CIO will need to create a strategy for service prioritization and make the hard decisions of how to match costs to combat readiness. “It has to be both a top down and a bottom up approach – one without the other is not a recipe for success."

ITIL/ITSM Governance Lacking

2009-03-29T15:04:00.000-07:00

March 13, 2009
By ITSM Watch Staff

Survey finds most organizations do not define, implement or enforce ITSM governance.

Without formal IT governance, results are not measurable and IT is not aligned with the business. In its 4th annual IT Service Management (ITSM) Industry Survey, Consulting-Portal, an ITSM consulting firm, found that regulatory compliance (e.g. Sarbanes Oxley) is driving the requirement for IT controls. As a result, most organizations have adopted ITSM as the underpinning framework for meeting regulatory requirements. However, it is disconcerting that as little as 29% of surveyed organizations have defined implemented and enforced ITSM governance.

Failure to govern IT processes can cause an IT operation to lose focus resulting in lost productivity, diminished reputation and reduced revenue. A focus on governance results in a stable and consistent IT service delivery.

Some additional findings from this year's survey:

Only 24% of respondents have actionable metrics that are used for continuous improvement.

Only 38% of respondents have implemented a configuration management database (CMDB).

71% of respondents do not have defined, implemented and enforced ITSM governance.

Methodology

The ITSM survey contained 35 questions covering the topics of sponsorship, training, organization and governance, best practices, measurement and audit, continuous improvement and supporting tools. This year Consulting-Portal obtained 183 responses to the survey from medium-sized to fortune 500 companies from various industries. For a copy of the survey results white paper please visit: http://www.cportalinc.com/downloads.php.

Upcoming ISO 20000 Classes For April

2009-03-26T07:58:00.001-07:00

If you or a colleague are looking for your ISO Consultant or Auditor certification - please email us at info @ nouriassociates.com or visit http://www.nouriassociates.com

ISO 20000 for Auditors plus Exam - click here for more info

The ISO/IEC 20000 Auditors course is an intensive 2-days workshop training relevant for professionals who play a role in auditing the ISO/IEC 20000 standard.

Course Description
This course is designed for professionals and certified auditors who would like to learn how to perform auditing activities as either internal or external auditors based on the ISO/IEC 20000 standard. At the end of the 2-day classroom training, the ITSMF certification exam, which is a multiple-choice exam, can be taken. This training does not cover audit techniques or the issues involved in preparing an organization for an audit. The certificate is awarded to candidates passing the relevant examination, which can only be taken as part of an accredited training course. The course covers the interpretation and application of the ISO/IEC 20000 standard. The exam consists of a closed-book, 25-question, multiple-choice, paper-based test. To pass, candidates must answer 18 or more questions correctly.

ISO1024 - ISO20000 for Consultants plus Certification Exam - click here for more info

SO 20000 for Consultants is an intensive case study oriented 3 days workshop designed for internal auditors and consultants who play a role in the ISO 20000 implementation or in providing support around ISO 20000 implementations. Practical examples and real life case studies are used to guide you through the implementation route and prepare you to conduct a ISO 20000 assessment or audit.

Course Description
This interactive workshop leading to ISO 20000 consultant’s examination is designed to provide a basic level of knowledge in the ISO 20000 IT Service Management standard and its application. It is aimed at practicing IT Consultants who wish to assist organizations to prepare for certification under the itSMF's ISO 20000 Certification Scheme. The course covers the interpretation and application of the ISO 20000 standard and enables consultants to develop the Service Management capability of an organization and assess its readiness for certification within the itSMF's ISO 20000 Certification Scheme. Internal auditors involved in preparing an organization for ISO 20000 Certification may find this course more appropriate than the Auditor course. The exam will be conducted at the end of the training.

We hope to hold these courses the last week of April / first week of May - depending on candidate schedules.

NAI focuses on well known IT process frameworks which organizations use to develop competent and world-class IT organizations. NAI’s focus areas include:

IT Service Management (ITIL Best Practices, EXIN Accredited Course Provider)
Software Development Life Cycle (CMMI Best Practices)
Project Management (PMBOK Best Practices)
International IT Service Management Standard (ISO 20000)
IT Governance and Control (COBIT)
Applied ITSM Standards (MOF - Microsoft Operations Framework)

Defending ITIL’s Value

2009-03-25T14:57:00.000-07:00

March 20, 2009
By George Spafford

ITIL is on the verge of being labeled a fad due to great promises and few returns, writes ITSMWatch columnist George Spafford of Pepperweed Consulting.

We should be able to read about all sorts of success stories with metrics yet most articles are about promise, theory, and application. Why is this? Why aren’t there more reports of success and why are both IT and business leaders starting to become jaded when it comes to the IT Infrastructure Library (ITIL)? Part of the problem is in how ITIL is viewed and how it is implemented.

ITIL isn’t simply about a collection of processes listed in books. It’s about IT service management (ITSM) and the belief that IT must deliver services to the business that meet requirements. In a sense, IT is playing catch-up with manufacturing. Following WWII, the Japanese were quick to embrace quality management led by the likes of Deming and Ishikawa. In the 1980s, U.S. manufacturing realized they needed to fundamentally change how they conducted business in order to compete with the Japanese. Now, it is IT's turn. This means that not only IT but the business also must change how IT is wielded in order to successfully enable IT’s mission of value creation and protection.

Goals and Objectives

Functionally, IT is a shared service that provides IT related services to other business units to help those groups attain their objectives. IT doesn’t do these things on their own – or at least they shouldn’t. That is how alignment problems come into existence. For example, IT helps generate revenue by enabling sales, not by circumventing them. IT helps lower costs by empowering manufacturing and procurement through services that enhance productivity while simultaneously mitigating risks.

The point is that IT plays a supporting role as force magnifier to other business units.

To do this, the strategic direction of the business and service requirements must be understood, documented, and agreed upon. New and/or changed business and IT services must then be designed, transitioned into production, maintained and supported in operations and all the while IT and business must pursue continuous service improvement.

While creating and supporting IT services it is important to understand that ITIL’s ultimate value does not lie in isolated processes. The value lies in the ITSM philosophy and the creation and protection of value around objectives that support the goals of the organization. IT organizations that say they are using ITIL to design and operate the service desk and incident management are only scratching the surface of what could be done.

Processes and functions performed in isolation without an overarching ITSM process to coordinate activities will rapidly encounter diminishing returns because there are limits to the benefits they can achieve. For example, incident management doesn’t fundamentally improve the services IT is providing to enable the business, it only helps streamline the reaction to deviations, or potential deviations, from standard operation of the service. To truly improve the service requires the coordinated use of multiple processes.

Process Makes Perfect: How to Turn IT Process Automation into Business Growth

2009-03-21T07:50:00.000-07:00

From: www.cio.com

Process Makes Perfect: How to Turn IT Process Automation into Business Growth
– Stephen Elliot, CIO

March 11, 2009

Stephen Elliot, VP of strategy for CA's Infrastructure Management and Data Center Automation business units, is speaking at this week's AFCOM Data Center World conference on data center efficiency. He shared this advice on the topic for CIO.com readers.
2009 will likely go down in history as a tough year for the global economy, and a tougher year for most IT organizations. CIOs are being asked to further reduce budgets and increase staff efficiencies, while maintaining and often increasing the quality and number of IT services. However, as Albert Einstein once said, "in the middle of difficulty lies opportunity"; IT is full of them.

The rise of virtualization, policy-based networking, process standardization, automation, and SOA has positioned IT at a critical inflection point in achieving business efficiency and effectiveness. As IT and business leaders, we must seize these opportunities. To "get more out of less," CIOs are prioritizing investments into technologies that offer business impact and continuous cost containment. One of these areas is IT process automation technologies, whereby solutions ensure the automated workflow of a series of tasks, potentially triggering an action based on a series of inputs. Often, many of these projects start with a change or configuration process while success is measured on basic ROI metrics. What's interesting is that ROI is not enough. Measuring the business impact of IT process automation is where savvy CIOs are investing time and resources, using ROI as a baseline for time to value.

Recent customer conversations show this to be true:

A large financial service firm is working towards delivering business process impact by integrating their virtual and physical management solutions into a service view, while mapping the service and application topology to the key customers' groups and utilizing chargeback for the services.

A large insurance company is linking the number of agents to the number of policies created per day. The availability of this system is paramount, as is the data accuracy and capture.

A retailer is linking their pricing and POS systems to the ability to execute workload automation. This helps to maintain accurate price points and ensure a balance between profitability and inventory management.

A large service provider is managing SOA-based applications to high levels of availability and service levels, based on in-depth root cause analytics of application performance solutions.

A large bank is looking to compress change and configuration costs and fragmented processes by standardizing process workflows across separate IT groups.

The common theme for all of these examples is efficient use of technology, notably IT process automation, to drive the business outcome. As a stand-alone solution, IT process automation has limited value. But when paired with solutions such as service desk or data center automation, they become an integral part of the foundation for business growth and IT's ability to directly measure and generate it.

However, technology alone does not generate these business returns. In about 55% or so of our customer conversations, the IT organization has adopted multiple IT processes, often based on ITIL or CoBit. The most common ones include problem, change, incident, and configuration management. More recently, CIOs have asked us to map solutions to support financial and release management. In a few cases, some aggressive CIOs are evaluating ITILv3. In all cases, the notion of managing a "service," upon which ITILv 3 is espoused, is prevalent.

Getting Started
CIOs should consider the following recommendations to drive success in IT process automation and consider that the trifecta of IT staff, process standardization, and technology are required to create a sustainable competitive advantage and successful business outcomes. To achieve this, CIOs should:

Purchase an IT process automation solution: Consider the workflow engine the most important purchase criteria; integration across a vendor's portfolio and with third party solutions is a close second.

Integrate the tool with a data center automation strategy: The ability to automate workflows will be a paramount requirement for on-going cost savings and efficient IT operations.

Utilize virtualization: Effective use of process automation will take place in both physical and virtual infrastructure; integration into a seamless, singular workflow is the goal.

Adopt ITIL process standardization: Go beyond the foundational processes and adopt financial management and release management; automate the processes.

Get small "wins" first: Automating IT change and configuration management processes are a great way to reduce costs; start within an IT silo and build out across teams.

Add process automation to data center consolidation projects: Automation must be a key requirement of any data center project to fully realize on-going cost and efficiency benefits.

CIOs should recognize that IT process automation is more than just deploying a purpose-built tool. It requires IT staff buy-in and CIO leadership to drive automation and standardization of process workflows with specific business objectives. Example of objectives include the reduction in the number of trouble tickets, an improvement in IT service availability, or key business process outcomes such as those outlined in the examples above.

ROI as a Success Factor: Don't Sell Yourself Short
It's easy in this economic environment to rely solely on ROI, and in fact ROI is a great starting point. But, increasingly we are working with clients to establish business cases that are for "continuous cost containment." For example, while IT process automation can drive much efficiency, the real value is getting multiple teams to understand their role in the process as it becomes automated, and to measure the impact of this automation. As process standardization takes hold, the behavior and time allocation to certain tasks for IT changes. CIOs must work with IT staff to identify the key stakeholders, create buy -in for the new processes, and measure their success. Communicating these key factors to the staff is imperative. IT process automation is but one initiative that should be considered in tough times. However, CIOs should use this as a stepping stone to larger efficiency measures that bring teams together, improve efficiencies, and establish a foundation for business growth.

Stephen Elliot is vice president of strategy for CA's Infrastructure Management and Data Center Automation business unit. In this role, he is focused on key areas such as business unit technology, strategy creation, analyst relations, market positioning, partner development, and customer deals. Prior to CA, Mr. Elliot was a noted software industry analyst at IDC, Hurwitz Group, Gartner, Instat, and Forrester.

Hiring for IT-Business Alignment at Wyeth

2009-03-18T07:45:00.000-07:00

From: www.cio.com
Hiring for IT-Business Alignment at Wyeth

– John Mann, CIO

March 17, 2009
Jeffrey Keisling takes great pride in the relationship between his 1,800-person IT organization and the business at Wyeth: "One of the greatest measures of our success is that the employees in IT are indistinguishable from their business colleagues," says the drug-maker's vice president of corporate information systems and chief information officer.

MORE HIRING MANAGER INTERVIEWS:

* USPS VP of IT on Making Sound Hiring Decisions Under Pressure
* Starbucks' CIO Seeks "Pillars of Strength During Economic Storm
* You Don't Have to Golf to Get an IT Job at the USGA.

The IT-business alignment of which Keisling is so proud begins with the company's hiring process. Business executives participate in interviews with candidates for senior leadership positions in Keisling's IT organization. Likewise, Keisling says he interviews candidates for positions outside of IT.

Further promoting IT-business alignment at Wyeth (which Pfizer is acquiring) is the fact that 11 of Keisling's 12 direct reports are members of line executive teams at the $22.8 billion pharmaceutical company. So they report both to Keisling and to the individual line executives they support. Keisling and the line executives participate equally in performance reviews for the 11 direct reports.

Another reason why IT employees are "indistinguishable" from their business counterparts is that many of them come from the business to work in IT. Keisling says he's hired employees from Wyeth's commercial and manufacturing groups to head up business intelligence and operational effectiveness initiatives.

With the emphasis Keisling places on IT-business alignment, it should come as no surprise that Keisling looks for candidates who are businesspeople first when he's hiring. He seeks employees who've had a clear impact on the organization's they've touched and who "lead with a clear sense of purpose."

Here, Keisling explains how he makes hiring decisions and offers his advice for acing a job interview.

John Mann: What are some of the IT challenges you face now and how does hiring figure into them?

Jeffrey Keisling: I think it is fair to say that every chief information officer in every industry today is challenged to improve the operational performance of the company while lowering costs in IT. What's interesting is that everyone has the same tools. Everybody can buy the same technology, whether applications or infrastructure, and the only thing that really makes a difference is the quality of the people. Across Wyeth, not just in IT, it is all about finding and retaining talent and strong leaders. Our leaders can and do move across the company, and in- and outside of IT. We have a long history of developing people, and we have a very comprehensive and mature model for managing talent across the enterprise.

Have you brought people into IT who have been with the company or in the industry, but who may not have had a strong technical background?

Absolutely. It's bi-directional. People who have come out of our commercial organization are now leading up business intelligence initiatives, and people who came in from our manufacturing group are heading up operational excellence efforts in IT. With the high degree of professional scientific and medical talent we have on staff, it is very common for us in IT to bring in people who can apply their knowledge of science and medicine to technology.

What types of positions are you currently recruiting for?

It is all depends on the level, but in general, we are very focused on two areas: One is business analysis, and the second, which is complimentary, is business process skills.

What is the process for interviewing a candidate for a job in your IT department?

With a senior leader in IT, we have a very deliberate approach. It would be a series of one-to-one formal interviews. For example, if we were hiring someone who would line up with Wyeth's public affairs department, the vice president of public affairs and one or two of his direct reports would interview the IT candidate. I would do the same thing with my shop in IT.

For a middle manager or someone in a business analysis role, we have more recently used panel interviews. I think that has served us pretty well. It tends to bring a diverse set of views and is pretty efficient.

Do you ever interview candidates for non-IT positions?

Yes. There is a strong sense of collaboration in our company, which is one of our values, so it is natural for me to interview candidates for positions outside of IT and vice versa.

Who was the first person you ever hired?

The first person I hired was when I was a manager many years ago. I have worked with this woman now in three different companies. I have hired her twice. She is working on our team here today, but I did not hire her here. I would have, but she was here before me.

What did you base your hiring decisions on when you first started hiring, and how does that compare to today?

Fifteen to twenty years ago, as a first-level line manager, I placed much more emphasis on technical competency. Today, I ask three things. One is about the candidate's impact. What is this person's history of driving change, leading change or delivering value to the company? Two is, What kind of leader do we think they are going to be? Three is about the candidate's values.

I think broadly about how a person fits into the overall team. It is much more obvious to me [now] what the non-negotiables are—the things I will never compromise on. Some of my non-negotiables include trustworthiness, forthrightness, and how enjoyable it will be to work with the candidate. There are a lot of talented people who have very strong technical skills who cannot work in a team environment.

Diversity is also a major factor. Our markets and customers are diverse, so we have to have people who can work across the enterprise, cultures and languages.

What do you consider a successful hire?

Someone who is a good businessperson first, who puts the members of their team ahead of themselves, doesn't take credit for others' accomplishments, leads with a clear sense of purpose and has impact.

What is the biggest hiring mistake you've made, and what did you learn from it?

In general I've learned not to compromise on talent. "Good enough" never works out to be very good at all.

Have you ever had a case where you really liked somebody you interviewed, but your team didn't?

Yes. We have always found that discussion and debate among the team members, including the business partners who are working with us during the hiring process, yields a better answer. So we frequently do not have a unanimous decision. Discussion ultimately leads to the best answer.

What should candidates wear to an interview?

What a candidate wears is not a major factor for me, but my advice would be to wear a suit. First impressions are not over-rated. However, if I were interviewing with Google, I probably would not wear a tie for that interview. You have to be sensitive to the culture of the company you are interviewing with.

What advice would you give someone interviewing with a CIO or to be a CIO?

The answer is the same for both: Be yourself and be clear about the impact you've had on the businesses that you have been a part of. A candidate should talk about what they have accomplished vis a vis what is expected in the position. Talk about how you lead and the values you bring that will make the company the best place to work.

Do you have any pet peeves during an interview?

All too often, the person who you are interviewing does not simply say, "I want this job, and I believe I am the best person for it." I find it striking that someone would not express that during the interview.

What advice can you offer candidates about their résumés, thank-you notes and cover letters?

In a résumé, I am looking for information about the person being an "impact player." Again, I see a lot of people who are technically qualified, but I like to see some expression of what the person has managed or accomplished. Thank you notes are fine, but they don't make much of a difference to me.

If someone is a quality candidate, would they have a better shot contacting you directly, or should they go through human resources?

In general, neither. I would advise going through the networking process and then [contacting me] directly. Someone I hear about through one of my colleagues here in the company will get a lot of attention in a very short period of time. We encourage our people to bring that kind of thinking to us, and they do a good job. I think it is more important than ever, particularly in this economy, for people to use that channel.

Do you find that most of the people you hire come from networking or internal referrals?

I would say that 80 percent or more of our hires come through networking.

What three interview questions do you always ask and why?

1. Tell me about one or two of your accomplishments that you are most proud of and that describe who you are?
2. Can you provide an example of a professional risk you took that worked out great and one that did not, and what did you do about it?
3. What do you do for fun? I ask this because we emphasize people having balance in their lives and because it shows how a person "ticks." People open up about themselves in striking ways.

John Mann is associate director of The Alexander Group. He is based in the executive search firm's Houston office.

Will Tough Economy Drive or Derail ITIL Initiatives?

2009-03-11T08:26:00.000-07:00

by Ann All, IT Business Edge

As a CIO, you likely understand the value of making your IT processes more consistent and repeatable, a primary objective of the IT Infrastructure Library (ITIL) framework. But will you be able to convince your CFO? While process standardization is a worthy goal, it’s not easy to quantify, and quantifiable benefits are what finance folks want to see in the current economy.

Companies are looking for service management initiatives relating to IT asset management or other programs that offer quicker and easier payoffs, says IDC analyst Fred Broussard, author of an HP-sponsored white paper on IT service management needs and adoption trends. The 600 global IT organizations he surveyed for his paper cited reducing costs as one of their highest-priority initiatives for 2008, along with aligning to the business and improving service performance.

“ITIL helps you manage services better and work across organizations more smoothly, so you make fewer errors. It’s hard to think about that in a way that saves the company money,” Broussard says. “Money not spent in tracking down errors is much softer than reducing the number of servers or software licenses you are buying.”

“Unless there’s a strong direct link to core elements of an organization’s business strategy, and/or IT can demonstrate and commit to a positive ROI within 12 months, projects are being shelved,” says Bob Mathers, a principal consultant for Compass Management Consulting. “Both are pretty difficult to show for most ITIL implementations.”

“You need a CIO or VP of operations to come in and give a mandate.”

Matthew Schvimmer, HP Software & Solutions

Mathers believes companies will still embark on ITIL initiatives, though he’s not sure many will advance beyond incident management, problem management and change management, the first three areas most companies choose to tackle with their IT service management efforts.

“The investment is fairly low and the benefits fairly clear for those starting out,” Mathers points out, noting that many companies already possess required tools such as a ticket system and see obvious value in lowering the number of service incidents and responding to them more quickly. But Mathers believes some ITIL users may balk at more advanced concepts, such as creating a configuration management database, a repository that illustrates the attributes of and relationships between elements of IT infrastructure.

Though ITIL initiatives require a considerable investment of time and energy, organizations don’t have to throw money at them, says Tracy Schroeder, vice president of information technology for the University of San Francisco, which has been using ITIL for nearly five years.

Rather than purchasing software and engaging an ITIL consultant, Schroeder recommends first attending training sessions and using what you learn to analyze and document your organization’s processes. “I’ve found that consultants can give you general advice and steer you in the right direction, but you have to figure out how ITIL makes sense in your organization and which ITIL principles you can apply.”

The university didn’t invest in a new tool until nearly three years into its ITIL initiative. It now uses several tools from Service-now, a provider of on-demand service management solutions, including tools for incident, problem and change management, plus a basic level of configuration management. The university integrated the latter tool with LANDesk to populate it with its desktop and laptop assets, and with its SunGard Banner ERP system for creating users, says Schroeder.

Taking the time to develop and understand processes beforehand helped, she adds. “That way, when you get to the tool, you know what you want it to do and it’s serving you rather than you shaping yourself around it.”

Can ITIL Do It All? Uh, No

2009-03-10T08:24:00.000-07:00

Posted by Ann All

A few weeks ago, I spoke with Sheila Upton, a member of the Innovation Value Institute, about the institute's new IT Capability Maturity Framework, a five-stage maturity model used to organize and structure a framework for mapping IT improvement efforts. One of my questions to Upton: Why, with existing frameworks like the IT Infrastructure Library (ITIL), did CIOs need another one? Upton told me that members of the institute believed there was a gap in what existing frameworks did and what IT organizations, especially CIOs, needed.

I gleaned some similar insights from sources whom I interviewed for my recent story on ITIL. For instance, Bob Mathers, a principal consultant for Compass Management Consulting, told me it's not uncommon for organizations to integrate ITIL with other improvement frameworks such as COBIT (Control Objectives for Information and Related Technology). "That came out of their realization that ITIL wasn't necessarily going to solve everything they thought it might solve," Mathers said.

After putting in some of ITIL's core processes, some organizations "stepped back and realized they needed to be more realistic about the benefits any process framework can give them," he said. "ITIL may work quite well for some areas but be lacking in others."

Bad news, guys and girls. There is no magic formula for solving all of your IT ills. ( I feel a little like a jerk telling Virginia there is no Santa Claus.)

Version 3 of ITIL, introduced in 2007, attempts to address some of the perceived shortcomings of earlier versions of ITIL, said Mathers. But some organizations simply adopted aspects of COBIT or other frameworks to create a kind of hybrid framework. ITIL is most often the "foundation" for these hybrid frameworks, he said.

IDC analyst Fred Broussard, who wrote an HP-sponsored white paper on IT service management needs and adoption trends, told me ITIL adoption levels were higher in organizations using other types of process improvement frameworks such as COBIT or Six Sigma. That's likely because it's easier to "sell" ITIL to senior management at organizations already on board with the idea of structured process improvement, Broussard said.

Predisposition to improvement frameworks also may help explain why ITIL is most popular with large enterprises, which are more likely than their smaller counterparts to use other frameworks, said Matt Schvimmer, head of products, IT Service Management and Project Portfolio Management, for HP Software & Solutions. "Large organizations are generally able to be more proactive and devote more time to process effectiveness work. As you go downmarket, you get more into survival mode and find yourself doing more firefighting," he said.

All of my story sources agreed on the inherent value of ITIL and other IT service management initiatives. For a contrarian view, I found some thoughts from Robert Lewis, author of "Keep the Joint Running: A Manifesto for 21st Century Information Technology" and six other books, included in an interesting CIOZone.com piece.

One of ITIL's key tenets is to treat internal business units and their employees as "customers" consuming IT services. That's a mistake, said Lewis, as it diverts IT's focus from "real, paying, external customers."

Simply responding to the needs of internal customers prevents IT from assuming a leadership role when it comes to identifying new technologies that can solve business problems. The better approach, said Lewis, is one of working together to achieve corporate goals.

I also unearthed a link to a two-year-old discussion I had Hydrasight Managing Director Michael Warrilow in which he made the point that, for most IT organizations, best practices should be viewed as an ideal rather than a realistic target. Why? He said:

... When it comes to IT operations, the aim is quite simply "to do more with less" — as the saying goes. Why? Because the generally accepted rule of thumb is that more than 70 percent of IT expenditure currently goes to "keeping the lights on." There should be no doubt in anyone’s mind that best practice will increase the cost of IT operations within the vast majority of organizations, and hence increase the risk of doing less with more.

Making ITIL Work

2009-03-10T08:21:00.000-07:00

by Ann All

I recently wrote an article and a follow-up blog post based on discussions I had with several IT analysts and with IT professionals on the IT Infrastructure Library (ITIL). They offered lots of great advice on how to effectively implement ITIL, only some of which made it into the article. I'd like to recap some of the advice in the article and mention some of the suggestions that didn't make it. Hopefully other folks with ITIL experience will join the discussion and share some suggestions of their own.

Start with realistic expectations. If you start out thinking ITIL will help you cut IT costs in half, you will be disappointed.
Begin with a solid baseline, looking at unit costs, quality and productivity.
Measure in granular enough detail so improvements can be tied directly to an ITIL process or tool.
Concentrate on your most critical business processes. Ask users to help you determine which processes are the strongest candidates for improvement.
Enlist a strong executive-level sponsor.
Invest time in educating users about ITIL's benefits, preferably with diagrams showing how workflows can be streamlined.
Reassure staff that their roles won't be automated out of existence. Rather, ITIL will allow them to apply their time and energy to more strategic issues. They shouldn't have to spend as much time firefighting, and firefighting will become less stressful for them, when necessary, if processes are better defined.
Focus on achieving small, incremental wins, and the momentum will take care of itself.
ITIL is an organizational effort and thus cannot be confined to IT.
Training is important. Make sure users understand how to use ITIL tools and processes.
Change management can get costly if and when users try to circumvent ITIL processes. With the CIO's blessing, send a weekly e-mail listing all of the 'emergency' changes made the prior week.
Pick and choose the ITIL principles that will benefit your organization. You don't have to adopt them all.
Promote posiitve results to create enthusiasm.

Scoreboard: Who are the highest rated leaders in the tech industry?

2009-03-08T09:04:00.000-07:00

Who is the best judge of a tech leader’s performance? It’s not Wall Street analysts or the general public, it’s the people inside the company. Based on ratings from Glassdoor.com, see how the tech industry’s top leaders, from Steve Ballmer to Larry Ellison to Steve Jobs, are rated by the people who work for them.

——————————————————————————————————————————————————

When I looked up technology executives on Glassdoor.com to see how they were rated by their employees, I was surprised at how they naturally divided themselves into two groups. I picked 14 leaders and they ended up dividing evenly between seven rated 62% or higher and seven rated 48% or lower.

I had already planned on making 50% the natural dividing line (and it was), but it turned out that none of the leaders fell in the 49%-61% window. To me, that meant that tech industry employees were generally not ambivalent about their leaders. The leaders were either widely admired or couldn’t gain approval from even half of their employees.

Before we dive into the list, keep in mind that Glassdoor.com is not scientific, but it is statistically significant (because nearly all of these tech companies have over 100 responses). The data is based on anonymous feedback from employees, who self-select themselves to participate. Glassdoor’s methodology requires participants to go through a fairly rigorous submission process, and that naturally limits the amount of false submissions. However, because it is anonymous, there’s no verification process to determine that the participants are legitimate company employees.

Nevertheless, the information from Glassdoor is extremely interesting, and in most cases it is consistent with information I’ve read or heard from insiders at the companies mentioned.

In the lists of the highly-rated and poorly-rated tech leaders below, I’ve listed them from high to low based on their approval rating. I’ve linked the company names to the full company profiles on Glassdoor.com, where you can see the updated numbers and lots of additional comments from the employees who participated. And I’ve also included the ratings that employees gave to their respective companies, beyond just the leaders.

Highly-rated

Steve Jobs, Apple: Approval: 90%, Company Rating: 3.8

Eric Schmidt, Google: Approval: 88%, Company Rating: 4.0

John Chambers, Cisco: Approval: 78%, Company Rating: 3.6

Mark Benioff, Salesforce.com: Approval: 73%, Company Rating: 3.7

Jim Balsillie, RIM: Approval: 70%, Company Rating: 3.8

Larry Ellison, Oracle: Approval: 63%, Company Rating: 3.2

Paul Otellini, Intel: Approval: 62%, Company Rating: 3.5

Poorly-rated

Michael Dell, Dell: Approval: 48%, Company Rating: 3.0

Steve Ballmer, Microsoft: Approval: 44%, Company Rating: 3.7

Sam Palmisano, IBM: Approval: 42%, Company Rating: 3.2

Mark Hurd, Hewlett-Packard: Approval: 41%, Company Rating: 2.8

Ed Colligan, Palm: Approval: 36%, Company Rating: 3.2

Jonathan Schwartz, Sun Microsystems: Approval: 25%, Company Rating: 3.1

Greg Brown, Motorola: Approval: 10%, Company Rating: 2.6

Commentary

It’s not surprising that Steve Jobs (right) is at the top of the list. He and Apple have been on an amazing run over the past decade with the rise of the iPod and iTunes, the resurgence of the Mac, and of course, the launch of the iPhone. Plus, he is an almost cult-like leader who inspires–and requires–absolute loyalty.

It’s also not surprising that Eric Schmidt and John Chambers are so highly regarded, since their companies have been on multi-year hot streaks. These three top-rated CEOs have widely divergent leadership styles, which shows that successful leadership is not about methodology or personality type.

Conversely, on the poorly-rated list it’s not surprising to see it dominated by CEOs whose companies have been in a tailspin. Palm, Sun, and Motorola have all been stuck in reverse, even before the current economic downturn, so it’s not much of a shock to see their chief executives mired at the bottom of this list.

However, it is a little surprising to see Mark Hurd (right) from HP in the lower list. After all, HP has jumped to the number one spot in PC and server sales under Hurd’s watch and produced a series of strong financial results. Despite all that, Hurd has a low 41% approval rating and employees gave the company a 2.8 rating, the second worst on this list. Only Motorola is rated lower.

When you have a leader who drives top-tier results but still has a company morale problem, that person is often called a “scortched-earth” leader–someone who gets things done but burns everyone out in the process. That could be what’s going on with Hurd.

The other mild surprise is Microsoft’s Steve Ballmer, who only had a 44% approval rating among his troops. While Microsoft’s stock price has been stuck in neutral for years and the company’s reputation in the general public is mixed, during the past decade Microsoft continued to grow its revenue and its product lines and expand its workforce. Its employees even rated the company at 3.7–only Google, Apple, and RIM scored higher.

The biggest problem Ballmer (right) may face with Microsoft employees is that he’s not Bill Gates. While Ballmer has been the Microsoft CEO since 2000, he remained in the shadow of Gates until mid-2008 when Gates retired from his full-time role at the company. While Gates was a visionary, Ballmer is simply a businessman. They complimented each other well, but without Gates what is Ballmer’s vision for the company and the computing industry? It’s unclear. And that is likely the culprit for his lukewarm endorsement from the Microsoft rank and file.

Beyond Survival – Thriving on Innovation in a Down Economy

2009-03-06T08:38:00.000-08:00

from Metastorm

Introduction

Not everyone is affected equally by economic crisis, but regardless all organizations are facing a wealth of challenges and unpredictability as a result of the dynamic market environment that lies ahead in 2009. The initial and logical reaction is to hunker down, cut costs, and just get through it – survival at the expense of anything else. However, recent research by Gartner Inc. analysts Betsy Burton and John Rizzo echoes the need to continue to move toward the future. In their October 2008 report entitled, IT Innovation Will Be Key to Turn Economic Crisis Into Opportunity, they state: “Innovation is crucial as we transition from short-term crisis management to recovery.¹”

As many organizations struggle to control costs, increase revenue, and maintain their competitive status, it is easy to look at the perceived cost of IT and business initiatives and cut, cut, cut. But to do so without an eye to the future blinds many organizations to the opportunities that do exist to selectively expand and enhance their ability to meet future challenges. It is critical for organizations to find the balance between controlling costs, spending smartly, and continuing to create opportunities for growth. Innovation may seem counterintuitive during lean economic times, but it is during these times when it is most important, as innovation not only generates opportunities for new revenue, but can also be a key to creating value and controlling costs. This is also the time when the competition is in survival mode, and you have an opportunity to leap ahead.

Innovation

Innovation – it is often cited as a top priority of senior management to expand markets, grow revenue, and increase the competitive edge; however, it often falls to the bottom of the priority list. During down economic times, the focus may change from growth and innovation to down-sizing and efficiency. But innovation and efficiency do not have to be mutually exclusive. Innovation leads to new ways of thinking which in turn can lead to controlling costs by creating more efficient ways to develop products, fostering creative ways to collaborate with outside resources, or improving business processes in ways that reduce spending while also improving performance and outcomes. While reducing costs, all of these examples can also lead to growth and set an organization up for accelerated success when the economy recovers. The secret is in knowing what to focus on, making the right decisions with the right information, and continuing to look forward.

It is important to understand the kinds of innovation that an organization may undertake in order to understand how it can be used as a growth engine that can reduce cost.

* Process – Organizations can innovate their business processes to find more efficient ways to do things, lower costs, increase productivity, speed time to market, or enhance customer service.
* Market – Organizations can innovate to engage in a new market with a new or existing product or service, leveraging existing assets to drive new revenue.
* Business Model – Organizations can look for new ways to engage with customers and partners that can enhance relationships, foster collaboration, and optimize the extended value chain with the least cost and disruption to existing infrastructure.

Those organizations that have successful and sustainable innovation activities also have a solid foundation that includes: an understanding of their strategy, core capabilities, and business processes; active engagement of the company's network of partners, customers, and suppliers; and adherence to an effective set of repeatable, effective business processes.

Today’s environment provides the perfect opportunity for organizations to look beyond cost cutting and instead look for ways to be both more efficient and more effective while capitalizing on select opportunities to grow the business and position for future success.

Refine Business and IT Strategies

Innovation is often spurred by trying to do something in a new or better way. Ford’s assembly line, the first iPod, and the Toyota production system are all examples of innovations that borrowed from processes or solutions that already worked. Each brought new revenue, new markets, and greater efficiency with limited risk and faster time to value. By looking at existing business strategies, organizations can take a fresh look at their goals, objectives, and the underlying people, processes and technology that support them to find ways to create efficiency and improve business performance to address today’s issues while preparing for tomorrow’s opportunities.

To do this, companies need to be able to “see” the whole of the enterprise, and its underlying infrastructure to understand how it works. A series of questions needs to be asked in order to expose the relationships across the business:

* What are the top organizational goals and objectives?
* How are these tied to business processes and metrics?
* What systems support these processes?
* What will be impacted if a change is made to any of these corporate assets?

The best tool to provide the answers to these questions and to model a complete understanding of the enterprise is Enterprise Architecture (EA).

Figure 1 – A view of relationships
Source: Metastorm

Using EA and Business Process Analysis (BPA) tools to model the strategies, people, goals, information and technology of the enterprise presents a picture of the business that can be refined, manipulated, and analyzed to create new ways of doing things – optimizing use of the resources you have today and identifying the resources you need to support future objectives.

EA and BPA tools allow the analysis of how well processes are supporting the business strategy and how well the strategy is meeting goals. A view of the relationships across people, technology and information is made very clear and is a means to refine models and simulate “what if” scenarios to gauge the impact of any change prior to implementation. The business is spared radical shifts until the right scenario is found, thus lowering risk and increasing the likelihood of success. New business strategies and goals can be assessed and virtually implemented to gain the understanding of the value an innovation will actually bring.

Look Ahead

Once strategies have been reviewed and refined, it is necessary to plan for the transition to move from where you are now to where you want to go. As organizations rebound from the challenges of the current economy, the ability to react quickly and smartly to take advantage of new opportunities will propel well-prepared organizations into a leadership position. Planning, innovating and optimizing the use of your existing resources now will allow stronger companies to quickly take advantage of new opportunities and prosper when the economy rebounds. Those that concentrate only on survival cost reduction will be forced into a maintenance and rebuilding effort that leaves them behind.

Looking at the state of your enterprise via models, roadmaps, application portfolios and impact analysis reports allows decisions to be made quickly and more accurately. These decisions may include a change in IT direction, retirement of legacy system, consolidation of data centers, the creation of an enterprise service from an existing capability, elimination of duplicate functions, streamlining of product lines, or simply analyzing the impact of ongoing change to the business. EA and BPA tools and disciplines provide the most complete view of the whole enterprise, which provides information needed to develop new sources of revenue and/or to cut and control costs.

This is also a good time to reassess how use of technology and IT services can be improved to create a flexible a platform that can accommodate or anticipate change while minimizing disruption to daily activity. As the recovery takes hold, there will be a need to comply with new regulations, develop new opportunities, and respond to new market pressures. Business Process Management (BPM) technology can be leveraged to develop a flexible platform that provides automation, visibility, audit ability, and the ability to quickly respond to changes in business strategy, goals, and objectives.

BPM technology is a quick way to automate and respond to internal and external change. The use of BPM software in conjunction with Business Process Analysis, allows an organization to model, simulate and execute a business process in a matter of days or weeks with minimal disruption to underlying infrastructure. When a process is changed in response to a regulatory requirement, a new strategy, or a competitive pressure, this change can be modeled, simulated and implemented quickly.

Control Costs but Prepare for Growth

Most organizations are looking for ways to control costs, do more with less, and minimize disruption caused by reduced budgets. In most organizations, it is the CIO who is asked to cut IT initiatives and spending. While cutting would seem to be a simple task in down times, it must be done with an eye toward future growth and innovation. CIOs should rely on their Enterprise Architects to provide the big picture needed to understand the short-term and long-term impacts of any cuts not only on IT, but also on the business. Using this big picture, Enterprise Architects understand how to simplify and streamline the IT environment and how to reduce system overhead while avoiding impact to current and future business opportunities.

Figure 2 – Portfolio view of IT projects
Source: Metastorm

Enterprise Architects have a view across the portfolio of business processes and the applications that drive them. These applications are instantiations of business processes. Using this view provides the means to rationalize processes, applications, and systems and reduce redundancy and cost. EA and BPA tools provide a means to analyze the impact of any proposed changes. While this is seen as cost control, innovation is also possible as there is the opportunity to create new ways of doing business or new ways of using existing assets that will reduce cost, increase maintainability, and enhance business performance.

Enterprise Architects can analyze data regarding application complexity, underlying data stores, frequency of access, performance and capacity considerations, backup requirements, and a host of other factors that inform the planning process. Much of the discussion regarding how IT can provide value to the business can be centered on how the application portfolio will enable the business strategy and deliver the foundation for growth as the economy moves toward recovery.

Make It Happen

Aligning your understanding of the business and all of its resources and assets – Enterprise Architecture – with the effective execution of the business processes that drive results is critical to both smart cost reduction and the ability to effectively innovate.

By offering a unique and integrated software portfolio that combines market-leading Enterprise and Business Architecture, Business Process Analysis, and Business Process Management capabilities on a single platform, Metastorm Enterprise™ allows organizations to improve business results by unifying strategy, analysis and execution.

Strategy – Metastorm ProVision® provides a complete suite of enterprise modeling tools for both Enterprise Architects and business analysts. Key enterprise assets – including systems, data, resources, finances, products and suppliers – and their inter-dependencies can be modeled, shared and refined in a standalone or collaborative environment. Metastorm ProVision provides the platform to model strategy, goals, processes and the metrics that will be used to measure success.

Analysis – Metastorm ProVision also provides robust Business Process Analysis and simulation capabilities to define critical business processes and associated dependencies, facilitate requirements analysis, simulate multiple scenarios, and optimize processes and related enterprise assets against strategic objectives. Metastorm ProVision’s BPA capabilities help determine the best way to compose processes to optimize results, achieve goals, cut costs and create an agile framework that supports goals of the enterprise strategy.

Metastorm delivers powerful process discovery tools, as well. As part of the Metastorm ProVision offering, Metastorm Discovery™ replaces traditional methods of gathering as-is process information and formalizes process discovery activities. Metastorm Discovery eliminates the problem of having insufficient or inaccurate data to optimally leverage improvement efforts.

Execution – Metastorm BPM® is a highly-scalable, enterprise BPM suite designed to support automation, deployment, integration, analysis, monitoring, and improvement of both human and system-based processes within and across organizations. Metastorm BPM allows you to put your enterprise models into action – delivering value faster and allowing for change on a real-time basis.

By implementing Metastorm Enterprise to align EA, BPA and BPM initiatives, you gain a cross-functional platform that provides the strategic, tactical, and operational level views you need to identify risk across the organization, take advantage of opportunities for innovation, and improve business performance.

If there is a silver lining to the economic downturn, it may be the resulting need for aggressive change which can lead to innovations in products, services, and the way an organization operates.

Developing Actionable ITIL Processes

2009-03-05T08:10:00.000-08:00

March 5, 2009 By Mike Tainter and Kristy Smith

A sound framework coupled with cultural transformation and results tracking are essential for successfully implementing ITIL, write ITSMWatch columnists Micheal Tainter and Kristy Smith of Forsythe.

Effective adoption of ITIL requires not only the application of ITIL best practices, but also a sound process development framework. Coupled with a campaign of cultural transformation and consistent measurement and results tracking, solid process development techniques will yield repeatable, integrated and actionable processes for managing services and operations across the IT organization.

The Pitfalls of Haphazardness

Haphazard processes can perpetuate inefficiencies, if not chaos, in an IT organization. For example, the complete set of knowledge of an IT organization's activities is usually spread among its many employees. This applies to process documentation, which is too often located in disparate repositories—such as hard drives, shared drives, email folders and people's memories—and is typically stored in many formats such as Word, Visio, PowerPoint, or not documented at all.

Thus, critical process intelligence can be lost or get out of sync when staff members leave, or when the organization grows, restructures or merges. The result is haphazard process development. Haphazard processes may have no clear entry or exit point, too much (or too little) detail, crossing lines, wordy or ambiguous procedure names, undefined roles and ownership, and a lack of clearly defined inputs and outputs to and from other processes.

Figure 1. Haphazard process development

A Sound Framework

A sound process development framework to support development of actionable ITIL v3 processes brings many benefits: centralized knowledge capture, repeatable results, reduced defects, increased collaboration, and a shared process language across the organization. It facilitates continual process improvement, and provides a consistent baseline for measurements, results tracking, and change control.

A good process development framework comprises an online tool built around a multi-layered process model. As depicted in Figure 2, each layer of the model parses the process into progressively lower levels of detail, leading the end user in an intuitive fashion to the specific actions required for thorough ITIL process implementation.

Figure 2. Multi-layered process framework

The four layers of the process framework are: process, procedures, steps, and work instructions and tool tips. Processes, procedures, steps and work instructions are housed within the online tool. The highest and lowest layers, policies and work flows physically reside outside of the online tool, but are still an integral part of an actionable process model. Each layer of an actionable process model is described in detail below.

Policies - A policy is a high-level overall plan that covers general objectives and expectations. For example, a common policy for Incident Management is to use the service desk as a single point of contact for all incidents, while common policies for change management are to establish a change advisory board (CAB) and to define rules for executing different types of changes such as emergency, standard, normal, etc.

Policy development is a responsibility and activity of management. It occurs outside of the process framework, and provides the goal posts toward which all process development is aimed.

Processes - Processes are high-level activities required to meet the policies and objectives of the organization during various phases of the IT service management lifecycle. The major activities for each process can be derived from the various books in the ITIL v3 service lifecycle. This is where it all starts and where ITIL paves the way.

Procedures - Each process should also outline the procedures that establish the set of steps required to complete the process activities. For example, the Incident Management process would have a set of procedures to identify and log; categorize and prioritize; investigate and diagnose; resolve and recover; monitor, track and communicate; and close the incident. Procedures are repeatable and static regardless of the particular incident or change request involved. A procedure is an action—its name always begins with a verb. Every procedure is triggered by a specific event or input, and results in a specific output.

Steps - Each procedure comprises a set of steps, arranged in flowchart fashion, that are followed to complete the procedure. For example, Incident Management contains a procedure to categorize and prioritize the incident. To complete this procedure, you would complete the following steps: determine the request type, record the incident details, identify the impacted configuration item, and determine the priority of the incident.

Work Instructions - Each step contains work instructions which document repeatable, role-based instructions for completing the step. Work instructions are where the processes and procedures meet the IT service management tool; as they explain how to utilize the tool to execute the step, when applicable.

To continue our example above, the work instruction for the step determine the priority of the incident would contain specific information about impact and urgency levels and criteria, and would describe how to indicate the incident's priority within the tool.

Work Flows - The lowest level of detail is the work flow. Work flows are repeatable, role-based instructions for executing a change, fixing a problem or producing a work product. Work flows are dynamic, consisting of the details tailored for each task that IT performs for the business. Documented work flows often reside in the IT service management tool in a pre-populated model or template, and are also referred to as standard operating procedures (SOP).

An example of a work flow is an incident resolution template, an automated service desk template that pre-populates an incident record with appropriate instructions for resolving a recurring incident. Other examples of work flows are standard change; a prescribed set of instructions for building, testing and implementing a repeatable change such as a password reset or a new employee setup; and a test script, a specific test scenario for confirming automated functionality.

Fostering Actionable Processes

Ensuring that ITIL processes are actionable is a challenge that goes beyond process development and documentation. The organization must recognize that a cultural transformation is required to foster acceptance of ITIL and to anchor new behaviors. In addition, a measurement strategy must be employed to track results of the ITIL implementation, to determine levels of adoption, and to promote continual improvement.

An ITIL initiative, like any change initiative, can potentially fall victim to the "dead salmon" syndrome: salmon swim upstream against the flow, lay their eggs and, ultimately, end up dead in the water. An ITIL initiative that is constantly swimming upstream against the cultural flow will likely meet a similar fate.

In his book Leading Change, John Kotter discusses an "eight stage process of creating major change" to effectively lead an organization through cultural transformation. The eight stages are:

Establishing a sense of urgency

Creating the guiding coalition

Developing a vision and strategy

Communicating the change vision

Empowering broad-based action

Generating short-term wins

Consolidating gains and producing more change

Anchoring new approaches in the culture

According to Kotter, stages 1 through 4 of the transformation process help break the status quo. Stages 5 to 7 introduce new practices. And stage 8 grounds the changes in the culture to help them stick.

The pressure to produce quick results often leads to a desire to skip stages or to execute them out of order. Don't be a dead salmon. It is important that all eight stages are followed sequentially. To curtail the desire of individuals to work against the impending change, and to actually nurture enthusiastic support, follow best practices for creating successful change before going down the road of ITIL implementation. Establish a steering committee, form a good foundation of management support, and communicate the vision before proceeding to introduce process and procedural change to the organization.

Change Through Measurement

An essential part of any ITIL implementation is to monitor technical and business results—such as process performance, quality, customer satisfaction, and levels of compliance—utilizing rationalized metrics, reports and auditing. Determine and baseline a set of critical success factors (CSF) with supporting key performance indicators (KPI) and operating metrics (OM). Determine a reporting strategy and schedule. These will be utilized by the steering committee, process owners and managers to measure process conformance, quality and performance.

Keep in mind that it is not reasonable to expect that process will be followed without proper inspection for conformance and performance. You can't expect what you don’t inspect.

Just as important is to measure cultural adoption of ITIL by surveying and interviewing IT staff to learn their attitudes. Are they realizing practical benefits as a result of the ITIL initiative, and does it seem worth the effort so far? Do they have an idea to contribute, or do they want clarification of an issue? This is crucial to making processes actionable and to ensure continual process improvement.

Mike Tainter, Forsythe’s ITSM practice director, has been managing technology and large-scale IT projects for more than 20 years, including IT service management, ITIL,operations management, process design, IT operations support system development, and IT logistical requirements. Tainter holds the Foundation Certificate in IT Service Management and the Manager's Certificate in IT Service Management.

Kristy Smith, ITSM associate consultant at Forsythe, has an extensive background in accounting as well as more than 10 years of IT experience including experience managing IT service management and ITIL implementations and developing ITSM methodologies. Smith holds the Foundation Certificate in IT Service Management.

Undervaluing the Need for Risk Management Is Risky

2009-03-03T09:00:00.000-08:00

by Lora Bentley, IT Business Edge

As recently as last week, Yale University behavioral economics professor Robert Shiller told reporters the current mess in the financial markets results in part from a failure to manage risk. Last year, the Securities and Exchange Commission offered new guidance on a risk-based approach to Sarbanes-Oxley section 404 implementation. In between, companies like CA began offering governance, risk and compliance (GRC) products and services, and Standard and Poor's even began tracking enterprise risk management as a key to evaluating a company's financial health.

Risk management is the new hot topic in today's economic climate. Businesses are doing everything they can to ward off the fraud that caused Enron to collapse, Bernard Madoff's clients to lose everything, Lehman Brothers to enter bankruptcy, and so on. Ethics and Compliance Officer Association Executive Director Keith Darcy says his organization has more than doubled its membership in the last eight years alone. In that time, he says, the markets have seen a "flight to integrity." People are investing in businesses they trust and pulling their money out of those they don't trust.

But more than panic is driving the trend toward ethics and risk management positions in the executive suite. It's also good business. Jeff Smith, who serves as legal officer and risk officer for the Michigan-based Consulting Services Support Corp., says, "Once a number of companies begin to better manage and mitigate their own unique risks of loss, it only makes sense that other corporations that wish to retain competitive advantage and attractiveness to shareholders would follow suit." That, he says, results in the wealth of risk management and ethics-centered positions that are available today.

“The first challenge is often to help others realize that they have a reason to learn from you...”Jeff Smith, Consulting Services Support Corp.

The positions will differ a bit in terms of title, salary levels will vary, and some may have a broader set of responsibilities than others. For instance, Inter-American Development Bank in Washington, D.C., is seeking a "principal integrity officer." The person's responsibilities? Planning and executing fraud and corruption investigations. Smith's responsibilities at CSSC, however, run the gamut. He says simply, "I manage risk in the areas of insurance, law, compliance, ethics and any other areas that my CEO or I may identify within the organization."

Protiviti managing director Paul Schulz notes that the most effective risk and ethics officers are those, like Smith, at the executive level. He says, "Overall direction and management of enterprise risk is the key role... In essence, CRO and equivalent roles are at the fulcrum of creating and managing the mechanisms that cut across organizational and business unit boundaries to identify, manage, and mitigate risks in a wide variety of categories."

Darcy agrees. "The chief ethics and compliance officer must have C-suite status. They must have independence," he says, "They must have unfiltered access to the board, and they must have a seat at the strategy and policy table because that's where the big decisions are made."

Forrester: SaaS adoption is rising, but TCO remains a concern

2009-02-28T08:52:00.000-08:00

This is a guest post from Larry Dignan of TechRepublic’s sister site ZDNet. You can follow Larry on his ZDNet blog Between the Lines (or subscribe to the RSS feed).

Twenty one percent of companies are piloting software as service applications, up from 18 percent a year ago, according to a recent Forrester research report. However, even as SaaS adoption increases during the current recession worries about total cost of ownership remains among software buyers.

Forrester surveyed 239 applications decision makers and found the following worries about SaaS:

Total cost of ownership: As SaaS deployments grow and extend to large enterprises TCO matters. What are the deployment costs associated with licensing, staffing and training?
Backup and security policies: Vendors need to detail guidelines for security, backup and data recovery based on known standards.
Contract guidelines: SaaS contract templates are currently hard to come by and buyers often accept vendor terms because they lack existing contracts.

Overall, those gaps appear to be holding back SaaS adoption a bit. For instance, Forrester found that 21 percent of companies are piloting or using SaaS, up from 18 percent in 2007. However, 26 percent of software buyers said they were interested and considering SaaS in 2008, down from 45 percent in 2007. Meanwhile, 54 percent of companies said they weren’t interested in SaaS or didn’t know if they planned to adopt it. That tally is up from 37 percent in 2007.

Add it up and it appears a lot of companies have evaluated SaaS and decided it wasn’t for them.

This slide highlights buyer worries:

And those that are adopting SaaS are sticking to the familiar commodity applications:

Larry Dignan is Editor in Chief of ZDNet and Editorial Director of TechRepublic. See his full profile and disclosure of his industry affiliations.

Lowering Incident Management Costs

2009-02-27T08:32:00.000-08:00

February 27, 2009
By George Spafford

There are many means to improve how incidents are managed but the first is implementing an formal Incident Management process, writes ITSMWatch columnist George Spafford of Pepperweed Consulting.

In today’s economy, IT is under pressure to reduce costs and "do more with less". As a result, IT managers are looking for ways to cut expenses wherever possible. Incidents and reactive work are being scrutinized for opportunities to cut costs and therein lies both challenges and opportunities for the groups that understand the type of costing benefit their work may bring.

Costing Overview

One of the concepts often promulgated by consultants, software vendors, and others with an agenda revolve around the costs associated with transactions. The basic premise is if you can remove costs from a transaction then there must be a savings. A common example is to cut the time it takes to do something and then extend it by a loaded labor rate and then display the difference as a “cost savings”. Those numbers then go into business cases and so forth only to make knowledgeable executives roll their eyes as another example of IT not understanding costing.

At the risk of oversimplifying, unless a change causes a reduction in payments, such as to a vendor, or a reduction in labor expenses, then there isn’t a true accounting cost savings. When improvements yield time savings to existing resources or enable less-constrained, lower cost resources to be used (which then free up more constrained higher level resources), then the improvements relate to opportunity cost savings.

Opportunity costs are an economic concept. The premise is if a resource is performing one task, then it comes at the expense of another. For example, if a senior engineer is doing break-fix incident work versus project work to get the organization closer to its goals, then the opportunity cost is that very loss—break/fix firefighting vs. true improvement. All things being equal, we’d prefer the engineer to be working on the meaningful project work.

The organization has opportunity costs as well. If an IT service is unavailable, can the business conduct operations? For example, if an order entry website is down and sales are not possible then revenue is lost and may not be recoverable. When looking at incident costs, as this example shows, it is important to look outside of IT for impacts as well.

What to Improve

With that said, there are typically many opportunities that can be pursued to reduce the costs of managing incidents. Each organization is different but the first step is to assess the current state, compare current practices to best practices and then identify which gaps will yield the greatest benefits to the organization given its stated direction, constraints, available time, budget, ability to change and so on.

The first step is to implement a formal Incident Management process. However, there are limits to the possible improvements within the Incident Management process itself. To generate significant result long-term requires the involvement of other process areas and their respective IT teams. The ITIL v3 lifecycle has five phases that contain opportunities to reduce the costs associated with incidents. The following are examples of phases that could impact the accounting and opportunity costs associated with incidents:

Service Design – If total requirements are understood, proper tools are used and personnel with the right skills are used to create and maintain services then the resulting releases will be of higher quality. The processes in this phase such as Service Level Management, Capacity, and Availability, can all be leveraged to understand and review service design requirements. All things being equal, if services are built correctly then incidents in production will go down.

Service Transition – Releases should be project managed with proper oversight to ensure budgets, timeliness and requirements are met. Releases that are properly tested and production changes managed will result in fewer incidents long term. The Configuration Management System spans phases and will aid all stakeholders in having a logical view of the IT services being provided to ensure proper planning and fewer errors.

Service Operation – A well designed and implemented enterprise Incident Management process that is followed will create an environment wherein incidents can be managed in an effective and efficient manner. Moving past that, Event Management can assist with a logical approach to identifying criteria relating to changes of state and approved responses further reducing the response times, skills required to respond and certainty of success. In addition, Problem Management and a Known Error Database can be developed to help reduce the number and duration of incidents.

Continual Service Improvement (CSI) – This phase can help ensure that the various processes that affect incidents remain designed in a manner that creates value and mitigates risks. Note, CSI should not be viewed as a project that gets triggered after a failure but rather as an ingrained philosophy. Thus, there should always be a drive to improve how incidents are managed.

Many additional improvement opportunities can be pursue by moving outside of the Incident Management process and working with stakeholders in other processes and functions to improve processes in their areas that will reduce incidents over time. These reductions will definitely benefit the organization. With the current economic crisis, improvements that can cut costs while improving service are sorely needed.

George Spafford is a principal consultant with Pepperweed Consulting and a long-time IT professional. George's professional focus is on compliance, security, management and overall process improvement.

Where's the Fit? ITIL and Project Management Skill

2009-02-21T08:19:00.000-08:00

It is always good for professionals to combine the right sets of expertise. For someone involved with IT infrastructure projects, ITIL is a great complementary certification. What I find is that often the specialty knowledge drives the PRODUCT of efforts, but the project management skills drives the PROJECT that produces the PRODUCT. On solid technical teams, that second mindset is often missing.

Background
When you get any level experience in the workplace, you realize that the world is a collection of operations and projects. We are always seeking to systematize where possible, to streamline operations, and to improve results. We are always trying to create a "business as usual", "runs by itself" environment, although in reality the full achievement of this is elusive. For more detail go to www.positive-idea.com We are always cognizant of change in external conditions, and of the need to be proactive in changing our operations when necessary. This intersection of operations and project management, is, I believe, where ITIL and project management come together.

The IT Infrastructure Library® (ITIL®) describes a set of best practices processes for stable, high quality IT services. Project management, as a discipline, provides the capability to implement a defined change in a controlled way, so that cost, schedule, and quality of deliverable are as expected. It would seem that awareness of ITIL in an environment where it is embedded would be an input to project management. Likewise, project management is a great skill to use in implementing and continuously improving the best practices provided by ITIL.

PRINCE2 and ITIL
PRINCE2 and ITIL originate from a single source, the OGC (The Office of Government Commerce) in the UK. While I do not have hard core statistics, ITIL seems to be more strongly on the radar screen in the United States than PRINCE2, probably in part because the PMI PMBOK is more heavily established. But the practice of ITIL does seem to draw on PRINCE2 to an extent due to its common origins, despite the fact that a project management framework such as PMBOK can, in my opinion, be just as effective.

Both ITIL and Prince2 have a mechanism for evaluating the change or project. The Post Project Review in Prince2 is the same as the ITIL Post Implementation Review. A successful review can therefore lead to the end of the project.

Where ITIL and Project Management Meet
IT Infrastructure Library (ITIL) is all about providing service within the operations of IT in an organization. This includes management of the Service Lifecycle, Service Strategy,
Service Design, Service Transition, and Service Operation. It also means continual improvement of the whole set of services that are in place. Management challenges within this realm include Service Desk and Incident Management, Configuration and Release Management, Service Level and Capacity Management, Problem and Change Management, Continuity and Availability Management, and Financial and Security Management.

ITIL itself, as a discipline, addresses the operations within the defined services realm. However, any changes to that services realm can and should be handled by applying a good project management discipline. The difference is that the ongoing operations will be concerned with maintaining and improving services as an in-place, as-is process. The project management discipline will be concerned with defining the beginning of an initiative, delivering the product of that initiative, and turning over the results of that effort to be incorporated into the operation before finally closing out the project.

The two disciplines are substantially different, and using the wrong one can definitely result in lower effectiveness. In the case of ITIL and Project Management, both disciplines will provide inputs the other. For example, ITIL will provide the current situation to a project. It will also provide certain procedures, such as configuration management, that must be followed within the confines of the project. The results, or "product of the project", will become the key input to changes or improvements to be implemented within the ITIL implementation framework in the organization. The professional that understands both sides in depth will be quite valuable to the organization and will have a leg up in knowledge and credibility.

A Little about ITIL (ITIL certification, that is)
ITIL certification has 3 levels: the Foundation Certificate, the Practitioner Certificate, and the Manager's Certificate. Project Management Training Online offers ITIL training in preparation for the Foundation Certificate.

In a nutshell, here is what these 3 levels are about:

The Foundation Certificate: There are no entry requirements, and the foundation test consists of a one hour long multiple choice examination testing a candidate's basic understanding of the principles and terminology of the IT Infrastructure Library. It is designed to provide familiarity with the IT Infrastructure Library (ITIL) best practices for IT Service Management.

The Practitioner Certificates: This is aimed at those who are responsible within their organization for designing specific processes within the IT Service Management discipline, and performing the activities that belong to those processes. The Practitioner's Certificates focus on the depth of understanding and application of those subjects, treating each subject as a specialty. Prerequisites include the Foundation certificate and mandatory attendance at an accredited training course.

The Manager's Certificate: Aimed at managers and consultants, 2 - 3 hour examinations test the practical application of the theory of ITIL, and the exam is typically preceded by a 10-day training event other assessments may also be required. Candidates must hold the Foundation certificate and mandatory attendance at an accredited training course is required.

ITIL v3 is Your Next Step in ITSM

2009-02-20T08:36:00.000-08:00

February 20, 2009
By Eddy Peters

ITIL v3 changes enable service-driven processes instead of process-driven services, writes ITSMWatch guest columnist Eddy Peters of CTG.

Most of us still remember June 2007, when the long-awaited ITIL v3 was released. This version would present an integrated approach to service management by covering all aspects of the service life cycle—from cradle to grave and everything in between. The journey was documented in five books called the "core volumes".

On launch day, the itSMF presented the ITIL v3 “roadshow," a document, which to this day provides quality information. The roadshow includes a complete overview of ITIL v3 and answers to questions like Why the need for change? and What is the purpose of ITIL v3? The future looked promising!

To better understand the capabilities of v3, we devoured the core volumes and then carefully evaluated them against the purpose and changes identified in the roadshow presentation. This exercise resulted in the following dashboard, which shows how well the core volumes deliver on itSMF’s promises:

Fig. 1 - Study summary covering all volumes

Early on, we saw that v3 didn’t quite meet expectations. The lack of more practical “how to” guidance was a bit of a surprise. Luckily, itSMF foresaw complementary publications, which would provide more guidance and understanding. But since the complementary material is still in development, we’ve been digging even deeper into the hidden opportunities in the core volumes’ 1,344 pages. Although there have been many informative sessions about v3, the potential is still not fully clear.

So, if you're asking yourself "is v3 your next step in IT service management?" You’ll be relieved to hear that ITIL v2 is still alive and kicking. In fact, v2 is here to stay; alongside v3. Why? Because it’s concise and focused on day-to-day management of existing IT services. Compared to v3, it is a useful "pocket guide" consisting of just two books and 686 pages. So, you can continue to use your existing v2 processes. However, v3 introduces some interesting ideas to further mature your daily activities. Some gems which are worth looking into:

Request fulfillment: the explanation that was missing in v2 Service Request

Event management (completely new): guidance for integrating warnings from monitoring tools into support activities.

Among others, these processes round out ITIL’s guidance for optimizing your daily operations. What else is in v3?

Process-Driven Services

ITIL v3 covers much more ground, from development to testing to facilities to operations. New processes like Service Catalog Management can increase awareness of what services are delivered. Service Asset and Configuration Management provide an approach to dealing with service management information. These actions will help build an improved, more mature, process-driven IT organization. This is good, but it could be better.

The full potential of v3 cannot be realized by focusing solely on process implementations or improvements—that’s just ITIL v2.5. The emphasis on processes leads to a new phenomenon: process silos. These are similar to the functional silos we all know so well, which each compete for a share of the budget. Implemented processes provide great benefits to the IT organization (streamlined activities, improved capabilities of specific IT groups, optimal resource usage, to name a few). But these improvements don’t necessarily roll up to the rest of the business. Why not? Because they’re mostly still focused inward; on IT.

Service-Driven Processes

ITIL v3 provides the next step in service management: think service, think life cycle. Service management in the IT organization is no longer driven by processes, but by the elements ITIL was created for in the first place—services.

As the creation of a service moves from business analyst to development to testing to operation, v3 provides an opportunity to align different departments within the IT organization. At that point, service silos are created, competing for a part of the budget. As an interesting side effect, services are outward focused, to the business. If the business derives value, the provided service is funded; if not, it gets retired. That’s what integration is all about.

Even with a few gray areas, ITIL should definitely have a place in the IT organization’s strategy to take the service delivery maturity forward. When optimizing processes, both v2 and v3 add value. When attempting to work out a service-oriented life cycle approach, v3 is there for you. When it comes to answering the question, “Is ITIL version 3 my next step in IT service management?”, it is not so much about If, but how you will do it.

Going for process-driven services (ITIL version 2 & 2.5) or service-driven processes (v3), it all comes down to what your organization wants to achieve, what its maturity level is in delivering service and what its capabilities are to cope with change. The choice is yours.

Eddy Peters is a senior ITSM consultant with CTG, an international IT company with headquarters in Buffalo, N.Y. Mr. Peters has been active in IT for almost 20 years, acquiring experience in both support and delivery capabilities. He had the opportunity to dig into the ITIL v3 framework early on as a beta reviewer, and to understand its potential. With the official release of the core volumes, he became the driving force within CTG to assimilate the knowledge and put it into a practical perspective.

What you can learn from the ITSM process

2009-02-18T08:50:00.000-08:00

In order to add value to your company, you have to be as close to the transaction as possible. By having the larger percentage of IT services focused on support processes, you are one layer removed from the transaction and the IT department is doomed to be a cost center forever.

——————————————————————————————————————-

Every time I go down the path of reviewing an existing IT department against the ITSM (Information Technology Service Management) process, it still amazes me how wrong assumptions can be. The purpose of ITSM is to align your IT department and the services it provides to the business. The idea is that you can talk to the business folks and package the IT offerings that IT provides in a way that an IT outsourcer would.

I’ll try to explain that last statement a little more clearly. Let us assume that all the theories (sans Bernie Madoff’s) about the market are true. The whole supply versus demand economic model supports that if there is a need that can be performed more expertly and/or more inexpensively by someone else, then a market exists. You have one party willing to pay for these services and you have a company willing to provide these services. Theoretically, the company providing services exists because it has found a way to add value to a customer that the customer is willing to pay for.

So all of these IT outsourcers (OK, many of these IT outsourcers) have a slick sales presentation and a business model designed to provide a customer better service or more inexpensive services than the company’s existing IT department.

The idea of ITSM is to group your IT services into value-adding products that business managers already understand. You have successfully articulated your department’s value proposition and you as the CIO can objectively compare your services to those of outsource service providers. This is a great tool to make sure that the services you are providing are still relevant and cost effective. You compete on cost, quality, and ability to provide a service. If you can’t compete, then you can proactively seek out an outsource partner to improve your overall IT service portfolio.

So with explanation decently defined, we began the process of ITSM alignment. (By the way, here’s a good book on this alignment process.) You know how all the philosophers say that it’s not the end goal that is the most rewarding, but the journey itself? Well, that’s the case here. When you actually sit down and walk through the ITSM alignment process, much is revealed.

The first step is to look at the business. The core processes of the business can usually be defined or have already been articulated by executive management. Basically, what does your company do to get paid? Then there are other levels of processes. There are supporting processes such as Finance and Human Resources. There are also “Innovation” processes such as Marketing and Sales.

The next step is to identify the IT services that you provide the company. These services are not systems. These are actually the body of work supplied to the company. A financial application may include custom code from programmers, a SAN, a database management system, a set amount of disk space, some servers, software licensing, network resources, help desk support, etc. All of these represent the service of “Providing financial application services.”

After you list the services, you go down the path of mapping IT systems to the IT services. This gives you the necessary granularity to determine the costs of providing this service. How you determine the actual costs can be somewhat more art than science. You can be general by figuring out how many U the financial application takes up in a server rack and use the percentage of data center costs by that or you can get really granular and look at power consumption, CPU utilization, network bandwidth, and disk space. The important part is getting in the ball park.

What I’ve found twice now in performing this exercise with two different companies is that when you map the IT services to the business processes, there is a disconnect as to where the IT services are focused. A huge percentage of time and resources from IT are spent, not in direct support of the core business processes, but in support of the Support or Innovation processes.

A wise friend once told me that in order to add value to your company, you have to be as close to the transaction as possible. By having the larger percentage of IT services focused on support processes, you are one layer removed from the transaction and the IT department is doomed to be a cost center forever.

Instead, look for outsource partners that can support the support processes while you and your team focus on supporting the transaction and how the business makes its money. This way you insure IT’s role in adding value to the organization.

A successful IT executive with 15 years of technology leadership, team building and value creation, Jay Rollins has served as VP of IT/CIO of several mid-sized companies and technology start ups. He has varied industry experience including gaming, media and entertainment, healthcare and ecommerce. Jay received an MBA from Bentley College in Waltham, MA and founded PicoMatrix in 2008.

The Four Big Questions ITIL Doesn’t Answer

2009-01-30T08:56:00.000-08:00

January 30, 2009 By Rob England

In many ways ITIL v3 is more complete than ITIL v2, but there are still a lot of basic questions that you need to answer for yourself, writes ITSM Watch columnist Rob England.

There are still many people who are under the illusion that ITIL provides a prescription or plan for implementing IT service management (ITSM). It doesn’t. In fact, the more important the decision you need to address, the less likely there is guidance for it.

When we want to know how to, say, measure a service desk, we can find quite exact guidance from several sources including ITIL. But the depth and usefulness of advice is inversely proportional to the importance of the question. Consider the most important decisions you need to take as you embark on an ITIL initiative, the Big Questions. In this article, we will look at the most important four.

The first and biggest decision of all is whether you should even do ITIL. What are the gating criteria specific to ITIL? What special factors should we look out for? Surely, ITIL defines them? No.

Or look at the next most important Big Question: how far should we go?

To answer this, the standard consulting approach used in ITIL is to determine the current "as-is" state through assessment, then decide the "to-be" state, and then work on the gap. ITIL v3 still fails to provide an as-is assessment model, though COBIT does. So too do many consulting firms. So, we can find the as-is readily enough, especially if we pay for it. But what about the other half? How do we pick the target "to-be" state?

Very often the as-is and to-be are defined as some composite capability maturity model (CMM) level from 1 to 5 (Actually, 0 to 5. I've met zeroes.). A consultant will give you the as-is to two decimal places, but how do we determine the to-be? The standard model is to extract a number from a suitable orifice. If you're a basket case you'll go for Level 2. If you are mainstream you'll shoot for a 3. If you want to swagger you'll aim for 4. And if you want to use the result in marketing your company's services you'll find a consulting firm that will certify you as a 5.

This is not exactly scientific or rigorous, and there is no process other than a brief gaze at the navel. Why do we have whole books of guidance from multiple sources on lesser issues but when it comes to setting the broad scope, the ambition (and of course the cost) of the initiative, we allow someone to pick a number? On what basis? With what advice and guidance? Reached through what reasoning and methodology? None. Not in ITIL v3 anyway. Nor in COBIT.

The Journey Begins

So, we pull some numbers out of … umm …. the air, and we embark on the ITIL journey. We look at ITIL v3 and it is huge. Even ITIL v2 towers above us as we look at all 10 or 11 or 13 processes. Surely, we won’t try to do it all at once?

Advice exists that says pick the processes off one or two at a time but this is patently rubbish. Processes are intertwined and interdependent. We need to go into a number of processes at once, in a phased manner. Many times there is a crying need for a bit of all of them. Now if ITIL v2 was a line of processes, v3 is a plane. It has the extra dimension of the lifecycle of the services. And we certainly are not going to attempt that entire dimension at once. Nor are we going to do each of the five ITIL v3 books (which map that dimension) one by one. They are just as intertwined. So, we need to implement pieces from all five, at the same time, in a phased manner.

Which brings us to Big Question Three: how to determine what goes in each phase? How to measure whether a phase is done? How to get from one phase to the next? How to project manage the implementation of ITIL? Surely, ITIL gives some guidance on that? Well it does, a bit; accidentally. It describes how to implement services, so there is some guidance there that can be applied to implementing anything. But directly about how to implement the ITIL systems to run the lifecycle to implement those services, it provides nothing. Nada. Bupkis.

The analogy of a house blueprint is often used to describe ITIL. But don’t make the assumption that it is for your house. It is the blueprint for a generic McMansion; with gothic columns and three floors and a quadruple garage and stables. It has an automated building management system and marble stairs. Even if you want a house that fancy, you are bound to want the rooms arranged differently. Most of us will want something a little simpler.

To use the blueprint you will need to modify it considerably to your preferences and site and budget. There are no instructions for this, so you had better get the site professionally surveyed and the plans re-drafted. Then you will need to estimate it and a builder to build it—because there are no instructions for those activities either. Even if a house came as a kit pile of timber and stone and a fat book of directions, most people would not be so foolhardy as to attempt assembling themselves. Asking your staff to assemble the house in their “spare time” is especially not a good idea.

Once you spend all the money to build the house, you will need to demonstrate to local authorities that it was done properly. And so we arrive at Big Question Four: does it meet the standard? How do we asses the completeness (not to mention quality) of an ITIL implementation? What does ITIL tell us? Guess! No checklists. No minimum criteria. No standards.

There is something closer to what we want: ISO/IEC 20000. But it is only close. The authorities will say you have assessed your house against the standard for a ski lodge or small shop or something not quite exactly the same. It might do, it might not. Likewise with using COBIT to assess ITIL: it covers all of ITIL (pretty much), and lots more. But ISO/IEC 20000 and COBIT only look at ITIL from the outside, as a black box. They only assess the exterior of the house. Explaining all these moot points to the Board will not go down well. They want to know if ITIL was done properly, and they want to know how well. And you can’t tell them other than offering some expensive consultant’s subjective opinion.

If you want to know the best way to run a Change Advisory Board, ITIL will tell you. If you want to know best practice in analyzing problems, ITIL will tell you. But there are still four Big Questions where you are on your own:

Should you do ITIL?
To what level should you do it?
How do you do it?
How do you show you did it?

Rob England is an IT industry commentator and consultant, and nascent internet entrepreneur, best known for his blog The IT Skeptic.

Research Indicates Continued ITSM Growth in 2009

2009-01-07T08:34:00.000-08:00

January 7, 2009
By ITSM Watch Staff

CIOs will advance ITSM programs to better align IT with business drivers.

Despite the unsteady economy, 87% of IT professionals are planning strategic, enterprise-level ITSM programs with the support of senior management. This is one of the key findings of a new Enterprise Management Associates (EMA) report: 2009 Trends and Best Practices Advice for ITSM Technologies and Processes.

"The coming year will certainly be a critical, pivotal year for IT executives,” said Chris Matney, EMA consulting director and study leader, in a press release. "Fiscal pragmatism will be weighed against the increasing challenges of IT, and IT leaders must carefully balance both. Successful CIOs will continue to advance ITSM maturity while closely watching business drivers and the corporate balance sheet.”

According to the survey, mid-size companies showed the highest levels of ITSM adoption. Smaller companies typically rely on traditional service/help desk implementations, while the largest enterprises continue to work through the challenges of complexity and scalability. Most companies are in a transition phase with their ITSM maturity, between an "active” and a "proactive” approach.

EMA believes that the most successful companies will push through the economic recession with IT advancements and investment, while unsuccessful organizations will adopt a more passive "business as usual” approach.

Additional key findings from the survey include:

- IT budgets are not in a total free-fall, but a growing number of IT organizations are cutting budgets by 10% to 25%.

- Change management was the most important ITSM initiative for companies of all sizes, followed by the other ITIL service support disciplines.

- Only three percent of respondents reported that all ITSM initiatives have been completed, and 80% said some have been finished.

- Most (74%) of respondents place primary responsibility for strategic ITSM planning on C-level executives, IT vice presidents and IT directors.

- Most (67%) of respondents are not planning to replace their ITSM tools. For those that are, functionality limitations are the primary drivers for mid-sized companies and lack of scalability is the motivation for enterprise organizations.

- ITIL is the biggest area of investment for advancing the adoption of ITSM best practices, with 62% of companies expecting to undertake training in 2009.

EMA believes short-term projects will gain favor in 2009 due to longer term budget uncertainties. Most ROI break-even expectations for ITSM projects are between six and 18 months. Some of the best practices recommended by survey respondents included creating an incremental ITSM plan and securing executive and business support early in the process.

Sign up here for the free Webinar on January 8 titled, "Make the Most of ITSM in 2009: Best-Practice Advice from Your Peers”

Methodology

For this report, EMA surveyed 143 IT professionals to uncover success factors and pitfalls of ITSM initiatives and recommended best practices based on real-world deployments.

IT Innovation Will Be Key to Turn Economic Crisis Into Opportunity

2008-10-20T08:49:00.000-07:00

Gartner RAS Core Research Note G00162229, John Rizzuto, Betsy Burton, 10 October 2008

Not all companies will be equally affected by the financial crisis. Continued IT investment is imperative for all enterprises, regardless of whether the objective is to maintain or to gain competitiveness. The inevitable recovery will provide just as much opportunity as the crisis reveals risk.

FINDINGS

The United States' most valuable asset is its people's ability to innovate. Innovation is crucial as we transition from short-term crisis management to recovery. IT is the cornerstone of wealth creation in modern economies: Enterprises and government agencies must accelerate IT investment to remain competitive and return to prosperity. During the intermediate to long term, IT will become less discretionary, and IT budgets will take a greater share of overall enterprise spending.

ANALYSIS

Although the advantage in manufacturing has shifted to lower-cost producers overseas, the U.S. remains dominant in industries that are driven by intellectual capital, such as medical technology, pharmaceuticals and information technology. The transition from tangible products to design- and research-intensive industries requires continued leverage of U.S. intellectual property for wealth creation. Research and design are data-intensive. IT is not only critical in tracking, analyzing and storing data; IT is also imperative in transforming data into useful information.

Once information is created, it is critical that the information be made accessible. Gartner believes that the regulations that arose from the Sarbanes-Oxley legislation will pale next to the coming regulations stemming from the current financial crisis. The impact will extend to all enterprises, as credit agencies and regulators require more transparency. The requirements for increased transparency will accelerate the demand for real-time systems, the integration of data, and the accessibility of information. During the short term, many of these requirements can be addressed tactically, but during the longer term, there will be a need to accelerate modernization plans for the IT infrastructure.

WHAT YOU NEED TO KNOW

* Focus on refining your business and IT strategies, as well as enterprise architecture. These efforts will not only be beneficial in satisfying new regulations but also provide the opportunity to more efficiently and effectively manage your business and increase your competitive advantage.
* Encourage and support your people. Increasingly, people working together and supported by technologies will be the engines of innovation. To foster innovation, leaders must anticipate concern among their people, suppliers, partners and buyers.
* Understand that long-term technology investments will be more important than ever. The shock to the financial system will linger for several years, and as the recovery takes hold, many companies will use the crisis as an opportunity. Stronger companies will be able to acquire cheap assets and will strive to gain market share at the expense of weaker competitors, while other companies will simply have to focus on maintaining their competitiveness.
* Don't ignore the longer-term needs that will be crucial to keep your business efficient and competitive. While focusing on the stresses that the current macroeconomic conditions are putting on businesses, plan for the acceleration of the modernization of IT infrastructures and evolve an information-centric foundation.
* Continue to emphasize intermediate- and long-term planning to stay in the competitive forefront as the current crisis abates. Delaying or ignoring long-term planning at the cost of short-term pressure will lead to being at a disadvantage, placing companies in the unenviable position of having to play catch-up.
* Finally, when evaluating cost cutting, target areas in which a reduction in functionality now can eliminate legacy constraints. Thus, you can prepare systems for growth as the economy recovers.