ITS Service ImprovementITS Service Improvement

Len HendershottHendershott Consulting Inc

Len HendershottHendershott Consulting Inc

2

HighlightsHighlights

There are benefits to be derived from improved service management practices

Discuss concepts – frameworks, best practices, processes, etc

Explain the KEY elements contained in ITIL, CobIT and CMM

Envisioning an ITIL defined future How to achieve that future Not training into each ITIL discipline: for

each process area visit http://www.hci-itil.com

3

Information Technology Service ManagementInformation Technology Service Management

ITSM is the concept that IT should be all about servicing the customer … that means IT managers are being told that they need to change the way they think about their jobs, the way they think about their systems and the way they spend their work day.

ITSM is the concept that IT should be all about servicing the customer … that means IT managers are being told that they need to change the way they think about their jobs, the way they think about their systems and the way they spend their work day.

While the management of technologies and application components has been the traditional mainstay of IT, most IT organizations are waking up to the fact that past and even current poor service delivery has less to do with the technologies they are or are not using, than it does withpoorly designed or "missing" critical IT processes.

4

Why NowWhy Now

The systems that IT provides to the enterprise are now used by customers and suppliers, not just employees, raising the bar for IT’s management and governance processes.

Enterprise applications are now central to virtually every business initiative, leading to an unprecedented need for alignment between IT and line of business executives.

Cost reduction opportunities are now numerous and compelling within IT. Outsourcing and consolidation are the highest profile of these.

The return on IT must now be demonstrated, as expected of any mature and critical business function.

Today’s expensive and mandatory requirements for compliance and transparency fall disproportionately on IT.

IT Management and Governance systems have entered the mainstream, joining ERP, CRM, HR and e-mail as part of the standard enterprise applications landscape.This development is primarily due to the convergence of five changes in the IT universe.

David Hurwitz, Clarity, Why Now, IT management and Governance 102

5

Drivers for Improved Service ManagementDrivers for Improved Service Management

IT increasingly being asked to justify itself in business terms

Control over Total Cost of Ownership Identified accountability for IT strategic decisions Improved integration of IT planning within context of

overall business planning Customer demands for more responsive IT services Viability of out-sourcing options Marketing of approaches such as ITIL, CobIT & CMM Increasing number of integrated tool vendors Introduction of commonly used terminology Improved ability to periodically assess IT value to

organization

Typical Current PracticesTypical Current Practices

Do you recognize any of these findings ?Do you recognize any of these findings ?

7

Service Desk ResponseService Desk Response

8

Standard Equipment PolicyStandard Equipment Policy

9

Availability ManagementAvailability Management

10

Customer ServiceCustomer Service

11

Performance measured by complaints

Poor understanding of Customer concerns

Poor Customer understanding of IT issues

Performance measured by complaints

Poor understanding of Customer concerns

Poor Customer understanding of IT issues

How well are you doing ?How well are you doing ?

IT managers say they know when their users are really happy by the number of phone calls they receive. No calls means a satisfied customer since they don’t call to complain about poor service.

Often, this has become the de-facto measure of customer service. In reality, it is typical that an IT manager understands little about their customers except for the ones who are willing to pick up the phone.

From the customer viewpoint, their expectations of what service really is and how quickly the data center could respond, of what levels of service were reasonable are rarely based on the business realities of managing a technology infrastructure

12

Common Findings (HP)Common Findings (HP)

…unscheduled changes lead to false starts, multiple reworks, duplicate efforts, periodic work stoppages

inconsistent service delivery

…unscheduled changes lead to false starts, multiple reworks, duplicate efforts, periodic work stoppages

inconsistent service delivery

…unscheduled (and therefore uncontrolled) changes occurred to the production environment due to an unclear and undocumented IT process being performed (e.g., Change Management). This can lead to false starts, multiple reworks, duplicate efforts, periodic work stoppages, and often means lengthy time-to-repair intervals, and increased customer anxiety and frustration.

…the manner in which a particular IT process is triggered is vague (e.g., software distribution, etc.), thus leading to possible inconsistent service delivery, meaning the customer never gets the same quality of service twice. This can seriously impact customer satisfaction, prevent repeat business and is a sure sign that IT cannot make a commitment to strict service levels.

13

Common Findings (HP)Common Findings (HP)

uncoordinated or undefined processes

unclear roles and responsibilities & unmeasured performance

poor communications.

uncoordinated or undefined processes

unclear roles and responsibilities & unmeasured performance

poor communications.

the linkages between IT processes (e.g., Build & Test and Release to Production) are undefined, or worse, non-existent, thereby causing further delays to already tight production schedules, missed customer commitments, and loss of revenue.

the staff whose job it is to perform a process (e.g., Helpdesk or Problem Management) have unclear roles and responsibilities and are not measured on performing the process, thus leading to accountability failures when things go wrong, and complicated finger-pointing when trying to fix a broken service

Is your Support Center the last to know about product and service changes? Do your customers call into the Support Center with questions on applications and systems your staff has never heard of? Are changes frequently implemented into your production environment without any prior risk analysis or critical path analysis be conducted? If the answer to any of these questions is "yes", then your Support Center has a problem! However, it’s a problem shared by many organizations.

Organizing IT ServicesOrganizing IT Services

Frameworks

15

What is a FrameworkWhat is a Framework

"The purpose of the framework is to provide a basic structure which supports the organization, access, integration, interpretation, development, management, and changing of a set of architectural representations of the organizations information systems. Such objects or descriptions of architectural representations are usually referred to as Artifacts.

The framework, then, can contain global plans as well as technical details, lists and charts as well as natural language statements. Any appropriate approach, standard, role, method, technique, or tool may be placed in it. In fact, the framework can be viewed as a tool to organize any form of meta-data for the enterprise.”

Zachman Framework, INFORMATION SYSTEMS ARCHITECTURE - ISA

16

ITIL FrameworkITIL Framework

A taxonomy to highlight the ITIL booklets

17

Models – Cirba CorporationModels – Cirba Corporation

Groupings based on ITIL with some directional relationships

18

Models – Art of ServiceModels – Art of Service

http://www.itsmdirect.com/default.asp

More complexity & adding some key outputs

19

Microsoft Operations FrameworkMicrosoft Operations Framework

Groupings according to a model

20

Models - HPModels - HP

Groupings according to a model with prioritization

21

Models – HP – detailed descriptionModels – HP – detailed description

Much greater complexity with many products

22

CobIT Governance FrameworkCobIT Governance Framework

23

The field is still in fluxThe field is still in flux

The fact that specific frameworks like ITIL, MOP, PRINCE2, ASL, BSD/SSADM, RUP, DSDM, ISPL, IS-7799, COBIT and Catalyst POLDAT, were developed separately and in parallel by different groups with different outlooks, means that they were not designed to align with one another and so they don’t!

The reality is that the IT domains and frameworks are incompatible:

1. They overlap 2. There are gaps 3. They are inconsistent 4. They have no common unifying framework 5. They do not unify IT, nor unify IT with the Business

Mapping IT Governance onto a Unified Framework,

John Gilbert, Southcourt, UK, http://www.bitacenter.com

24

Unified Process FrameworkUnified Process Framework

Mapping IT Governance onto a Unified Framework,

John Gilbert, Southcourt, UK, http://www.bitacenter.com

The UPF is a process unifying framework that aligns not only the domains within IT

together but also aligns IT with the business.

25

Organizational Focus – another framework consideration

Organizational Focus – another framework consideration

Business (Strategic)

responsible for ensuring that the future business requirements for IT Services are considered, planned and implemented in a timely fashion. These future requirements come from business plans outlining new services, improvements and growth in existing services, development plans etc.

Service (Tactical)

management of the performance of the live, operational IT Services used by the Customers. It is responsible for ensuring that the performance of all services, as detailed in the targets in the SLAs and SLRs, is monitored and measured, and that the collected data is recorded, analyzed and reported.

Resource (Operational)

the management of the individual components of the IT Infrastructure. It is responsible for ensuring that all components within the IT Infrastructure that have finite resource are monitored and measured, and that the collected data is recorded, analyzed and reported

26

Integrating this element into a frameworkIntegrating this element into a framework

27

Value of FrameworksValue of Frameworks

CIOs and the IT managers that report to them have all been in need of a clear picture that depicts the IT processes required to deliver quality IT services in support of their emerging e-services. Without a clear picture, IT organizations will continue to struggle as they try to understand and determine:

The current state of IT with regard to process (the “AS-IS") The desired future state of IT (the “To-BE") The gaps between the current and future states of IT The steps needed to bridge those gaps

Therefore, the need for a concise picture - one that reflects an enterprise service management capability - is very real for most IT organizations and critical to their success.

The HP IT Service Management Reference Model, White

Paper, Version 2, January 2000

28

CaveatsCaveats

There will be no “precise” or “definitive” framework for some time.

Though the need is real, the progress towards better IT service management remains a “work in progress”

There are “proprietary” solutions which can be secured at high costs, but all require “fitting” to an organizational setting

There are generally recognized “best practices” which, through the OGC and itSMF are within the public domain

The HP IT Service Management Reference Model, White

Paper, Version 2, January 2000

ITILITIL

Information Technology Infrastructure Library

30

What is ITIL ?What is ITIL ?

INFRASTRUCTUREA logical means of dividing the overall IT environment into components of related functionality.

LIBRARYA depository built to contain books and other materials for reading and study

SO ITIL is..A method of organizing the Information Technology departments of organizations. ITIL defines the (work) processes involved and the interfaces between them.

Hyperdictionary

31

Pink Elephant DefinitionPink Elephant Definition

process A series of definable, repeatable, and measurable tasks leading to a useful result for an internal or external customer

optimal The point at which returns on investment do not justify further costs

customer groups or individuals who have a business relationship with the organization; those who receive and use or are directly affected by the products and services of the organization.

Justifiable Taking into consideration the strategic and operational considerations of the organization

ITIL is all about which processes need to be realized within the organization for

management and operation of the IT infrastructure to promote optimal service

provision to the customer of the services at justifiable costs.

ITIL is all about which processes need to be realized within the organization for

management and operation of the IT infrastructure to promote optimal service

provision to the customer of the services at justifiable costs.

32

ITIL ….ITIL ….

provides a framework in which to place existing methods and

activities in a structured context.

provides a framework in which to place existing methods and

activities in a structured context.

Structure: how an interface is organized and optimized for ease of use and understanding

33

Change ManagementSecurity Management

Availability Management

Performance Management

Problem ManagementBackup & Recovery

Application & System DesignCapacity Planning

Configuration/Asset Management

Service Level Management

The Structure ? The Structure ?

1. Setting Objectives

2. Planning

3. Execution

4. Measurement

5. Control

Phases of Management

High Availability, Piedad, Hawkins, p.39

34

ITIL ….ITIL ….

provides a framework in which to place existing methods and activities

in a structured context.

provides a framework in which to place existing methods and activities

in a structured context.

Dep

t A

Dep

t A

Dep

t B

Dep

t B

Dep

t C

Dep

t C

Dep

t D

Dep

t D

Dep

t E

Dep

t E

Dep

t F

Dep

t F

Department Silos

Process 1

Process 2

Process 3

Process 4 LO

B A

LOB Process 1

LOB Process 2

LOB Process 3

Get complicated when participants are not all subject to

same processes

35

ITIL ….ITIL ….

provides a framework in which to place existing methods and activities

in a structured context.

provides a framework in which to place existing methods and activities

in a structured context.

Since processes and their activities run through an organization, they should be mapped and coordinated by process managers

In a product-oriented organization, the flow of [functional] activities and processes is not generally recognized at all; the focus is on the product, and management and control is often lacking. The evidence is in the lack of any useful metrics related to the production process, because the process activities are not clear or even not identified.

36

provides a framework in which to place existing methods and activities

in a structured context.

provides a framework in which to place existing methods and activities

in a structured context.

ITIL ….ITIL ….

By emphasizing the relationships

between the processes, the lack of

communication and co-operation

between various IT functions can be

eliminated or minimized.

Process 1

Process 2

Process 3

Process 4

Communication, cooperation

Communication, cooperation

Communication, cooperation

37

ITIL Defines ---- Best PracticesITIL Defines ---- Best Practices

What are Best Practices ?techniques or methodologies that, through experience and research, have proven to reliably lead to desired results.

A commitment to using the best practices in any field is a commitment to using all the knowledge and technology at one's disposal to ensure success.

Who’s Best Practices ?the organization who wrote the books

– U.K. Office of Government Commerce

ITIL provides a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualification scheme, accredited training organizations, and implementation and assessment tools. The best-practice processes promoted in ITIL both support and are supported by the British Standards

Institution’s Standard for IT Service Management (BS15000).

38

Implementing Best Practices may be problematic...Implementing Best Practices may be problematic...

the organization has not made the mistake - thus, not clearly understanding the reasoning behind the adopted practice.

the organization may not have adapted its' internal support processes sufficiently to implement the processes - ie., not sufficiently mature in CMM terms.

the implementation of one ITIL process will have dependencies with other ITIL processes - these interrelationships can be complex and differ with the characteristics of the organization implementing ITIL

different ITIL disciplines have base implementation scenarios targeted for different levels of organizational maturity - they reflect the "best" amongst a discrete number (and not an unbiased sample) of organizations reviewed and not the theoretical best (ie. too few organization's at higher maturity levels).

Note: Sorry new slide – not in set distributed

39

A MethodologyA Methodology

Myths of Methodology, Dan Drislane, Beggs-Heidt, August 2002

A methodology is not a best practice in and of itself. It is the collected sum of best practices that, when carefully orchestrated, create synergistic, tangible value to an organization.

Methodology is also a business process that an organization executes. The process is a collection of best practices (call them methods or tasks if you wish) that are organized to

produce value at one or more points along the process path, or if you’ve been reading the latest management texts, the value chain."

ITIL Key ConceptsITIL Key Concepts

What I think is truly different from how you may currently be operating

What I think is truly different from how you may currently be operating

41

The Journey – describing the environmentThe Journey – describing the environment

Infin

ite r

each

, ra

nge

& m

an

euvra

bili

ty

Infrastructure & services

BusinessGoals

IT PlanningGeneralized

OrganizationalGoal

Reach, Range, Maneuverability ArchitectureThe IM&M architecture of the business which permits anyone, anywhere, at any time to access (reach) any sharable information object (range) or service.

Bernard Boar, the Art of Strategic Planning for Information Technology, 1993

42

AssumptionsAssumptions

If perfectly defined infrastructure faults should ONLY occur due to:• Changes to definition• Normal wear and tear

43

The JourneyThe Journey

Infin

ite r

each

, ra

nge

& m

an

euvra

bili

ty

Infrastructure & services

BusinessGoals

IT Planning

Metadata on infrastructureCMDB

44

AssumptionsAssumptions

If perfectly defined infrastructure faults should ONLY occur due to:• Changes to definition• Normal wear and tear

The infrastructure CAN BE highly defined at acceptable costs using appropriate tools

45

The JourneyThe Journey

Infin

ite r

each

, ra

nge

& m

an

euvra

bili

ty

Infrastructure & services

BusinessGoals

IT Planning

Tool & approach improvements

Environmental Scanning

46

AssumptionsAssumptions

If perfectly defined infrastructure faults should ONLY occur due to:• Changes to definition• Normal wear and tear

The infrastructure CAN BE highly defined at acceptable costs using appropriate tools

There will be better tools offered in the future to achieve higher (or the same) availability and capacity at lower costs

47

The JourneyThe Journey

Infin

ite r

each

, ra

nge

& m

an

euvra

bili

ty

Infrastructure & services

BusinessGoals

IT Planning

Tool & approach improvements

Environmental Scanning

Releases

Infrastructure is NOT perfectly definedAnd there is wear and tear

Incidents,Problems,Changes

48

ITIL Key Concepts – Business AlignmentITIL Key Concepts – Business Alignment

Event: Economic down-turns result in business cut-backs

Leads to review of IT operations and renewed attempts to manage technology according to business goals and objectives.

Using ITIL SLM, IT organizations commit to describing the services they offer and to detailing the level at which those services can be offered and to measure their performance against those commitments

“Strategic alignment is achieved between the business and information technology when IM&M can be used to create, design, and exploit business opportunities.”Bernard Boar, The Art of Strategic Planning for Information technology, p. 323

49

Business Customer

CRM

ITIL Key Concepts – Manage Customer RelationsITIL Key Concepts – Manage Customer Relations

Application Support

Corporate Support?Treat internal clients

Like external customers

50

ITIL Key Concepts – Simplify contactITIL Key Concepts – Simplify contact

Service Desk rather than Help Desk

A Single Point of Contact (SPOC) – one number for all technology queries

Service Desk “owns” calls from cradle to grave – ensures they don’t get lost

Specialization of Service Desk as generalists

Complimented by self-service tools

51

ITIL Key Concepts – Emphasize service restorationITIL Key Concepts – Emphasize service restoration

Distinguish between service restoration and problem solving activities

Involve different goals and skill sets

Focus all attention and the correct resources on service restoration efforts

“Park” problems for later treatment

52

Event Management - It’s all about finding and removing infrastructure faultsEvent Management - It’s all about finding and removing infrastructure faults

53

ITIL Key Concepts – Control ChangesITIL Key Concepts – Control Changes

Achieve a “Known state” for environment in CMDB

Evidence suggests majority of incidents are a result of changes

Any change is carefully assessed for risk

Selected treatment is a function of evaluated risk of change with procedures designed to streamline known and low risk changes

54

ITIL Key Concepts – CommunicationITIL Key Concepts – Communication

Make all attempts to mitigate impact of faults and outages by strategic communications to User and businesses

Allowing them to take alternate actions to offset productivity losses from faults

Improve processes by engaging them in change acceptance activities

Improving overall customer satisfaction by participation

55

ITIL Key Concepts – MeasurementITIL Key Concepts – Measurement

Performance expressed in a ‘performance architecture’ signified by logical collection of SLA – OLA/UC network

SLA outlines end-to-end service expressed in Customer terms

Supported by network of internal & external agreements describing performance requirements of elements of service chain

56

ITIL Key Concepts – Control Customer ExpectationsITIL Key Concepts – Control Customer Expectations

Service levels are achieved at a cost

SLAs control “expectation creep” by tying additional service levels to their associated costs

Financial costing methods should clearly identify costs to customers in order to re-orient IT spending from “administrative overhead” to “strategic enabler”

57

ITIL Key Concepts – Availability Trade-offITIL Key Concepts – Availability Trade-off

Trade-off between High Availability and Restoration strategies

Based upon review of systems

need for high availability VS business impact of failure

58

In SummaryITIL improves Quality of ServiceIn SummaryITIL improves Quality of Service

Value of ITIL Process Framework to IT Service ManagementWHITE PAPER, Author: Viswanathan. S

Increased Uptime Elimination of repeat

incidents Faster resolution time

IncreasesUptime

Elimination of

repeat incidents

Faster , more accurate

resolution

59

In SummaryITIL can improve timeliness of serviceIn SummaryITIL can improve timeliness of service

Value of ITIL Process Framework to IT Service ManagementWHITE PAPER, Author: Viswanathan. S

Fewer rollbacks & incidents caused by poor changes

More accurate rollouts from releases Decreased incident volume thru

effective Problem Management

More accuraterollouts

Decreased rollbacks & incidents from poor Change

Management

Fewer Incident through proactive removal of faults

60

In SummaryITIL can reduce Cost of serviceIn SummaryITIL can reduce Cost of service

Value of ITIL Process Framework to IT Service ManagementWHITE PAPER, Author: Viswanathan. S

Reduced incidents caused by changes

Decreased ave. cost / call Decreased incident volume

and firefighting costs

Lower ave cost per incident

Fewer reported incidents

Caused by poor changes

Less incident volume & Firefighting activity through better Problem Management

COBITCOBIT

Control Objectives for IT-Related

Technology

Adaptation for auditors

Control Objectives for IT-Related

Technology

Adaptation for auditors

62

What is Governance?What is Governance?

“a structure of relationships and processes to direct and control the enterprise’s goals by adding

value while balancing risk versus return over IT and its

processes”

“a structure of relationships and processes to direct and control the enterprise’s goals by adding

value while balancing risk versus return over IT and its

processes”

COBIT Implementation Tool Set3rd Edition, July 2000

63

CobIT StructureCobIT Structure

64

CobIT Governance FrameworkCobIT Governance Framework

65

4 domains and 34 processes:

1. Planning &Organization

Domain

2. Acquisition &Implementation

Domain

3. Delivery &SupportDomain

4. MonitoringDomain

66

- Define a strategic IT plan

- Define the information architecture

- Determine the technological direction

- Define the IT organization and relationships

- Manage the IT investment

- Communicate management aims and direction

- Manage human resources

- Ensure compliance with external requirements

- Assess risks

- Manage projects

- Manage quality

1. Planning & Organization Domain1. Planning & Organization Domain

PO1

PO2

PO3

PO4

PO5

PO6

PO7

PO8

PO9

PO10

PO11

ProcessDomain

66

67

- Identify solutions

- Acquire and maintain application software

- Acquire and maintain technology architecture

- Develop and maintain IT procedures

- Install and accredit systems

- Manage changes

2. Acquisition & Implementation2. Acquisition & Implementation

A11

A12

A13

A14

A15

A16

ProcessDomain

67

68

- Define service levels- Manage third-party services- Manage performance and capacity- Ensure continuous service- Ensure systems security- Identify and attribute costs- Educate and train users- Assist and advise IT customers- Manage the configuration- Manage problems and incidents- Manage data- Manage facilities- Manage operations

3. Delivery & Support3. Delivery & Support

DS1DS2DS3DS4DS5DS6DS7DS8DS9DS10DS11DS12DS13

ProcessDomain

68

69

- Monitor the processes

- Assess internal control adequacy

- Obtain independent assurance

- Provide for independent audit

4. Monitoring4. Monitoring

M1

M2

M3

M4

ProcessDomain

69

70

COBITCOBIT

Control Objectives for Information Related Technologies

71

COBITCOBIT

Defining and managing service

levelsBusiness need to understand levels of service needed

SLAs

formal agreements

defined responsibilities

response times & volumes

charging

integrity guarantees

non-disclosure agreements

customer satisfaction criteria

cost/benefit analysis of service levels

monitoring & reporting

It’s Not that SimpleIt’s Not that Simple

Knowing What is Best PracticeIsn’t much good if you can’t achieve it.

73

Giga Research - October 23, 2003 Giga Research - October 23, 2003

Implementation issues: The ITIL methodology has proven to be notoriously time-consuming and difficult to implement. Although ITIL promises cost-saving and process improvements, there is no guaranteed return on investment (ROI), making the ITIL proposition a not very attractive one for corporate IT departments.

Expectation mismanagement: Vendors have oversold the ITIL methodology as a means of mapping business processes to IT processes, which is indeed a big concern for many IT departments these days. Unfortunately, ITIL is unsuitable for this task. It is merely a way of structuring the internal IT service delivery and once fully implemented will increase the efficiency of the IT department. Once clients started to familiarize themselves with the ITIL concept, this mismatch between promise and reality became obvious, effectively diminishing the ITIL value proposition even further.

Despite significant vendor hype, fully fledged IT Infrastructure Library (ITIL) implementations by enterprise IT departments have remained an exception. The majority of companies have not advanced beyond the piloting or even exploration phases. There are two main reasons for the failure of ITIL to live up to expectations

74

Why do implementations fail?Why do implementations fail?

Simply implementing a ‘process control function’, as implementations were considered to be in the past, is not enough.

In most cases failure was caused by lack of attention to the ‘process enablers’.

Management should be committed during the entire ‘plan-do-check-act’ cycle, and should also address all aspects of the service management framework

Simply implementing a ‘process control function’, as implementations were considered to be in the past, is not enough.

In most cases failure was caused by lack of attention to the ‘process enablers’.

Management should be committed during the entire ‘plan-do-check-act’ cycle, and should also address all aspects of the service management framework

Stop Being a Victim!By: Char LaBounty Presidenthttp://labountyassociates.com/pubs/publications02.html

75

What can be done ?What can be done ?

ITIL establishes a target

But provides little guidance on how to

hit the target

76

Need process improvement advice to hit targetNeed process improvement advice to hit target

CMMI provides guidance for organizational

improvementITIL is an excellent base for driving performance and quality improvements in the Service management domain. It is also going to be an integral part of a wider quality initiative from other frameworks, such as for Capability Maturity Model,(CMM) impacting application development, or COBIT.

Assyst – Service Matters (http://mediaproducts.gartner.com)

77

ITIL Implementation: Vital elements to consider --ITIL Implementation: Vital elements to consider --

the scope and complexity of the organization

the resources at your disposal, including staff numbers

the level of maturity of the organization – particularly with achieving a “Defined” capability

the impact of IT on the business – how important is the area to the overall business

the culture of the organization

continuous communication with the User population.

ITIL Service Management, C1

Capability Maturity ModelingCapability Maturity Modeling

The ability to deliver is determined by organizational capabilities and maturities

The ability to deliver is determined by organizational capabilities and maturities

79

Remember the methodologyRemember the methodology

Myths of Methodology, Dan Drislane, Beggs-Heidt, August 2002

The ability to call upon, utilize and sustain enablers is a function of the organization’s capability maturity level.

80

Capability Maturity Model (CMM)Capability Maturity Model (CMM)

First advanced by Crosby in “Quality is Free” (1979)

Adapted by IBM in 1980s to instill TQM into software development. Humphrey observed…

TQM needed to be implemented in stages to be successful New software development practices did not survive unless

organization changed supporting behaviors Work is chronically over-committed in low maturity organizations –

results depended on skills of exceptional individuals

Carnegie-Melon Institute uses approach to devise Software CMM, Software Engineering CMM and Product Development CMM

In 1995 Carnegie-Melon developed People CMM to improve the capability of the workforce.

In 2000 Carnegie-Melon integrated SW with system engineering processes in CMM-Integrated

Information Systems Audit and Control Association devise COBIT for IT Governance auditing

IT Service CMM is a work in progress in the Netherlands by Professor Niessink

81

CMMI Maturity LevelsCMMI Maturity Levels

82

CMMI - Levels 1 through 3CMMI - Levels 1 through 3

A process cannot be improved if it cannot be repeated

Repeatable: The first step in helping an organization improve its maturity is focused on helping organizations remove the impediments that keep them from repeating successful .. practices.

Managed: The effort to establish a repeatable capability is the effort to establish basic management practices locally within each unit or project. Only when this management capability is established will the organization have the foundation on which it can deploy common processes.

Defined: When the organization defines a standard process for performing its business activities, it has laid the foundation for a professional culture. Most organizations report the emergence of a common culture as they achieve Level 3. This culture is based on common professional practices and common beliefs about the effectiveness of these practices.

83

What Does CMMI offerWhat Does CMMI offer

“This history of productivity and quality improvement in software has been riddled with silver bullets.

Complex, advanced technologies were usually implemented in a big bang that often proved too large for the organization to absorb.

The SW-CMM achieved widespread adoption because it broke the cycle of silver bullets and big bangs. At each stage of its evolutionary improvement path, the SW-CMM implemented an integrated collection of management and development practices that the organization was prepared to adopt.

Each level of maturity established a new foundation of practices on which more sophisticated practices could be implemented in later stages.

More importantly, each level shifted the organization’s culture one step further away from its initial frenzied state toward an environment of professionalism and continuous improvement.”

People CMM, p.12

84

So, CMMI can provide advice on HOW to implementSo, CMMI can provide advice on HOW to implement

Some ITIL processes exist predominantly at a specific, but attainable level of maturity – but, can achieve additional benefits at higher implementation levels

Some aspects of ITIL processes exist at levels of maturity beyond the capability of the organization at its current maturity levels. These require enabling processes to be implemented.

Eg. availability, SLM measurement require sophisticated quantitative measurement capability associated with level 4

Problem Management Root Case Analysis is associated with level 5 activities (Continuous improvement through elimination of defects)

There are implied orders amongst ITIL disciplines and within sub-divisions of disciplines in HOW they should best be implemented

85

CMMI – A DistinctionCMMI – A Distinction

CMM makes an important distinction between practices designed to implement a workforce habit and practices designed to institutionalize the practice. Without the later, all too often newly embedded practices will revert to previous, well-entrenched behaviors. The four institutional practices are displayed below.

86

CMMI - Generic PracticesCMMI - Generic Practices

Establish and maintain an organizational policy for planning and performing the process

Establish and maintain the plan for performing the process

Provide adequate resources

Assign responsibility and authority

Train the people

Identify and involve the relevant stakeholders

Monitor and control the process against the plan

Objectively evaluate adherence of the process against its process description, standards, and procedures, and address noncompliance

Establish and maintain the description of a defined process

Collect work products, measures, measurement results, and improvement information

Generic practices are practices that should be included in every process area in addition to the specific practices that appear in each process area description. The generic practices improve the

power of a process by assuring that the specific practices are executed and that there is appropriate planning of the process to assure that it is feasible and well-supported.

SEI'S Capability Maturity Model - Integrated Acquisition Model vs 1

87

Pre-requisites for repeatable services (level 2)Pre-requisites for repeatable services (level 2)

Service Commitment Management - to ensure that service commitments are based on the current and future IT service needs of the customer.

Service Delivery Planning - ensure that the service delivery planning is developed in accordance with the service commitments and that internal commitments are secured.

Service Tracking and Oversight - During service delivery, performance is monitored to enable corrective actions before the service commitments are breached. In addition, the tracking forms the basis for service reports to the customer.

Service Sub-contract Management - Parts of the service that are sub-contracted to third parties are managed and controlled.

Configuration Management - The information technology subject to the IT service is identified and controlled.

Event Management - managing events that occur during service delivery. Events can be incidents, such as unavailable servers, or service requests from end-users. Both types of events need to be handled in time in order to meet the service commitments.

Service Quality Assurance - An independent quality assurance group provides insight for senior management into the processes used and work products produced

Frank Niessink Version 1.0.2-en, January 15, 2003 download from www.itservicecmm.org/download.html

88

Pre-requisites for defined services (level 3)Pre-requisites for defined services (level 3)

Organization Service Definition - a service catalogue is developed that describes the services, in terms of customer benefits, that the service provider can deliver.

Organization Process Definition - the organization describes the processes used to deliver the services, described in the service catalogue. Service catalogue and standard service processes undergo improvement as a result of practical experience.

Organization Process Focus - this key process area is aimed at implementing the standard processes and assessing the performance of the processes in practice.

Integrated Service Management - this key process area is aimed at tailoring the standard service processes to specific service commitments for a specific customer so that the tailored process can be used to manage and deliver services to the customer.

Service Delivery - the tailored service processes are performed to deliver the services.

Training Program - based on the standard processes, a training program is developed. Employees are trained to fulfill their roles in the standard process.

Intergroup Coordination - delivering services requires different groups and disciplines to coordinate their work. This key process area makes sure communication between different groups is facilitated.

Problem Management - incidents and service requests that are registered as part of the Event Management key process area are analyzed to identify and solve underlying problems in the information technology.

Resource Management - required resources for delivering different services to different customers are coordinated across the organization

Frank Niessink Version 1.0.2-en, January 15, 2003 download from www.itservicecmm.org/download.html

Success is still not guaranteedP-CMMSuccess is still not guaranteedP-CMM

Organizational workforce practices need to be addressed.Organizational workforce practices need to be addressed.

90

Processes Require Departmental CooperationProcesses Require Departmental Cooperation

Dep

t A

Dep

t A

Dep

t B

Dep

t B

Dep

t C

Dep

t C

Dep

t D

Dep

t D

Dep

t E

Dep

t E

Dep

t F

Dep

t F

Process 1

Process 2

Process 3

Process 4

The implementation of processes modifies the traditional structure by requiring the initiation of “workforce competencies” rather than departmental skillsets.

An example is the view of Availability as being composed of generic or cross-organizational issues rather than product-centric (eg. network).

91

People CMM - ManagementPeople CMM - Management

Optimized

Predictable

Defined

Managed

Initial

Optimized

Predictable

Defined

Managed

InitialInconsistent

People

Competency

Capability

Change

Managers to take workforce activities as high priority responsibilities of their job with focus on Unit level activities.Managers to take workforce activities as high priority responsibilities of their job with focus on Unit level activities.

Organization has not defined workforce practices, and, in other areas, it has not trained responsible individuals to perform the practices that exist.

Organization has not defined workforce practices, and, in other areas, it has not trained responsible individuals to perform the practices that exist.

Develop an organization-wide infrastructure atop lower practices that ties the capability of the workforce to strategic business objectives.

The organization builds an organization-wide framework of workforce competencies that establishes the architecture of the organization’s workforce. Each workforce competency is an element of the workforce architecture, and dependencies among competency based processes describe how these architectural elements interact.

Develop an organization-wide infrastructure atop lower practices that ties the capability of the workforce to strategic business objectives.

The organization builds an organization-wide framework of workforce competencies that establishes the architecture of the organization’s workforce. Each workforce competency is an element of the workforce architecture, and dependencies among competency based processes describe how these architectural elements interact.

92

Achieving a Defined Maturity is a process enabler:Achieving a Defined Maturity is a process enabler:

P-CMM findings: frequent failure of organization-wide improvement programs...

Because they were thrust on an unprepared management team - It is difficult to implement organization-wide practices if managers are not performing the basic workforce practices required to manage their units.

competency-based processes (P-CMM Maturity Level 3) form a basis for defining workgroup roles and operating processes. Rather than just relying on the interpersonal coordination skills developed at Maturity Level 2, workgroups can now organize themselves by tailoring and applying standard competency-based processes. The ability to use defined processes simplifies coordination within the workgroup, since it no longer rests solely on the interpersonal skills of group members to figure out how to manage their mutual dependencies.

Competent professionals demand a level of autonomy in performing their work. To best utilize competent professionals, the organization must create an environment that involves people in decisions about their business activities. Decision-making processes are adjusted to maximize the level of competency applied to decisions, while shortening the time required to make them. Individuals and workgroups should be provided with the business and performance information needed to make competent decisions. A participatory culture enables an organization to gain maximum benefit from the capability of its workforce competencies while establishing the environment necessary for empowering workgroups.

P-CMM findings: frequent failure of organization-wide improvement programs...

Because they were thrust on an unprepared management team - It is difficult to implement organization-wide practices if managers are not performing the basic workforce practices required to manage their units.

competency-based processes (P-CMM Maturity Level 3) form a basis for defining workgroup roles and operating processes. Rather than just relying on the interpersonal coordination skills developed at Maturity Level 2, workgroups can now organize themselves by tailoring and applying standard competency-based processes. The ability to use defined processes simplifies coordination within the workgroup, since it no longer rests solely on the interpersonal skills of group members to figure out how to manage their mutual dependencies.

Competent professionals demand a level of autonomy in performing their work. To best utilize competent professionals, the organization must create an environment that involves people in decisions about their business activities. Decision-making processes are adjusted to maximize the level of competency applied to decisions, while shortening the time required to make them. Individuals and workgroups should be provided with the business and performance information needed to make competent decisions. A participatory culture enables an organization to gain maximum benefit from the capability of its workforce competencies while establishing the environment necessary for empowering workgroups.

93

Management CMMManagement CMM

94

Other Techniques/ApproachesOther Techniques/Approaches

TCO Management – benchmark financial costs

BPR – change management – the organization

BPM – the acknowledged successor to BPR

BS15000 – ISO – certify thyself

quality – TQM, six sigma

Microsoft MSF / MOF

Balanced scorecards

95

Approaches Applicability to IT Approaches Applicability to IT

News Story by Gary H. Anthes, http://www.computerworld.com/,

So, where do I go ?So, where do I go ?

Some KeysSome Keys

97

ConcernsConcerns

99

Key to A Coherent Strategy ?Key to A Coherent Strategy ?

Alice: Which way should I go?

Cat: That depends on where you are going.

Alice: I don’t know where I am going.

Cat: Then it doesn’t matter which way you go.

Be clear about what you want to accomplish

100

Implementing ITIL is not revenue neutralImplementing ITIL is not revenue neutral

Before ITILBefore ITIL After ITILAfter ITIL

Cost of Processes

Replaced

Cost of Processes

Replaced

Cost of ITIL

Processes

Cost of ITIL

Processes

Cost to

Business of

IT service

provision

Cost to

Business of

IT service

provision

Cost to Business ofIT serviceprovision

Cost to Business ofIT serviceprovision

The benefits to theorganization

The cost to theService Provider

Harder to define

101

But, the road is long and the target is movingBut, the road is long and the target is moving

Queen of Hearts: it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!'

102

Perhaps Wayne Gretsky said it bestPerhaps Wayne Gretsky said it best

Skate to where the puck will be

103

What to ExpectWhat to Expect

FutureToday

Best Practices Certification

Service Desk SW Integrated Service Mgmt SW

Gap Analysis “Mature” Maturity Modeling

ITIL modules ITIL-3

Process emphases

ITIL/CMM/COBIT integration

104

1954 Popular Mechanics Magazine.... 1954 Popular Mechanics Magazine....

SuggestionsSuggestions

Some basic suggestions on how to implement ITIL processesSome basic suggestions on how to implement ITIL processes

106

METAMETA

Phase 1 (6-8 months): Develop selling, marketing, service deployment planning, service deployment, change management, problem management, event management, and service level management processes

Phase 2 (8-12 months): Develop capacity planning, performance (server/network) management, configuration management, and cost/chargeback processes

Phase 3 (12-15 months): Develop the remaining miscellaneous processes

Phase 4 (15-18 months): Analyze measurements and undertake ongoing optimization use this structure for citations

Due to the diversity and complexity of deploying IT processes, we recommend the following four-phased implementation scheme:

META - Process Clustering - Service Management Strategies, Oct 23, 2000

107

Microsoft “Quick Wins”Microsoft “Quick Wins”

Service Desk - Merge multifunctional service desk into one central point of contact, either virtually or physically.

Incident Management - Establish consistent definitions of incident severities to ensure proper response by support staff to logged incidents.

Problem Management - Ensure that changes are correctly referenced to problems so that the root cause is only resolved once

Change Management - Establish a standard Request for Change (RFC) form.

Release Management - Ensure that Operations Acceptance Testing (OAT) is carried out as a separate exercise to User Acceptance Testing (UAT).

Configuration Management - Produce a "logical" CMDB from existing system data (for example, inventory, human resources, purchasing) rather than a "physical" CMDB.

108

Microsoft “Quick Wins”Microsoft “Quick Wins”

Availability Management - Use historical analysis on hardware mean time before failure (MTBF) in order to proactively replace equipment before it fails.

Capacity Management - Input threshold figures for CPU, memory, and disk to Service Monitoring and Control.

Service Level Management - Summarize service level agreements into two pages or less so that they are easier to read.

Service Monitoring and Control - Identify system baselines to establish accurate thresholds for monitoring and alerting on normal and abnormal system utilization.

Financial Management - Charge on service management issues (service desk calls, problems/changes raised) rather then CPU, memory I/O, etc...

IT Service Continuity Management - Ensure that documentation copies are stored at an off-site location either electronically or physically.

109

Proactive – Service ManagementProactive – Service Management

110

Proactive – Service DeliveryProactive – Service Delivery

111

The Art of ServiceThe Art of Service

Determine the base line; start with an assessment to determine priorities.

Survey the services/system(s) currently used by the organization for providing day-to-day user support and for handling incidents, problems and known errors. Review the support tools used, and the interfaces to change management and configuration management including inventory management, and the operational use of the current system within the IT provider. Identify strengths to be retained, and weaknesses to be eliminated. Ascertain the agreements in place between service providers and customers

Ascertain service level requirements and document these. Plan and implement the service desk using tools designed for this function which support incident control. These tools should either support or be capable of integration with tools for the aspects of Problem Management as well as for configuration management and change management. Implement at least the inventory elements of configuration management required for incident control and change management.

Extend the incident control system to allow other domains such as Computer Operations and Network Control staff to log incidents directly. Negotiate and set up SLAs

Develop the management reporting system

Implement the balance of 'reactive' Problem Management (problem control, error control and management reporting) and configuration management. The proactive parts of Problem Management should be implemented as staff are released from reactive duties by gradually improving service quality. Implement the release management process.

Re-published from www.artofservice.com publication has been decommissioned

112

Interprom CaveatsInterprom Caveats

Goals Are Unclear - An IT organization which starts implementing ITIL processes because “We have a problem”, will probably be less successful compared to an IT organization which is aware of its weaknesses after having done an audit or a customer review.

Lack of Tactical Management Processes - IT organizations after having implemented operational processes such as Incident Management, Configuration Management and Change Management, immediately jump to Service Level Management to have Service Level Agreements and service level reports. With this, IT organizations skip the implementation of formal tactical processes such as Availability Management, Capacity Management, IT Service Continuity Management and Cost Management.

Duration Times - ITIL offers process models, which are based on ‘Industry Best Practices’. This means that out-of-the-box implementations of ITIL simply don’t exist. Instead, ITIL provides IT organizations with a framework. It depends on each individual IT organization to have ITIL fit to its needs and priorities . A complete and full implementation of one process can last months, and while maturing, IT organizations continue to optimize their processes.

Bad Change Management - it is important to spend enough time to deal with resistance an implementation of a new way of working introduces. Managing these changes is therefore very important. Introducing these kinds of changes asks for an incremental approach. In short cycles the new process is introduced to the organization, which allows enough time to adjust, and to absorb the new situation. The Plan-Do-Check-Act (PDCA) cycles we know from TQM-implementation projects can be useful in this perspective.

Process Itself is Not the Goal - Implementation of formal (ITIL) processes help to increase the performance of the IT organization. Processes are implemented to provide management information, which directly contributes to the most effective and efficient way to contribute to the realization of the primary business processes of the company. Line managers, process managers and product managers are responsible to define performance indicators, process characteristics and control variables. By measuring performance, periodical management reports can be generated. Strategic decisions can then be based on hard figures instead of intuition.

Implementation of ITIL, Copyright 2002 InterProm USA Corporation

113

ITIL Disciplines Maturity PlacementITIL Disciplines Maturity Placement

Maturity Levelj k l m n

Reactive Problem Proactive Problem

Release

Service Continuity

MOU Service Catalogue OLA SLA Measurement Reporting

Demand App Sizing Workload

Recovery High Availability Modeling

Incident Major Incident CMDB References

Assets Mission Critical Configurations Configuration Mgmt

Change Asset Reference CMDB Reference

Financial

114

Preparing for an ImplementationPreparing for an Implementation

Determine Organization’s Ability to Change

Determine the Cost of Downtime for Major Applications

Develop a Vision for the Implementation

Develop Process Repository

The attainment of Level 3 - defined Maturity is a pre-requisite for implementing many ITIL processes so that they will be self-sustaining

Assigning costs of Unavailability allow the organization to establish what is acceptable risk. Once established then highly reliable analyses of the optimal level of availability are possible and a correct assessment of the availability-recoverability trade-off is possible.

A vision includes both a description of the organization's most desirable future state and a declaration of what the organization needs to care about most to reach that future state."

The organization should select appropriate standards and toolsets for describing process attributes and processes.

115

Some Common ApproachesSome Common Approaches

Start with Service Management practices

Incident then change (quick wins requiring level 2 (repeatable) maturity

Consolidate to have SPOC Service Desk

Develop Asset Mgmt database then migrate to CMDB

Identify Services

Improve change process to greater maturity

Ensure QA on Incident Tickets & improve Ticket reporting to enhance quality of “fault data”

Implement reactive Problem Management

Identify costs of services & add to Service Catalogue description

118

Issues w. Traditional ApproachIssues w. Traditional Approach

Success assumes highly mature organization – particularly with regard to Project Management capabilities (as defined by CMMI)

Strategic definitional steps preclude early initiation of easily definable initiatives enjoying high degrees of organizational consensus

Does not fully utilize benefits of implementing “best practices” which have gained acclaim by virtue of their wide applicability

119

Poor Project ManagementPoor Project Management

A few examples of poor project management, “have you ever been involved with or heard of a project within your organization or department that has or is exhibiting these or similar weaknesses?”

Poor estimation of duration leading to the project taking more time than expected

Poor estimation of costs leading to the project costing more than expected

Lack of quality control resulting in a product (or service) that is unusable or inadequate

Lack of planning Inadequate criteria for what is required Poor managerial support Poor administrative support Poor communication Unclear roles and responsibilities Lack of resource commitment

What is PRINCE2? - by Fiona Spence (CC Consulting Ltd) - http://www.crazycolour.com/p2/0009.shtml

120

CMMI – Project ManagementCMMI – Project Management

“it is much better to apply a simple method correctly than to adopt a more complex approach

inconsistently. “http://www.albacore.ltd.uk/PRINCE2.html

The basic Project Management process areas address the basic activities related to establishing and maintaining the project plan, establishing and maintaining commitments, monitoring progress against the plan, taking corrective action, and managing supplier agreements.

Capability Maturity Model® Integration (CMMI), Version 1.1

121

CMMI – Project ManagementCMMI – Project Management

The advanced Project Management process areas address activities such as establishing a defined process that is tailored from the organization’s set of standard processes, coordinating and collaborating with relevant stakeholders (including suppliers), risk management, forming and sustaining integrated teams for the conduct of projects, and quantitatively managing the project’s defined process.

Capability Maturity Model® Integration (CMMI), Version 1.1

122

Project LifecycleProject Lifecycle

Planning

Requirements

Acquisition

Modify/BuildIteration

Integration

Maintain

Project Lifecycle

Implementation

123

Publishinformation on the

Web

IMPLEMENT

INTEGRATE

ITERATE

Continuous ImplementationContinuous Implementation

In ConclusionIn Conclusion

Wrapping it up

125

What’s been SaidWhat’s been Said

Many organizations are demanding greater ROI from their IT services

Used together, ITIL, CobIT and CMM frameworks can provide a structure to achieve enhanced IT service management

A coherent, encompassing service improvement process will take several years. You need strategies to ensure sustained momentum.

Be aware of the need to achieve enabling organizational practices as pre-requisites for implementing ITIL processes which require greater levels of maturity

126

Thank YouThank You