The Secret to Successful Change Management is…

…drum roll please…

The secret is there isn’t one. There is no single aspect of Change Management that makes it successful. There is no right or wrong way design your Change Management process.

I have worked with two dozen customers on Change Management, and I have found few consistent threads. Every organization is different.

It’s important that:

  • You have one
  • You review and improve the process periodically

You also need to define “change” in a way that is appropriate to your organization. I once worked for an outsourced data center provider who required a change to access the data center–the one-time access was a Change.

This is an extreme example, but it clarifies the point.

A weekly meeting of the  Change Authorization Board is not required. Half the customers I worked with never defined any group that resembles anything like a CAB. It can work well for some organizations, but most organizations are better off without one.

Accountability for implementing unauthorized changes is also important. Most companies build “Unauthorized” or “Out of Process”  Changes into the process. One customer called them “Poorly Planned Changes” and the CIO had to approve them. The rate of such changes dropped significantly.

Otherwise the standard advice applies.

  • Define your KPI’s. Identify your performance metrics.
  • Assign a roles that are appropriate to your organization.
  • Automate approvals and notifications where possible.
  • Use “Standard” (pre-approved) changes in order to reduce the volume of management approvals.

Validating Configuration Management Uses

Two weeks ago I discussed how the value of Configuration Management activities are derived from the improvements made to other processes.

I want to suggest another way that this can happen, borrowing concepts that recently starting to surface in Project Management communities. That concept is called PRUB and was introduced last year by a professor from New Zealand, Dr. Phil Driver, and published this year in the book “Validating Strategies: Linking Projects and Results to Uses and Benefits“. As a tool it is both simple and somewhat intuitive, but it provides a simple framework for eliminating disconnects between high-level desires of management the practical day-to-day realities of operations. It helps us ensure there exists a clear and understood path from the project charter to through the deliverables to uses and benefits.

PRUB is an acronym for Project, Results, Uses, and Benefits. Originally intended to map the projects that support a particular strategic direction, it is simple and flexible enough that we can map it to improvement initiatives IT Service Management. In this case I am starting to use it as a tool for validating the uses associated with Configuration Management implementations, because it can help eliminate some of the shortcomings common to attempts to improve Configuration Management activities.

I did also want to step through a specific case study from a recent implementation with a government entity. I should note that we did not perform a specific PRUB analysis for this set of use cases of the CMDB, but I mention it because their requirements clearly thought through the each step of the PRUB analysis. They built some novel functionality into their CMDB implementation that I really liked.

I wrote up this and another example in the attachment: PRUB for CMDB. It contains a use case for Configuration Management with the Access Management process that was based loosely on this government entity.

PRUB_for_CMDB_drawing

 

  • Project / Process: Configure the CMDB to improve Access Management (this is a novel usage).
  • Results: Create a Permission Configuration Item for each authorized access request to a system. Link the CI to access request ticket. Create a relationship between the Permission CI and the sytem CI. In addition, import historical Permissions (prior to system implementation) to the CMDB.
  • Uses: When visualizing planned changes to a CI, the relationships can show them who has been granted access. The CI’s can be reported for scheduled reviews or audits of valid accesses. The specific access history can be pulled up from each Permission CI (based on the Access Request ticket). More broadly this use of the CMDB provides a more flexible mechanism to visualize and view the access requests.
  • Benefits: Improved assessment of the impact of planned changes. Improved reporting, controls and auditability for CI’s.

There are other relationships associated with these Permission CI’s, but I just wanted to provide a flavor for how the PRUB tool can demonstrate specific uses and benefits of the Configuration Management process.

Are the benefits measurable? If you can identify measurable benefits you should include them in your analysis. If you come across a CMDB implementation that does not clearly map out the results, how those results will be used, and how those uses will bring benefits to the users or the organization, then that should be a red flag.

IT Asset Management

Introduction

Last week I discussed how organizations with low maturity in the processes that Configuration Management supports will not realize any value from Configuration Management activities.

  • Financial Management of IT Services
  • Availability Management
  • IT Service Continuity Management
  • Change Management
  • Release and Deployment Management
  • Incident Management
  • Problem Management

There is an exception to this observation: IT Asset Management.

Configuration Management

I have experience, both hands-on and consultative, with BMC tools that fit in both market spaces, and I know from experience there is often confusion among potential or actual customers, in how they should use one tool or the other for certain situations.

Let’s start with the ITIL definition anyway. Configuration Management is the process that ensures that assets required to deliver services are controlled, and that accurate information about those assets is available when required. That is a very broad scope, but the focus here is really on how are the assets are configured and the relationships between them.

Versus IT Asset Management

IT Asset Management is a process for tracking and reporting the financial value and ownership of assets throughout their life cycle. Generally IT asset management focuses on hardware and software, while Configuration Management may also track non-physical assets such as virtual servers, virtual containers (research Docker if you have any questions about containers), documentation such as policies or processes or contracts, or other non-physical assets for which the changes do need to be controlled.

The concept of Configuration Management is broad enough that you can think of IT asset management falling within its scope, as a sub-process of Configuration Management.

Most organizations who do not realize any value from Configuration Management activities still need to manage the IT Asset Management life cycle. This has implications on:

  • Utilization of IT Assets
  • Information Security
  • IT Service Continuity Management

Organizations to do not require a CMDB in order to manage the life cycle of IT assets. A CMDB can be used, but specialist tools are available, and these tools are preferred when they automate the discovery and inventory of IT assets.

 

The Value of Configuration Management

Understanding Value

For the purpose of understanding the value of Configuration Management, we have to trace how value is added to transactions. The value transaction is important to the supplier because that is where value to the customer is measured. (Presumably the customers use value exceeds the transaction value, or the transaction is not sustainable.)

Adding Value to Value Transactions

  • Value Transactions are supported by Business Services
  • Business Services are supported by IT Services
  • IT Services are supported by IT Processes

The further down this chain we go, the harder it is to measure value to the customer, and the more care we must take to ensure that the supporting processes are adding value to the customer in the form of improvements to the Business Services or products.

Herein lies the pain point in measuring the value of Configuration Management. Value: Configuration Management

Configuration Management supports and improves IT processes:

  • Financial Management of IT Services
  • Availability Management
  • IT Service Continuity Management
  • Change Management
  • Release and Deployment Management
  • Incident Management
  • Problem Management

And Configuration Management is one more step away from the value transaction. We understand the value of Configuration Management by the improvements it makes to the other processes.

  • Few organizations measure the value of IT processes
  • Few organizations even measure key metrics such as the cost per minute of down time to IT Services, or value of a Problem Resolution.

The Chicken or the Egg

Which came first? Is Configuration Management a prerequisite to other processes its supports? No, it is not a prerequisite, though I know some people would disagree with this. Organizations can execute a Change Management process without relying on Configuration Management activities or a CMDB. In fact I know many organizations doing exactly this.

Could organizations improve their Change Management process with a CMDB in place to help assess the impact of changes? Certainly yes, but organizations who don’t have some maturity in other processes will not realize any value from Configuration Management.

I would say the opposite is true. You cannot have a working Configuration Management process without a mature Change Management process. Unless the data update is entirely automatic, and in my experience this is rare, then the data become stale and the data quality will degrade.

The Balanced Improvement Matrix

Two weeks ago I presented to a customer how their IT improvement program can be improved by adopting principles from ITIL. I used this slide to illustrate another way to think about the issue.

Benefit-Change-MatrixClick to expand

Recipient of Benefits

The Y-axis who receives most of the immediate benefit of the activity. “Inside” refers to IT, either a component of IT or the entire department.

Outside refers to the outside stakeholders for IT services. Generally they fall into one of these groups:

  • Users: those who directly use the services. Generally the users also request the service.
  • Internal customers: those who request or authorize services on behalf of the users. Generally customers are the users, but sometimes they are distinct.
  • External customers: The ultimate customer who exchanges value with the organization.

Focus of Change

The focus or perspective of change describes where most of the change or improvement takes place. We are also describing this as within IT or out of IT.

The change or improvement may or may not be limited to the primary location. There are often spillover benefits for related stakeholders that are less immediate.

Examining the Quadrants

Inside-In

This quadrant describes change or improvement activities that are limited exclusively to IT. Some examples may include:

  • Code refactoring
  • Recabling
  • Process improvement
  • Service Asset and Configuration Management
  • Training

Inside-In activities may be thought of as “charging the batteries”.  External stakeholders will not see immediate benefits, but the benefits will accrue over time as the IT organization becomes more agile, flexible, efficient and effective.

Inside-Out

Inside-Out activities are those that modify the behavior of external stakeholders in order to maximize the capabilities of IT. Some examples may include Demand Management and Financial Management of IT Services, specifically charging for IT services in a way that encourages their efficient use.

Service Catalog Management and Service Portfolio Management also create activities in this quadrant, specifically those that describe prerequisites or costs to external stakeholders.

Outside-In

Outside-In activities are those that benefit external stakeholders by modifying the services or processes of IT. Service Level Management sits firmly in this area. The Service Improvement initiatives within CSI certainly fit here too. Alignment of IT with organizational strategy also reside predominantly in this quadrant.

Outside-Out

Does IT ever perform Outside-Out activities? With a few exceptions, yes, all IT organizations do.

Outside-Out efforts or improvement activities take place whenever IT acts as a consultant to the organization by bringing its unique capabilities and resources to business problems.

Some examples may include:

  • Strategic planning
  • Creating new lines of business
  • Due diligence of partnerships or acquisitions
  • Enterprise Risk Management and Business Continuity Planning

From an ITIL process perspective,  Outside-Out quadrant is best illustrated by Business Relationship Management (SS) and Supplier Management (SD), and some activities of Change Management (ST) and Knowledge Management (ST).

Optimizing the matrix

In no case did we ever claim that any one quadrant is better than another. IT departments of the last century received criticism for focusing too much on inward benefits and losing focus on the broader context in which IT operates. That situation was expensive, frustrating to users, and ultimately untenable.

IT organizations in this century must and do perform activities in all four quadrants. Neglecting any quadrant can lead to the following outcomes.

Benefit-Change-Neglect-MatrixClick to expand

Using frameworks such as ITIL, COBIT 5, or ISO/IEC 20000 to guide improvement initiatives can help IT organizations balance their efforts in all quadrants.

Much Ado Over Gamification

Gamification is coming, whether you need it or not.

In December 2013, BMC announced a partnership with Bunchball to integrate its game mechanics engine with RemedyForce. I am told other vendors have game mechanics on their roadmaps.

Two years and a half years ago I expressed my skepticism about including game mechanics in non-game scenarios. We are still waiting for anything to happen. And waiting, and waiting…

The idea behind gamification is to promote desired behaviors. Examples may include first call resolution of calls, submission of knowledge base articles, utilization of KB articles in issue resolution, on-time resolutions Incidents and Requests, implementation of Changes without an Incident, etc.

Question Mark BadgeAny behaviors you ever desired with traditional tools can be reinforced with game mechanics. Traditional tools include dashboards, metrics reports, disciplinary actions, public humiliation, and performance rewards. To these we are adding badges, leader boards, and progress bars.

It seems to me a like much ado over very little.

ITIL Certifications for 2013

The ITIL Exam Certification Statistics for 2013 are out, and we are now ready to present the final results.

All the images below may be expanded for higher resolution. All numbers are rounded to thousands (Foundation) or hundreds (Advanced) unless otherwise indicated.

Foundation

A total of 245,000 certificates were issued in 2013, up 3.6% from 236,000 in 2012. There are now 1.73 million little ITIL’ers in the world.

Pass rates increased about 1% to 91%. The compound annual growth rates (CAGR) of annual certificates since 2008 was 1.69%.

The regional distribution of ITIL certificates shifted only slightly from North America and Europe to Asia, whose market share rose 1.1% to 33.8%.

Intermediate

Overall the Intermediate market is growing faster and changing more rapidly than the Foundations market.

A total of 33,300 Intermediate Lifecycle certificates were issued in 2013, up 26% from 2012. In addition 17,600 Intermediate Capability certificates were issued in 2013, up 10% from 2012. We don’t know how many unique individuals this represents, but we can assume that most individuals do not stop at one.

The market share of Lifecycle, adjusted by credit hours, increased from 55.3% in 2012 to 58.8% in 2013. Although gradual, the Lifecycle exams are slowly coming to dominate the Intermediate certification market.

The MALC (alt. MATL) exam was passed 4,500 times in 2013, up 21% from 2012. There are now 25,000 ITIL Experts in existence. (Please note, this number differs slightly from the official number, I assume due to time delays in conferring Expert certificate.)

The regional distribution of Intermediate exams is also shifting. The share of Intermediate certificates is still dominated by Europe, at 41%, down from 47% in 2010. North America declined from 32% in 2010 to 19% in 2013. Meanwhile Asia increased from 12% to 30.5% over the same period. The numbers here represent regional distribution. The number of certificates awarded is up in each market, they are just rising faster in Asia.

 

Goals Versus Outcomes

Examples of Goals

Revenue

Market Share

Sales Targets

Expanded Customer Base

Unicorn in 5 years — Cash Out (Kaching!)

 

Fairly common goals, right? Sorry, people. These are outcomes of goals, but they are not goals themselves.

I have seen too many people confuse them. I have worked for too many such “leaders“.

These are better goals.
– “Fuck yeah, those guys rocked.”
– “Those guys keep every promise they make.”
– We remember the little things, that the customers forget.
– Our software is incredibly easy to use.
– Customers cannot believe how fast we return the data.
– Our customers never knew how much they knew.

ITIL Exams for Oct 2013

Axelos has updated their ITIL Exam Performance Statistics through October of last year. There are no major breakthroughs since the statistics were last reported here for 2012. I am providing only major highlights.

ITIL Foundation

196,000 ITIL Foundation certificates have been awarded so far in 2013, out of 216,000 attempts, an overall pass rate of 91%, up from 90% in 2012. There are now a little over 1.1 million ITIL V3 certificate holders.

The overall attempt rate is flat compared with the same 9 months in 2012. As a result, I predict the total number of new certificates in 2013 will hold flat with 2012, at around 236,000.

Intermediate and Expert

A total of 39,000 Intermediate certificates have been issued during the first 10 months of 2013, up from 35,000 during the same period in 2012. The total number of certificates should reach 47,000 for the whole year.

Intermediate pass rates ranged from 73.8% (Capability SOA) to 82.3% (Lifecycle CSI). Overall pass rates for Lifecycle are slightly higher (80% vs. 78%). The pass rate for MALC is 66.1% in 2013, the lowest overall.

The “marketshare” of the Lifecycle track rose to 58% so far in 2013, compared with 55% in 2012. This is the number of total number of each type taken, adjusted by the number of credits received.

3,200 ITIL V3 Experts have been minted so far in 2013, compared with 3,000 for the same period in 2012. I am reporting a total of 23,720 ITIL V3 Experts, while Axelos reports 23,141. Axelos may be under-reporting due to time lags. I may be over-reporting based on pass rates of the MALC exam.

ITIL Lifecycle or Capability Track?

For the ITIL V3 Expert I used Art Of Service’s e-learning program, and recommended it. If I were starting now I would seriously consider the HP VISPEL program. Candidates should probably should consider the 360 day license unless they have a lot of spare time to complete the 180 day program on time.

Regarding Lifecycle vs. Capability track, the Lifecycle track is more popular and aligned with the books. The Capability track uses other books for study, but is suitable for practitioners who will stay at Intermediate. Some certification figures are found on this site. I will update the stats once the June (mid-year) figures are released.

http://itsminfo.com/2012-itil-exam-statistics/