Reference: Knahl, M. (2009, April). A Conceptual Framework for the Integration of IT Infrastructure Management, IT Service Management and IT Governance. Proceedings of World Academy of Science: Engineering & Technology, 40, 447-452.
Abstract: The definition and use of standardized IT Management techniques and processes provide the basis for IT Service Management and IT Governance. With the establishment of de facto standard “Best Practice” reference and process models such as the IT Infrastructure Library (ITIL) or Control Objectives for IT and related Technologies (CobiT), an integrated management architecture for the provision of IT-Services built upon standards based processes and tools becomes feasible. ITIL provides a structured and widely adopted approach to IT Service Management and its processes. ITIL can further be aligned with related standards such as ISO 20000 to manifest IT Service Management practice or CobiT to support IT Governance. However IT Management processes must be developed to align with the existing IT infrastructure and operation and must be modeled around frameworks such as ITIL. This paper illustrates the key IT Management requirements and reviews the current state of the art. A case study highlights the contribution of reference models and management related tools for organizations and presents an integrated management architecture.
Comments: This paper presents a case study, saying the definition of SLA’s and KPI’s are critical to the success of the implementation, and I would have liked to have seen in details what these were. In addition, the first phase of the ITSM rollout includes Configuration Management but not Change Management. I wonder how they plan to keep the CMDB up-to-date.
Here is an interesting round panel discussion on 2009 challenges in the financial industry from Wall Street & Technology.
There is a major challenge for CIOs because they know what’s coming in the next year or two. They know they are going to be called upon to do much, much more with potentially much, much less. So potentially driving the efficiency in the IT organization is no small feat. They are going to have to figure out ways that technology can help.
The observations are specific to the financial industry, and as such are not very surprising. The industry remains beset by toxic assets on its balance sheets and declining (or highly volatile) asset values. Profitability challenges will constrain spending throughout 2009, on the top and bottom lines. Economists widely blame the current recession on “creative’ instruments and lack of regulatory oversight of the financial industry. In this environment leaders have little choice but to retrench on spending and deal with increasing regulatory scrutiny.
These observations don’t necessarily apply to other industries. Although the economic climate is challenged, there is opportunity in change, and 2009 may become a “breakout” year for aligning IT with organizational drivers. Alignment is a two-way street, and for many organizations it will not occur until IT is more successful in helping define strategic plans, rather than merely reflecting the organizational strategic plan in the IT strategic plan.
Below is a list of the top reasons ISACA’s COBIT Foundation and CGEIT certifications will become more popular than ITIL certifications. I am not suggesting the ITIL certifications will go away or be replaced by ISACA, in part because their frameworks are complementary and not entirely competitive. Nevertheless, ITIL and COBIT going in different directions, particularly ITIL doing everything wrong and COBIT doing things mostly right.
- ITIL V3 framework has become complicated and convoluted. Although ITIL V3 is supposed to provide clearer guidance for implementation, in most cases it is simply too complicated for organizations who still desire a piecemeal approach. Most IT practitioners still think in ITIL V2 terms (Incident, Problem, Change, Configuration) and ignore the V3 additions.
- COBIT is more rigorous and intellectually consistent. It lends itself easier to auditing. Many organizations wish to adhere to SOX requirements, even if they are not publicly traded. On the other hand, I haven’t yet seen an organization that desires ISO/IEC 20000 certification.
- ISACA documentation is more readily available to organizations at affordable prices. ITIL documentation has become expensive, and an apparent moneymaker for OGC and its related organizations.
- ITIL certifications (beyond Foundation) require classroom training that are mostly a moneymaking racket for APM Group and the OGC. Few will afford the $10K plus costs to obtain higher levels of certification–fewer will want to. ITIL Foundation will remain far more popular than the higher certifications, even among practitioners with significant experience with ITIL.
- The COBIT Foundation certification is similar in structure to the ITIL Foundation, and serves the same basic function. The two are equivalent and complementary, and COBIT Foundation will soon become as popular as ITIL Foundation. I believe this was a brilliant move by ISACA.
- The CGEIT requires real-world experience, in addition to a structured exam. In this way CGEIT is similar to CISA and PMI’s PMP certifications, both of which are very popular and respected.
In a December 2008 survey of C-level executives titled IT’s unmet potential: McKinsey Global Survey Results (free registration required), McKinsey Global Institute documents the discrepancy between the desired and actual business results of IT. It also demonstrates some differences between the expectations among IT and non-IT executives. Of particular interest:
- Nearly two-thirds of executives believe their organizations are at risk of information or technology-related disruptions, and less than half believe they are prepared to manage these disruptions. Concern is greater among IT executives.
- IT efforts are concentrated on improving the efficiency of business processes, but there exists stronger desire to improve the effectiveness of these processes. An even stronger gap exists between the ability and desire for IT to help create new products or services.
- An even stronger discrepancy exists in the alignment of IT and business strategies. Whereas 67 percent of C-level executives desire strong alignment (“Business and IT strategy tightly integrated, inﬂuence each other”) only 22 percent said they actually are. Twice as many organizations said their corporate strategies are developed first.
The discrepancies between IT and non-IT executive responses were even more interesting:
- IT managers were more likely to emphasize improving the talent of their IT staff (57 percent) than their non-IT counterparts (42 percent).
- IT managers want to consolidate IT functions to a centralized IT (21 percent) than their non-IT counterparts (14 percent).
- IT managers are more concerned about reallocating budgets to focus on value drivers and improving IT governance and oversight.
- On the other hand, non-IT managers were more interested in outsourcing IT functions (22 percent) than were IT managers (18 percent).
- Whereas more managers expect to reduce IT operating costs in 2009 versus increase them (43 percent versus 23 percent), the numbers are almost perfectly inverted when they look at new IT investments (26 percent versus 41 percent).
The final point suggests 2009 may become a turnaround year for IT executives, in which IT is able to influence organizational strategy in order to capitalize on strengthening their positions during this global recession. This final point is important: change begets opportunity, and those organizations who strengthen their positions during the downturn will benefit during the next recovery. Often the ability to seize the opportunities is inversely related to debt carried, so look for cash-strong companies to become stronger.
By the way, the outlook for IT project managers also remains relatively strong.
Computer Economics reports zero growth in IT spending in 2009.
IT operational spending growth peaked in 2007 at 5.0% and then declined this year to 4.0%. As reported earlier in this study, however, a significant number (41%) of respondents do not expect to spend all of the money budgeted for this year, which means that the 2008 growth rate will almost certainly fall short of the budgeted 4.0% rate. That pessimism extends into 2009.
The news is even worse: Not only do more companies expect spending cuts in 2009 than increases, but many organizations have spent–or plan to spend–less than their budgets in 2008. It also means that in fixed dollar terms, IT spending will be down 3-4%.
IT spending is now a microcosm of the economy as a whole. The best and worst of expectations of Information Technology have been removed from C-suites, which means IT spending is more grounded in actual business performance. This is good, in that we don’t expect IT spending to underperform the broader economy, as we saw in the 2001/2002 recession, but it also means outlandish ideas of IT-derived productivity will not buffer IT from the current recession either.
In a nutshell, IT investments are more closely aligned with business requirements, which is a major goal of good IT governance.
Here are some nice observations on risk.
Risk in the case of the meltdown of the balance sheets of the world’s most important financial institutions is quite different than the type of risk that financial institutions and insurance agencies were used to dealing with. What characterizes what we might term “normal risk” are three things: it is exogenous, stationary and uncorrelated.
Although non-standard risks are difficult to plan for and manage, we must do so nonetheless. Risk models that breakdown when risks are endogenous, moving, or correlated is like building a car whose seat belts when the driver falls asleep, or whose car bag fails over 10Mph.
Transparency is a core issue. Risks cannot be managed if they cannot be measured. If government is to become the insurer of last resort, then it has the right (and obligation) to ensure transparency of the markets. The CDO and DSO markets are very opaque, to the benefit of nobody except a small handful of inside players.
If ERM is limited to risks that are exogenous, stationary, and uncorrelated, then I wonder whether we need to begin applying principles of BCP to ERM, particularly the need to identify and plan for the “worst case scenario”, which will help identify systemic risks which cannot be identified with traditional methods.
On Tuesday I attended the monthly dinner meeting of Portland Chapter of the Project Management Institute, where Dr. Janice Thomas presented some results of her three year study that PMI will sell this year in a paper called Research on the Value of Project Management. The research team studied over 60 organizations over a year and a half in a variety of industries. They gained access to senior managers and detailed project records in order to corroborate interview statements with actual findings.
I initially skeptical of the research. Imagine this: research sponsored by the Project Management Institute finds that organizations always find value in Project Management. The research sponsor proclaims “I can definitively say that project management will bring value to companies”. However, the presentation by Dr. Janice Thomas showed she was very intelligent and thoughtful, and she was aware of the implicit biases.
Some interesting observations:
- Companies who focus on project management to control costs find a strong correlation with customer satisfaction, and that correlation is negative.
- No company in the sample could deliver ROI numbers for their project management programs. In other words, there was no ROI for calculating ROI.
- Companies who benefit from project management cannot simply make a one-time investment and then let it go. They must continually adjust, improve, and invest in the project management program for it to continue to succeed.
The full research paper will be available at PMI.org for $50 for non-members and $40 for members.
Last week Numara Software announced the new version of FootPrints. Cutting through the marketing hype, the new version of the product consists mostly of minor refinements and enhancements to functionality. For example, customer accounts can now be Change approvers (only Agent accounts could approve Changes in v8), and the Address Book now allows a field for manager, which will assist in approving Changes. Otherwise they expanded the tabbed interface in the Project Administration and System Administration screens.
The lack of major new functionality is a good thing, as the product shouldn’t be plagued with a lot of new bugs typically associated with new products. The major new piece of functionality they did add is the Service Catalog, which uses (and extends) the CMDB. Service Catalog is free for CMDB customers. I will review the Service Catalog functionality later, as I haven’t yet had time to play with it in depth.
Note: The author is a contractor and consultant for Numara Software.
Over the years several ITIL-related podcasts have come and gone. Pink Elephant ran a podcast for almost two years, but (apparently) abandoned that effort in April 2008. I am aware of only one remaining Podcast: IT Skeptic(tm). Let me know if you know any others. In good IT governance fashion, it begs the question: what is the ROI on podcasting in this space?