Confusion in the Ranks: IT Service Management Practice and Terminology

Abstract: The Information Technology Service Management (ITSM) movement is gaining adopters throughout the world, expanding from the 2005 ratification of International Standards Organization (ISO) ISO/IEC 20000. However, this concept grew out of older frameworks such as Britain’s IT Infrastructure Library (ITIL) and U.S. service level management (SLM). To further confuse the landscape, there are also related terms such as business service management (BSM), the Control Objectives for Information and related Technology (CobiT), and IT governance.

There is a lack of descriptive academic literature currently published, which has mainly focused on prescriptive pieces. This paper gives a background on the several contributing frameworks mentioned above, and reports on a survey U.S. IT managers to determine the extent of understanding of these terms and frameworks. The findings indicate that ITSM adoption and knowledge may be lower than some studies have indicated. There is also conceptual confusion about what constitutes ITSM, with conflation of terms and practices.

Reference: Winniford, M., Conger, S., & Erickson-Harris, L. (2009, Spring2009). Confusion in the Ranks: IT Service Management Practice and Terminology. Information Systems Management, 26(2), 153-163.

Link: http://www.informaworld.com/smpp/content~db=all~content=a910451171

Comments: The authors used a third-party research firm to interview 364 American companies whether they are or are planning to manage IT from a services perspective, which may include ITSM, SLM, or BSM. They found that a little less than half are implementing service management, and another fifteen percent are planning to to do so. The most recognized services frameworks, in order, are SLM, ITSM and IT Governance, followed by CoBIT. Only two-thirds of organizations implementing service management recognized the term ITIL, versus one-third of those not implementing service management. An interesting finding was that even among those implementing service management frameworks, a majority could not correctly identify a service they offer (i.e. quality, which is actually a measurement of service effectiveness).

Among the reasons for not implementing service management included not enough information, costs, belief it isn’t needed, and lack of management support. Less than twenty percent admitted they didn’t want the accountability, though in my experience this number is really a great deal higher.

In my opinion this is one of the better academic studies performed in the area of IT service management. The authors identified lower support for ITSM than purported by other authors in the area. They also identified much greater confusion and much lower awareness of ITSM among practitioners and academic researchers. My own personal observations working with 50+ companies is consisent with the findings in this paper.

Exploring IT Governance in Theory and Practice in a Large Multi-National Organisation in Australia

Link: http://www.informaworld.com/smpp/content~content=a910451709~db=all~jumptype=rss

Reference: Willson, P., & Pollard, C. (2009, Spring2009). Exploring IT Governance in Theory and Practice in a Large Multi-National Organisation in Australia. Information Systems Management, 26(2), 98-109.

Abstract: IT governance is critical to most organisations and has an influence on the value generated by IT investments. Unfortunately, IT governance is more aspiration than reality in many organisations. This research seeks to address the dearth of empirical evidence about IT governance in practice, presenting the findings of an IT governance case study in an Australian organisation. Recommendations are provided to assist organisations to maximise potential of IT governance and insights are provided for researchers.

Comments:

In his book Secrets and Lies: Digital Security in a Networked World, author Bruce Schneier frequently addressed the following comment:

In theory there is no difference between theory and reality. In reality there is.

For this research the authors interviewed 28 senior IT and corporate managers at an Australian MNE in order to address two questions:

  1. What is the nature of IT governance in practice?
  2. What factors contribute to differences between theory and practice?

Their analysis of the interviews identified four major themes that do not entirely overlap with theoretical models of IT governance. For example, although IT governance models frequently deal with risk management of IT-related risks, the subject organization restricts risk management activities primarily to the area of project risk management. The research highlights the importance of visionary leadership and key players in IT-business alignment, and also introduces the importance of historical context in the governance of IT and its initiatives.

Researchers and industry frameworks, such as COBIT and ITIL, frequently document practices that have little relevance in most organizations. For example, during my implementations of CMDB at customer sites, I emphasize the importance of aligning IT service, logical, and phsysical assets with the organization through relationships in a top-down approach. In practice most organizations ignore this advice and build the CMDB bottom-up through the identification of physical assets. In other words, their most pressing concern is to manage the “thinks they can kick” in a way that won’t achieve benefits the CMDB may, in theory, provide. These differences between the theoretical and practical are important, and I would like to see more research like this that covers practical application.

A Conceptual Framework for the Integration of IT Infrastructure Management, IT Service Management and IT Governance

Link: www.waset.org/pwaset/v52/v52-69.pdf

Reference: Knahl, M. (2009, April). A Conceptual Framework for the Integration of IT Infrastructure Management, IT Service Management and IT Governance. Proceedings of World Academy of Science: Engineering & Technology, 40, 447-452.

Abstract: The definition and use of standardized IT Management techniques and processes provide the basis for IT Service Management and IT Governance. With the establishment of de facto standard “Best Practice” reference and process models such as the IT Infrastructure Library (ITIL) or Control Objectives for IT and related Technologies (CobiT), an integrated management architecture for the provision of IT-Services built upon standards based processes and tools becomes feasible. ITIL provides a structured and widely adopted approach to IT Service Management and its processes. ITIL can further be aligned with related standards such as ISO 20000 to manifest IT Service Management practice or CobiT to support IT Governance. However IT Management processes must be developed to align with the existing IT infrastructure and operation and must be modeled around frameworks such as ITIL. This paper illustrates the key IT Management requirements and reviews the current state of the art. A case study highlights the contribution of reference models and management related tools for organizations and presents an integrated management architecture.

Comments: This paper presents a case study, saying the definition of SLA’s and KPI’s are critical to the success of the implementation, and I would have liked to have seen in details what these were. In addition, the first phase of the ITSM rollout includes Configuration Management but not Change Management. I wonder how they plan to keep the CMDB up-to-date.

Wall Street & Technology CIO Round Panel

Here is an interesting round panel discussion on 2009 challenges in the financial industry from Wall Street & Technology. 

There is a major challenge for CIOs because they know what’s coming in the next year or two. They know they are going to be called upon to do much, much more with potentially much, much less. So potentially driving the efficiency in the IT organization is no small feat. They are going to have to figure out ways that technology can help.

The observations are specific to the financial industry, and as such are not very surprising. The industry remains beset by toxic assets on its balance sheets and declining (or highly volatile) asset values. Profitability challenges will constrain spending throughout 2009, on the top and bottom lines. Economists widely blame the current recession on “creative’ instruments and lack of regulatory oversight of the financial industry. In this environment leaders have little choice but to retrench on spending and deal with increasing regulatory scrutiny.

These observations don’t necessarily apply to other industries. Although the economic climate is challenged, there is opportunity in change, and 2009 may become a “breakout” year for aligning IT with organizational drivers. Alignment is a two-way street, and for many organizations it will not occur until IT is more successful in helping define strategic plans, rather than merely reflecting the organizational strategic plan in the IT strategic plan.

Why ISACA Certifications Will Supercede ITIL

Below is a list of the top reasons ISACA’s COBIT Foundation and CGEIT certifications will become more popular than ITIL certifications. I am not suggesting the ITIL certifications will go away or be replaced by ISACA, in part because their frameworks are complementary and not entirely competitive. Nevertheless, ITIL and COBIT going in different directions, particularly ITIL doing everything wrong and COBIT doing things mostly right.

  1. ITIL V3 framework has become complicated and convoluted. Although ITIL V3 is supposed to provide clearer guidance for implementation, in most cases it is simply too complicated for organizations who still desire a piecemeal approach. Most IT practitioners still think in ITIL V2 terms (Incident, Problem, Change, Configuration) and ignore the V3 additions.
  2. COBIT is more rigorous and intellectually consistent. It lends itself easier to auditing. Many organizations wish to adhere to SOX requirements, even if they are not publicly traded. On the other hand, I haven’t yet seen an organization that desires ISO/IEC 20000 certification.
  3. ISACA documentation is more readily available to organizations at affordable prices. ITIL documentation has become expensive, and an apparent moneymaker for OGC and its related organizations.
  4. ITIL certifications (beyond Foundation) require classroom training that are mostly a moneymaking racket for APM Group and the OGC. Few will afford the $10K plus costs to obtain higher levels of certification–fewer will want to. ITIL Foundation will remain far more popular than the higher certifications, even among practitioners with significant experience with ITIL.
  5. The COBIT Foundation certification is similar in structure to the ITIL Foundation, and serves the same basic function. The two are equivalent and complementary, and COBIT Foundation will soon become as popular as ITIL Foundation. I believe this was a brilliant move by ISACA.
  6. The CGEIT requires real-world experience, in addition to a structured exam. In this way CGEIT is similar to CISA and PMI’s PMP certifications, both of which are very popular and respected.

McKinsey Survey: IT Potential Unmet

In a December 2008 survey of C-level executives titled IT’s unmet potential: McKinsey Global Survey Results (free registration required), McKinsey Global Institute documents the discrepancy between the desired and actual business results of IT. It also demonstrates some differences between the expectations among IT and non-IT executives. Of particular interest:

  • Nearly two-thirds of executives believe their organizations are at risk of information or technology-related disruptions, and less than half believe they are prepared to manage these disruptions. Concern is greater among IT executives.
  • IT efforts are concentrated on improving the efficiency of business processes, but there exists stronger desire to improve the effectiveness of these processes. An even stronger gap exists between the ability and desire for IT to help create new products or services.
  • An even stronger discrepancy exists in the alignment of IT and business strategies. Whereas 67 percent of C-level executives desire strong alignment (“Business and IT strategy tightly integrated, influence each other”) only 22 percent said they actually are. Twice as many organizations said their corporate strategies are developed first.

The discrepancies between IT and non-IT executive responses were even more interesting:

  • IT managers were more likely to emphasize improving the talent of their IT staff (57 percent) than their non-IT counterparts (42 percent).
  • IT managers want to consolidate IT functions to a centralized IT (21 percent) than their non-IT counterparts (14 percent).
  • IT managers are more concerned about reallocating budgets to focus on value drivers and improving IT governance and oversight.
  • On the other hand, non-IT managers were more interested in outsourcing IT functions (22 percent) than were IT managers (18 percent).
  • Whereas more managers expect to reduce IT operating costs in 2009 versus increase them (43 percent versus 23 percent), the numbers are almost perfectly inverted when they look at new IT investments (26 percent versus 41 percent).

The final point suggests 2009 may become a turnaround year for IT executives, in which IT is able to influence organizational strategy in order to capitalize on strengthening their positions during this global recession. This final point is important: change begets opportunity, and those organizations who strengthen their positions during the downturn will benefit during the next recovery. Often the ability to seize the opportunities is inversely related to debt carried, so look for cash-strong companies to become stronger.

By the way, the outlook for IT project managers also remains relatively strong.

IT Spending Flat in 2009

Computer Economics reports zero growth in IT spending in 2009

IT operational spending growth peaked in 2007 at 5.0% and then declined this year to 4.0%. As reported earlier in this study, however, a significant number (41%) of respondents do not expect to spend all of the money budgeted for this year, which means that the 2008 growth rate will almost certainly fall short of the budgeted 4.0% rate. That pessimism extends into 2009.

The news is even worse: Not only do more companies expect spending cuts in 2009 than increases, but many organizations have spent–or plan to spend–less than their budgets in 2008. It also means that in fixed dollar terms, IT spending will be down 3-4%.

IT spending is now a microcosm of the economy as a whole. The best and worst of expectations of Information Technology have been removed from C-suites, which means IT spending is more grounded in actual business performance. This is good, in that we don’t expect IT spending to underperform the broader economy, as we saw in the 2001/2002 recession, but it also means outlandish ideas of IT-derived productivity will not buffer IT from the current recession either.

In a nutshell, IT investments are more closely aligned with business requirements, which is a major goal of good IT governance.

On Enterprise Risks

Here are some nice observations on risk. 

Risk in the case of the meltdown of the balance sheets of the world’s most important financial institutions is quite different than the type of risk that financial institutions and insurance agencies were used to dealing with. What characterizes what we might term “normal risk” are three things: it is exogenous, stationary and uncorrelated.  

Although non-standard risks are difficult to plan for and manage, we must do so nonetheless. Risk models that breakdown when risks are endogenous, moving, or correlated is like building a car whose seat belts when the driver falls asleep, or whose car bag fails over 10Mph.

Transparency is a core issue. Risks cannot be managed if they cannot be measured. If government is to become the insurer of last resort, then it has the right (and obligation) to ensure transparency of the markets. The CDO and DSO markets are very opaque, to the benefit of nobody except a small handful of inside players.

If ERM is limited to risks that are exogenous, stationary, and uncorrelated, then I wonder whether we need to begin applying principles of BCP to ERM, particularly the need to identify and plan for the “worst case scenario”, which will help identify systemic risks which cannot be identified with traditional methods.

Researching the Value of Project Management

On Tuesday I attended the monthly dinner meeting of Portland Chapter of the Project Management Institute, where Dr. Janice Thomas presented some results of her three year study that PMI will sell this year in a paper called Research on the Value of Project Management. The research team studied over 60 organizations over a year and a half in a variety of industries. They gained access to senior managers and detailed project records in order to corroborate interview statements with actual findings.

I initially skeptical of the research. Imagine this: research sponsored by the Project Management Institute finds that organizations always find value in Project Management. The research sponsor proclaims “I can definitively say that project management will bring value to companies”. However, the presentation by Dr. Janice Thomas showed she was very intelligent and thoughtful, and she was aware of the implicit biases.

Some interesting observations:

  1. Companies who focus on project management to control costs find a strong correlation with customer satisfaction, and that correlation is negative.
  2. No company in the sample could deliver ROI numbers for their project management programs. In other words, there was no ROI for calculating ROI.
  3. Companies who benefit from project management cannot simply make a one-time investment and then let it go. They must continually adjust, improve, and invest in the project management program for it to continue to succeed.

The full research paper will be available at PMI.org for $50 for non-members and $40 for members.