COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effective governance and management of enterprise IT.
The new processes definitions of COBIT 5 are based on the principles in ISO 38500 and the ISO 15504 Process Capability Assessment Model.
I recommend that you read the responses made by Peter Hill to this blog post
Far from muddying the water the COBIT 5 framework makes a clear distinction between governance and management. COBIT 5 is based on five high level principles and Principle 5 is about the separation of Governance from Management.
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed direction and objectives [EDM]
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives [PBRM]
The COBIT 5 Development Team has digested all of the feedback from the public exposure and has been working diligently to incorporate the significant observations.
The completion of the Framework and Process Reference Guide are on schedule and both will be published in March or April 2012, along with COBIT 5:
The Implementation Guide, which is intended to assist stakeholders in implementing COBIT 5 for governance and management of enterprise information and technology assets.
The COBIT 5 Implementation Guide is being finalised for release in March.
There are seven phases in the implementation lifecycle which describe how to establish an approach to deliver a sustainable set of governance and management processes for the enterprise.
Phase 1 starts with recognising and agreeing to the need for an implementation or improvement initiative
Phase 2 is focused on defining the scope of the implementation or improvement initiative using COBIT’s mapping of enterprise goals to IT‐related goals to the associated IT processes.
During phase 3, an improvement target is set, followed by a more detailed analysis leveraging COBIT’s guidance to identify gaps and potential solutions.
Phase 4 plans practical solutions by defining projects supported by justifiable business cases.
The proposed solutions are implemented into day‐to‐day practices in phase 5.
Phase 6 focuses on the sustainable operation of the new or improved enablers and the monitoring of the achievement of expected benefits.
During phase 7, the overall success of the initiative is reviewed.
A practical COBIT 5 and IT governance seminar is scheduled for London (23rd Feb) this seminar provide delegates with an understanding of COBIT 5, how to implement IT governance and management processes, measure capability and manage performance.
In my experience the implementation of a governance framework enables strategic decision making and ensures IS investments are optimized, aligned with business strategy, and deliver required value within acceptable risk boundaries.
The governance framework sets out the hierarchy of forums that should be in place to allow IS leadership to monitor, measure and drive IS alignment to business priorities.
Decision making in the governance hierarchy takes place at the right level – i.e. empower people
The new COBIT 5 governance processes [Evaluate, Direct, Monitor] provide guidance on how to define and deliver Business value for identified stakeholders.
The role of IT is to serve the Business and the guidance provided in COBIT5 will help internal / external Service Providers take an Outside In approach.
This can be achieved by aligning Governance objectives and mapping Enterprise related goals with IT related goals.
Last week the World Economic Forum launched an initiative to help protect the digital environment by improving global resilience to major cyber risks.
The “Partnership for Cyber Resilience” is a set of shared principles, signed and endorsed by Chief Executives of companies which recognize the interdependence of all organizations in combating cyber risks in a hyperconnected world.
Cyber resilience, it says, “is defined as the ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery.”
The PCR Initiative’s steering board are:
Ian Livingston, CEO, BT Group;
Bill McCracken, CEO, CA Technologies;
Michael Chertoff, former secretary of Homeland Security and now Managing Principal, Chertoff Group – a risk management and security consulting company;
Robert Wainwright, Director, Europol (European Police);
Natarajan Chandrasekaran, CEO & MD, Tata Consultancy Services
I recommend that you watch the first 5 minutes where Alan Marcus outlines this critical protection issue and commitment required from CEOs to cyber security.
“This initiative is essentially an attempt to immunize the Internet. The more stakeholders endorse and implement the principles the higher the chances to safeguard the digital environment.”
I recommend that you read the short 15 pagePCR Principles and Guidelines document which includes a C-Suite Checklist on page 11.
In today’s Observer there is an article in which the Cabinet Office warns that the London Olympics could crash the internet. Fears of an internet meltdown during the London Games may lead to web access being rationed for British businesses
Additionally, BBC News Technology reported this week that Israel, Finland and Sweden are seen as leading the way in “cyber-readiness“, according to a major new security report. The McAfee-backed cyberdefence survey deemed China, Brazil and Mexico as being among the least able to defend themselves against emerging attacks.
ITIL 2011 Edition Service Design define resilience as – “The ability of an IT service or other configuration item to resist failure or to recover in a timely manner following a failure. For example, an armoured cable will resist failure when put under stress.”
Page 167 – The requirements for resilience in the IT infrastructure should always be considered at the time of service design. However, for many services, the resilience of the service is only considered after it is in live operational use. Incorporating resilience into service design is much more effective and efficient than trying to add it at a later date, once a service has become operational.
So you should now be aware of the new “Partnership for Cyber Resilience” initiative which will engender support among industry leaders to a common set of guidelines and principles. It is of interest that 3 of the 5 members of the Steering Board are CEOs of global Technology firms – BT, CA and TCS. The requirements that they have helped shape will need to be addressed by Global and National Service Providers.
In essence, the key question an internal / external service provider should ask is how “cyber-ready” are we to “protect and serve” the Business?
This week Robert E Stroud posted a message asking whether #itil or #iso20000 metrics were more important in your organization.
RT @wdgll@RobertEStroud ITIL KPIs too broad. ISO20000 reqs are too easy. My choice is COBIT 5 where you are on the ISACA board so u know
@wdgll I am looking forward to #Cobit5 – it will assist business and IT to drive value whilst effectively managing #risk
So what does the ITIL 2011 Edition have to say. Continual Service Improvement core volume states that the treatment of service measurement and service reporting has been clarified. Because all processes have an element of measurement and reporting embedded within them, service measurement and service reporting are not considered to be processes.
Metric definition – (ITIL Continual Service Improvement) Something that is measured and reported to help manage a process, IT service or activity.
[youtube http://youtu.be/z5N-vPPP8SQ]
Malcolm Fry talks about the power of metrics. IT measures what we can do rather than what we can achieve. IT must set targets that make sense to the Business.
KPI definition – (ITIL Continual Service Improvement) (ITIL Service Design) A metric that is used to help manage an IT service, process, plan, project or other activity. Key performance indicators are used to measure the achievement of critical success factors. Many metrics may be measured, but only the most important of these are defined as key performance indicators and used to actively manage and report on the process, IT service or activity. They should be selected to ensure that efficiency, effectiveness and cost effectiveness are all managed.
Achieving ISO/IEC 20000. Making Metrics Work – Jenny Dugmore and Shirley Lacy. This book gives a practical view of metrics and service reports and explains their importance in delivering an effective service and to service improvements.
COBIT 5 describes Enterprise Goal Metrics and IT Related Goal Metrics. Here is an example of the goals and metrics:
Enterprise Goal – Agile response to a changing businesss environment.
Enterprise Metric – Level of Board satisfaction with enterprise responsiveness to new requirements
IT Related Goal – Adequate use of applications, information and technology solutions
IT Related Metric – Percent of business process owners satisfied with supporting IT products and services
Regardless of whether a service organisation is measuring performance using metrics (efficiency, effectiveness) or KPIs the metrics that matter most are those that are aligned to Business outcomes. A business metric is any type of measurement used to gauge some quantifiable component of a company’s performance, such as return on investment (ROI), employee and customer churn rates, revenues, and so on.
When a service organisation has identified and deployed the right capabilities major transformation is possible. Here is an example:
[youtube http://youtu.be/Ny5S8Kt7Txw]
The key stakeholders for any Transformation programme must be the CFO and the COO. GBS has freed up $560-$690m of value
It is recommended that a service provider take an “Outside In” approach in order to define and agree the metrics that matter most to the Business.
To all you Business Relationship Managers or Business Partners, I recommend that you become familiar with the Goals and Metrics set out in the COBIT 5 Process Reference Guide. This will better enable you to focus on delivering real benefits to the Business.
Social Service Desk – Adding social media channels to self service
Today, it’s about serving your customers across different channels, whether it’s web-based, online chat, mobile, social media like twitter or email because they are unlikely to pick up the phone.
New Service Desk Model attributes –
multi channel support
RSS feed subscription, forums, chatter
open lines of communication
collaborative knowledge capture and dissemination
and voice of the social customer drives new service development.
A workforce that works seamlessly across platforms and that blurs the divide between private and corporate IT.
wants IT delivered on its own terms
will informally leverage social media and web based services to reduce their own workload
The goal of support is to provide value by helping customers to use services to do their jobs.
Self service and peer support become the default support mechanisms.
Tools will have to facilitate greater communication with other products.
Things we need to unlearn:
• SD activity targets
• The language of ITIl
• The importance of process
• Service Desk as SPOC
• The SD has all the answers
To what extent did the Brighttalk – Service Desk Summit provide a look into the future?
For me, these two presentations soared to the mountain peak whilst others remained in the safe environment of base camp.
Crystal Miceli and James Finister know what good looks like. They are prepared to raise their heads above the parapet and provide a distinctive point of view.
Service desk professionals now operate in a business environment in which their end users or customers are “tech savvy.” This leads to a potential conflict spark point where IT customers believe that they have more IT know-how than the service desk.
The service desk and IT as a whole has to focus on becoming “customer savvy” to embrace these pressures. Customer savvy starts firmly with the soft skills of I&O professionals. Simply, it is the ability to listen to your users/customers and to take on board their IT service suggestions. Secondly, it is then the ability to apply your IT knowledge and experience to these suggestions from a risk, cost, and potential competitive perspective.
Jeff Weinstein (RightAnswers) adds – At the heart of a customer savvy service desk is the challenge for the team to really be on the pulse of its users and know how to address issues in proactive as well as reactive ways.
We’re already seeing clues about the future of the IT help desk today. The workforce is beginning to become more distributed and mobile, while the nature and number of devices people use day-to-day changes rapidly.
The trend toward socially infused customer support probably has only a limited relevance to company IT departments, whose “customers” are really internal staff.
Not only is the nature of the workforce itself becoming more mobile, but so too are the tools used by IT staff to fix problems. We’re already seeing really solid mobile and tablet apps for things like help desk software, remote desktop support, accessing servers via SSH or FTP and managing networks, to name a few. As smartphones and especially tablets become more ubiquitous and powerful, we can realistically expect to see even more robust administrative tools built for them
[vimeo http://vimeo.com/21028044]
In the future, it may not just be tablets and smartphones, but other connected devices as well. As the Web continues to grow outside of its original desktop boundaries, the list of devices IT departments need to support could grow as well. Anything that connects to the Internet and has a potential professional use is something that IT staff will at least need to be familiar with, even if they’re not fully supporting it
“Since it was introduced at Dreamforce, Remedyforce has helped IT departments of all sizes achieve greater success using social, mobile and open, cloud technologies,” said George Hu, executive vice president, salesforce.com. “BMC and salesforce.com are helping to automate the social enterprise by providing the leading IT help desk app in the industry built on Force.com.”
Social IT support – what is it and how does it work? –
While traditional IT support is built on a closed “one-to-one” communication between you and your service desk, social IT support is built on an open “one-to-many” communication between you and your community
It’s relatively easy to introduce social IT into your business. Since most, if not all of your employees or colleagues will already understand the concepts of social media through their use of platforms such as Facebook or Twitter, all you need to do is enable these ways of working within the workplace. There are a growing number of social IT service management platforms emerging, either built entirely on the concepts of social media, or integrating some of these concepts to enable organisations to embrace this new way of working.
“Service Desk 2017”
“Lots of interest in @sdi_institute up and coming paper on Service Desk 2017.
If you’ve a view of the future get in touch if I forgot to ask!” @howardkendall
“Anatomy of the Service Desk”
LANDesk & the SDI are compiling a new whitepaper for 2012 –
The paper will look at how ITSM professionals spend their time, biggest time drains, and levels of pressure, while suggesting ways to improve service desk time-management and productivity.
Chris Dancy, Matthew Hooper and Matt Beran (twitter #ITSMWP) if you have the stamina to sit through 5 episodes!
MyPredictions for the “Service Desk” of the future
Will there be a Service Desk in the future?
The current view of the service desk as a single point of contact for users will not endure. There will be virtualised operations from multiple locations with no concept of a centralised function. This formation will become the default model in the short term to achieve cost savings through less facilities overheads – Telephony, Buildings etc.
Where required to do so, service personnel will be spread across geographies to provide Follow the Sun coverage.
The Service Desk will need to transform into a Customer Interaction Capability that maintains the channel of the customer’s choice with little requirement for human voice interaction.
Non-voice technology – multi-channels – will enable users / customers to communicate just as easily in any format as they do by voice.
In the future more and more customer interactions will occur on the go to help keep track of information from cradle to grave.
“Phablets” Smartphones / tablets will be aware when utility (fit for use) is sub-optimal and will communicate directly with the SaaS product in the Cloud
The future is about the Customer Experience. So can the Customer Interaction Capability keep up with their demanding expectations for instant gratification?
What will the new Customer Interaction Capability be called?
Mult-Channel Service Centre, Service Interaction Centre, Service Storefront…
Have your say – @WDGLL or whatdoesgoodlooklike@gmail.com
The ITIL 2011 Edition Service Strategy core volume defines two types of Internal Service Provider:
“Type I – an Internal Service Provider that is embedded within a Business Unit
Type II – Shared Services Unit, an Internal Service Provider that provides Shared IT services to more than one Business Unit (page 16)
These ISPs are organisational entities that perform a defined set of activities to create and deliver services that support the activities of Business Units” (page 72).
In my experience there is a culture of complacency within Internal Service Providers who have been in a monopolist position for far too long and therefore slow to change.
Internal Service Providers are coming under increasing pressure to demonstrate that they can deliver value whilst responding to business needs in a flexible and responsive manner.
What is IT as a Service and how can it help Internal Service Providers?
IT as a Service is the transformation of IT to a more business-centric approach, focusing on outcomes such as operational efficiency, competitiveness and rapid response. This means that the Internal Service Provider must shift focus from producing IT services to optimizing production and consumption of those services in ways consistent with business requirements.
IT as a Service (ITaaS) is a highly virtualized private cloud offering where customers / users can select from a published menu and self-provision IT services on demand.
The IT as a Service capability provides the business customer / user with the ability to:
(a) get on a self-service portal
(b) pull up the available IT services from a service catalog,
(c) choose the level of service required,
(d) provision the services requested,
(e) as necessary, combine them for increased business value using business process and service tools, and
(f) start using the services.
Bob Laliberte – Enterprise Strategy Group
At 00:50 – CIO is the broker of IT services with a Business priority first
At 01:20 – An overview of the ITaaS Key Characteristics
For years, the promise of running IT departments like an internal service provider in an IT-as-a-Service (ITaaS) model has been elusive. Frameworks such as ITIL have provided an impetus for this service mentality, but with an emphasis on IT operations and less focus on infrastructure and application development. The result was still a siloed IT environment held together by heroic efforts. The majority of IT spending is dedicated to “Keep The Lights On” activities, hindering IT’s ability to keep up with the pace of business innovation. Enter virtualization and cloud computing: essential building blocks for the agility, flexibility, and “services” focus that IT needs to deliver to the business.
Nearly 75 percent of [survey] respondents believe that the shift to IT as a service (ITaaS) will take place in the next three to five years.
“Users now typically want to obtain a service without having to call and ask someone for it. ITaaS is doing just that—providing a catalogue of services to users and allowing them to self-provision applications.”
“IT as a service turns the data center into a revenue-generator instead of cost center,” said Mike Kaul, CEO of Sentilla Corp., Redwood City, Calif. “But analytics are needed to maximize data center efficiency by measuring performance, utilization, capacity, energy usage and total cost of ownership.”
IT-as-a-Service: Save Money on IT Costs While Improving Quality and Service – Chisolm
Many companies are finding that it is simply too costly to maintain internal comprehensive IT departments. As a result, many CFOs are looking to “IT-as-a-service” – IT resources such as email that are accessed as services – to help lower the total cost of ownership and reduce downtime.
Considering that the use of IT-as-a-service can save your company significant costs, while helping you to remain focused on what you know best–how to run your business–what could be better? Your organization will gain technology peace of mind with always-on IT-as-a-service, and significantly reduce business risk in the process.
IT as a Service is the new name for what used to be called a “Private Cloud” – and it simply means a Private Cloud plus the software required for you to offer IT services on an automated, managed and self-service basis to your constituents. To embark upon an IT as a Service initiative, the most important thing you need is a reference architecture that describes the pieces that you will need to assemble in order to deliver IT as a Service (note- you cannot buy “ITaaS in a box” from any single vendor
At this point in time, there is not an IT as a Service product that you can buy from one vendor. Therefore careful attention needs to be paid to every layer of the proposed reference architecture to make sure that the selected products fit together.
EMC is in transition from a traditional IT operation to a groundbreaking IT-as-a-Service model
Why struggle with every change in a vacuum when you can benefit from the experience of others? The pursuit of ITaaS is a great example of when this makes perfect sense.
IT as a Service is a delivery model that leverages cloud infrastructure to enable business users to be more agile through readily-consumable IT services that have transparent prices and service levels.
While it is built on technology, ITaaS isn’t a technology. It is an operational model that transforms our traditional approach to IT into a services-based world.
So what does all this mean for the Internal Service Provider organization?
It is imperative that the Internal Service Provider moves from a focus purely on IT service levels to enabling the provisioning of business services.
To achieve this aim the following capabilities should be established:
Private Cloud Virtualized Platform
Secure Multi-Tenancy by partitioning shared virtualized environments
The Internal Service Provider must address the significant People, Process and Tools changes required to establish the foundations of the “IT as a Service” model. By doing this the Internal Service Provider will become non-optional.
I believe that Internal Service Providers will eventually be forced to adopt “IT as a Service” as the only way of staying relevant to the Business.
What do you think? – Let me know at whatdoesgoodlooklike@gmail.com or @WDGLL
The term “World Class” is typically thrown around loosely by Marketing Departments, however the need to exceed customers expectations for the Olympic Games is a given.
At 01:51 the LOCOG (London Organizing Committee for the Olympic Games) CEO talks about the Customer Experience, how information will be consumed and how it can be enriched through social media.
Technology will improve access to competition information, as it happens, to audiences worldwide across an increasingly complex network of channels for consumption via multiple platforms.
The IT Service Management organisation that is in place to flawlessly deliver information at the Olympics must have a Zero Tolerance [of failure] policy in place and rigorously tested worst case scenarios, such as a large-scale cyber attack.
So let’s take a look at the Service Model. Atos Origin is the prime service integrator and is responsible for leading a consortium of IT partners to design, build and operate the mission critical IT infrastructure and solutions that support the 2012 Games. The Olympic Games are a complex mix of technology, processes and people across multiple partners with many varied dependencies.
A Technology Operations Centre has been established in Canary Wharf. The TOC monitors and controls the IT systems that deliver the results from all the Olympic competitions to the world’s media in real time. For the London Games, Atos expects to process 30% more results data than in Beijing via the Competition Information System and Olympic Data Feed.
CISCO is providing an end to end borderless network infrastructure to make the Olympic Games the most connected sporting event the world has ever seen.
Let’s hope that the huge worldwide customer demand for consumption of live streaming and multimedia over the web can be met by the London Internet Exchange (LINX} which has 10 Points of Presence across London.
The Testing Programme was completed in late 2011 and the “Final Technical Rehearsal 2” will be executed from Feb to Apr.
01:16 – The Technology required for the Olympics is 10 times bigger than for the World Cup because of the number of simultaneous competitions happening at the same time.
SERVICE TRANSITION
The Service Validation and Testing process is described in the above core volume, pages 150-174. The purpose of service validation and testing is to ensure that a new or changed IT service is fit for purpose (Utility) and fit for use (Warranty).
“When validating and testing an end-to-end service, the interfaces to suppliers, customers and partners are important”.
By mapping out the service components in an end-to-end chain and defining where the service boundary lies it is possible to clarify and agree ownership responsibility and who needs to be involved in Service Rehearsals.
A Critical Success Factor (Page 174) states that “Providing evidence that the service assets and configurations have been built and implemented correctly in addition to the service delivering what the customer needs.”
In the event of a Major Incident
Atos has a Major Events Unit which has accumulated extensive and valuable know-how through its involvement with the world’s largest sporting events. This knowledge base is not only limited to the technology, Atos has gathered an in-depth understanding of the processes, risks, people and issues behind an event. Moreover BT has also mobilised a Major Incident Team for the Olympics.
Not Even Good Service Management Practice Let Alone World Class
The decision by LOCOG (London Organizing Committee for the Olympic Games) to suspend the resale of tickets via the Ticketmaster website after problems is a possible portend for the future. The comments by the LOCOG CEO where he stated that “some frustration from prospective purchasers is inevitable” is very disappointing.
Whilst the core infrastructure has been tested and the operational readiness of the Technology Operations Centre has been confirmed, I still envisage that there will be service impacting issues due to insufficient end-to-end service acceptance and readiness testing.
A comprehensive “End-to-End” Service Rehearsal should be conducted. This exercise will highlight if there are any bottlenecks in the dissemination of information services to the Customer.
For example, the Mobile Network Operators must provide assurance that video/data services can be delivered with no delay over the 3G infrastructure.
Another concern that I have is that the Twitter platform will not be able to cope with volumes at peak event times and there will be a significant delay to the delivery of Tweets.
Top of my worry list is that on the 05th August a global community will be watching the men’s 100m final and any service issues will be unacceptable and adversely impact the reputation of the IOC.
The current fiscal austerity and threat of a double dip recession means that there is a burning platform for change across IT enterprises to manage costs whilst enabling future Business growth.
Peter Sondergaard states that the second recession is about to hit which will impact Enterprise IT spending budgets in 2012.
There is a fair degree of consistency in what the research firms / commentators see as the key trends for 2012. I particularly liked what Frank Gens from IDC had to say and I have also picked out the Outside-In messaging from Deloitte and how it resonates with what Ian Clayton has been banging on about for ages. My own observations appear at the foot of the post.
IDC Predictions 2012: Competing for 2020
“Frank Gens presents the IDC outlook for the overall technology marketplace. In 2012, the ICT industry’s shift to its third major platform of growth — built on mobile, cloud, social, and Big Data technologies — will accelerate, forcing the industry’s leaders to make bold investments and fateful decisions.
Worldwide IT spending will grow 6.9%, surprisingly solid growth in a fragile, recovering economy. Mobile devices and apps and emerging markets will be the biggest growth drivers, while European debt issues will dominate downside risks.
Emerging markets IT spending will grow 13.8%, driving a whopping 53% of IT growth. In the second half of 2012, China will supplant Japan as number 2 in the IT market.
“Mobility wins” will be the top theme of the year as mobile devices outship PCs by more than 2 to 1 and generate more revenue than PCs for the first time. 85 billion mobile apps will be downloaded, and mobile data network spending will exceed fixed data network spending for the first time.
The strategic focus in the cloud will shift from infrastructure to application platforms and the race to build the largest portfolios and ecosystems around those platforms.
Spending on public and private cloud services, and the building of those services (the “cloud arms dealer” opportunity), will reach $60 billion. Amazon will join the $1 billion IT vendor club.
In a mobile, cloud-oriented world, the network is more critical an infrastructure than ever. For 2012, we predict rising demand, disruptive infrastructure shifts (to mobile), intensifying challenges (competition, funding), and expanding opportunities (cloud). In short: a world that will require a lot of adaptability to thrive (or even survive) in.
Big Data will join mobile and cloud as the next “must have” competency as the volume of digital content grows to 2.7ZB (1ZB = 1 billion terabytes) in 2012, up 48% from 2011, rocketing toward 8ZB by 2015. There will be lots of Big Data – driven mergers and acquisitions (M&A) activity.
Major IT vendors will make “statement” acquisitions in social networking as social technologies become a core part of IT’s next growth platform. Social platform leader Facebook will attempt to leverage its consumer dominance into a much broader role serving businesses in B2C commerce.
As the number of intelligent communicating devices on the network will outnumber “traditional computing” devices by almost 2 to 1, the way people think about interacting with each other, and with devices on the network, will change. Look for the use of social networking to follow not just people but smart things.
Much of the money will be made on top of the “third platform” by building highvalue, vertically focused solutions. The buildout of these solutions — in healthcare, energy, government, financial services, and retail — will accelerate in 2012 — leaving IT providers without vertical competency on the sidelines.
Gens concludes by saying that by the end of 2012, we’ll have a good idea which vendors will — and won’t — be among the industry’s leaders in 2020.”
Extract from Deloitte Predicts the Top 10 Technology Trends for 2012
Outside-in Architecture: Flexibility in operating and business models is proving more important. As a result, need to share is colliding with need to know and shifting solution architectures away from a siloed, enterprise-out design pattern and into an outside-in approach to delivering business through rapidly evolving ecosystems.
The fundamental shift in focus required by Service Provider organisations away from the current enterprise-out to a new outside-in approach has long been advocated by Ian Clayton. Ian developed the “Outside-In Service Management™ (OI-SM)” term, concepts, and associated methods and services.
Outside In Thinking For Service Provider Organisations
“The Outside-In Service Management™ (OI-SM) program helps service organizations apply “Outside-In” thinking to service management initiatives, ensuring customer centricity, customer thinking, and the creation of value for customers. OI-SM takes precedent over traditional “inside-out”, process, best practice, technology, capability level and service centric efforts.
Traditional improvement efforts, including most IT Service Management projects, work “inside-out”, focusing on what’s happening inside the service provider or infrastructure management organization, how it works, and using internal performance measures.
Outside-In thinking ensures the organization ‘learns to see’ from a customer perspective, and service management and improvement efforts are driven by understanding what a service does for the customer in terms of enabling and supporting their desired results or ‘Successful Customer Outcomes (SCOs)’.”
Gartner – Predicts 2012: Four Forces Combine to Transform the IT Landscape
This Predicts 2012 special report highlights how the control of technology and technology-driven decisions is shifting out of the hands of IT organizations. New forces that are not easily controlled by IT are pushing themselves to the forefront of IT spending.
Specifically, the forces of cloud computing, social media and social networking, mobility and information management are all evolving at a rapid pace. Business unit stakeholders often recognize the value of new technology before IT departments can harness it.
For me, the top three trends for Enterprise IT in 2012 can be summarised as “MoSCo” which refers to Mobility, Social business and Cloud.
Some of my other observations would be:
2012 is not about doing more for less it is about choosing which things you will do and those you have to stop doing altogether. The Business will be directed to cut back on discretionary spending that will impact their key investment decisions. At the same time the Business will need the flexibility to respond quickly to changing imperatives.
In 2012 if the expected service does not meet the perceived service the expectation gap will grow and the Business will go elsewhere. With enterprise mobility will come the need to re-evaluate target service levels which will need to be tiered depending on the device the Business user adopts to access corporate information.
In 2012 there will be increased pressure to craft new and re-negotiate existing contracts requiring best in class Sourcing and Vendor Management capabilities and practitioners within the Service Provider organisation. These SVM professionals must be able to interact with the Business / Procurement whilst actively managing Supplier / Vendor relationships in a multi-sourced environment.
In 2012 the impending “Eurogeddon” crisis will fuel a significant increase in the adoption of cloud based services. As service offerings mature the Business will focus on “Not If, But When” to adopt the cloud especially if it improves project delivery timescales.
In 2012 the Business will examine how, when and what (Infrastructure + Applications + Services) to migrate to the cloud to save cost and resources.
Last Word – I am looking forward to the premiere of “House of Lies” a new American comedy TV show in Jan which is based on the book, House of Lies: How Management Consultants Steal Your Watch and Then Tell You the Time. Survival of the Slickest indeed.
In this post I will address the subject of service intelligence and provide an overview of the Multi -National Company offerings that help clients achieve excellence in Service Management Practices.
As we approach the winter holiday period and you consider selections for your reading list, I suggest you include the following:
Service Intelligence: Improving Your Bottom Line with the Power of IT Service Management
This is a book written for the business professional which talks about IT Service Management concepts in business terms. Sharon Taylor, the @ITSMQueen, explains ITSM by cutting through the jargon.
“Good service management should be relatively invisible to the business. Services should operate as expected, and no service disruptions should be experienced. When support is needed, it should be provided efficiently and effectively, and it should resolve issues the first time. This is typically what we think of as a good service experience”.
This book is about finding those ITSM “a-ha” moments. Coverage includes
Recognizing what excellent IT service looks like and assessing what you’re getting now
Selecting the best IT service providers and services for your needs
Spotting and rectifying trouble with internal or external supplier relationships
Making sure you don’t pay for services you don’t need
Negotiating services, requirements, levels, price, quality, and delivery
Leveraging ITSM practices without losing focus on the business
Creating business-focused service reports and scorecards that focus on what matters most
Introduction – (Illuminating Your Vulnerabilities, Capitalizing on your Strengths, ITSM – in Good Company)
Chapter 1 – ITSM 101: From Data to Wisdom (Data, Information, Knowledge, Wisdom)
Chapter 2 – ITSM: The Business Asset
Chapter 3 – The Service (Anatomy, Ingredients, Catalog, Agreement)
Chapter 4 – IT Service Provider (Types, Competencies, Sourcing)
Chapter 5 – The Negotiation (Decision Styles, Steps, Objectives, The Service Contract)
Chapter 6 – The Service Agreement (Core, Service Package, Description, Hours, Support, Reporting, Complaints, Reviews)
Chapter 7 – The Partnership in Action (Partner Compass, Service Monitoring, Trigger Points, Roles)
Chapter 8 – Service Performance in Action (Indicators, Dashboards)
Chapter 9 – The Bottom Line (Common Cents, Transformations)
Appendix A – IT Strategy Template
Appendix B – Service Contract Template
Appendix C – Service Agreement Template
Appendix D – References for Further Reading
“The mainstay of every business and IT partnership is the knowledge that ITSM requires a holistic approach from governance to operation and is an ongoing journey where a balanced view of the health of the partnership, the services, and the practices enable them to flourish. Even the best ideas at the right time can be made better with solid service management behind them”.
This book definitely explains ITSM or Service Management Practices in business language, however, based on my personal experience, I would have to say that it plays more to the needs of the Procurement function rather than the intended target audience of Business Unit decision makers.
A word of caution to the business reader. Service Management process improvement programmes are sometimes initiated without fully understanding the business problems that need to be resolved.
Being intelligent about IT services & practices
Need to keep a pulse on how well IT Service Management Practices are doing.
Be prepared to invest in your people their attitudes and behaviours
Promote cultural perception and acceptance about Service Management Practices
It is important to reward those people that shift their focus from a technology bias to demonstrate an end-to-end service-focussed culture. Linking levels of acceptance of new ways of working to the company performance appraisal scheme is a powerful way of incentivising people to change their behaviour.
Having capable people is one thing, but without a framework in which they can operate, it is difficult to share “good” practice and deliver results quickly.
Achieving Excellence in Service Management Practices
The Multi-National Companies (MNC), listed below, have invested heavily in optimising processes and developing the competency of their people. They typically provide services from Multi-Client locations which have over the years fine tuned ways of working. It is in their interest to focus on industrialisation which represents a relentless drive to discover how an activity is optimally done, then doing it in exactly the same way every time. It eliminates redundancies, automates and standardises wherever possible, and then drives the work to the most cost-effective and competent workforce available.
New delivery models are emerging in IT Service management Space:
Standardization instead of customization- service providers are standardizing services across heterogeneous environments rather than customizing solutions for each client.
Opex instead of Capex- The cost basis of service delivery models are changing from capital expenditure (CAPEX) to operational expenditure (OpEx) – a sign of both innovation and maturity.
Alternate Cloud-based/SaaS based delivery – adoption of aspects of cloud computing and software as a service (SaaS) for flexible multi-tenant infrastructure management
We look for the best and brightest when hiring so our management is constantly focused on making our workplace one that’s stimulating, positive, and inclusive. A workplace that’s dedicated to serviceexcellence and reflects the highest standards of conduct.
Today, we could not even begin to achieve basic business goals without IT to serve as the central nervous system of the organisation. This means that IT, in the 21st century, delivers a lot more than economic savings. It creates new possibilities, generates new business advantages, empowers new services and strategies, connects organisations with new customers and markets, and much more.
To drive innovation, company growth, alignment between business and IT, your technology organisation must establish a sustainable, service-centric approach. Through service management you can reduce costs, meet compliance requirements, manage risk, and focus on fulfilling strategic business goals.
The recent economic downturn has forced companies to examine many aspects of their operations. Firms have refocused on their value propositions and are increasingly challenging enabling functions like IT to deliver more.
In this new world, IT must improve efficiency and lower cost to serve yet continue to deliver new and improved capabilities and solutions to the business. It must offer flexible and rapid collaboration capabilities yet maintain robust and resilient security. It must scale and industrialise its delivery yet maintain tight alignment and responsiveness to the business units.
CIOs must build service organizations that can choreograph IT services to respond to business threats and opportunities and drive the enterprise forward. Accenture IT Service Excellence helps CIOs achieve this dual imperative.
Achieving service excellence starts with understanding the needs of customers before focusing on internal capabilities such as processes, organisations design, sourcing strategies, tools and technology or skills and training.
IT effectiveness — provides a roadmap of potential IT Effectiveness improvements designed to help the IT function fulfill the evolving IT mandate of managing risk, rationalizing costs and creating value for the entire company.
Sharon Taylor stated that it is about “Selecting the best IT service providers and services for your needs.” One of the selection criteria should cover the relative merits of Internal vs External Service Providers. To what extent can an Internal Service Provider compete with the “Best of the Best”?
Collaboration and co-ordination across large or distributed organisations and service providers is significantly easier when there is a common language and the “best practice” frameworks provide a good starting point for achieving excellence in service management.
At its most basic level, Cloud Computing allows users to obtain computing capabilities through the internet, regardless of their physical location. Computing clouds are in essence online huge datacentres containing thousands of servers hosting web applications. Cloud services from infrastructure to complete business processes can be purchased through web interfaces and turned on and off as they are needed.
Most Business and IT senior executives are aware of the benefits that cloud computing can bring – capital light, lower run costs, agility and faster time to market – all enabled by flexible access to applications and processing power on a pay-per-use basis.
Red Flag 1 – The discretionary (Variable) and non-discretionary (Fixed – Keep The Lights On) cost management pressure that business place on IT will increase to become the new normal. In addition use of an IT resource no longer depends on having the capital to own it. The business is able to source, scale and deliver compute capacity unbound of physical location or labour thanks to the cloud.
Red Flag 2 – Business Units are already choosing third party cloud vendors and bypassing the in-house IT function, which they find to be too slow, bureaucratic and difficult to work with. While IT remains cautious, business users have fully embraced Cloud based services. Cloud usage in the enterprise today is widespread and uncontrolled, with security and audit implications.
It is important to revisit the IT Strategy to incorporate the cloud and the new services it will enable. With this in mind what guidance is available to help formulate the strategy? The most common frameworks are ITIL, ISO 38500 and COBIT 5.
ITIL 2011 Edition – Service Strategy
“Strategy Management for IT services (page 136) is intended for managing the strategy of a service provider: it will include a specification of the types of service it will deliver, the customers of those services and the overall business outcomes to be achieved when the service provider executes the strategy.”
“Strategy Management ensures that all stakeholders are represented in deciding the appropriate direction of the organisation and that they all agree on its objectives and the means whereby resources, capabilities and investments are prioritized.”
Figure 4.3 The strategy management process (page 138) illustrates the Assessment, Generation and Execution phases.
Appendix C – Service Strategy and the Cloud (Page 387)
“The basic principle of the cloud is that whatever IT service or utility a customer needs can be provided directly using the internet (or intranet) on a pay-per-use basis. Customers do not see, nor do they care, how the services are created and delivered.”
ISO/IEC 38500 Corporate governance of information technology
“The objective of ISO 38500 is to provide a structure of principles for directors (including owners, board members, directors, partners and senior executives) to use when evaluating, directing and monitoring the use of IT in their organizations.
Directors should govern IT through three main tasks:
1. Evaluate the current and future use of IT.
2. Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives.
3. Monitor conformance to policies and performance against the plans”.
COBIT 5
COBIT 5 introduces a Governance Domain which has 5 EDM processes as described in my previous post.
In summary the guidance (What) provided by these three frameworks will help design and establish a robust governance framework; however there is limited (How) detail around the specific approach to take for Cloud enabled services.
Formulating a Cloud Computing Strategy
So let’s explore five key decisions that will need to be addressed in order to formulate a cloud computing strategy:
Do we continue to build out our own computing infrastructure?
IT must determine if the computing infrastructure is expensive and too inflexible because a highly virtualised and well managed infrastructure saves money. Some legacy applications will remain core and do not lend themselves to a cloud strategy (e.g. SWIFT transactions) however applications approaching end of life should migrate to avoid further investment.
Which parts of the Business do we move to the cloud?
IT should consider the cloud for new applications or business processes as requirements evolve. The cloud can significantly reduce time to market when rolling out new functionality and processes.
What type of cloud deployment do we use?
Public Cloud: scalable bandwidth shared with multiple tenants.
Private Clouds : applications and services deployed through the cloud but within the confines of the organisations on premise data centre or off premise (TelCos building private clouds for customers)
Hybrid Clouds: Mixing Public and Private Clouds is the preferred solution for the business because it provides the best balance of flexibility and risk management.
How must our governance framework evolve?
IT must retain control over which services are offered and managed and business units will have a say in getting the technology they need.
How do we protect sensitive customer information?
New measures will be required to help ensure that while data can be accessed anywhere and anytime, businesses do not breach data protection laws.
Cloud Computing – Not If but When
What are the actions needed to create the cloud enabled business?
IT must partner closely with business customers across the enterprise to understand and meet their needs in a responsive and cost effective way, while also helping to manage and integrate private, hybrid and public cloud based services alongside existing core business applications and technology.
Appoint a Cloud Leadership Team to drive change across the organisation in a co-ordinated effort that is led by Business and IT champions who aggressively push communications. The team should develop a position on how the cloud will impact the business – create new opportunities, new channels to market and new competitive threats – and how the technology can accelerate existing needs. The Cloud Leadership Team will need to specify which changes are going to have the most profound impact and prioritise these initiatives based on business benefit, difficulty of migration and any required investment spend.
IT must develop and implement a roadmap to replatform or replace existing business applications over time and then to build new applications using cloud based platforms.
As IT implements its new cloud strategy the IT function has a great opportunity to transform its role and establish itself as the business’s supplier of choice.
IT will require new skills and capabilities, for example hybrid managers who are close enough to the business to fully understand their issues and how cloud computing can respond to meet their needs quickly and cost-effectively. These hybrid managers will manage all the current and future cloud vendors and integrate cloud services on behalf of the business.
IT will act as the key service interface between the business units and the various suppliers. Ensuring seamless data integration between cloud and non-cloud services is a critical element of IT’s new role.
IT will need to assess and mitigate the risk of “lock-in”. With Infrastructure as a Service (IaaS) cloud makes it easier to migrate relatively smoothly to another provider. But with Software as a Service (SaaS) data is stored on the supllier’s servers making it difficult to disentangle.
As companies start shifting computing tasks to outside providers in the cloud, intermediaries have emerged to help them do it.
Cloud Service Brokerage
“A successful cloud computing strategy often involves customizing services from one or more vendors. One way to do this is through an intermediary service provider: a Cloud Services Brokerage. A CSB can make it easier to consume and maintain cloud services, while reducing the cost and risk encountered when an enterprise tries to address these issues alone.” Gartner
If you want to consume SaaS, access an Information store or other services then the Cloud Service Broker provides a single interface and can also offer managed services, professionbal services or Business Process Outsourcing.
The Cloud Service Broker sits between public cloud services and the customer taking the commodity like cloud services and customising them to be more specific to the customer. CSB also allows the business to extend their control over their applications and data into the cloud.
The Cloud Service Broker adds value when it is aggregating multiple services.
A recent Gartner report outlined three categories of cloud brokers that will enhance cloud services:
Cloud Service Intermediation: An intermediation broker provides value added services on top of existing cloud platforms, such as identity or access management capabilities.
Aggregation: An aggregation broker provides the “glue” to bring together multiple services and ensure the interoperability and security of data between systems.
Cloud Service Arbitrage: A cloud service arbitrage provides flexibility and “opportunistic choices” by offering multiple similar services to select from.
COBIT 5 (Control Objectives for Information Technology) will be published by the end of Quarter 1, 2012. It is important to recognise that the new version shifts focus away from v4.1 control objectives to the governance and management processes set out in COBIT 5. John W. Lainhart the co-chair of the COBIT 5 task force provides an overview.
John states that COBIT 5 goes into the business perspective not just the IT perspective. There is an increased business focus on enterprise governance and management of IT. The starting point of governance and management activities are the stakeholder needs related to enterprise IT.
The business focus of COBIT 5 is further achieved through identifying all stakeholders and their needs. There are many examples of internal and external stakeholder needs in Fig 10 (Page 25).
The COBIT framework is based on these five principles:
The COBIT 5 Integrator Framework – includes Val IT, Risk IT, the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF) plus integration with other frameworks, standards and practices – ISO, TOGAF, PMBOK and ITIL.
The Governance Objective: Value Creation – Enterprises exist to create value for their stakeholders, so the governance objective for any enterprise is value creation. Value creation means realising benefits at an optimal resource cost whilst optimising risk.
Business and Context Focus – Having a business focus means focussing on enterprise goals and objectives. This relates to every enterprise’s objective for benefits realisation, risk optimisation and resource optimisation. COBIT 5 covers all of the critical business elements, i.e. processes, organisational structures, principles & policies, culture, skills and service capabilities. In addition, a new information model provides a simple link between business information and the IT function.
The COBIT 5 Governance Approach—Enabler Based
The main elements of the governance approach are as follows:
Governance enablers are the organisational resources for governance, such as frameworks, principles, structure, processes and practices
Governance scope: Governance can be applied to the whole enterprise, an entity, a tangible or intangible asset, etc.
Roles, Activities and Relationships: It defines who is involved in governance, how they are involved, what they do and how they interact, within the scope of any governance system.
Governance- and Management structured – The COBIT 5 framework makes a clear distinction between governance and management.
Governance is about the Senior Management team providing a steer and making, sponsoring and enforcing the right decisions to meet enterprise objectives.
Management is responsible for execution by making effective use of resources, people, processes, practices in line with the direction set by the governing body.
COBIT 5 Process Capability Model (replaces the Maturity Model)
An important update in COBIT 5 is the use of the process capability model from ISO/IEC 15504 IT / Software Engineering—Process Assessment which provides a sound standard for the assessment of a process to achieve its required outcome.
Level 0 – Incomplete. Process is not implemented or fails to achieve its process purpose.
Level 1 – Performed. The implemented process achieves its process purpose.
Level 2 – Managed. Process is planned, monitored and work products are established.
Level 3 – Established. Process is capable of achieving its process outcomes.
Level 4 – Predictable. Process now operates within defined limits to achieve its process outcomes
Level 5 – Optimizing. Process is continuously improved to meet current and projected business goals
Previously much debate has been generated about the need to align the Maturity definitions across frameworks. For example:
I suggest that more focus and attention is given to the new Business facing processes than on arguing the relative merits of one level definition against another. It is what it is!
COBIT 5 Process Model
Stakeholders – Processes have internal and external stakeholders
Goal & Metrics – Goals are defined as a statement describing the desired outcome of a process
Lifecycle – defined, created, operated, monitored and adjusted/updated, or retired
Good Practices – are described in cascading levels of detail: practices, activities and detailed activities
Attributes – provide the how, why and what to implement for each governance or management practice
COBIT 5 Process Reference Model
The COBIT 5 Process Reference Model divides the governance and management processes of enterprise IT into two main process domains:
The GOVERNANCE domain, contains five governance processes; within each process, Evaluate, Direct and Monitor practices are defined
EDM1 Set and Maintain the Governance Framework
EDM2 Ensure Value Optimisation
EDM3 Ensure Risk Optimisation
EDM4 Ensure Resource Optimisation
EDM5 Ensure Stakeholder Transparency
The four MANAGEMENT domains, in line with the responsibility areas of Plan, Build, Run and Monitor (PBRM—an evolution of the COBIT 4.1 domains), provides an end‐to‐end coverage of IT.
In COBIT 5, the processes also cover the full scope of business and IT activities related to the governance and management of enterprise IT, thus making the process model truly enterprise-wide.
The Process Reference Guide incorporates COBIT 4.1, Val IT and Risk IT processes and describes the following for each process:
Process Name, Area and Domain
Process Description
Process Purpose Statement
IT Related Goals and Metrics
Process Goals and Metrics
RACI Chart
Process (Governance or Management) Practices, Inputs/Outputs and Activities
The inputs and outputs of a process are defined in detail in the Process Reference Guide.
COBIT 5 Implementation Guide
There are seven phases in the implementation lifecycle which describe how to establish an approach to deliver a sustainable set of governance and management processes for the enterprise.
The major improvement delivered by COBIT 5 is that the new guidance has been packaged in a way that Business leaders can understand and practice how to effectively govern their IT organization. At a time when information assurance, risk and security controls are increasingly important to safeguard the reputation of the Business and meet regulatory requirements; COBIT 5 sets out how to align Business stakeholder needs wit IT related goals by implementing a rigorous governance and management framework.
So, you effectively have four months to tailor the Evaluate, Direct and Monitor processes defined in the Governance domain by working closely with internal and external stakeholders. The clock is ticking and you should expect that the IT Assurance consultants from the big audit practices and the traditional consulting firms are preparing their sales messages for their target clients. By walking the halls and having the right conversations with the Business buyers they will commission engagements following the release of the new standard.
Get ahead of the curve. Download the COBIT Self Assessment Guide – Process Capability Assesment and the COBIT 5 Process Reference Guide. Firstly conduct a gap analysis of your current governance and management framework, then perform an internal assessment against the new process templates and share your findings with the business operations / operational excellence team. Agree any investment spend required to uplift the maturity of the five Governance processes which are visible to the Business. Get tight with the Business in order to define and embed the key governance forums and roll out revised management processes across internal and external Service Providers.
thisiswhatgoodlookslike 