How to Do More, For More�(Without More)
Managing IT activities by the value the IT service brings to the enterprise is the next step in the evolution of IT service management. Called BSM (business service management), it is the only practical way for IT organizations to continue to meet the needs of the organization both now and in the future. BSM is also the only way business can afford the quality services it needs to compete.
In the BSM model what matters most is what the enterprise needsnot necessarily what business customers want or IT likes to do and is good at. BSM is not a product and does not come out of any box. BSM is a mindset, not a product set, and while you cannot purchase BSM, you can learn how achieve it.
In BSM it is critical to engage the business to help service owners differentiate between their needs and wants, and it is incumbent upon the IT organization to help the service owner understand the ramifications of their decisions. Simply put, IT service consumers must assume responsibility for their demand for, and consumption of, IT services.
The IT organization must also change. Traditionally IT tries to accomplish more than it can. This is evidenced by the abysmal IT project failure rate (>65%), the wasted money (~25% of all hardware and software purchased is never installed) and the fact that IT itself is responsible for most outages (>75%).
IT must learn how to choose the right projects, and then understand what really matters within that project.
Just as a software developer is probably not an expert in sales and marketing, typical customers and users of IT services are not technology professionals. However, customers and service owners are those that fund IT operations. This makes it very important to have an open and honest dialog between the two parties. The concept is to explain the impact of activities or decisions taken or not taken in business terms relevant to the service owner―or, better yet, allow business decision makers to determine this impact themselves.
ITSM, ITIL & BSM
IT service management (ITSM) consists of the manipulation of service assets. IT services empower consumers of the service to achieve some potential. This potential needs to be measured in terms of business outcomes. In many cases, the purpose for an IT service is to improve the enterprises performance within its marketplace, perhaps by offering functionality not found by competitors, or reducing costs. In either case, the goal is competitive advantage from IT investments.
From an IT perspective, many organizations have invested heavily in ITIL in an effort to achieve ITSM. However, in many cases, the benefits realized from these investments are not as expected. The issue is neither ITIL nor process. The most common reason for these failures is an inability to understand what is valuable to the enterprise, and not identifying when to stop improving (e.g., knowing when its good enough.)
It is very important to make every effort to have these questions answered in tangible business terms which connect directly to enterprise objectives, and which may be measured. Without such focus many IT decisionseven those carried out in conjunction with the businesscan be politically motivated. While one can argue that it is personally desirable to please powerful individuals for which one works, the right reason for improving an IT service is because that service will improve business outcomes for the enterprise. This is a careful balancing act to ensure a smooth working relationship with peers, subordinates, and managers, and delivering value from IT investments.Managing by value, and measuring value in quantifiable business terms, allows you to overcome these issues. With an open dialog, business leaders can make more informed decisions regarding IT investments, and this leads to IT pursuing those things that have the most value to the enterprise―a win-win scenario that maximizes the value of IT resources.
Determining Service Value
To understand how to manage IT operations and activities based on service value, you must understand where IT value originates―at the boundaries of the enterprise. IT services are simply lubricants to business transactions. IT value becomes visible when the enterprise is able to better serve the marketplace and outperform competitors.
The quest for BSM begins by examining the boundary between the enterprise and its marketplace. IT service value arises from the interplay between the enterprise and the marketplace in two ways. First, IT services provided to employees facilitate the interaction of commerce between the enterprise and the marketplace. In this model of service delivery, the IT service has an indirect impact on enterprise profitability. Second, IT services may also be offered as enterprise products directly to the marketplace as well. In this case they can have a direct impact upon enterprise profitability.
It is important to remember that the purpose for valuing an IT service is to make resource allocation decisions. Also recall that IT services can have a strategic impact on the enterprise and its marketplace. When we combine these two points it becomes clear that the IT organization ought to focus on those services which have the most opportunity to improve the business outcomes desired and expected of the enterprise.
Understanding Service Value
IT services represent potential risks to the business. Of course, IT services also represent potential benefit to the business, but for the purposes of IT service valuation it is important to understand what can happen to the enterprise and its marketplace should be IT service fail to perform as required.
From a business viewpoint, the higher the risk, the higher the value of the IT services. While this may seem strange to IT managers, this is how average business managers consider IT: as a risk. Generally accepted risk management frameworks include three major types of risks that IT services face. These risks to IT services represent risks to the business, and thus contribute to IT service valuation.
The components of IT service value (ordered by risk) are:
- Confidentiality: A security principle that requires that data should only be accessed by authorized people.
- Integrity: A security principle that ensures data and resources are only modified by authorized personnel and activities.
- Availability: Ability of an IT service to perform its agreed function when required.
Confidentiality - From an IT service valuation perspective confidentiality refers to the requirements for an IT service and the business processes it underpins, supports, or creates with regard to maintaining closed or controlled distribution of information, output or artifacts. An example of a confidentiality issue might be the disclosure of service artifacts to unintended or unauthorized parties.
Integrity - Integrity refers to the modification of data without the awareness of appropriate change management control. Examples of integrity issues include malicious modification of data, for example by a hacker. Another example might include the unintended modification of data by a userperhaps misspelling a name.
Availability - Availability refers to the sensitivity of the business process to the lack of service utility for variable periods of time. Some business processes can function for days without important IT services. Other business processes may not function at all without the same service. An example of availability might include the inability to access an Internet application or a major business application.
Calculating Service Value
For each value component (confidentiality, integrity and availability) there are two facets: impact and cost. The value of the IT service is composed of the impact multiplied by the cost of each component and averaged out.
Step 1 is to measure impact in the opinion of the service owner or customer. Using a standard questionnaire, the service owner indicates on a scale of 1 to 10 the relative impact that would occur if confidentiality, integrity or availability becomes compromised. Many times what the IT organization discovers will not align with what the IT organization believes to be important. Also note that each major customer or service owner can have diverging valuations for impact―even for the same services. It is very important to reconcile these issues whenever they appear.
The second step is to understand the costs that would accrue should the impact occur. Again, a standard questionnaire captures the costs on a scale of 1 to 10. Note that costs cover not only cash (income, profit, sales, fines, and penalties) but also legal (privacy, regulatory, legislative, etc.), image (standing, embarrassment, market position, etc.) and safety (personnel, environmental, etc.).
As with impact, service owners and customers may disagree with each other, and with IT regarding costs. It is very important at the conclusion of each stage to present results back to the service owner, customer or users (the interviewees) in order to get their commitment. You will probably discover that the service owner may change their answers when they see each service laid out and labeled in this way. This is because they have never considered the importance of services compared to one another. This is a very important objective for the IT manager and practitionerit begins to educate the service owner (the funder) of the service as to how IT resources will be allocated.
This new awareness will help business manager make better IT funding and priority decisions, which will result in more appropriate IT resource allocations. (As a side note, this is the very definition of business/IT alignment!)
Using Service Valuations
IT service valuations are very important sources of data for balancing resources, choosing IT projects, improving IT service delivery quality, and refining support. At the conclusion of the exercise you will have a detailed understanding of what is important to each customer and service owner; and they will also have a better understanding of their own needs. You will have a score for each IT service, and you can use this score to rank the most important IT services. These are the services that require your immediate attention since they represent the highest business value and, therefore, risk.
While the composite IT service value is critical, of great interest to the IT service provider are the intermediate results, the scores for confidentiality, integrity and availability. These results show precisely which aspects of the IT service matter most.
Perhaps the integrity component of a service is most important from a business perspective. From an IT perspective perhaps it was believed that confidentiality (security) would have been the most important. Once this potential misunderstanding has been rationalized, it can be used to change IT operations. This data is priceless when it comes to selecting IT projects and justifying them.
A great place to get started is to re-use any existing continuity or disaster recovery valuations you or your team may have already produced. These often follow a very similar logic with regard to valuations and present a ready-made source of data that can dramatically accelerate your IT service valuation efforts.
Managing IT operations based on the value of the services for which you are responsible is the only way to accomplish the goals of aligning with the business, controlling costs, improving quality and balancing resource allocations.
In summary, value your IT services to know which service is more important and why so you can prioritize and balance resource allocations. Use your IT service valuations to jump-start or re-focus your BSM or ITIL initiative; meet the changing demands of your business landscape; provide tangible evidence of alignment; move beyond the image of IT as a cost center; and be seen as an innovator and business enabler―all while keeping the lights on!