IT Service
Management/Governance
ITIL and COBIT Frameworks (others)
Panel Discussion
SIM Academic Workshop / ICIS 2006
Milwaukee, WI
Dr. Jack D. Becker
University of North Texas
Catherine Szpindor
Retired - VP of IT, Sprint-Nextel
Executive on Grounds – UVA
Peter Beasley
NetWatch Solutions, Inc.
IT Service Management / Governance Overview*
Definition of ITIL, ISO 20000, COBIT


How they overlap and work in parallel to provide a good framework for service
management.
Tie in with COSO and SOX
ITIL & COBIT benefits

Organizational Expectations
Opportunities for academic research

Past, Current & Future
* Special thanks to Dr. Ulrike Schutze, SMU, for her expert advice
2
1
ITIL (Information Technology Infrastructure Library)
What is ITIL?





Best Practice Framework for Delivering IT Services
Developed in 1980’s; first published in 1992
Based on Deming’s Work
Management Procedures for IT Operational Quality and Value
IT Service Management Found in the Service Support and Service Delivery Components of
ITIL
The Seven (7)
ITIL Books
1.
2.
3.
4.
5.
6.
7.
Business Perspective
Planning to implement Service
Mgt
Service Support
Service Delivery
Security Mgt
Applications Mgt
ICT Infrastructure Mgt
3
ISO 20000 – ITIL Triangle
ISO 20000

Composed of 2 components - ISO 20000-1 and ISO 20000-2
Global Standard for Service Management

Compatible with ITIL

ISO 20000-1

Supports an Approach for Service Management to Effectively Meet Business and
Customer Needs
ISO 20000-2

Presents Best Practices for
Service Management
4
2
COBIT

COBIT (Control Objectives for Information and Related
Technology)







Developed in 1992
Set of Best Practice Controls for IT Management
Used Extensively by Auditors to Apprise the State of Corporate Information and Asset
Security
Successful Implementation of ITIL Framework Supports COBIT Control Objectives
Selection of and adherence to a set of standards must also be done
 COBIT; ISO 17799 (BS7799) can also be used
Define the overall control objectives and apply the standards to them
COBIT identifies 34 IT control processes that can all be mapped to the more general
COSO framework, allowing the user to create a roadmap to SOX compliance
5
COSO (Committee of Sponsoring Organizations)
COSO
provides the overall framework for evaluating internal controls
Focuses on controls for Financial Processes
6
3
Framework Benefits ISO / ITIL / COBIT


Goals organizations expect / hope to achieve

Improved credibility with internal IT customers

Improved predictability over infrastructure dynamics

Competitive advantages via promotion of consistent and cost-effective services

Meaningful metrics to manage expectations – internally and externally

Increased up-time and improved levels of service (quality)

Regulation compliance – SOX, HIPAA, etc.
Benefits include

No need to develop a home-grown approach

Fundamental shift to pro-active rather than re-active processes

International support organizations (ITSMF) and ready-trained professionals

Easier by-in from upper management – in vogue adoption
7
Academic Research: Past & Future
Past Research: Lessons Learned; Critical Success Factors; and
Best Practices

Starting an ITIL Project






Start small, where you can have some quick wins
Recognize the high value in Change Management
Small organizations can be successful too
Just get started!!
Vendor led effort even!
Managing ITIL Adoption Within the Organization

Make the system operational – require regular interaction with system
Rely on the data to stay aligned with the business
Consider an “unconscious” implementation, rather than a dedicated effort
Plan to fight resistance from people - have fun!
Keep doing it!





The Role of IT Tools in the ITIL Adoption





Think about the people and process issues before tools
Leverage your existing tools as much as possible
Enables strategic operational readiness
Increase the teams that get benefit from the tool
8
4
Asset/Configuration Management--Sample Mid-size Firm
xxxxx Samantha™ System Summary
Si tes S upported
Client G roups S uppo rt ed
Sh a re d S yst em App li ca ti ons
In tra-C om p a ny
E xterna l- Com p a ny
S ys te m A p p lic atio ns
D at ab a se A p plic at ions
O th er A p plic atio ns
T o ta l Ap plic at ions
S e rve rs
A c tiv e Pro du ction
T es t
D ev elop m e nt
U tility
T otal Active S e rv ers
N on -A ctiv e S erve rs
T otal Se rv ers
77
3
5
10
95
37
13 2
29
25
72
12
109
21
14
228
N etw ork D ev ices
A c tive S witc hes
A c tive R oute rs
O th er Ac tive D evice s
T otal Ac tive N etw ork D evice s
N on -A ctiv e N etwork De vices
T otal Ne tw ork D ev ice s
80
29
15
1 24
68
1 92
SamanthaTM Licensed by NetWatch Solutions, Inc.
9
Asset/Configuration Change Process Metrics
Figure 1
Change P rocess Metrics
NetWatch Solutions
10
5
Asset/Configuration Change Process Metrics (Sample)
Summary Statistics and Metrics from Case Company Governance Activities
H
M
I
Formal Policy &
Procedure
Change Windows per
Week
Change Meetings per
week
Change Advisory Board
Meetings per week
Notice Required Before
Making a Change
Change Effectiveness
Rating
% of Changes that
Follow the Normal
Procedure
% of Changes that have
Urgencies
% of Changes that were
done without advance
notice
Mean time between
failures (MTBF)
Yes
Yes
No
2
2
7
1
1
1
0
1
0
2 days
14 days
1 day
99.57%
99.55%
99.12%
79%
73%
34%
11%
25%
60%
10%
2%
6%
4d 22h 33m
4d 22 h 37m
Not tracked
Mean time to recover
from an outage (MTTR)
Test Plans Required
7 hours 52 min1
6 hours 42 minutes
Not tracked
No
Yes
No
No
Yes
No
No
Yes2
No
Implementation Plans
Required
Controls Implemented
NetWatch Solutions
11
Strategic IS Implications of ITIL-During Somewhat Turbulent Times :-)


IT Service Management Governance ==> (Implies/Enables)
ITIL/COBIT Adoption & Implementation ==> (Implies/Enables)


International Standards
Best Practices in Software enables


Strategic Operational Readiness ==> (Implies/Enables)



Alignment
Agility
Dynamic Reconfiguration Deployment ==> (Implies/Enables)



Vendor-driven solutions
Innovation exploitation
Successful Implementation of new IT Infrastructure/Architecture
Competitive Advantage!! $$$ RESULTS!
12
6
Academic Research: Future
Frameworks and models for ITIL research



There are ample models for IT governance in the literature
Brown and Grant (2006) have collected most of these models in one place.



They conclude that "Weill's [and Ross, 2004] definition [of IT Governance] remains
consistent with an earlier explanation by Boynton et al., (1992) ….”
“….who suggest that IT governance is not concerned with the 'location and
distribution of IT resources themselves, but rather with the location, distribution and
pattern of managerial responsibilities and control that ultimately affect how IT
resources are applied and then implemented.'“
(Brown & Grant (2006) and Weill & Ross (2005)) have identified the following
four dimensions as critical to the success of IT Service Governance:
 IT Service Governance Ownership
 IT Service Governance Decision Domains
 IT Decision Making Approaches
 IT Service Governance Deliverables
13
IT Service Governance Model Dimensions 1 & 2
Brown & Grant (2005); Weill & Ross (2005)
IT Service Governance Ownership
Who is responsible for IT
investments?
Who provides input to IT
investments?
What controls are in place?
Weill & Ross (2005): IT Service Governance Decision Domains
Decision Domains
IT Principles
IT Architecture &
Infrastructure (joined)
Business Application
Requirements
Prioritization & investment
decisions
Alignment of IT with
Business Strategy
The hardware and software
infrastructure: Both
Process and
Technologies
Strategies
Internal or External Software
needs
How and where to invest?
14
7
IT Service Governance Model Dimensions 3 & 4
Weill & Ross (2005)
IT Decision making Approaches
Business
Monarchy
IT Monarchy
Federal system
IT Duopoly
Feudal System
Anarchy
IT Decisions made
by CxO's;
Centralized
Corporate IT
Professionals make
the Decisions; less
Centralized
Hybrid decision
making; Blended
Centralized and
Decentralized
IT executives and a
group of business
leaders from the
operating units;
Blended approach
Autonomous
business units;
Decentralized
Each individual or
group pursues
their own agenda;
Decentralized
Weill & Ross (2005): IT Service Governance Deliverables
Deliverables
Cost-Effectiveness
Financial Performance -- ROI
/ROE
Asset Utilization
Business Growth
Business Flexibility
ROA & Unit IT Costs
Market Share and/or
Revenue Growth
Agility
15
Bibliography










Anthes, G.H. "ITIL Catches on," Computerworld (39:44) 2005, pp 39-42.
Brown, Allen E. and Grant, Gerald G., "Framing the Frameworks: A review of IT
Governance Research," Communications of the AIS, Atlanta, (15) 2005, p. 1.
Conry-Murray, A. "Demystifying the CMDB," Network Magazine (20:8) 2005, pp 5355.
Dubie, D. "American ITIL: Best Practices Win Converts," NetworkWorld (21:35)
2004, p 1 & 14.
Dubie, D. "A Closer Look at ITIL," NetworkWorld (22:30) 2005a, pp 27-30.
Dubie, D. "IT Pros Share their Tales of Making ITIL work," NetworkWorld (22:38)
2005b, p 8 & 20.
Dubie, D. "Taking on IT Service Management," NetworkWorld (22:23) 2005c, p 8.
Margulius, D.L. "IT by the Book," InfoWorld (26:39) 2004, pp 49-52.
Weill, P. "Don't just lead, govern: How top-performing firms govern IT," MIS
Quarterly Executive (3:1) 2004, pp 1-17.
Weill, P., and Ross, J. "A Matrixed Approach to Designing IT Governance," Sloan
Management Review (46:2) 2005, pp 26-34.
16
8
Questions
THE END
9