INNOTRAIN IT
IT Service Management QUICK – SIMPLE - CLEAR Preview
Extract
Chapter 3.1
2011
IT Service Management
Authors
Dr. Mariusz Grabowski, Universität der Wirtschaft Krakau Dr. Claus Hoffmann, Beatrix Lang GmbH Philipp Küller, Hochschule Heilbronn Elena-Teodora Miron, Universität Wien Dr. Dariusz Put, Universität der Wirtschaft Krakau Dr. Piotr Soja, Universität der Wirtschaft Krakau Dr. Janusz Stal, Universität der Wirtschaft Krakau Marcus Vogt, Hochschule Heilbronn Dr. Eng. Tadeusz Wilusz, Universität der Wirtschaft Krakau Dr. Agnieszka Zając, Universität der Wirtschaft Krakau
I
3.1 Strategic planning
Each company should define its strategic goals clearly in order to remain a successful player in the market in the future. These goals and requirements should be aligned with an overarching vision and mission. In defining strategic goals, we can apply the SMART principles. According to these principles, objectives should be: !
Specific,
!
Measurable,
!
Achievable,
!
Realistic and
!
Time related.
To evaluate the business objectives with regard to these five criteria, factors such as market metrics (e.g. market share, brand, corporate image, sales figures), financial metrics (e.g. revenues, return on investment/ROI, cash flow, profitability) or operational metrics (e.g. capacity, lead time, inventory levels) are used. Strategic planning consists of two main steps: !
Strategy formation
!
Strategy evaluation
Strategy formation starts with analysing the existing situation (internal and external), continues with specifying goals and finally results in a strategic plan. Strategy evaluation means reviewing ii
strategic options based on three central criteria for success : !
Suitability (will it work?)
!
Feasibility (can it actually be implemented?)
!
Acceptance (will it be accepted?)
Information technology (IT) offers numerous options for attaining the strategic objectives and targets. However, IT must already be taken into account at a very early phase of strategic planning.
3.1.1
Aligning the IT strategy with the corporate strategy
When aligning the IT strategy for small and medium-sized enterprises (SMEs), the focus is on practical benefits of IT and associated concepts. However, even for SMEs, the interaction of business strategy, IT strategy, IT architecture and business architecture has to be taken into account. The following figure explain these relationships.
Figure 3 - Overview of strategies and architectures
The business strategy describes which medium to long-term financial goals the company is pursuing. To stick with our example of Charly's service shop, one of Charly's financial strategy objectives is to reach more customers to ensure optimal utilisation of his shop. The IT strategy is derived from the business strategy. Charly's IT strategy might be increasing his online marketing presence to reach more customers and thus better utilise his shop. Conversely, however, an IT strategy can have implications for the business strategy. New technologies evaluated as part of the IT strategy can enable new products or services and thus have an impact on the future business strategy. In our sample company, Charly expands his business by not only offering a reservation system, but also by successfully setting up a spare parts marketplace. The IT architecture, in turn, results from the IT strategy. To improve his online presence, Charly has to provide and manage new hardware and software. As in the architecture of buildings, essential considerations include function, extensibility and structural stability (in the case of IT, however, we are more likely to talk about data security and availability). Thus the IT architecture
describes the dynamic interaction of all IT components to support the IT strategy. Of course, an IT architecture also has an effect on the IT strategy. Let's stay with our example of building architecture: it is very difficult to take a building originally designed as a residence and turn it into a hotel/restaurant. Similarly, great effort is required to centralise a decentralised IT architecture. In other words: an IT architecture should be as flexible as possible in order to provide the best possible support to changes of IT strategy. The business architecture defines the business processes and how they interact to support the corporate strategy. Optimisation of these business processes can be attained with changes in the IT architecture. On the other hand, technical limitations can be an obstacle to this optimisation. In terms of supporting the business strategy with IT-related investments, the value contribution of IT is of central importance for the company. To gain a complete understanding of the value contribution of IT, we must first consider the subject from various perspectives. First, we have to consider whether using IT brings optimal results with a defined effort and/or expense. Secondly, we have to consider whether companies are able to create competitive advantages using IT and attain higher profits with IT investments. Thirdly, the effect of the company on its customers must be considered, and we have to ask to what extent the benefits are passed on to the customers or demanded by the customers. To align IT with business goals and/or the existing business processes, management should concentrate on the following areas: !
Strategic alignment – with the primary goal of ensuring the correct link between business plans and IT plans. To do so, the additional value created by IT must be defined, safeguarded for the long term and reviewed. In addition, IT workflows and operational workflows must be attuned to each other.
!
Value delivery – here, the focus is on practical use of the additional value created. This guarantees that the IT actually delivers the promised strategic benefits, chief among them cost optimisation.
!
Resource management – with the primary goal of optimising investments in IT-related resources and/or management of these resources. These include applications, information, infrastructure and employees. This focuses in particular on optimising knowledge and infrastructure.
!
Risk management – here, the focus is on creating risk awareness throughout the organisation, from top management down to the last employee. In this context, it is necessary to understand compliance requirements and assign responsibility for risk management within the company.
!
Performance measurement – this involves tracking and monitoring a variety of tasks and projects related to implementing strategies, utilising resources and provisioning services. Various tools, such as balanced scorecards, can be used to ensure that strategic requirements are implemented in measurable targets.
The alignment of business and IT begins at the top level of management during the strategy iii
formation process. In doing so, multiple requirements should be taken into account : !
The alignment must make quantifiable improvements to a business plan—each proposed project should contain financial metrics related to the associated costs and revenues (e.g. discounted cash flow, expected financial earnings). Those who are proposing the project should be responsible for its documentation. In addition, the results should be reviewed on a regular basis.
!
The alignment must always be kept up to date based on business trends and developments: All changes within the company and in its surroundings have an effect on the actual project. Provision should already be made for changing circumstances in the project, and this should be taken into account in the project's scheduling and budgeting. Information must be exchanged between the IT department and the rest of the company, as otherwise "technologists will drift away from the business and misalignment will prevail."
!
During implementation, obstacles to alignment have to be overcome. The discrepancy between project design and reality are not visible until execution. Initial project plans should be based on the objectives that can be attained during execution. All problems that arise should be documented and reviewed from the perspective of the overall project.
!
The alignment has to be planned—the original project plan requires documented agreements for all changes in order to remain up-to-date. During the execution phase, the project plan must be updated continuously in terms of scheduling, budgeting, scope, processes etc. This plan should be the central source of knowledge pertaining to the progress of the project and any changes to it.
!
For IT projects, the focus has to be on requirements of the users; this has to take into account the benefits for users and for the company. IT cannot solve any of a company's problems on its own. From a financial perspective, IT mostly means costs, but positive effects on business can justify the outlay for IT. The topic of "How much should we spend on IT?" is not so much a question as an answer to: What benefits does IT provide?
To measure the alignment of IT with the business, and thus to determine how well the areas work together for technical and business processes in the company, we should take into account iv
the following factors and associated questions :
!
Maturity of communication – how well do employees in the technical and business areas get along? Is communication frequent and problem-free? Does your company communicate effectively with consultants, suppliers and partners? Is value placed on conveying knowledge internally?
!
Maturity of competence/value measurement – how well does the company measure its own performance and the value of its own projects? After projects are closed out, does it evaluate what went well and what not so well? Does it improve its internal processes so that the next project can go better?
!
Maturity of governance – how well does the company bring its business strategy into line with priorities with regard to IT, technical planning and budgeting? Are the current projects based on an understanding of the business strategy? Do they support this strategy?
!
Maturity of partnership – to what extent do the business and IT departments have a genuine partnership based on mutual trust and are ready and willing to share the risks and rewards?
!
Maturity of the scope and architecture – to what extent has the technology evolved to deliver more than simply supporting business processes? How has this contributed to the company's growth, competitiveness and profits?
!
Maturity of competence – do the employees have the competencies they need to work effectively? How well do the technology employees understand the central factors that have an impact on the business, and how familiar are they with corporate business processes? How do the employees of the business departments understand the relevant technology concepts?
IT-related investments require careful financial management to attain the planned benefits. In addition, the priorities in terms of the scope of the IT projects must be defined appropriately. For v
the specific activities for managing IT investment, these are: :
!
Framework for financial management – required the for managing and maintaining the IT investments and costs of IT facilities and services. This should be done with consideration of the portfolio that includes the IT-related investments, business scenarios and IT budgets.
!
Setting priorities within the IT budget – a decision-making process is required in order to set priorities when allocating IT resources. The resource allocation is necessary for workflows, projects and maintenance. The objective of this process should be to attain the maximum possible return on investment from the company's portfolio of IT-related investment programs and IT services.
!
IT budgeting – the budget must be created based on priorities specified by the portfolio of ITbased investment programs. The budgeting process should include costs for operating and
maintaining the current infrastructure. The budget workflows should enable a company to develop the overall IT budget and budgets for individual programs. In doing so, the ability to continuously review, refine and approve all types of budgets should be provided. !
Cost management – each company should implement a process for cost management that compares the actual costs with the allocated budget amounts. There should be a way to monitor the costs and create reports. Any deviations should be identified at an early stage, including a review of their effect on the programs. This would enable the company to take suitable countermeasures and, if necessary, update the business scenario for the program.
!
Benefit management—a process for monitoring the benefits provided by provisioning and maintaining the IT capabilities—should be implemented. The company should determine and document the contribution of IT to the business. This can be based on the direct effect on the IT-based investment programs or on the indirect contribution as a part of support of regular business workflows. The reports should be monitored and reviewed so that the company can make suitable changes to improve the contribution made by IT, either with IT investments or associated programs.
3.1.2
Information Technology strategy
As described above, the IT strategy has a mutual interaction with the corporate strategy and IT architecture. The following chapter describes in greater detail a couple of the most important aspects for developing the IT strategy and the associated IT architecture. This involves: 1. IT portfolio management 2. Requirements management 3. Defining the information architecture 4. Determining the technological orientation 5. Reviewing and evaluating IT risks
1. IT portfolio management (investment portfolio) Portfolio management, in the context of the IT strategy, describes the step between the business strategy and the technological implementation. As described in the previous chapter, for the purposes of the IT/business alignment, the IT investments have to be evaluated based on financial and added-value creation criteria. However, because only limited financial and personnel resources are available in a company, these IT investments compete with each other. As a result, it is
necessary to ask which of the IT investments are to be implemented with the available resources. Portfolio management helps the company prioritise these IT investments. In doing so, an attempt should be made to balance the portfolio of planned IT investments with regard to the risks, opportunities, implementation time frame and costs. The following figure describes the process of portfolio management and its interface to the IT strategy.
vi
Figure 4 - IT portfolio management life cycle (based on Gadatsch )
The second figure shows an example of a two-dimensional portfolio analysis based on return on investment (ROI) and support of corporate strategy. However, it is important to note that for a comprehensive portfolio analysis and associated prioritisation of IT investments, other dimensions should be taken into account (e.g. implementation risk, implementation time frame, etc.).
vi
Figure 5 - Prioritisation of projects (based on an Gadatsch )
2. Demand management Demand management is a critical process within the life cycle phase of the IT service strategy. Demand management describes the business requirements that result from the business strategy and the existing business processes and thus defines the necessary capacity and flexibility of the IT architecture. To stick with our example of Charly's service shop: Charly's business strategy is to reach more customers, so he expands his marketing presence on the Internet (this objective corresponds to the definition of the IT strategy). One of the business requirements for successfully expanding the Internet presence is uninterrupted operation, 24 hours a day on all 365 days of the business year. This requirement must be supported by the IT architecture. The server and software must be designed for uninterrupted operation. Demand management is a central activity within service management that has to continuously pursue a balance between the utilisation and provisioning of services. Demand management is associated with various processes and activities for strategic planning. In particular, it relates to the strategic plan for IT, IT portfolio management, customer focus and the definition of services. 3. Information architecture The definition of information architecture is an important task when developing a corporate IT strategy. This process pertains to creating and updating a business information model and defining suitable systems for optimising information use. This integrates the applications seamlessly into the business process.
The process for defining an information architecture improves the quality of decision-making at the management level, as the presence of consistent and secure information is ensured. This process also enables management of resources of the information systems for taking into account business strategies. In addition, the definition of the information architecture helps to strengthen responsibility for the integrity and security of data within the company and improve effectiveness of data exchange across applications. The correct definition of the information architecture helps to attain a number of goals in conjunction with the company's IT and corporate strategy. Most of all, it helps to optimise the use of information and make IT more flexible. It ensures the integration of applications into the business processes. For example, if Charly wants to sell spare parts over the Internet in the future, his architecture has to be flexible enough to integrate the data of the online store into his application software.
4. Determining the technological orientation The IT strategy of a company determines the technological direction for supporting the business. The technological orientation should be based on the company's business requirements. It needs stable,
cost-effective,
integrated
and
standardised
application
systems,
resources
and
competencies in order to fulfil present and future business requirements. This process requires defining and implementing a technology infrastructure plan as well as architecture and standards that allow the possibilities of the technology to be identified and used optimally. The purpose of the technology infrastructure plan is to specify and manage clear and realistic expectations for what technology can deliver in terms of products, services and provisioning mechanisms. The plan should be updated on a regular basis and cover topics related to the system architecture, technological orientation, procurement plans, standards, migration strategies and possible exceptional situations. This gives the company the ability to react to changes in the competitive situation in a timely manner and improve the interaction of platforms and applications. The correct determination of the technological direction should help the company obtain and update integrated and standardised application systems. It should promote the optimisation of IT infrastructure, IT resources and competencies of IT. If, for example, the ERP system in Charly's company were based on Java, it would be logical to also procure other applications based on this technology. Thus maintenance can be carried out by the same developers. Moreover, knowledge of Java is widely available on the marketplace and, as a result, additional employees can be hired quickly. For additional information about drafting, planning, implementation and maintenance of IT and corporate architectures, refer to the TOGAF framework.
5. Reviewing and evaluating risks To implement a good IT strategy, the company has to review and manage the IT risks. The purpose of this process is to analyse IT risks and their potential effects on business processes and objectives and to provide notification of the corresponding results. The review of risks should be expressed in terms of the associated costs so that decision-makers are equipped to find an acceptable level of tolerated risks (see portfolio analysis). This also proves beneficial for recommending and communicating action plans conceived as a response to the risk. Thus for Charly's company, it would surely not make any sense to operate an earthquake-proof data centre. However, it is certainly reasonable to back up the data, store it offsite and create a disaster recovery plan in case of a serious environmental event. An appropriate review of IT risks and their management helps the company take into account and protect all IT facilities. This can help to ensure that IT specifications are met and provide clarity with regard to the business impact of risks on IT specifications and IT resources.
3.1.3
IT service - definition & agreement The following section discusses important points for defining IT services and managing them within the company. These include service catalogue management as well as defining and managing service levels. Of central importance for the company is effective
communication
management
and
business
between
IT
customers
with
regard to necessary services. To meet this requirement, the company has to define, agree on and document IT services and service levels. Within Figure 6 - Structure of the service portfolio
IT
catalogue
Service
Management,
management
is
service
responsible
for
administration of the services within the service
portfolio and the service catalogue. As part of creating services, the service portfolio depends on the investment portfolio (refer also to Chapter 3.1.2), which defines and prioritises the investments.
A service portfolio of this kind should be a central repository of the basic definitions of the IT services, which includes service features and business requirements. The process of service catalogue management is responsible for creating and updating the service catalogue. This process should ensure that the service portfolio contains precise information about all services that relate to operating workflows or are in a close relationship with these. A suitable definition and management of the services should help the company react better to business requirements in co-ordination with the business strategy. This should also ensure that the end users are satisfied with the services offered and service levels. In addition, this can provide greater transparency with better understanding of the IT costs, IT benefits and IT strategy. As part of service level management (SLM), suitable IT service objectives are negotiated, agreed and documented with the business departments. Afterwards, the provided service is monitored and associated reports are created. SLM should ensure continuous orientation towards business requirements and priorities. SLM should make it easier to bring customers and service providers into harmony. Service Level Management is inseparable with the concepts of Service Level Agreements (SLA), Operating Level Agreements (OLA) and Underpinning Contracts (UC). This process not only agrees on SLAs, but also ensures compliance with them. Generally, SLM is responsible for ensuring that all processes of IT Service Management and underpinning contracts (SLA, OLA, UC) are designed for the agreed goals. SLAs should be defined and agreed for all critical IT services, based on customer requests and IT capabilities. Many areas of co-ordination exist that should be covered by SLAs. The most important points pertain to obligations towards the customer, service support requirements, financing and business agreements, as well as roles and responsibilities within SLA monitoring.
3.1.4
IT-based innovation management
A structured processes based on best practices are not only logical, but also making the working life noticeably easier. Studies - carried out as part of the INNOTRAIN IT project in 6 countries have proven that in companies using ITSM an IT employee can support a significantly greater number of workstations. In other words, the utilization of ITSM can provide a reduction of workload in the lower double-digit percentage range. Of course, people who are focused on maximising profits can save costs here and widen the profit margin. However, as a forward-looking measure, it would make more sense to optimise profits over the long term by investing the newly freed resources into the innovative ability of the company. The INNOTRAIN project focuses on precisely this question: How can free resources based on ITSM be used to foster innovations in the organisation? Of course, this kind of development is not
an instantaneous change. Taking the first step requires a certain level of motivation and strenuous efforts. However, if the decision is made to go ahead, the development could look like this:
Figure 7 - Developing the innovation potential based on ITSM
1. Phase 1 illustrates the situation before introducing ITSM. Expressed as a ratio, 100% of the time is used for original tasks. 2. The efficiency of IT increases by using best practices. The workload from the original IT activities is reduced over the medium term. Sustained optimisation and expansion of the use of ITSM can attain a further reduction of the load and open up corresponding potential for innovations. For the basic knowledge and procedure, refer to Chapters 3 and 4. 3. In the third step, the innovation potential is set free. Other changes must be made to the way of thinking and acting. Using technology stabilises the use of innovation potential. For more information, refer to Chapters 5 and 6. 4. In the final state (for the time being), the workload is reduced and the resources thus freed up are used to create innovation. But what are innovations, anyway? Innovation can be defined as follows: Inventions or adaptations that result in new methods for redesigning the production system. Thus an innovation of this kind could involve ideas, products, methods or services that are perceived by the company or business
area as new and that are adopted in everyday life ("internal market launch"). A flea market where you can browse online and anyone can buy and sell—without even having to leave home? Fifteen years ago, this idea of Pierre Omidyar's still seemed utopian. However, he turned his idea into reality and founded Internet auction site eBay. Based on the innovation spiral presented below, we can define three levels of innovation based on the principles of IT Service Management.
Figure 8 - INNOTRAIN IT innovation spiral
Layer 1 – Management of IT infrastructure services: Innovations in this level pertain to the company's IT infrastructure. In the example of Charly's service shop provided here, extensive growth of the company and a resulting change in printer management could lead the company to outsource non-business critical printer maintenance to the manufacturer or a service provider, paying only the actual printing costs ("pay-per -click") and shifting the risk (printer malfunctions, etc.) to this other party. Level 2 – Innovation of business processes: Today, IT is frequently cited as an enabler of business processes. Therefore, this level offers a great potential for improvements. Charly, for example, can establish an additional sales channel by adding the use of a spare part marketplace, while fundamentally changing the business process. Level 3 – Innovation of products and services: The level that is surely most demanding considers innovations on the product and service level. The most prominent example today are the countless smart phone apps provided as product supplements. Automakers couple these with their vehicles, thus changing the product.
The field of responsibility of the IT-based innovation management module includes identifying areas of potential, engaging in dialogue with the business, and initiating and supporting innovations. Because the innovation process takes place in several steps, the complexity of the associated problems increases. Therefore, introducing IT-based innovations is a complex process that can bring about a radical change in corporate business process. Accordingly, Chapter 6 deals with the topic of innovation management exclusively and thus begins with this subject. This is supplemented by Chapter 5, which talks about dealing with changes and thereby supports the organisation's change process.
ii
Johnson, G., Scholes, K., Whittington, R., (2008). Exploring Corporate Strategy, 8th edition, FT Prentice Hall:
Essex. iii
Strassmann, P. (1997) What is Alignment? Alignment is the Delivery of the Required Results. The
Squandered Computer, The Information Economics Press, 1997 [taken from: http://www.strassmann.com/pubs/alignment/]. iv
Luftman, N.J. (2003) Measure Your Business-IT Alignment". Optimize: Business Execution for CIOs
Magazine. Issue 26, December. v
IT Governance Institute (2007a) Control Objectives for Information and Related Technology (CobiT) 4.1. IT
Governance Institute, Rolling Meadows, IL, http://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages/COBIT-4-1.aspx (retrieved on 2011-03-15). vi