INNOTRAIN IT
IT Service Management QUICK – SIMPLE - CLEAR Preview
2011
IT-Service-Management
Contents
Authors Dr. Mariusz Grabowski, Cracow University of Economics Dr. Claus Hoffmann, Beatrix Lang GmbH Philipp KĂźller, University of Heilbronn Elena-Teodora Miron, University of Vienna Dr. Dariusz Put, Cracow University of Economics Dr. Piotr Soja, Cracow University of Economics Dr. Janusz Stal, Cracow University of Economics Marcus Vogt, University of Heilbronn Dr. Eng. Tadeusz Wilusz, Cracow University of Economics Dr. Agnieszka ZajÄ…c, Cracow University of Economics
I
IT-Service-Management
Contents
Contents CONTENTS
II
1
INTRODUCTION
1
2
IT SERVICE MANAGEMENT: INTRODUCTION & PHILOSOPHY
4
2.1 2.2 2.3
3 3.1 3.2 3.3
4 4.1 4.2 4.3 4.4 4.5
5 5.1 5.2 5.3 5.4
6 6.1 6.2 6.3 6.4
IT Service Management philosophy IT Service Management basics IT Service Management frameworks
4 6 7
IT SERVICE MANAGEMENT: FAST, EASY & CLEAR Strategic planning Service operations Monitoring, improvement & change
9 10 23 35
ITSM IMPLEMENTATION IN SMES
52
Step I – Preparation, vision, evaluation and planning Step II – Defining the strategy Step III – Implementing the basic modules Step IV – Implementing the advanced modules Step V – Optimising the implementation
MANAGING ORGANIZATIONAL CHANGES Challenges of change management Factors of change processes Dealing with emotions constructively Communication in change processes
56 59 60 64 65
66 66 68 75 87
INNOVATION MANAGEMENT
91
Blue Ocean Strategy: idea and concept Blue Ocean Strategy: Value curve method Blue Ocean Strategy: Six Paths Framework Blue Ocean Strategy: Control methods
91 92 94 98
INDEX
CIII
BIBLIOGRAPHY
CIV
II
IT-Service-Management
III
IT-Service-Management
IV
IT-Service-Management
Introduction
1 Introduction As a manager of a small or medium-sized enterprise (SME), you have surely asked yourself:
Does my IT provide added value that contributes to my business success?
Does my IT fit my business processes?
Is my IT infrastructure being maintained properly?
Am I paying too much for my IT support?
Why are IT management methods so complex? Can't it be done in a way that is more understandable?
What are the benefits of IT management for me as an SME?
To find the answers to these questions, read on. If you have never asked yourself these things, follow the explanations provided below. If these key questions about your company's IT management are never asked, unused potential of its employees and resources will go untapped or be wasted frivolously. If you have already found satisfactory answers to some of these questions, INNOTRAIN IT can help you to close potential gaps, find motivation for innovation and improve existing IT management.
Despite the fact that small and medium-sized enterprises (SMEs) make up the majority of the economic structures in the European Union, rarely are they in the focus of research, IT providers, or ITSM developments. The objective of INNOTRAIN IT is to convey knowledge related to IT management to small and medium-sized enterprises in an understandable and time-saving way. With INNOTRAIN IT, you can manage your company more efficiently and effectively in the very near future, whether it is a bakery, carpentry shop, hotel, or auto repair shop. In today's world, information technology has become a firmly entrenched part of everyday business. It accompanies all business workflows, from the simplest to complete processes. Even the smallest one-person company uses a computer, if only to write up an invoice. In any case, the importance of IT is evident as soon as the technology malfunctions and the computer will not work. When this happens, the one-person company may fall back on the neighbour's computer and thus has, without even being aware of it, applied IT management methods successfully and created a fallback plan ("business continuity plan").
This simple example illustrates one possible meaning of IT management. However, it only scratches the surface of a more complex issue. Those who own or work for SMEs should ask themselves: What aspects does IT Service Management include and what does it mean for me as an employee or owner of an SME?
1
IT-Service-Management
Introduction
IT management has existed almost as long as the first computer. Over time, however, it has evolved from technology-oriented management to service management. Unlike the early years, the focus is no longer on the technological way of looking at things, but rather on IT services, which are enabled by using computers and other technologies (e.g. networks, Internet, mobile phones) and which are now a fixed part of our business processes. One result of the increasing service orientation has been IT Service Management (ITSM).
ITSM took its first baby steps in 1989 when it was developed by a government agency in the United Kingdom, the "Office for Government Commerce" (OGC). The agency considered classic IT management methods to be inadequate, as they all were concerned almost exclusively with technological management. A connection between the technology and support of the business processes was lacking. Therefore, they developed the Information Technology Infrastructure Library (ITIL), the current de facto standard for ITSM. Today, the ITIL is still being maintained by the IT Service Management Foundation (itSMF), but the current version spans a total of five books, each spanning several hundred pages. In addition, other institutions and companies developed still other standards (e.g. MOF, COBIT, CMMI) that discuss other aspects of IT Service Management, but are nearly as voluminous and complex as ITIL. These frameworks are, as a first step, too complex for an average small or medium-sized enterprise.
Figure 1 - INNOTRAIN IT approach
The INNOTRAIN IT approach is not to develop and teach a "new" ITSM standard. Rather, INNOTRAIN IT unites the concepts of the various ITSM standards that are truly relevant for SMEs and makes them available in a greatly simplified version. Moreover, the content is taught in training courses and web-based training units in a way that is specially tailored to ITSM beginners from business and IT. In doing so, the fundamental principle is reducing the complexity of existing frameworks and methods, largely refraining from English technical terms and instead using an easy-to-understand presentation. As is nicely illustrated in Figure 1, there remains an upward 2
IT-Service-Management
Introduction
compatibility to existing frameworks: If a company grows and needs more extensive ITSM processes, it can build on the existing processes and comprehensive standards (e.g. ITILv3).
What goals can you reach by applying ITSM methods?
Less IT downtime
Structured processes for troubleshooting
An optimised cost-benefit ratio for IT investments
A sustainable IT infrastructure
Long-term cost and time savings
Resources (personnel, financial and material resources) are freed up for innovative projects
Regardless of the many benefits, changes and innovations encounter resistance. That is only human. This book helps you understand and apply the structure of successful IT Service Management quickly. The first part provides an overview of the ITSM philosophy and basics of service management. Chapter 3 outlines strategies and processes of service management. It provides an overview of which aspects are to be considered and how individual modules can be set up. In addition, it explains important technical terms from the ITSM environment in a simple manner. The following Chapters 4 and 5 are intended to help you bypass stumbling blocks in the introduction, be well prepared for discussion and ensure that all employees are on board. If you stand behind your new IT Service Management as the initiator, all the conditions are right for you to awaken the enthusiasm of others and introduce and implement ITSM successfully in your company. Accordingly, we begin by outlining the introduction path in Chapter 4 as a blueprint of sorts, but expand it in Chapter 5 by adding the human component. Last but not least, Chapter 6 provides a brief introduction to the subject of managing innovations, making use of the familiar Blue Ocean Strategy.
3
IT-Service-Management
IT Service Management: Introduction & philosophy
2 IT Service Management: Introduction & philosophy IT Service Management (ITSM) is more than just a management tool. To understand and use it correctly, it is important to comprehend ITSM as an all-inclusive concept, internalise it and integrate it into everyday work. We might compare it to the process of learning how to drive a car: at the beginning, concentrating on traffic and learning the controls of the vehicle demand a great deal of attention. After a while, the driver has memorised all of the motion sequences and remembers to look around; he or she carries out these actions without having to think about it.
In practice, those responsible for IT frequently spend their time on maintenance and provisioning tasks. That ties up financial and personnel resources. The objective is to use ITSM to quickly attain small successes which together enable reliable, target and cost-effective provisioning of IT. Reserves that are freed up can be used for new innovations.
2.1 IT Service Management philosophy Large companies are increasingly learning that the resource of information is one of the most important strategic goods for setting oneself apart from the competition. Companies without an information management plan will have difficulties in the market over the long term. The success of all strategic and operational initiatives stands and falls with having the right information at the right time. This principle does not apply only to large companies; SMEs can also benefit from good information management. The basis for collecting, analysing, producing and distributing relevant information is the quality of information technology (IT) or IT services.
The service philosophy is the greatest difference between ITSM and classic IT management. When talking about ITSM, we do not talk primarily about bits, bytes, megahertz and gigaflops. Technical jargon confuses the majority of employees. ITSM, on the other hand, tries to connect business processes with information technology by defining IT-based services that support the operational business process.
A critical factor for ITSM is that IT services (such as saving documents or creating invoices) are viewed as business process-critical and thus require enough investment to provide optimal support to the business process without wasting resources (known as IT/business alignment, see below).
The challenge for each SME is to always bring business processes and IT into alignment and to define IT services that reflect an optimum relationship between the costs, benefits and risks. In ITSM, this is attained by user-oriented service definitions.
The foremost goal of ITSM is to align IT services and the associated technologies (hardware/software) to the business process and to guarantee the best possible support of 4
IT-Service-Management
IT Service Management: Introduction & philosophy
financial processes by the IT organization. IT Service Management describes the conversion of the information technology to customer and service orientation. Conversely, innovative information technologies can affect the business model and the underlying processes. Therefore, IT should not be seen as a supporting function, but as a means for preparing the way that enables the SME to open up new business areas.
By introducing simple ITSM principles, an SME can manage its IT processes and IT services efficiently and effectively and thus provide users with an optimal IT landscape that is less susceptible to interruption and thus also more cost-effective over the long term.
A simplified ITSM method as presented in this book can support an SME in the following points:
Making it clear what value is contributed by IT. In many cases, IT is viewed only as a cost factor; therefore, SMEs often cut costs in the wrong places. However, if the added value of IT is clearly evident, the investment decision is on a different basis.
Planning the IT / business strategy. Precisely for SMEs, planning ahead is important. Therefore, the IT landscape should be structured so that it can respond flexibly to changing requirements of the business processes. The objective is to integrate and align IT so that it provides optimum support to business objectives (business alignment).
Legal assurance (IT compliance). SMEs are subject to an increasing number of legal regulations related to data and IT (e.g. Data Protection act); when granting credit, a company's IT landscape also plays an increasingly important role (see Basel II). If SMEs follow the ITSM philosophy, they will be in conformity with many of these regulations and be able to recognize the corresponding gaps.
i
Monitoring IT effectiveness and efficiency based on clear performance indicators. You can't manage what you can't measure. Therefore, for SMEs, it is important to define corresponding performance indicators and operating figures (known as Key Performance Indicators – KPI) to verify the quality of IT services and take appropriate measures.
Introducing an IT optimisation process (Continual Service Improvement). Business process changes and new technologies are reviewed continually. Things that seem "optimal" today can already be out of date tomorrow.
Improved change management. We are all familiar with the situation: soon after a new computer or software program is purchased, it no longer works the way it should. ITSM processes help SMEs identify these kinds of problems before they occur and eliminate them directly.
Better outsourcing, insourcing and smart sourcing options. An SME cannot and should not deal with all IT questions on its own, as comprehensive management ties up too many
5
IT-Service-Management
IT Service Management: Introduction & philosophy
resources. ITSM gives SMEs a way to easily identify which IT services should be outsourced. It also helps to manage external service providers so that there is neither too much nor too little capacity.
2.2 IT Service Management basics To understand how ITSM works, we need to know what an IT service is. An IT service is provided for one or more external customers (companies) and/or internal customers (internal departments). It provides the customer with added value by supporting, optimising or simplifying the use of information technologies. In the process, the underlying aspects and capabilities are abstracted for the customer perspective, i.e. the customer does not have to worry about detailed questions of the implementation.
Therefore, the customer (such as the internal department) is not responsible for provisioning and operating the IT service unless he or she takes on multiple roles in the SME. Very small companies are the exception. In a one-person operation, the customer serves simultaneously as the CEO, IT director and user. However, even if he or she is not aware of it, he or she takes on different functions in each of these roles and has different tasks and priorities as a result. The following example, based on our INNOTRAIN IT sample company, illustrates what we mean when we talk about an IT service that puts the customer in the focus of its considerations.
Example: online registration and online reservation in Charly's service shop: Charly inherited an auto repair shop from his uncle. As a business student, he is not very mechanically inclined, but has the great idea to rent the spaces in the shop to people who fix up cars as a hobby. This allows handy folks who do not have their own workshop to repair their own cars at a reasonable price. Charly's "do-It-yourself" workshop is born.
After an initial boom, however, Charly notices a drop in the number of rentals. An online registration and reservation remedy this situation. Now, Charly's service shop can be reached round the clock, even outside usual business hours (private customers can make contact even after closing time). Each customer can register online for Charly's workshop and then receives a username and password that enables him or her to reserve a space in the shop in just seconds. Charly's new website allows users to see at a glance which spaces are already reserved on which day. For the IT service, this means: a website with clearly arranged content that can process data quickly and bring it to up-to-date, and which runs 24 hours a day while remaining stable.
As this example shows, it is possible to define an IT service from the customer point of view with just a few items of information. From the specifications provided by users, an IT director can derive technical specifications that serve as the basis for purchasing IT applications. Therefore, service management, which controls the IT services, can be seen as a collection of tried-and-tested 6
IT-Service-Management
IT Service Management: Introduction & philosophy
methods (called "best practices"). These methods, in turn, are based on predefined roles, functions and processes.
Best practices Best practices are tried-and-tested, optimal and/or exemplary activities, methods, practices or processes, the use of which has been proved to be successful in multiple organisations.
Good practices If best practices are used selectively and adapted to the situation for one's own company, this is called a good practice.
Role A role can be described roughly as a "behaviour pattern." Roles define properties, tasks and permissions. Roles are independent of persons and job titles; as a result, one person or position may have multiple roles, and one role may be taken on by multiple persons or job titles. Typical roles include, for example, process owner, transmitter, decision-maker, human resources officer.
Job title A job title is defined by the roles it can take on. A classic job title is, for example, IT Manager, CEO or clerk. All of these job titles can take on different roles; for example, the clerk is not necessarily the "human resources officer," but can act as a "middleman". Process A process is a series of activities with a defined beginning and end. Processes are initiated by certain results ("triggers") and end with a defined result. In doing so, each process consumes resources (money, labour, goods etc.). The result of a process can be the trigger for another process.
2.3 IT Service Management frameworks Frameworks such as COBIT, ITIL or CMMI can help to implement good practices into existing business practices and to realise the added value described above. These frameworks provide companies with a structured method for applying ITSM. If we compare the function of a framework with the workflow of automakers, we can come up with the following analogy: The manufacturer only provides one frame (chassis) for the vehicle, but the customer himself or herself can vary his or her features within a range from the minimum equipment to the complete package. It is similar with the framework. Based on the best practices, each IT service can define its own processes based on the framework. However, the existing frameworks, such as COBIT or ITIL are fairly complex due to the wide variety of aspects they take into account. Accordingly, it takes a certain amount of time to adapt them to the requirements of an SME.
7
IT-Service-Management
IT Service Management: Introduction & philosophy
In most cases, introducing a framework requires highly time-consuming projects and corresponding adaptations in the company. The simplified ITSM method of the INNOTRAIN IT project addresses precisely these hurdles and describes the procedure for fast and successful implementation of ITSM in SMEs. Despite being simplified, this ITSM method is still based on existing frameworks and standards. Some of these we should mention are:
ISO 20000 – ISO standard for IT Service Management
ISO 27000 – ISO standard for IT Security
ISO 38500 – ISO standard for IT Governance
IT Infrastructure Library (ITIL) – Framework for IT Service Management
Control Objectives for Information and Related Technology (COBIT) – Framework for IT Governance
Capability Maturity Model Integration (CMMI) – Framework for process optimisation
Val-IT / Risk-IT – Framework for investment and risk management
Microsoft Office Framework (MOF), Hewlett Packard‘s ITSM Reference Model (HPITSM) and IBM‘s Process Reference Model for IT (PRM-IT) – ITSM frameworks from commercial providers that are very similar to ITIL
Enhanced Telecom Operations Map (eTOM) – Framework of the telecommunications industry
8
IT-Service-Management
IT Service Management: Fast, easy & clear
3 IT Service Management: Fast, easy & clear There will be much to discover in the following quick tour through the various areas of IT Service Management. The chapter is intended as an introduction to the subject. Surely, we all know that it is not possible to discuss management of an entire IT organization, including the great variety of versions for different companies, comprehensively in just a few pages. The following text is intended as an entry point, providing an overview of the subject.
Figure 2 - Overview of the subject areas within IT Service Management
This chapter is divided into three sections that reflect the levels of the INNOTRAIN IT method (see Figure 1):
Strategic planning, the top horizontal level combines both strategic and tactical aspects of IT Service Management. The distinctive feature of the activities is the relatively long time horizon they take into account. They provide the framework in which the operational activities can take place. For more information on this topic, refer to the very next Chapter, 3.1.
The bottom horizontal level describes the operation of the services and thus the everyday business of IT. How do you deal with problems? How do you ensure that the right servers are available at the right time? How do you procure new hardware? All of these questions are answered in Chapter 3.2.
The conclusion is the chapter Monitoring, improvement and change. Shown vertically on the map of the ITSM modules, this chapter discusses the across-the-board issues that involve both
9
IT-Service-Management
IT Service Management: Fast, easy & clear
strategy and tactics as well as operational effectiveness. As examples of these issues, we could cite compliance, change management and project management, as listed in Chapter 3.3.
3.1 Strategic planning
Each company should define its strategic goals clearly in order to remain a successful player in the market in the future. These goals and requirements should be aligned with an overarching vision and mission. In defining strategic goals, we can apply the SMART principles. According to these principles, objectives should be:
Specific,
Measurable,
Achievable,
Realistic and
Time related.
To evaluate the business objectives with regard to these five criteria, factors such as market metrics (e.g. market share, brand, corporate image, sales figures), financial metrics (e.g. revenues, return on investment/ROI, cash flow, profitability) or operational metrics (e.g. capacity, lead time, inventory levels) are used. Strategic planning consists of two main steps:
Strategy formation
Strategy evaluation
10
IT-Service-Management
IT Service Management: Fast, easy & clear
Strategy formation starts with analysing the existing situation (internal and external), continues with specifying goals and finally results in a strategic plan. Strategy evaluation means reviewing ii
strategic options based on three central criteria for success : 
Suitability (will it work?)

Feasibility (can it actually be implemented?)

Acceptance (will it be accepted?)
Information technology (IT) offers numerous options for attaining the strategic objectives and targets. However, IT must already be taken into account at a very early phase of strategic planning.
3.1.1
Aligning the IT strategy with the corporate strategy
When aligning the IT strategy for small and medium-sized enterprises (SMEs), the focus is on practical benefits of IT and associated concepts. However, even for SMEs, the interaction of business strategy, IT strategy, IT architecture and business architecture has to be taken into account. The following figure explain these relationships.
Figure 3 - Overview of strategies and architectures
The business strategy describes which medium to long-term financial goals the company is pursuing. To stick with our example of Charly's service shop, one of Charly's financial strategy objectives is to reach more customers to ensure optimal utilisation of his shop. The IT strategy is derived from the business strategy. Charly's IT strategy might be increasing his online marketing presence to reach more customers and thus better utilise his shop. Conversely, however, an IT strategy can have implications for the business strategy. New technologies evaluated as part of the IT strategy can enable new products or services and thus have an impact on the future business strategy. In our sample company, Charly expands his business by not only offering a reservation system, but also by successfully setting up a spare parts marketplace.
11
IT-Service-Management
IT Service Management: Fast, easy & clear
The IT architecture, in turn, results from the IT strategy. To improve his online presence, Charly has to provide and manage new hardware and software. As in the architecture of buildings, essential considerations include function, extensibility and structural stability (in the case of IT, however, we are more likely to talk about data security and availability). Thus the IT architecture describes the dynamic interaction of all IT components to support the IT strategy. Of course, an IT architecture also has an effect on the IT strategy. Let's stay with our example of building architecture: it is very difficult to take a building originally designed as a residence and turn it into a hotel/restaurant. Similarly, great effort is required to centralise a decentralised IT architecture. In other words: an IT architecture should be as flexible as possible in order to provide the best possible support to changes of IT strategy. The business architecture defines the business processes and how they interact to support the corporate strategy. Optimisation of these business processes can be attained with changes in the IT architecture. On the other hand, technical limitations can be an obstacle to this optimisation. In terms of supporting the business strategy with IT-related investments, the value contribution of IT is of central importance for the company. To gain a complete understanding of the value contribution of IT, we must first consider the subject from various perspectives. First, we have to consider whether using IT brings optimal results with a defined effort and/or expense. Secondly, we have to consider whether companies are able to create competitive advantages using IT and attain higher profits with IT investments. Thirdly, the effect of the company on its customers must be considered, and we have to ask to what extent the benefits are passed on to the customers or demanded by the customers. To align IT with business goals and/or the existing business processes, management should concentrate on the following areas:
Strategic alignment – with the primary goal of ensuring the correct link between business plans and IT plans. To do so, the additional value created by IT must be defined, safeguarded for the long term and reviewed. In addition, IT workflows and operational workflows must be attuned to each other.
Value delivery – here, the focus is on practical use of the additional value created. This guarantees that the IT actually delivers the promised strategic benefits, chief among them cost optimisation.
Resource management – with the primary goal of optimising investments in IT-related resources and/or management of these resources. These include applications, information, infrastructure and employees. This focuses in particular on optimising knowledge and infrastructure.
Risk management – here, the focus is on creating risk awareness throughout the organisation, from top management down to the last employee. In this context, it is necessary
12
IT-Service-Management
IT Service Management: Fast, easy & clear
to understand compliance requirements and assign responsibility for risk management within the company.
Performance measurement – this involves tracking and monitoring a variety of tasks and projects related to implementing strategies, utilising resources and provisioning services. Various tools, such as balanced scorecards, can be used to ensure that strategic requirements are implemented in measurable targets.
The alignment of business and IT begins at the top level of management during the strategy iii
formation process. In doing so, multiple requirements should be taken into account :
The alignment must make quantifiable improvements to a business plan—each proposed project should contain financial metrics related to the associated costs and revenues (e.g. discounted cash flow, expected financial earnings). Those who are proposing the project should be responsible for its documentation. In addition, the results should be reviewed on a regular basis.
The alignment must always be kept up to date based on business trends and developments: All changes within the company and in its surroundings have an effect on the actual project. Provision should already be made for changing circumstances in the project, and this should be taken into account in the project's scheduling and budgeting. Information must be exchanged between the IT department and the rest of the company, as otherwise "technologists will drift away from the business and misalignment will prevail."
During implementation, obstacles to alignment have to be overcome. The discrepancy between project design and reality are not visible until execution. Initial project plans should be based on the objectives that can be attained during execution. All problems that arise should be documented and reviewed from the perspective of the overall project.
The alignment has to be planned—the original project plan requires documented agreements for all changes in order to remain up-to-date. During the execution phase, the project plan must be updated continuously in terms of scheduling, budgeting, scope, processes etc. This plan should be the central source of knowledge pertaining to the progress of the project and any changes to it.
For IT projects, the focus has to be on requirements of the users; this has to take into account the benefits for users and for the company. IT cannot solve any of a company's problems on its own. From a financial perspective, IT mostly means costs, but positive effects on business can justify the outlay for IT. The topic of "How much should we spend on IT?" is not so much a question as an answer to: What benefits does IT provide?
13
IT-Service-Management
IT Service Management: Fast, easy & clear
To measure the alignment of IT with the business, and thus to determine how well the areas work together for technical and business processes in the company, we should take into account iv
the following factors and associated questions :
Maturity of communication – how well do employees in the technical and business areas get along? Is communication frequent and problem-free? Does your company communicate effectively with consultants, suppliers and partners? Is value placed on conveying knowledge internally?
Maturity of competence/value measurement – how well does the company measure its own performance and the value of its own projects? After projects are closed out, does it evaluate what went well and what not so well? Does it improve its internal processes so that the next project can go better?
Maturity of governance – how well does the company bring its business strategy into line with priorities with regard to IT, technical planning and budgeting? Are the current projects based on an understanding of the business strategy? Do they support this strategy?
Maturity of partnership – to what extent do the business and IT departments have a genuine partnership based on mutual trust and are ready and willing to share the risks and rewards?
Maturity of the scope and architecture – to what extent has the technology evolved to deliver more than simply supporting business processes? How has this contributed to the company's growth, competitiveness and profits?
Maturity of competence – do the employees have the competencies they need to work effectively? How well do the technology employees understand the central factors that have an impact on the business, and how familiar are they with corporate business processes? How do the employees of the business departments understand the relevant technology concepts?
IT-related investments require careful financial management to attain the planned benefits. In addition, the priorities in terms of the scope of the IT projects must be defined appropriately. For v
the specific activities for managing IT investment, these are: :
Framework for financial management – required the for managing and maintaining the IT investments and costs of IT facilities and services. This should be done with consideration of the portfolio that includes the IT-related investments, business scenarios and IT budgets.
Setting priorities within the IT budget – a decision-making process is required in order to set priorities when allocating IT resources. The resource allocation is necessary for workflows, projects and maintenance. The objective of this process should be to attain the maximum
14
IT-Service-Management
IT Service Management: Fast, easy & clear
possible return on investment from the company's portfolio of IT-related investment programs and IT services.
IT budgeting – the budget must be created based on priorities specified by the portfolio of ITbased investment programs. The budgeting process should include costs for operating and maintaining the current infrastructure. The budget workflows should enable a company to develop the overall IT budget and budgets for individual programs. In doing so, the ability to continuously review, refine and approve all types of budgets should be provided.
Cost management – each company should implement a process for cost management that compares the actual costs with the allocated budget amounts. There should be a way to monitor the costs and create reports. Any deviations should be identified at an early stage, including a review of their effect on the programs. This would enable the company to take suitable countermeasures and, if necessary, update the business scenario for the program.
Benefit management—a process for monitoring the benefits provided by provisioning and maintaining the IT capabilities—should be implemented. The company should determine and document the contribution of IT to the business. This can be based on the direct effect on the IT-based investment programs or on the indirect contribution as a part of support of regular business workflows. The reports should be monitored and reviewed so that the company can make suitable changes to improve the contribution made by IT, either with IT investments or associated programs.
3.1.2
Information Technology strategy
As described above, the IT strategy has a mutual interaction with the corporate strategy and IT architecture. The following chapter describes in greater detail a couple of the most important aspects for developing the IT strategy and the associated IT architecture. This involves: 1. IT portfolio management 2. Requirements management 3. Defining the information architecture 4. Determining the technological orientation 5. Reviewing and evaluating IT risks
1. IT portfolio management (investment portfolio)
15
IT-Service-Management
IT Service Management: Fast, easy & clear
Portfolio management, in the context of the IT strategy, describes the step between the business strategy and the technological implementation. As described in the previous chapter, for the purposes of the IT/business alignment, the IT investments have to be evaluated based on financial and added-value creation criteria. However, because only limited financial and personnel resources are available in a company, these IT investments compete with each other. As a result, it is necessary to ask which of the IT investments are to be implemented with the available resources. Portfolio management helps the company prioritise these IT investments. In doing so, an attempt should be made to balance the portfolio of planned IT investments with regard to the risks, opportunities, implementation time frame and costs. The following figure describes the process of portfolio management and its interface to the IT strategy.
Figure 4 - IT portfolio management life cycle (based on Gadatschvi)
The second figure shows an example of a two-dimensional portfolio analysis based on return on investment (ROI) and support of corporate strategy. However, it is important to note that for a comprehensive portfolio analysis and associated prioritisation of IT investments, other dimensions should be taken into account (e.g. implementation risk, implementation time frame, etc.).
16
IT-Service-Management
IT Service Management: Fast, easy & clear
Figure 5 - Prioritisation of projects (based on an Gadatschvi)
2. Demand management Demand management is a critical process within the life cycle phase of the IT service strategy. Demand management describes the business requirements that result from the business strategy and the existing business processes and thus defines the necessary capacity and flexibility of the IT architecture. To stick with our example of Charly's service shop: Charly's business strategy is to reach more customers, so he expands his marketing presence on the Internet (this objective corresponds to the definition of the IT strategy). One of the business requirements for successfully expanding the Internet presence is uninterrupted operation, 24 hours a day on all 365 days of the business year. This requirement must be supported by the IT architecture. The server and software must be designed for uninterrupted operation. Demand management is a central activity within service management that has to continuously pursue a balance between the utilisation and provisioning of services. Demand management is associated with various processes and activities for strategic planning. In particular, it relates to the strategic plan for IT, IT portfolio management, customer focus and the definition of services. 3. Information architecture The definition of information architecture is an important task when developing a corporate IT strategy. This process pertains to creating and updating a business information model and defining suitable systems for optimising information use. This integrates the applications seamlessly into the business process.
17
IT-Service-Management
IT Service Management: Fast, easy & clear
The process for defining an information architecture improves the quality of decision-making at the management level, as the presence of consistent and secure information is ensured. This process also enables management of resources of the information systems for taking into account business strategies. In addition, the definition of the information architecture helps to strengthen responsibility for the integrity and security of data within the company and improve effectiveness of data exchange across applications. The correct definition of the information architecture helps to attain a number of goals in conjunction with the company's IT and corporate strategy. Most of all, it helps to optimise the use of information and make IT more flexible. It ensures the integration of applications into the business processes. For example, if Charly wants to sell spare parts over the Internet in the future, his architecture has to be flexible enough to integrate the data of the online store into his application software.
4. Determining the technological orientation The IT strategy of a company determines the technological direction for supporting the business. The technological orientation should be based on the company's business requirements. It needs stable,
cost-effective,
integrated
and
standardised
application
systems,
resources
and
competencies in order to fulfil present and future business requirements. This process requires defining and implementing a technology infrastructure plan as well as architecture and standards that allow the possibilities of the technology to be identified and used optimally. The purpose of the technology infrastructure plan is to specify and manage clear and realistic expectations for what technology can deliver in terms of products, services and provisioning mechanisms. The plan should be updated on a regular basis and cover topics related to the system architecture, technological orientation, procurement plans, standards, migration strategies and possible exceptional situations. This gives the company the ability to react to changes in the competitive situation in a timely manner and improve the interaction of platforms and applications. The correct determination of the technological direction should help the company obtain and update integrated and standardised application systems. It should promote the optimisation of IT infrastructure, IT resources and competencies of IT. If, for example, the ERP system in Charly's company were based on Java, it would be logical to also procure other applications based on this technology. Thus maintenance can be carried out by the same developers. Moreover, knowledge of Java is widely available on the marketplace and, as a result, additional employees can be hired quickly. For additional information about drafting, planning, implementation and maintenance of IT and corporate architectures, refer to the TOGAF framework.
18
IT-Service-Management
IT Service Management: Fast, easy & clear
5. Reviewing and evaluating risks To implement a good IT strategy, the company has to review and manage the IT risks. The purpose of this process is to analyse IT risks and their potential effects on business processes and objectives and to provide notification of the corresponding results. The review of risks should be expressed in terms of the associated costs so that decision-makers are equipped to find an acceptable level of tolerated risks (see portfolio analysis). This also proves beneficial for recommending and communicating action plans conceived as a response to the risk. Thus for Charly's company, it would surely not make any sense to operate an earthquake-proof data centre. However, it is certainly reasonable to back up the data, store it offsite and create a disaster recovery plan in case of a serious environmental event. An appropriate review of IT risks and their management helps the company take into account and protect all IT facilities. This can help to ensure that IT specifications are met and provide clarity with regard to the business impact of risks on IT specifications and IT resources.
3.1.3
IT service - definition & agreement The following section discusses important points for defining IT services and managing them within the company. These include service catalogue management as well as defining and managing service levels. Of central importance for the company is effective
communication
management
and
business
between
IT
customers
with
regard to necessary services. To meet this requirement, the company has to define, agree on and document IT services and service levels. Within Figure 6 - Structure of the service portfolio
IT
catalogue
Service
Management,
management
is
service
responsible
for
administration of the services within the service portfolio and the service catalogue. As part of creating services, the service portfolio depends on the investment portfolio (refer also to Chapter 3.1.2), which defines and prioritises the investments.
19
IT-Service-Management
IT Service Management: Fast, easy & clear
A service portfolio of this kind should be a central repository of the basic definitions of the IT services, which includes service features and business requirements. The process of service catalogue management is responsible for creating and updating the service catalogue. This process should ensure that the service portfolio contains precise information about all services that relate to operating workflows or are in a close relationship with these. A suitable definition and management of the services should help the company react better to business requirements in co-ordination with the business strategy. This should also ensure that the end users are satisfied with the services offered and service levels. In addition, this can provide greater transparency with better understanding of the IT costs, IT benefits and IT strategy. As part of service level management (SLM), suitable IT service objectives are negotiated, agreed and documented with the business departments. Afterwards, the provided service is monitored and associated reports are created. SLM should ensure continuous orientation towards business requirements and priorities. SLM should make it easier to bring customers and service providers into harmony. Service Level Management is inseparable with the concepts of Service Level Agreements (SLA), Operating Level Agreements (OLA) and Underpinning Contracts (UC). This process not only agrees on SLAs, but also ensures compliance with them. Generally, SLM is responsible for ensuring that all processes of IT Service Management and underpinning contracts (SLA, OLA, UC) are designed for the agreed goals. SLAs should be defined and agreed for all critical IT services, based on customer requests and IT capabilities. Many areas of co-ordination exist that should be covered by SLAs. The most important points pertain to obligations towards the customer, service support requirements, financing and business agreements, as well as roles and responsibilities within SLA monitoring.
3.1.4
IT-based innovation management
A structured processes based on best practices are not only logical, but also making the working life noticeably easier. Studies - carried out as part of the INNOTRAIN IT project in 6 countries have proven that in companies using ITSM an IT employee can support a significantly greater number of workstations. In other words, the utilization of ITSM can provide a reduction of workload in the lower double-digit percentage range. Of course, people who are focused on maximising profits can save costs here and widen the profit margin. However, as a forward-looking measure, it would make more sense to optimise profits over the long term by investing the newly freed resources into the innovative ability of the company. The INNOTRAIN project focuses on precisely this question: How can free resources based on ITSM be used to foster innovations in the organisation? Of course, this kind of development is not
20
IT-Service-Management
IT Service Management: Fast, easy & clear
an instantaneous change. Taking the first step requires a certain level of motivation and strenuous efforts. However, if the decision is made to go ahead, the development could look like this:
Figure 7 - Developing the innovation potential based on ITSM
1. Phase 1 illustrates the situation before introducing ITSM. Expressed as a ratio, 100% of the time is used for original tasks. 2. The efficiency of IT increases by using best practices. The workload from the original IT activities is reduced over the medium term. Sustained optimisation and expansion of the use of ITSM can attain a further reduction of the load and open up corresponding potential for innovations. For the basic knowledge and procedure, refer to Chapters 3 and 4. 3. In the third step, the innovation potential is set free. Other changes must be made to the way of thinking and acting. Using technology stabilises the use of innovation potential. For more information, refer to Chapters 5 and 6. 4. In the final state (for the time being), the workload is reduced and the resources thus freed up are used to create innovation. But what are innovations, anyway? Innovation can be defined as follows: Inventions or adaptations that result in new methods for redesigning the production system. Thus an innovation of this kind could involve ideas, products, methods or services that are perceived by the company or business
21
IT-Service-Management
IT Service Management: Fast, easy & clear
area as new and that are adopted in everyday life ("internal market launch"). A flea market where you can browse online and anyone can buy and sell—without even having to leave home? Fifteen years ago, this idea of Pierre Omidyar's still seemed utopian. However, he turned his idea into reality and founded Internet auction site eBay. Based on the innovation spiral presented below, we can define three levels of innovation based on the principles of IT Service Management.
Figure 8 - INNOTRAIN IT innovation spiral
Layer 1 – Management of IT infrastructure services: Innovations in this level pertain to the company's IT infrastructure. In the example of Charly's service shop provided here, extensive growth of the company and a resulting change in printer management could lead the company to outsource non-business critical printer maintenance to the manufacturer or a service provider, paying only the actual printing costs ("pay-per -click") and shifting the risk (printer malfunctions, etc.) to this other party. Level 2 – Innovation of business processes: Today, IT is frequently cited as an enabler of business processes. Therefore, this level offers a great potential for improvements. Charly, for example, can establish an additional sales channel by adding the use of a spare part marketplace, while fundamentally changing the business process. Level 3 – Innovation of products and services: The level that is surely most demanding considers innovations on the product and service level. The most prominent example today are the countless smart phone apps provided as product supplements. Automakers couple these with their vehicles, thus changing the product.
22
IT-Service-Management
IT Service Management: Fast, easy & clear
The field of responsibility of the IT-based innovation management module includes identifying areas of potential, engaging in dialogue with the business, and initiating and supporting innovations. Because the innovation process takes place in several steps, the complexity of the associated problems increases. Therefore, introducing IT-based innovations is a complex process that can bring about a radical change in corporate business process. Accordingly, Chapter 6 deals with the topic of innovation management exclusively and thus begins with this subject. This is supplemented by Chapter 5, which talks about dealing with changes and thereby supports the organisation's change process.
3.2 Service operations
3.2.1
Service and infrastructure operations
"Help, my screen went black!" - We are all familiar with this call from users. Every day, we encounter a wide variety of these incidents in system operation, i.e. deviations from the plans. This chapter explains how to handle these incidents in a structured manner.
But first, let's briefly explain the relevant terminology: The service desk is the central contact for all inquiries from users, according to the principle of "one face to the customer." This provides the customer with a single point of contact for all IT-related inquiries (e.g. hotline, ticket system). In a few cases, companies even expand their service desk to handle other inquiries (such as event management). The purpose of this single point of contact is to handle service requests, create an incident or to submit a request for change. The service desk can be understood as a kind of funnel that collects all messages and then steers them to the correct processes. Initially, enquiries of all types are treated as incidents.
Service desk The service desk is the central function of ITSM. It is the link between the IT service and business operations. This function is used to transact all enquiries from, and support provided to, employees.
The incident is an unplanned interruption (such as a workstation computer that won't work) or reduction of the quality of a service (like a slow Internet connection). Failures of elements of the
23
IT-Service-Management
IT Service Management: Fast, easy & clear
configuration (Configuration Items) can be treated as an incident without a direct effect on the service. In this case, one example would be the failure of a mirrored hard drive, where the server is still up and running. In contrast, Service Requests are enquiries from users (with regard to information, consultation, standard changes, access) that do not have an effect on the service. They are one way to satisfy customers' needs. One example is a request for more printer toner when the printer indicates that it will run out soon.
Disruption or incident? An incident is defined as an IT disruption or IT service enquiry. Examples of an incident could be: "My Excel is crashing" or "I need to create a PDF from Excel. How do I do that?". All incidents should be processed by the central service desk and the status updated to enable later evaluation.
The process for managing and processing incidents is usually known as incident management. It passes through various phases:
1. Entering and classifying the incident 2. Diagnosing the incident 3. Escalating the incident 4. Closing out the incident
The current Version 3 of the IT Infrastructure Library (ITIL) provides a sample process as a best practice. This can provide the basis for a company to develop its own processes, as the requirements differ enormously from company to company. For smaller companies, it is surely good enough to just pick up the phone without any overarching workflow, but in medium to large enterprises, this results in repeated interruptions of employees' core tasks. In this case, it is worthwhile to take the more formal route.
In both cases, however, it makes sense to document the incidents and analyse them as part of an improvement process. Ideally, the incidents should be entered into a ticket system, but a simple list might be good enough at the beginning.
ITIL recommends the following procedure:
24
IT-Service-Management
IT Service Management: Fast, easy & clear
Figure 9 - Incident process based on ITIL V3
25
IT-Service-Management
IT Service Management: Fast, easy & clear
Phase I - Identifying, entering and categorising the disruption The identification of incidents normally shared equally by the large number of users. Most deviations can be identified easily, and because of the high relevance for users, they gladly accept the effort required to report these incidents.
In many cases, however, a proactive configuration is responsible for identifying an incident or imminent incident. For example, deviations can be identified on the hardware level (such as the failure of a hard drive in a RAID array) and reported. On a system level, the use of monitoring solutions has become widespread. This allows, for example, the function of an e-mail server to be checked by having the monitoring application send an e-mail and measuring how long it takes to receive a response. If a threshold value is exceeded during this process, this is designated as an event and an alarm is triggered.
Depending on the systems used and the corporate culture in place, actually entering the disruption could be the responsibility of the user (in a ticket system, for example) or the service desk agent (for phone calls or e-mails). In large companies, correctly categorising the ticket ensures that it will be forwarded to exactly the right specialist. However, even in small companies, it provides the ability—beginning at a critical mass of disruptions—to identify weak points and areas for improvement. For example, if a particularly large number of problems with an office application are reported, it may be worthwhile to provide the users with better training or replace the application. Like the entry of the disruption, its categorisation can also be carried out by the user or an IT employee. Based on the collected data, a decision can be made as to whether the entry pertains to a disruption or service request, which triggers a separate process.
Phase II - Prioritising The priority assigned to an incident specifies how the incident is handled by the employees and tools of the service desk. The prioritising process often holds a large potential for conflict between users and services providers, as by nature users will always assign top priority to their own incidents. Experience has shown that in many cases in which users determine the priority
themselves,
the
priority
differs
significantly from reality. Therefore, it is better Figure 10 – Example of prioritising incidents
to have the incident classified by the service desk employee, as only he or she has the
necessary overview of the current situation in the company. The definition of the priority is based on the effect on the supported business processes and the urgency until this effect takes hold.
26
IT-Service-Management
IT Service Management: Fast, easy & clear
Based on the priority assigned to the incident, response times (time until troubleshooting begins) and solution times (time until regular operation) can be defined. Phase 3 – Diagnosing and possible escalating The objective of the initial diagnostics is to gather all relevant facts (environment data, symptoms etc.). In many cases, this takes place in direct communication between the service desk employee and user. If the problem is simple or known, the employee will try to resolve it immediately. If this is not possible because there is not enough time or the necessary detailed technical knowledge is lacking, the incident has to be escalated for further handling. It can be distinguished between two types of escalation:
Functional escalation is passing it on to another authority (person or team) with greater experience. The forwarding can be either internal (to in-house IT employees) or external (e.g. to a vendor's support staff). Nowadays, this is often referred to as ―second-level support‖.
Hierarchical escalation refers to notifying and involving higher management levels to support the escalation. In this process, the higher-level manager is called upon to overcome organisation hurdles or mobilise additional resources to solve the problem in a timely manner.
The appropriate specialists now have to create the diagnosis or escalate it further until the final diagnosis is reached. Regardless of the escalation level, the service desk is responsible for the incident, co-ordinates the activities and provides users with regular updates about the progress of their incidents. Phase 4 – Remedying the disruption Once a diagnosis for the disruption has been identified, it can be remedied and the normal state restored. The solutions should always undergo corresponding testing. For example, printing a test page after removing a paper jam can provide immediate information as to whether other problems exist. When applications are adapted in what are known as hot fixes or patches, the possible interactions should be examined before making them available on a large scale.
After a successful resolution and restore, the incident can be closed out. In doing so, the service desk should ensure that the user is satisfied with the solution. In many cases, this is implemented by the system in that the service desk changes the status of the incident to resolved, but the user can close out the incident. In many cases, the next step is a brief survey with a few questions (3-5) to evaluate the quality of the service desk.
Problem Management Incident resolved – is that all there is to it? Of course not. In many cases, though the incident is resolved quickly using the process we just described, but the cause is not eliminated and may
27
IT-Service-Management
IT Service Management: Fast, easy & clear
result in further problems. For example, if paper jams occur frequently in a certain type of printer, this type could have a manufacturing defect or be incompatible with the paper being used. Problem management is concerned with just these kinds of root causes.
Problem A problem exists when multiple incidents indicate a pattern. Central management of the incidents by the Help Desk allows recurring problems to be identified (e.g. Excel always crashes for user XY whenever he or she has Word open at the same time) and long-term solutions can be found.
A problem, i.e. a root cause of one or more incidents, is handled by the problem management process in multiple steps. Again ITIL provides an adequate reference process: 1. Identifying the problem; this is done by the employees of the service desk, technical support team or event management. 2. Entering the problem, providing links to the corresponding malfunctions, including a categorisation for later reporting and the prioritisation of the problem, in a way similar to incident management. 3. Diagnosing the problem with the objective of identifying the root cause. If the cause has been identified but no solution is yet available, a workaround (e.g. restart printer) has to be defined. This is entered as a known error and made available to the service desk so that it can remedy the corresponding disruption more quickly. 4. Finding a solution with the objective of implementing it as quickly as possible. However, if a change is necessary for final resolution, this should be done using the procedure defined in the change management system. This structured procedure reduces and acts as a check on the possible effects (for more information, refer to Chapter 5Fehler! Verweisquelle konnte nicht gefunden werden.).
Both incident management and problem management are based on identical concepts with regard to personnel and tools. In larger organisations, it is recommended to establish a separate team that runs the service desk function. These organisations can consider concepts such as the centralised or decentralised service desk, virtual service desk (e.g. in collaboration with a supplier) or even corresponding time zone concepts for international companies (follow-the-sun principle). In small IT organisations, the function can also be entrusted to an employee who is responsible for the service desk and is supported by his or her colleagues. Ideally, this should implement the concept of "one face to the customer" or, in other words, one contact person for the user in all matters. It makes it easier for users to communicate with IT, intercepts trivial enquiries directly and enables the remaining employees (e.g. developers or administrators) to concentrate on their core topics.
28
IT-Service-Management
IT Service Management: Fast, easy & clear
On the tool side, numerous commercial and open source solutions are available today. Ideally, the service desk should have the following applications available, which are integrated into one solution or linked to each other via logical interfaces:
1. Ticket system that manages and documents a disruption or problem over its entire life cycle. It should also enable communication with the user (e.g. via a Web interface or by email). 2. Database for collecting known errors and solutions (known error database, KEDB). This does not always need to be a lofty solution. For smaller organisations, a simple list is usually sufficient. 3. A configuration management database (CMDB) is a tool that supports many areas. The database supplies data and information about the entire IT landscape and thus helps to identify the context and identify problems more easily. For example, you can read which employee uses which type of printer at his or her workstation. For more information on this topic, refer to Chapter 4.
3.2.1
Systems & outsourced services
Hands on the keyboard: is the heart of your IT still beating? This chapter is all about the heart of information technology – the applications, systems, networks and hardware. However, a wide variety of activities are required in order to set up, maintain and operate this complex configuration. Have you already outsourced everything? Even if you have, this chapter provides valuable information.
Before we really get down to business, let's stick with the subject of management for a bit. Many IT folks consider managing availability and capacity to be a strategic or tactical task. In smaller IT organisations, however, the usual scenario is that the specialist knows his or her systems in detail while also providing them with conceptual support; both topics are shifted to the operational level.
Availability management is responsible for all aspects that pertain to the availability of a service. Generally speaking: when required by the customer, a service provides the needed and planned function as set forth in the SLA [Service Level Agreement]. Concretely put: when the user wants to retrieve his or her e-mail, the corresponding e-mail server has to be working. Therefore, availability management serves as a monitor to ensure adherence to the objectives defined in the SLA and provides the necessary and possible improvements in terms of availability. In doing so, availability management can make use of reactive and proactive means:
29
IT-Service-Management
IT Service Management: Fast, easy & clear
Re-active
Pro-active
Monitoring, measuring, analysing, reporting and verifying the availability
Risk assessment and management
Implementing cost-appropriate countermeasures
Planning, designing and testing new or changed services
Testing the availability and failure mechanisms
Examining the non-availability
Service providers often attempt to attract customers by promising 99% availability of the service. This availability in percent is calculated by dividing the actual availability of the service by the agreed service time:
(
)
(
)
At first glance, the value of 99 percent availability seems very high. However, let's convert this to minutes and days and see what the results are. Relative to one day, 99-percent availability means less than 15 minutes of downtime. Calculated over the entire year, these 15-minute periods add up to 3.5 days. On this basis, a decision can be made as to whether 99 percent is a realistic level or not. In retrospect, it is worthwhile to check that the promise has actually been kept.
Another critical point for orientation is service availability (regardless of whether in-house or outsourced) from provision of the service to its consumption (end-to-end). For example, if we measure provision of a business application based on server uptime, other circumstances (e.g. failure of the network) between server and user can cause a downtime, which, however, is not taken into consideration. Accordingly, the measurement should be carried out as close to the receiver as possible in order to take all eventualities into account.
If a failure occurs despite all preventive measures, availability management provides two additional metrics:
Response time – Time between the report of a disruption and the beginning of troubleshooting.
Restore time – Time between the report of an incident and restoration of the service.
If service management is outsourced, the most important aspect to be considered when selecting the service provider is the restore time. Otherwise, the following case can occur: After a hardware defect, the provider already responds after a few minutes and initiates the order of the spare part.
30
IT-Service-Management
IT Service Management: Fast, easy & clear
However, if the spare part is not available and a week passes until delivery, the service cannot be offered again for a few days.
Another management topic is managing the available capacity and the needed capacity in the future (capacity management). The Capacity Manager acts as the "fortune teller" of corporate IT. He or she does not look into a crystal ball, but instead analyses the current demand, monitors the company's development and, based on the corporate strategy, derives the future demand for services and the underlying infrastructure. He or she must ensure that the needed capacity is available in the planned quality at all times.
Capacity management consists of three subareas:
Business capacity management includes all activities intended to identify future business requirements and reflect them in the capacity plan.
Service Capacity Management refers to the activities that provide insight as to the capacities of the IT services required in the future.
Component Capacity Management includes all activities that monitor the capacity, performance and utilisation of the individual configuration elements (e.g. PC, printer, telephone, server).
We can put it most simply by saying that the future requirements of business for the services, and the demand of the services for the resources, have to be taken into account and reflected in the capacity planning. Based on this plan, actions are possible to ensure that the goals of the SLA are also met in the future. For example, the growth of the amount of disk space needed can be documented, a forecast derived from this and additional disk space purchased in a timely manner. This ensures that a cost-appropriate IT capacity can be maintained.
Up to this point, we have only talked about management of IT and IT services. However, we must not forget the specialists who install and maintain the applications and systems. Depending on the size of the company, these technical operations are divided into various teams and responsibilities. The common differentiation is between responsibility for systems and applications.
System support, the company's administrators are concerned with all hardware-related topics. In the ITSM environment, this task is often given the title IT operations management and includes management of the physical IT infrastructure (typically in data centres or computer rooms). The foremost goal is safeguarding and optimising the current, stable condition of the infrastructure.
Examples of the tasks of IT operations management include:
System administration and running operational activities and events
Console management and job scheduling of the servers 31
IT-Service-Management
IT Service Management: Fast, easy & clear
Backup and restore
Print management
Performance measurement and optimisation
Maintenance activities
IT facility management (climate control system, power supply etc.)
Application management, on the other hand, is responsible for designing, developing, testing and improving business applications. The areas of responsibility can vary greatly from company to company. If the software is developed in-house, the range of application management responsibilities widens. The other option is to outsource application development. Of course, there are many increments between these two solutions (e.g. standard software with in-house adaptations). The tasks of application management are defined as follows:
Supporting the company's applications
In some cases, designing, developing, testing and improving applications
Supporting IT operations management
Training employees
3.2.2
IT procurement
The rapid development of information technology poses constant challenges to the IT departments of small and medium-sized enterprises: there are new kinds of technologies, changed services and innovative products. Do these have the potential to add value to the business or are they merely self-serving? Many calculation options are available for answering this question:
Total cost of ownership (TCO)
Total benefits of ownership (TBO) / Total value of ownership (TVO)
Static or dynamic investment calculation
Return on investment (ROI)
It is, in fact, true that these options provide the company with correct results in subareas. Viewed separately, however, they do not provide valid results in the majority of cases. For example, there is no correct comparison of all costs and benefits, or only purely monetary variables are used. Ultimately, it is necessary to clarify whether the total benefit (TBO/TVO) to be expected justifies the total costs (TCO) to be expected over the service life or even creates a profit situation. In other
32
IT-Service-Management
IT Service Management: Fast, easy & clear
words: a return on investment consideration, which is not limited to the investment costs and the monetary benefits, but considers all costs and benefits. Once the investment decision has been made, "all" that is left is to purchase the new IT components. All too frequently, however, this plan proves to be extremely complex. Not without reason, as IT procurement processes affect multiple areas of an organization – including those outside IT – and include services of external providers, such as suppliers. Accordingly, close co-operation should be pursued and open communication maintained.
Supplier management within the IT organization has the following objective:
Regularly observing the procurement market and monitoring trends and innovations
Selecting suppliers, taking into account the strategic significance for the company's business processes
Negotiating contracts and agreeing on a fixed scope of services with the suppliers
Ensuring and continuously increasing the quality of the purchased service
Managing relationships with suppliers
Documenting all suppliers, contracts and relationships
In many cases, the tasks are also divided up between the purchasing department as such and the IT organization. In doing so, IT co-ordinates all
technical
aspects
in
the
cycle,
while
purchasing handles structuring the contracts and pricing.
The greater a supplier's strategic significance for the company, the more long-term the business relationships should be. The significance can be defined based on two variables: Diagram 11 - Classifying suppliers
Value contribution and importance
Risk and influence
In most cases, a long-term, close-knit co-operation pays off. For example, blanket purchase agreements often allow more favourable terms and conditions when buying components (e.g. for the expected quantity of desktop computers in one year, while also allowing optimisations and relieving workload in the procurement process. Over the medium term, consistent standardisation can achieve additional effects of scale.
33
IT-Service-Management
IT Service Management: Fast, easy & clear
Is IT procurement not a relevant topic to companies that have outsourced all services? Even when full outsourcing is used, it is important for there to be a responsible contact person in the company; here, too, the customer–supplier relationship has to be maintained, quality monitored and the market observed regularly.
3.2.3
Security and environment
"Sony says sorry - the Playstation manufacturer has apologised for the massive data theft in its networks and promised free games as compensation and better security measures. (…)―. These or similar words were used by many daily newspapers to relate the story in spring 2011. Criminality in the IT environment is nothing new. As a small company, one could surely ask: who could profit from my data anyway? However, the topic of IT security is more varied than one might think, and certainly also relevant for smaller companies:
First names, car marques, birthdays or the favourite football club—many people use easy-toremember terms to recall a password. Is a corresponding guideline in place in the company?
Is the company's administrator password securely stored with the administrator's supervisor in case the admin is absent?
Are virus scanners installed and are they updated on a regular basis?
Are hard drives securely deleted (wiped) before being disposed of?
Are important servers stored where they are safe from water or heat damage?
What happens to e-mails when an employee is on vacation?
Who is permitted to use his or her personal mobile phone in the company?
Numerous statistics prove that approximately half of security-related incidents are triggered not by external parties, but by the company's own employees. In almost all cases, this is accidental, usually out of ignorance, a lack of training or carelessness. Accordingly, SMEs should also analyse the possible hazards and take countermeasures.
In doing so, all possible risks should be taken into account:
Protecting the information from unauthorised access and malware (e.g. viruses, hacker attacks, espionage)
Provisioning the information to authorised persons (Access Management)
Securing the infrastructure against influences from the area surrounding the IT (e.g. overvoltage in the power supply network or power failure, flood, heat or even fire)
34
IT-Service-Management
IT Service Management: Fast, easy & clear
The measures taken (e.g. providing a firewall, using a climate control system) are to be considered preventive. The measures taken should be in proportion to the possible harm. Operating a server in the supply closet next to chemicals and moist rags is surely negligent. However, an autonomous, earthquake-proof data centre is surely also not the right choice for a small company. One hundred percent protection is possible in rare cases only or associated with high costs that are justified in only a few application areas. However, the possible risks should be specified accordingly and the measures planned in case the risks do occur. This is done in what is known as an IT recovery plan for various scenarios. The objective is to restore normal operation of the disrupted service(s) as quickly as possible. If, for example, the servers have to be shut down during a long-term power failure, the recovery plan should describe the systematic procedure at the start so that all dependencies between the systems are taken into account and no further delay or even damage occurs.
3.3 Monitoring, improvement & change
3.3.1
Control and audit
Every ITSM guideline needs a section that describes the rules and mechanisms responsible for monitoring and controlling all IT-related tasks and activities. Auditing and controlling information systems are part of the internal auditing and controlling functions of organisations.
35
IT-Service-Management
IT Service Management: Fast, easy & clear vii
The Institute of Internal Auditors (IIA) has defined Internal auditing as : an independent objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has defined viii
Internal control as: : broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) Effectiveness and efficiency of operations; (2) Reliability of financial reporting (3) Compliance with applicable laws and regulations." Audit and control are closely related to each other and are frequently mentioned and described together. Both processes are intended to provide assurance with regard to the achievement of business objectives. However, there is a clear distinction between the terms: 
Control takes place via self-assessment, i.e. it is carried out by the employees who are responsible for certain tasks. In the IT area, for example, this can pertain to the system administrator, who checks systematically to ensure that the tasks he or she carries out are fulfilled properly.

In contrast, an audit must be carried out by an independent entity (i.e., without the involvement of the entity that reports to the manager, who is responsible for an audited unit) and is concentrated on the effectiveness of control mechanisms. An audit is intended to verify that the control system is efficient. This, in turn, is expressed in its potential to discover errors and irregularities that get in the way of attaining business objectives.
Control activities play the most important role in the case of SMEs, which is due to the structure of the process participants and the corporate structure (see below). For this reason, the name of this section (3.3.1) has been changed to "Audit and control" instead of "Control and audit," which is used most frequently in the literature. Generally speaking, all audit and control activities are concerned with systematically monitoring multiple defined control objectives. This process determines whether these are met and estimates the extent to which they are met. With regard to audit and control of information systems, numerous guidelines and standards are available. However, there is one generally acknowledged standard that describes how an ITrelated audit and control function is to be run within the company. This standard is COBIT: Control ix
Objectives for Information and Related Technology . There is also a limited version of this standard x
called "COBIT Quickstart," which has been designed specially for SMEs and is customised to their special features. These standards can be used as reference models if concrete audit and control processes are implemented in a company.
36
IT-Service-Management
IT Service Management: Fast, easy & clear
Large companies have their own well-organised audit departments with corresponding processes, while SMEs do not approach this subject in such an organised and systematic manner. This is due to the fact that SMEs are structurally much smaller than large companies and usually do not formulate long-term strategies. Which level is appropriate for audit and control in an average SME? This question has to be answered in detail by the management of the respective company. However, we can narrow it down to four specific processes: 1. Providing IT governance 2. Monitoring and evaluating the IT service 3. Ensuring compliance with external requirements 4. Monitoring and evaluating the internal control Processes 1-3 are solely control processes, as they are carried out in their entirety by employees who are entrusted with the daily tasks in the areas of the company's business processes and corporate IT. Process 4, on the other hand, is an audit process and should be carried out by an external company. Generally speaking, each process of an audit and control function is to be carried out in the following steps: 1. Defining the suitable management processes 2. Reviewing the maturity level of the process 3. Defining the responsibilities in the company 4. Defining the most important measures (metrics) used for process monitoring When it comes to defining management processes, a company has to set up and elaborate certain patterns for desired procedures that fulfil the ITSM specifications identified when formulating business and IT strategies. The desired procedures could, for example, include the following: (1) Setting up regular reporting about the IT activities for review by corporate management; (2) Defining a method for discussing the limited quantity of relevant and measurable results and operating figures for IT that are monitored continuously; (3) Making a review of the method with which other companies in the industry approach IT topics and important IT decisions or (4) Identifying the requirements that result with regard to compliance with external regulations. All management practices are process-dependent. Therefore, they have to be set up separately for each individual process. With regard to the SME, the number of management practices should be limited to a reasonable figure of no more than 3 per process. The maturity level of a certain process can be reviewed by comparing the current and desired state of the specific process within the company with the objective of the company and the average value in the industry. This can be done by carrying out the following steps: 1. Defining the current position of the process within the company.
37
IT-Service-Management
IT Service Management: Fast, easy & clear
2. Defining the desired position of the process within the company. To carry out this step, an average position in the industry can be used as reference. 3. Determining the gap between the current and desired position. 4. Defining the change process for getting from the current to the desired position. 5. Defining the integrated implementation program for governance. The tool for carrying out this task is the maturity model. This concept is taken over from the CMMI (Capability Maturity Model Integration) method, which is defined by the SEI (Software Engineering Institute). It consists of 5 levels:
xi
1. Initial – the process arises from the situation and is chaotic. 2. Managed – the process is planned and executed in accordance with corporate guidelines. 3. Defined – the process is described and understood well and characterised with respect to standards, procedures, tools and methods. 4. Quantitatively managed – performance and quality of the process are managed by quantitative objectives. 5. Optimising – the process is continuously improved using quantitative insights into the respective business requirements and performance requirements. The concrete ITSM standards can contain modified versions of the maturity model. Though the change can involve a different designation and number of levels, the basic philosophy remains the same: The workflow goes from the lowest to the highest level, were the maturity of the model increases with each level. Each process is carried out by persons. Therefore, a company has to define the responsibilities of the individual roles and verify each management procedure with the suitable corporate role and the type of responsibility. In the ITSM, this is also called the RASCI (or RACI) diagram: Responsible – responsible for the actual implementation. Is interpreted as responsibility in the disciplinary sense. Accountable (cost responsibility), responsible in the sense of "approve," "authorise" or "sign." The person with responsibility in the legal or commercial sense of the word. Supportive . The person can play a supporting role or make operating resources available. Consulted – specialised responsibility. A person whose advice is solicited. Is also interpreted as responsibility from a specialised point of view. Informed – right of information. A person who receives information about the course/the result of the activity or as the right to obtain information. In the case of SMEs, the corporate roles can include business owner, managing director, IT manager, various department heads, head of accounting etc. These roles must be assigned
38
IT-Service-Management
IT Service Management: Fast, easy & clear
carefully and adapted to the corporate framework and scope of activities. Using the example of the auto repair shop, a RASCI matrix could be set up like this:
Figure 12 - Example of a RASCI matrix
Each ITSM method is constructed properly when its effectiveness and efficiency are measured. Generally speaking, effectiveness pertains to "carrying out the correct actions," while efficiency is "carrying out the actions correctly." There are two types of metrics with which the above goals can be measured. From the total number of metrics available, the most important ones are selected and defined as the primary metric. They are used for reporting and are intended to ensure efficiency, effectiveness and profitability. These are defined in ITIL as Key Goal Indicators (KGIs) for measuring effectiveness and Key Performance Indicators (KPIs) for measuring efficiency; COBIT uses Lag Indicator and Lead Indicator, respectively, as synonyms for these terms. Key Goal Indicator (KGI) or Lag Indicator Metrics that show management whether an IT process has fulfilled business requirements. The number of incidents could be one example of a KGI. Key Performance Indicator or Lead Indicator Metrics that determine the performance level of IT processes in terms of supporting target achievement. They are early indicators of whether or not a target is likely to be attained. Examples of KPIs include response time or the first-call resolution rate of incidents. As mentioned previously in this chapter, COBIT Quickstart is a practically oriented recommendation that can be used as a reference model for setting up control and audit procedures within SMEs. This recommendation can and should be adapted to the specific features and structure of the company. The adaptation can, for example, take the form or reducing the number of corporate units in the RASCI diagram, reducing or expanding the levels for the process maturity or any other changes. A detailed description is provided in the current COBIT Quickstart from the IT Governance Institute. 39
IT-Service-Management
3.3.2
IT Service Management: Fast, easy & clear
Compliance
In industry jargon, the term compliance is used to refer to fulfilment of national, European and international laws and directives (e.g. German Federal Data Protection Act, Basel II, SarbanesOxley Act), as well as voluntary codes of conduct in the company. Compliance also includes a few IT-related regulations such as security (protection of personal data), health, ergonomics, confidentiality, legal and regulatory requirements, intellectual property, arrangements for eCommerce, insurance contracts and a few industry-specific regulations and procedures such as the obligation to store recordings for tachographs. The objective of IT compliance is comprehensive and consistent observance of compliance requirements. In addition to safeguarding against legal consequences, this provides benefits for the valuation of the company as well as higher IT security. The core task lies in documenting and making corresponding adaptations to IT resources when rules and regulations change. In addition, potential problems or hazards could be evaluated regularly (refer also to Chapter 3.2.3) All areas of compliance have to be examined with the greatest possible care, as the number of these regulations increases continuously. In the event of violations of these rules and regulations, in some countries, executives and board members can be made liable for adherence to the legal regulations. Failure to comply with these regulations can incur civil and criminal penalties. For example, the German Federal Data Protection Act (BDSG) provides for violations to be punished by imprisonment of up to 2 years or fines. Basel II has prescribed extensive verification measures for financial institutions. As a result, all companies have had to take action to implement IT compliance, if they had not done so already. For additional detailed information and examples of processes related to compliance, refer to current COBIT publications.
3.3.3
Managing changes
Have you ever installed a software update, only to find that nothing works afterwards? If the effects are limited to your own workstation, it may not be so bad. However, if we imagine the consequences when updating all of a company's computers, an administrator will quickly learn not to be careless and check everything twice in future. Change management, which is often considered too bureaucratic, can be a useful tool for preventing disruptions. It offers interfaces to other processes, specifically the continuous improvement process or problem management. For example, within problem management, potential problems are identified, analysed and a solution defined. If the solution necessitates a change of the current situation, the needed changes are handed over to the change process via a change request. This defines a structured procedure in which an element (e.g. workstation computer, server hardware, but also services or processes) are
40
IT-Service-Management
IT Service Management: Fast, easy & clear
to be brought from a current state into a desired future state by modifying, adding or removing. The objective of change management is to facilitate a worthwhile change with minimal interruption of the IT service. Change The word "change" refers to any and all modifications to the existing IT landscape. For example, identifying a problem (e.g. the spreadsheet software always crashes when the e-mail client is open at the same time) can cause a change when a solution has been found. The answer to the problem mentioned here could be increasing the memory in the computers. This is also referred to as a change. In addition to the "hard" changes such as the technological changes described above, there are the "soft" or organizational changes. The massive involvement of the human factor means that a special procedure has to be followed here; accordingly, a separate chapter (Chapter 5) is dedicated to this complex topic. Changes to the information technology of today are, in many cases, a similarly complex task due to the highly dynamic nature and number of the various elements and their dependencies on each other. These changes can have multi-layered and far-reaching consequences. For example, if a new operating system is introduced, after which the printers used and the business management application systems are not compatible, the consequences can be very far-reaching indeed. Accordingly, the foremost objective of change management is minimizing risk. By making changes in a controlled manner, one can also monitor the potential risks that changes incur. The following can indicate room for improvement in a company's own change management:
Frequent unplanned service outages
A low success rate when carrying out changes
A high rate of emergency changes or unauthorised changes
If these reasons apply, it is worthwhile to think about this topic. However, in addition to minimising risk, professional change management can provide additional added value for IT and customers:
Highly qualified processing of changes as well as better planning of times, quality and costs
Cost reduction over the medium term provided by standardised procedures
Increase of productive service time by reducing service downtimes
Combined view of business and IT aspects of a change for identifying areas with room for improvement
41
IT-Service-Management
IT Service Management: Fast, easy & clear
To attain a certain level of transparency, a reasonable data platform for making decisions and, finally, documentation, desired changes are compiled in a Request for Change. For this reason, a very practical way to enter a request of this nature is in a ticket via the service desk or as a document template that has to be filled in. However, it is important to define which form is used for which change type and to ensure that the corresponding variants are available if necessary. In practice, the changes seem to fall into three categories: Standard changes Changes for which a standardised procedure has already been defined in advance and that usually have only minor effects. Due to their general planning, they do not require a release procedure. Examples of a change of this nature include setting up a new e-mail account, resetting a password or setting up a regular workstation. Normal changes Changes that are relatively time-uncritical and cannot be treated as a standard change. An example of such a change could be installing a patch in the ERP system. Emergency changes In the event of an incident, it may be necessary to make quick changes. In this case, the normal procedure is too slow and complex. Accordingly, in this case, changes can be made according to defined requirements, but much more quickly. This makes a difference, for example, when a hardware failure has an impact on the services. Finally, we have to clarify the activities of change management. As usual in the IT Service Management, this has been defined as a process. The following illustration shows the process. First, let's explain the two roles of change manager and authority: As the name implies, the change manager role is in charge of administration for the change. It can be filled by multiple persons. In many cases, the service desk employee is also responsible for the initial steps of change management. The person(s) filling the role can be defined according to the needs of the company. The role of authority is frequently filled by what is called a Change Advisory Board. It consists of representatives of all IT areas, the business areas and any possible third parties (e.g. external suppliers). In smaller companies, however, the Change Advisory Board can also be replaced by a regular team meeting.
42
IT-Service-Management
IT Service Management: Fast, easy & clear
Figure 13 - Change process based on ITIL
43
IT-Service-Management
IT Service Management: Fast, easy & clear
1. Creating the change request The change is always requested by the request of an initiator (e.g. employee, organisational unit and employee of the service desk) with a change request. A change request can be recorded and documented in different ways (such as paper, e-mail, online form). The degree of detail depends on the scope and effects of the change. The ideal scenario is to use an integrated service management tool that documents all data and can map all dependencies (e.g. to configuration items). Based on the change request, a change record is created that documents all activities.
2. Verifying the change request In the initial verification, the change request is checked by the change manager to ensure that it makes sense and is categorised correctly. For example, standard changes are forwarded directly for processing. On the other hand, enquiries that are not practical, filled in incompletely or have already been evaluated are filtered out and the initiator is subsequently notified of the rejection of the application along with a reason. In this process, the person submitting the application should be given the right to object.
3. Evaluating the change To make a decision about a change, the following parameters have to be entered. ITIL designates these parameters as the "seven R‗s of change management." 1. Who RAISED the change? 2. What is the REASON for the change? 3. What is the required RETURN? 4. What are the RISKS? 5. What RESOURCES are required? 6. Who is RESPONSIBLE for required activities like implementation and test? 7. What is the RELATIONSHIP between this change and other changes?
The information determined can be used to determine the correct level of authorization, to identify the areas of interest ("Who is affected?") or to define the business case, effects, costs, benefits and risks.
4. Authorising the change Authorization ensures that all those affected by the change have been notified of it and dealt with it. The transparency this creates reduces the risks and allows the effects to be checked. Depending on the type, scope and risk of the change, different stages of authorisation may be most useful. For example, replacing a tape drive, which has very minor effects, will be discussed and coordinated only within the IT department. Release changes of the ERP system will surely also be discussed all
44
IT-Service-Management
IT Service Management: Fast, easy & clear
the way up to the management level of the company. Depending on the decision made by the committee, the result is communicated to all those involved, particularly the person applying for the change.
5. Planning the change When changing the software, it often makes sense to combine all changes into what are known as releases and then to make them available in a single step. Here, the advantages (e.g. improved planning, better implementation rate) are examined compared to the disadvantages (e.g. time delay). In addition, the actual implementation should be planned and co-ordinated. This must take into account that active services are affected as little as possible. The result of this is to be clearly defined work packages.
6. Implementing the change The authorised changes are forwarded (formally) as work packages to the corresponding employees or teams. These carry out the actual implementation. However, change management is responsible for co-ordinating the activities and their on-time completion.
7. Checking and closing out the change In a last step, the change is again reviewed and closed out. This happens with the following activities:
Compiling the documentation for the change
Reviewing the change and its documentation
Closing out the change document (after completing all activities)
Reporting the close-out to all participants and presenting it for acceptance
If referenced faults or problems exist, these can likewise be reviewed and closed out
If a change is very time-critical (e.g. failure of a server), we refer to it as an emergency change. In this case, we should follow a similar procedure, but individual steps can be shortened. For example, the evaluation and planning phases are greatly shortened and his comprehensive documentation. In this case, the authorization also takes place by the relevant participants who are available at the time (this is also called an Emergency Change Advisory Board (CAB)). Tests are reduced or, in an extreme case, are omitted entirely. As a rule, the emergency change takes place retroactively. This is intended to ensure that the change follows a reasonable workflow, despite the time pressure.
45
IT-Service-Management
3.3.4
IT Service Management: Fast, easy & clear
Continual service improvement
Continual service improvement
(CSI) is part of ITSM. In doing so, methods from quality
management are used to learn from past successes and failures and, in this way, develop solutions that continually improve the effectiveness and efficiency of IT services and processes. CSI has to prove its value to the company in order to justify its continued existence. A clearly defined purpose with clear and unambiguous benefits that impact the entire company must be present. CSI, as defined by ITIL, consists of four process:
Service Evaluation – Process Objective: To evaluate service quality on a regular basis. This includes identifying areas where the targeted service levels are not reached, and holding regular talks with business to make sure that the agreed service levels are still in line with business needs.
Process Evaluation − Process Objective: To evaluate processes on a regular basis. This includes identifying areas where the targeted process metrics are not reached, and holding regular benchmarkings, audits, maturity assessments and reviews.
Definition of CSI Initiatives − Process Objective: To define specific initiatives aimed at improving services and processes, based on the results of service and process evaluation. Process Objective: To verify if improvement initiatives are proceeding according to plan, and to introduce corrective measures where necessary.
CSI monitoring − Process Objective: To verify if improvement initiatives are proceeding according to plan. In addition, correction measures are carried out.
The CSI process requires three actors. The first actor, the CSI manager, is responsible for managing the improvements to ITSM processes and IT services. The CSI manager measures the service provider's performance continually and designs improvements to changes, services and infrastructure in order to increase efficiency, effectiveness and profitability. The second actor, the process manager, is responsible for planning and co-ordinating all process management activities. He or she supports all actors involved in managing and improving processes, which also includes the process owners. This role also co-ordinates all changes to processes, thus ensuring that all processes work together seamlessly. The third actor, the process owner, is responsible for ensuring that a process is suitable for its purpose. The responsibilities of the role include supporting, designing and continually improving the process and its metrics. Companies that want to improve services have to be clear about the effect of trends in the business and market area on the IT area. To justify any and all improvements, the company should compare costs and earnings (or savings). The difficulty lies in the fact that though the costs can be measured relatively easily, it is more difficult to express in figures the increase in earnings as a direct result of the Service Improvement Plan (SIP). The SIP is a formal plan for implementing
46
IT-Service-Management
IT Service Management: Fast, easy & clear
improvements to services and IT processes. The SIP is used to manage and log improvement initiatives triggered by CSI. Improvement initiatives are either of the following:
Internal initiatives tracked by the service provider, for example for improving processes or to better utilise resources
Initiatives required for working together with the customer, for example improving services
The following information are typically included in the SIP for each defined initiative for process or service improvement: 1. Affected process or service 2. Person responsible for the process (process owner) or service (service owner) 3. Initiative owner (person responsible for the initiative, frequently roles in service management such as Service Level Manager, capacity manager, availability manager, process owner, service owner) 4. Approval by upper management 5. Description of the initiative 6. Source of the measure (e.g. service review, process audit) 7. Business scenario (expected result of the initiative, cost estimate, specific desired result of the initiative, e.g. a certain cost reduction when provisioning a service) 8. Schedule and status of the implementation (target date, current status) CSI is a part of every successful service management implementation. CSI ensures that the IT services grow along with the business and adapt to it, and enables continuous improvement of service stability, performance and functionality. CSI projects can be implemented in many different forms: simplified request of services by customers, fewer required documents and shorter wait times for service enquiries, creating an outstanding service catalogue by means of better understanding etc. The purpose of CSI is to continually align the IT services with changing business requirements. For this purpose, improvements to IT services that support business processes are identified and implemented. The objectives of CSI are the following:
Reviewing, analysing and drafting suggestions for the service strategy, concept, transition and procedures
Reviewing and analysing the results when the service level is attained
Identifying and implementing individual activities to improve the IT service quality
Improving profitability when providing IT services without negative effects on customer satisfaction
Ensuring that suitable methods of quality management can be used to support continuous improvement activities
47
IT-Service-Management
IT Service Management: Fast, easy & clear
Figure 14 - CSI model based on ITIL
According to the CSI model (Figure 14), the process for improving services is a constant cycle that consists of the following steps.
Understanding the business mission, objective and requirements in order to create a vision for improvements based on this vision (What is the vision?)
Reviewing the current situation in terms of business, company, employees, processes and technology in order to obtain an accurate snapshot of the current state of the company (Where are we now?)
Understanding priorities for improvements and making corresponding agreements based on a development of the principles from the vision (Where do we want to be?)
Drawing up a detailed CSI plan for attaining a higher level of quality of the provided services by implementing ITSM process (How do we get there?)
Reviewing measurements and metrics if they ensure that the milestones are reached, the compliance of the processes is high and business objectives and priorities are attained by the service level (Did we get there?)
48
IT-Service-Management
3.3.5
IT Service Management: Fast, easy & clear
IT project management
A project is a limited-time initiative for developing a specific product or a certain service, such as a building or a new computer system. Each product extends from the start to close-out and can take days, weeks, months or even years. For Charly's company, introducing an online store would be a project, but running the online store is part of everyday business operations. Project A project has limited time and monetary resources and is undertaken to create a one-of-a-kind product, service or result. It has clear goals, requirements and quality specifications. A project can also take on the form of a temporary organisation. Project management is described as a series of principles, practical workflows and techniques that are used to check the project schedule as well as costs and performance. It consists of a series of tasks with which a project is run from beginning to end in order to attain the goals determined earlier. Relative to this definition, IT project management can be understood as a sub-area in which information technology projects are planned, monitored and controlled. In this regard, it is important to pay due attention to the broad spectrum of tasks. The new areas of knowledge of the PMBOK (Figure 15) provide an insight into the various subject areas that are to be considered within project management.
Figure 15 - Areas of knowledge of project management according to the PMBOK
Regardless of type, all projects are carried out and implemented within the framework of certain constraints. The three constraints of time, costs and scope are frequently referred to as the "magical" Project Management Triangle. The time constraint completing
refers a
to
the
project.
time
The
available
cost
for
constraint
describes the budget available for a project. The last constraint, cost, specifies which activities have to be carried out to reach a goal. For a
49 Figure 16 - Project Management Triangle
IT-Service-Management
IT Service Management: Fast, easy & clear
project to be successful, these three constraints have to be in balance.
Various approaches can be taken into account in project management. Two important ways of looking at it are: 
Traditional approach: Identifying a sequence of steps that have to be carried out

Agile approach: The project as a series of relatively small tasks (not a complete process).
Traditional project management requires highly disciplined planning and control methods. In this approach, we can distinguish between five phases in the development of a project. Each phase contains processes with which the project is advanced from idea to implementation. The individual phases include: 1. Project initiation phase 2. Project planning and design phase 3. Project execution and implementation phase 4. Project monitoring and control systems 5. Project completion The traditional approach assumes that it is possible to foresee the effects of certain results on the project. For this reason, all tasks have to be carried out one after the other, in the correct sequence. In contrast to the traditional approach, agile project management is based on the principle that interaction between the individuals should be in the centre of the management. The project is viewed as a series of relatively small tasks that have to be adapted according to the respective situation and not designed and implemented as part of a process planned entirely in advance.
A number of project management methods are used to formally define how the project is managed. For example, the following sections explain Project Management Body of Knowledge (PMBOK), Projects in Controlled Environments (PRINCE) or SCRUM as an agile method for software or product development. The objective of each of the three techniques is to standardise the workflows of the development team in order to make it more predictable and manageable.
Project Management Body of Knowledge (PMBOK) PMBOK is a guide for project management that compiles standard technology (IEEE, ANSI) that provides the basics of project management and their application to a wide variety of projects. The first version of the PMBOK guideline was published by the Project Management Institute in 1987. It is concerned with applying knowledge, skills, tools and techniques to fulfil project requirements. A 50
IT-Service-Management
IT Service Management: Fast, easy & clear
project is implemented by integrating the project management processes. A project team is active in nine areas of knowledge: Integration, scope, time, costs, quality, human resources, communication, risks, procurement. These define a series of basic processes and describe them in terms of input, tools, techniques and output. The project manager is responsible for the project goals for creating the defined end product. In this regard, the constraints of project scope, time, costs and the required quality have to be observed. Project in Controlled Environments (PRINCE2) PRINCE2 is a product-based approach for project management developed by the UK government and used internationally, especially in IT environments. As a scalable method for managing IT and other business projects, PRINCE2 defines forty different activities and structures these into seven processes: (1) Starting up a project, (2) Initiating a project, (3) Directing a project, (4) Controlling a stage, (5) Managing stage boundaries, (6) Managing product delivery and (7) Closing a project. The method specifies each process with central inputs and outputs as well as certain objectives and activities that have to be carried out. This enables automatic control of any and all deviations from the plan. The method is broken down into manageable phases and enables efficient control of resources. Based on close monitoring the project can be executed in a controlled and organised manner. PRINCE2 is a flexible method and can be used on all types of projects. SCRUM In today's global economy, software developers are under pressure to deliver the right products faster. As a framework concept for executing projects based on the principles and values of agile project management, SCRUM can be used for managing and controlling complex software product developments with repetitive, incremental procedures. It is necessary to take into account that this method was originally planned for projects in the software development area, but can be used for both simple and complex innovation projects. As with the other methods derived from the agile method, SCRUM does not attempt to define everything at the beginning of a project. Rather, SCRUM uses an empirical approach in which the entire project is split up to sprints, i.e. time increments of typically two to four weeks. At the end of each sprints, the team members hold meetings to discuss the progress of a project and discuss the next steps.
51
IT-Service-Management
ITSM Implementation in SMEs
4 ITSM Implementation in SMEs IT Service Management can be introduced in companies in different ways. Depending on the maturity level and experience in the company, different processes can take priority. In addition to incident and problem management, change management is frequently the first step of an ITSM implementation. The change management scheme should be developed at the earliest possible stage, as it is the core of continuous service improvement.
ITSM implementation is not only a technical, but primarily an organizational change process. People in organisations have to change their behaviour. However, resistance to change is a trait many people share. However, it is people who decide whether or not ITSM introductions are successful. A few ITSM projects are specifically devoted to the capacity for change and willingness to change of IT or service desk employees and pose these questions: 
Can the employees who have worked according to the same pattern for years internalise the philosophy of ITSM in a short time and change their work processes?

Do the employees have the capabilities required to bring a service organisation to life?

Are the expectations with regard to the time and personnel outlay required for implementing ITSM even realistic?
In practice, the greatest obstacle for IT Service Management is personnel-related, cultural and organisational resistance to change. Change management measures should be planned at an early stage during ITSM implementation. The aspects and methods of change management in ITSM projects are described in detail in Chapter 5.
Real-world business experiences show that it is usually impossible to implement five to ten ITSM processes in six months. The primary success factor is when the ITSM philosophy is conveyed successfully and a corporate culture exists that is open to the change and promotes effective introduction of ITSM. Many companies that claim not to have IT Service Management have already dealt with the issue of disruptions in the operating workflow and frequently used existing standardised procedures. These companies have then adapted IT Infrastructure Library (ITIL), for example, to suit their needs ideally, but without understanding the philosophy. Therefore, they have put the second step before the first. In other words: they have put up the walls without laying the foundation. This chapter is intended to prevent exactly that. An example of a blueprint is provided to introduce IT Service Management in the company. Each company and each IT department have their unique characteristics. Therefore, this plan serves only as a rough guide that can be adapted to the company's own needs and circumstances and has to be elaborated in detail. The following information is focused on the essential steps of the ITSM implementation project that small and medium-sized companies typically have to go through.
52
IT-Service-Management
ITSM Implementation in SMEs
Based on the diverse requirements of the different types of companies, the following pages will present a draft for a modular plan. It takes into account two concepts: Modularisation and prioritisation.
Modularisation In Chapter 3, we presented the INNOTRAIN IT method, and already made use of the concept of modularisation there. Individual processes and functions have been compiled into modules and can be but together like building blocks according to specific needs. This principle is carried over into the introduction. In doing so, modules can be implemented in the manner deemed most suitable.
Prioritisation By prioritising the modules mentioned above and taking into account certain dependencies between the modules, an individual flow chart for the company can be derived.
The following Figure 17 shows the implementation of these concepts. As mentioned earlier, the modularisation has already been explained in Chapter 3; therefore, this aspect of the graphic is also identical. The prioritisation is highly pragmatic and, in this case, contains only the distinction between mandatory (shown in dark shades) and optional modules (shown in light shades). We assume that individual companies have carried out a complete outsourcing of their IT. However, implementing the mandatory modules is useful even in these cases.
Figure 17 - Overview and classification of the ITSM modules
53
IT-Service-Management
ITSM Implementation in SMEs
The mandatory modules provide the basis for successful use of ITSM. The optional modules supplement them. To utilise all the added value that can be provided by using ITSM, all modules should be introduced. The selection of modules depends to a great extent on the company and its facets, the strategy and requirements.
The following graphic shows an example of a blueprint shown as a introductory path. As mentioned earlier, the defined steps reflect all basic modules. These have been arranged into a sequence according to their dependencies and are expanded by adding relevant activities.
The subsequent paragraphs explain all five steps of the introduction process in detail: 1. Preparation, vision, evaluation and planning 2. Defining the strategy 3. Implementing the basic modules 4. Implementing the advanced modules 5. Optimising the implementation
54
IT-Service-Management
ITSM Implementation in SMEs
Figure 18 - Relationship between project phases and the INNOTRAIN IT five-step implementation model
55
IT-Service-Management
ITSM Implementation in SMEs
4.1 Step I – Preparation, vision, evaluation and planning When introducing IT Service Management, the IT organisation faces the challenge of developing and offering IT services for supporting the business processes. In many cases, this change succeeds only after a delay, as the mission and philosophy of the IT organisation have to change first. Just as the entire business has to face the changes, the IT organisation also has to undergo a fundamental change from a technology provider to a service organisation. This new role evaluation helps the IT organization to define and implement its new function as a supplier of IT services, while also increasing is effectiveness.
At the beginning of an ITSM implementation, the benefits and necessity of IT Service Management should be identified and discussed with corporate managers and executives. Management has to be shown that the ITSM implementation is a change program and not just a technical solution or technical project.
To identify the significance of the ITSM plans for the company and obtain the buy-in of executives, a workshop should be held for them. This can be organised as part of the initialisation phase of an ITSM change programme.
4.1.1
Vision
Defining a vision for the project is an important step towards implementing IT Service Management successfully. The vision sets the direction for the project stakeholders and gives them orientation. It helps to place a shared goal before the various groups of stakeholders. Implementing IT Service Management requires vision, goals and resources. Moreover, the vision has to take into account people, processes, cultures and technologies for all areas involved. The vision serves the following purposes:
Giving everyone a clear idea of where the plan is headed
Motivating employees so that they act in the direction that has been agreed
Co-ordinating all activities of the participating persons
Bringing into agreement different perspectives in the company, such as between executive management, the IT department, specialised departments and the employees
The vision is the central starting point for turning an ITSM plan into reality. In doing so, an important element is exchanging and communicating with all IT stakeholders in the company, meaning all those who are participate directly in the project or are affected by it. Typically, their interest depends on the extent to which they are affected. The urgency of the plan (What happens if we do nothing?) and the vision are the basis for communicating with IT stakeholders. This information is intended to provide motivation, inspiration and support for implementation. In addition, it is
56
IT-Service-Management
ITSM Implementation in SMEs
important to live out the philosophy of IT Service Management. Objections have to be discussed, priorities agreed and decisions made jointly.
4.1.2
Preparation
Nowadays frequently referred to as the "enabler" of the company, IT is dependent on customers' processes in a wide variety of forms. For this reason, after the project is approved by top management, it is important to measure and analyse the environmental variables of IT. In many cases, a corporate strategy is defined and processes are documented. If this is not the case, these preparatory measures ought to be carried out. After going through the steps, an IT strategy, exact requirements and required services are to be derived. The two relevant measures here are: 
Defining and documenting the corporate strategy

Documenting the relevant business processes with the methods of business process management
4.1.3
Evaluation
Measurements are indispensable for good management and the implementation of ITSM. Every improvement programme with the objective of optimising IT services must have the current status as a reference value. This is also an important starting point for attaining a quality standard and meeting governance or compliance requirements.
A needs-based analysis of the existing IT processes and IT services is the basis for a successful ITSM change project. For this purpose, there are various assessment forms for measuring variables such as process maturity. In this process, it is important to keep an overall image in mind so that employees, technology, processes and structures are matched to each other. From the individual processes via the maturity level of an IT organization to the tools used, an inventory should be carried out, recommendations and risk assessments carried out and the results presented as part of a management workshop.
With the help of an IT Governance Maturity Assessment, the processes, control mechanisms and responsibilities of an IT organization can be analysed, for example based on COBIT. Today, statutory regulations such as the Sarbanes-Oxley Act, the Corporate Governance Codex or Basel II require, from a business management and technical standpoint, corresponding accountability reports for the efficiency and effectiveness of management and control of IT processes. The objective is to create transparency in IT Service Management and reduce operational risks significantly.
57
IT-Service-Management
ITSM Implementation in SMEs
The full benefits of ITSM processes in fulfilling business requirements while simultaneously maintaining the Service Level Agreement that has been reached are obtained only with coordinated interaction of people, processes, structures and technology. In doing so, ITSM tools can ensure efficient control of flows of information between the IT processes and provide the basis for an ongoing identification of optimisation potential. It is necessary to check whether the ITSM tools will meet present and future requirements and whether they provide optimum support to the IT processes.
Optimising an IT service organisation involves not only technical matters, but also soft factors. Therefore, the corporate and organisational culture is another important aspect of a successful business/IT alignment. A service culture analysis that surveys employees about the behaviours they expect directly or indirectly can be used to identify deficiencies.
4.1.4
Planning
The planning phase is used for concrete development and implementation of an ITSM solution. It is based on results of the vision and evaluation phase. Typically, a program for implementing or improving service management consists of multiple projects that are focused on certain processes, functions or regions of the overall programme. The strategic vision illustrates the desired future status to be attained. The evaluation allows the organisation to determine where it currently is and what is required for the progress. The planning phase provides the answer to the question "How do we reach our goal?".
It is important that there is unanimity about the role and properties of the IT organisation, both in IT and with executive management. With regard to a uniform understanding of the future role of IT, it is not only important to understand the ITSM processes; rather, for implementation, it is also relevant to determine the extent to which the employees have already gathered experiences with the processes. Therefore, it is necessary to clarify which process activities and the required capabilities of employees are most urgently necessary in order to fill the required role and thus to provide the results expected of the implementation.
To justify the introduction of ITSM, the costs have to be compared to the savings and revenue. The costs can be determined relatively easier, but revenues or savings are often more difficult.
Based on the gap analysis and progress review, a roadmap can be developed to close the identified gaps. The multi-layered nature of the gaps means that a single measure is usually not sufficient. Therefore, ideally, a roadmap is developed that matches the processes, technology and employees to each other optimally. For each programme module, a detailed project plan with expenses, deliverables and deadlines is required in order to thus create the basis for targetoriented control of the programme
58
IT-Service-Management
ITSM Implementation in SMEs
4.2 Step II – Defining the strategy "The slowest person who never loses sight of his goal is still faster than someone who dashes about without one." If we apply these words of wisdom from Gotthold Ephraim Lessing to IT, even smaller organisations will be on the right path as long as they pursue the right goals. Accordingly, the ITSM introduction also begins by defining the vision, strategy and goals of the IT organisation. In many cases, people already act strategically without even realising it. In the simplest case, they take a big sheet of paper, sit down with the colleagues involved, write down the strategy and the goals derived from it and hang up the strategy paper in a readily visible location. This allows everyone to align his or her everyday decisions with the strategy. It soon becomes evident that this pragmatic strategy development is not a science one needs to be afraid of, but rather a tool.
So that all aspects relevant for IT are covered, it is useful to define two parts of the strategy:
Aligning the IT strategy with the corporate strategy IT must not be an end in itself, but must provide ideal support to business processes. Therefore, the first part is deriving the IT strategy from the corporate strategy. What has to be done for the company to be successful and how can IT support the company? This is the central question, and should be discussed between the responsible persons and the most important groups of stakeholders. Many IT strategy documents are concerned with how to provide IT services efficiently and effectively. However, that is only one side of the coin. The actual glue between the specialised departments and IT lies in answering the following questions:
What are the company's goals?
What are the success factors in the individual specialised department?
How can IT help to influence these success factors and reach the goals that have been set?
Even if, in many cases, the specialised departments do not have a documented strategy and the question "What makes us successful?" provokes only general answers, the questions listed above may be helpful in steering the discussion. Providing IT services effectively and efficiently that are not even needed by the specialised departments is an error that should be avoided. According to the philosophy: It went very well—but unfortunately towards the wrong goal… IT strategy for SMEs The actual IT strategy is an extension of the derived strategy and expands it by adding technological and organisational aspects. The IT strategy can also define architectural aspects. For example, consolidating the servers by virtualisation may be one goal of a company's IT strategy. However, the IT strategy can also include that the company uses open source where possible and useful, prefers a certain programming language or uses only one hardware manufacturer. In summary, the IT strategy can address the following topics:
Principles and guidelines of the use of IT
59
IT-Service-Management
ITSM Implementation in SMEs
Financing model and organisation of IT
Application and system architectures
IT infrastructure as required basis
IT service and performance processes
Internally and externally necessary implementation resources
Risks in the implementation process
For additional information and details on the topic of strategy definition, refer to Chapters 3.1.1 and 3.1.2.
4.3 Step III – Implementing the basic modules After the future strategies are defined and the IT is aligned accordingly, the actual implementation can begin. The following process map provides an overview of the required steps within the basic implementation. For some companies, the conclusion of the process is also the end of the introduction project. If the advanced modules are not absolutely necessary, at least the optimisation in Step V should be considered.
4.3.1
Creating an ITSM plan
In close co-ordination with business, key suppliers and managers, an advance plan should be created that defines tasks, schedules and responsibilities. This provides the basis for a continuous improvement process and establishes the guideline for a mature ITSM organisation. Continuous improvement of the ITSM organisation should provide an ideal level of support to the business and meet the requirements for stability, availability and security at optimal cost. An ITSM plan should be drafted defining the concrete goals for the coming business year for individual management activities such as process reviews, customer satisfaction surveys, budget planning or Change Advisory Boards.
60
IT-Service-Management
4.3.2
ITSM Implementation in SMEs
Developing an ITSM process design
Ideally, the process design for the ITSM process implementation is drafted in workshops. In particular, this involves configuring the individual processes and developing a target concept that serves as input for customising the ITSM tools and training the involved employees. Here, considering a company's individual starting position is of special importance.
The
objective
is
to
implement
ITSM
processes in the organisation. In doing so, one should concentrate on the essentials, ideally directly and in everyday practice without generating great additional expenses.
4.3.3 Providing the relevant tools At the beginning, Step III includes providing the relevant tools. A brief requirements analysis pays off at this point, as following ITIL best practices in a strict manner, for example, would require a great number of different tools. The purpose of most of these tools is managing knowledge. In many cases, the response is: "But our Administrator already knows all that." What happens if, for whatever reason, the admin is no longer available? This is only one of the reasons why basic and thorough
Figure 19 - Process of implementing the basic modules
documentation
can
be
organisation's
survival.
of
vital
However,
importance the
to
an
principle
of
pragmatism applies here also. Therefore, as part of implementing the basic modules, only a small selection of
available tools is helpful and useful, even for very small companies.
Configuration Management Database In the ITSM community, the important-sounding term "Configuration Management Database" (CMDB) can refer to nothing more elaborate than a list of all elements of the IT landscape. The objective being pursued is a consistent collection of all so-called "Configuration Items" (CI). CIs include, for example, the servers, printers, and network components, as well as software licenses and contracts—in short, everything that deserves to be managed. The granularity and types of CIs can be defined according to one's own needs. The information to be managed also has to be defined and updated accordingly. Logical additions and links are then added to this list, such as a change log, a collection of known errors and incident and problem messages. The tool support can vary greatly: In an extreme case, a CMDB can be either a physical file folder in which all
61
IT-Service-Management
ITSM Implementation in SMEs
configuration items are maintained and updated manually or a tool costing millions of dollars that requires dedicated administrators to keep it running. Clearly, each company has to find its ideal middle ground. In doing so, the CMDB should always be structured so that it is complete for the corresponding services, without being so large as to cause problems for configuration management. One of the most important foundations for the success of ITSM in an organisation is a functioning configuration management database that can be used, administered and monitored efficiently by the employees. Therefore, it should always be co-ordinated, developed and optimised to match the present needs of IT and business.
Ticket system As the single point of contact, the service desk plays a central role in communication between service provider and customer. A ticket system supports this exchange in a wide variety of ways, including:
Entering various enquiries (incidents, problems, service requests etc.)
Documenting the individual activities in the lifecycle of a system
Distributing the enquiries among employees
Defining and supporting the escalation process of tickets (1st, 2nd, 3rd Level)
Optional communication channels (e.g. Web interface, e-mail)
To be sure, the simplest version is setting up a central e-mail address for all enquires. However, this is effective only if the IT department consists of just a very few employees. Thus the "e-mail" version lacks obvious features of a ticket system such as structured entry of the data, categorisation and prioritisation options, reservation of tickets and reporting functions. Ticket systems, frequently based on Web technologies, are available in a great number of different versions, both as a commercial and Open Source solution.
Service catalogue & service portfolio To "sell" a service, you have to publicise your services. Setting up a structured service portfolio management system answers questions about service benefits, quality and price structure as well as about the strengths, weaknesses and risks of the IT services offered. In doing so, service portfolio management system documents all planned services (in the service pipeline), all currently offered services and all withdrawn services. The service catalogue is a sub-product of the service portfolio and contains only the currently offered services. The appearance of the portfolio and the catalogue can be extremely different, including everything from a simple document that is forwarded, to databases in the intranet to small online stores in which the customer can "order" services directly. Here, too, a pragmatic approach that suits the company can be selected.
62
IT-Service-Management
4.3.4
ITSM Implementation in SMEs
Introducing a central service desk
Introducing a central service desk not only is an easily attained intermediate goal (known as a "Quick Win"), it also addresses the uncomfortable topic of user support within IT and thus creates acceptance within the IT department. Thirdly, it provides the basis for many modules that require the service desk as a central communication unit. In this regard, the service desk does not necessarily mean more work, but rather a different organisation of the work and a structured procedure. For example, if we implement a ticket system with Web interface and understandable categorisation, the customer's enquiry will be routed to the correct employee rather than also needlessly adding to the workload of employees who are not involved. In addition, the employee can concentrate on his or her regular activities and work on the service desk in a targeted manner. However, in this labour-divisional version, it has also proven helpful to define a service desk manager who takes over responsibility for the entire service desk and can delegate enquiries if necessary.
The following three steps can be introduced simultaneously. All three steps can be implemented in various ways in practice:
Iteratively and simultaneously with the regular activities
Broken up into portions
On a one-time basis
4.3.5
IT service portfolio and catalogue
Earlier, we described the "shell" of the service portfolio. Now, we'll bring this shell to life. We enter the critical information for each service:
All information that the customer needs (prices, conditions, service level agreements etc.)
All information the service provider needs (costs, priorities, risks, business case, terms and condition for support, escalation mechanisms etc.)
Guidelines, objectives and responsibilities
Then, the service catalogue can be derived by selecting the current services from the service portfolio and published for the customer. For additional information on this topic, refer to Chapter 3.1.3.
63
IT-Service-Management
4.3.6
ITSM Implementation in SMEs
Systems and outsourced services
This area means relatively minor changes, as it describes the regular activities of IT. Accordingly, this module is usually present in this form even before the ITSM introduction. However, the instructions from Chapter 3.2.1 should be observed.
4.3.7
Documenting the infrastructure
The configuration management database (CMDB) is the vital information source of IT Service Management. It also requires an initial filling with data via the configuration items. As described above, this can be carried out iteratively or eruptively (eruptive is preferred). The company can use inventory tools that scan the network and associated configuration items and obtain a thorough database automatically.
4.3.8
Continuous improvement
At an early stage, the objective is to define operational objectives and metrics on three levels: expectations of the business areas for IT, output of the IT processes and performance capacity within the process flow. The defined metrics should have a good balance between the effort they require and the amount of information they provide, be comparable internally and externally and easy to measure. The objective is long-term anchoring of continuous improvement on all levels. In addition, an IT governance report (or dashboard) with the most important metrics can provide an overview of the service quality provided, the status of the control measures and thus the respective current compliance situation. The service, process and activity goals help to identify areas where there is potential for improvement. Accordingly, the continuous improvement process is one of the basic modules of the implementation. In the first step, the improvement process does not necessarily require a complex deployment of tools or employees; rather, the way of thinking has to be internalised and all modules, processes, functions and tools checked regularly for areas where they may be room for improvement. For more information, refer to Chapter 0.
4.4 Step IV – Implementing the advanced modules Experience has shown that only very few companies implement all functions and processes suggested in the relevant frameworks. Accordingly, after the implementation of the basis in Step IV, the advanced modules (in Figure 17 green, with a dashed outline) can be implemented. According to the building block principle, IT departments can equip themselves with modules to fit their own needs. Therefore, before selecting one or more blocks, the requirements should be analysed. Once the needs have been identified, the corresponding module can be introduced.
64
IT-Service-Management
ITSM Implementation in SMEs
4.5 Step V – Optimising the implementation The modularisation practised as part of the implementation provides many advantages. However, it also requires regular verification and optimisation: Does the selection and composition of the modules still meet the requirements of IT? The continuous improvement process (CSI), introduced in Chapter 3.3.4, is responsible for improving the services and processes. However, it is also useful to optimise the actual ITSM. Potential for improvement exists, for example, with regard to the selection of the modules or the tools used.
To implement continuous improvement in a successful and lasting manner, it is important to understand the various activities that can be applied for this process. The following activities support the continuous improvement plan:
Reviewing management information and trends to ensure that the output of the ITSM processes reaches the goals that have been set.
Periodically carrying out internal audits to verify that employees are complying with processes.
Carrying out periodic customer satisfaction analyses.
Carrying out internal and external service reviews to identify areas where there is room for improvement.
65
IT-Service-Management
Managing organizational changes
5 Managing organizational changes 5.1 Challenges of change management Today's IT organisations face the challenge of becoming better aligned with business requirements. This requires a fundamental change in the corporate and IT culture. ITSM and IT innovations require IT to interact with specialised departments, participants and stakeholders in the company. In doing so, IT evolves from a purely supportive organisation to a service and innovation partner that is aligned with business requirements. This is not easy, as it requires real change on the part of IT: from a reactive provider of systems and applications to a partner for implementing business strategies and developing innovations.
Increasingly, corporate management expects from IT managers that IT will be used to improve business processes, cut costs and make work more efficient. In many cases, companies see the role of IT as providing the innovations which, in coordination with the respective processes, enable an entirely new level of efficiency for increasing productivity and, ultimately, profitability. The consequence might even be a change of the business model.
Organisations are always changing. Change is a universal principle and an unavoidable fact of life. Change management goes beyond pure project management by collecting tasks, measures and activities intended to provide a comprehensive change with far-reaching content for implementing new strategies, structures, systems, processes or behaviours in an organisation. Each change project should initiate typical change phases. As defined by Kurt Lewin, these phases are unfreezing, changing and refreezing.
1. Unfreezing: Preparations are made for the change. In this phase, plans are communicated, those affected by the change are brought into the discussion, resources for help and support are developed and discrepancy experiences are generated in order to clearly establish the need for the change measures. In general, time is allowed to prepare for the change.
2. Changing: The change is carried out. The introduction is reinforced by direct intervention of those responsible and by training, and the process is controlled. The objective is to involve employees to the greatest extent possible. This should never be done on a merely "pro forma" basis. If employees do not feel that they are being taken seriously, they will inwardly withdraw for a long time and not contribute actively to the project.
3. Refreezing: The purpose of the last phase is to change the habits of the group. The new process must settle in completely. This is ensured by continuing to monitor, even beyond
66
IT-Service-Management
Managing organizational changes
the introductory phase, whether the process works and is being upheld. The stabilising phase involves fine-tuning and verifying compatibility with the corporate culture and the support of employees.
For all three phases, this guiding principle applies: It is not IT alone that changes the company and produces innovations, but ultimately people. People have to be won over. Therefore, when implementing IT Service Management and introducing IT-based innovations in small and mediumsized companies, conscious handling of the necessary changes and the reactions of the employees is important for success. If employees are not prepared for changes correctly and in a timely manner, there is a possibility of rejection or slow implementation. Conversations about reservations and fears can provide clarity. Above all, the participants must be aware of the personal benefits of the change and their own organisation or corporate success. Within the context of the employee meetings, the managers have primary responsibility, where they fulfil a wide variety of critical tasks. Successful implementation of the changes depends above all on their ability.
Managing changes, such as with the introduction of ITSM, has to take numerous aspects into account: the technological aspect, the aspect of processes, the aspect of organisation and, above all, the aspect of the corporate culture and the personnel. The balance of these 4 factors is the key to success. To attain an actual change, the following components of change management are central:
The first and most basic is the vision or at least a concretely described objective: What do you want to reach with the introduction of ITSM? What is the reason for introducing ITSM? What benefits does this provide for the company and employee?
Based on this, a custom-tailored communication strategy that is defined in writing is required. This is independent of the actual size of the change process.
The capabilities of employees should also be assessed realistically. In many cases, fear of and resistance to change is based on the feeling of not being able to do what is required. Wherever possible, each employee should come to the realization that the project is valuable and effective. Unfortunately, this will not happen with all of them.
Many projects fail due to lack of resources: no time, no money, no support. It is essential to clarify these in advance and to make them transparent and available.
Each change project should provide incentive to the employees: either via extrinsic motivation (external incentives such as a bonus) or intrinsic motivation (inner incentives such as greater responsibility).
The change process should be structured well. If employees perceive a change as chaotic, they will have little motivation to help make it reality. 67
IT-Service-Management
Managing organizational changes
5.2 Factors of change processes The best new technology is of no benefit if it is not used. Therefore, ITSM projects must not be implemented in a solely technology-driven manner. The development of the personnel and the organisation are of central importance.
Companies are social organisations that pursue a clearly defined purpose, have structures and are demarcated clearly from their environment. Each technological change necessarily has effects on structural and personnel resources that have to be adapted in order to handle new technologies optimally.
Therefore, viewing the introduction of ITSM or an innovation in companies from a technical standpoint only is short-sighted and will, of necessity, fail in practice. After all, companies are complex social systems that reflect the "messiness" of life: they bring together people with different values and standards, individual biographies, a wide variety of interests, and different abilities and resources. Organisations are the setting for power struggles, secret trickery and games of intrigue with changing players, strategies, rules and fronts.
Companies are only human—in many cases, to a greater extent than they are aware of or comfortable with. From this organisational perspective, it is only natural that to be successful, an ITSM introduction must also have the organisation and people in focus. In this social perspective, as opposed to the purely technical understanding of organisations, communication plays a central role. In particular, employees' emotions are a central factor in change processes such as the introduction of ITSM, deciding the success or failure of the integration and use of the new medium. Basically, the personnel and organisational development has to take into account three levels that are connected to each other in practice: the organisation, the group and the individual. The following illustration shows the relationships.
68
IT-Service-Management
Managing organizational changes
Figure 20 - Organisational and personnel development
Personnel and organisational development are long-term, comprehensive change processes of organisations and the people who work in them. The processes are based on the learning process of all those involved with direct participation and hands-on experience. Objectives lie in simultaneous improvement of the performance capability of the organisation, such as the effectiveness, flexibility or ability to innovate, and the quality of working life, which is expressed in aspects such as personal expression, humanity and self-development.
Thus change processes involve much more than technical and structural matters. What is called emotion management has developed into a critical success factor in change management, as numerous studies have proven. Involving employees and their needs and sensitivities from the beginning and continuously over the entire introduction and development process is extremely important—even long after this period of time.
The introduction of ITSM and IT innovations means new tasks for the employees. At the same time, existing work processes can be changed and made more effective. A challenge that, in practice, is undertaken consciously only in rare cases is changing organizational structures and processes.
From an organisational perspective, responsibilities and areas of competence have to be clarified in addition to the tasks. New competences must be assigned to fill the new tasks, particularly in order to manage a new or expanded budget.
69
IT-Service-Management
Managing organizational changes
The organisational changes must be reflected in the formal structure and process organisation. As part of the organisational structure, job descriptions and organisational charts must be adapted. Work processes must be reconfigured during the process organisation. The sequence of the fundamental work, information and communication processes in the company must be defined.
In addition, the management tools used in the company must be adapted. When targets are agreed with employees, this must involve aspects such as the use of ITSM. Statements must be made about the use of ITSM, but also about incentives for employees. This allows the dedication of the employee to be evaluated and possibly reflected in raises.
The people who work in the company are the pillars that support the introduction and use of ITSM. Without their active participation, the project will become drawn out, putting its success in jeopardy. However, not only is an appropriate level of willingness to change and motivation required on the part of the project participants, managers and employees, but also a high level of requirementsbased personnel development to prepare the employees to handle ITSM properly.
The basis for each change process is the acceptance of a change. This is composed of two areas: Willingness to change and capacity for change (shown in the following illustration). This means that project members, managers and employees have to both want to and be able to.
Figure 21: Acceptance of ITSM
The capacity for change can be influenced by the use of well-chosen communication tools (information, communication, special activities) that give employees the ability to have the information they need about changes. Qualification tools (specialised competence, methodical competence, social competence, personal competence) are also required in order to put the employees in a position to deal with the required change.
The willingness to change can be formed using motivational tools (intrinsic and extrinsic motivation, win-win situations) that will ideally express a high level of esteem towards the employees and convey the message: "We need you!" Organisational tools (project organisation, promoters,
70
IT-Service-Management
Managing organizational changes
participation, accompaniment) must also be tailored to fit the change process exactly, so that optimum involvement can be obtained from employees, ensuring their buy-in and ultimately resulting in the pride of "owning" the change.
The project team, managers and employees need a wide variety of competences according to their specific task in order to carry out the change project smoothly and successfully and establish it for the long term. The following illustration lists typical fields of action competences of project participants.
Figure 22 - Action competence of project participants
Specialised competence: Specialised competence means that the project participants have mastered their area of responsibility and possess the necessary technical skills and abilities. Their individual background and experience should also be able to be used for new tasks. If they lack the relevant skill and knowledge, they should be able to obtain it in qualification measures.
Social competence: Social competence is the ability to work with other persons constructively and to tackle tasks and master them together. The prerequisite for this is the willingness to get to know other people with their unique quirks, specific background, standards and values and to accept them the way they are. Another critical aspect is the ability to put oneself in other people's shoes and adapt to them.
Methodical competence: Methodical competence includes the willingness and ability to apply various methodological approaches in a way that is appropriate to the situation and persons involved in order to reach a goal effectively. Examples of typical methods include conflict resolution, conversation and negotiation, brainstorming, presentation, moderation and problem solving.
71
IT-Service-Management
Managing organizational changes
Personal competence: Personal competence is the ability to know oneself and to develop as a person. People with a high degree of personal competence have an inner independence and draw power and motivation from the stimulus of the tasks. They place value on developing their personality and give and solicit feedback. They have a high degree of emotional competence and are aware and in control of their actions, thoughts and feelings.
Successful project management requires that the entire project team have the necessary competences. In particular, the project manager, as the key figure in the change project, should have the following skills and experience:
Specialised competence
Possessing adequate knowledge and experience in project management and expertise in group dynamics
Being used to working in a systematic manner
Being able to structure workflows and procedures in a logical manner
Consistently reviewing the status of the ITSM or innovation project and initiating measures where applicable
Passing on information quickly and in an understandable manner
Giving project team members regular and constructive feedback
Social competence
Putting into practice in the project what he or she expects of the project team
Setting up rules and agreements for the collaboration and following them himself or herself
Ensuring a constructive and open atmosphere for conversations
Recognising conflicts at an early stage and applying conflict resolution techniques
Dealing with other opinions and criticism in a constructive manner
Ensuring shared attainment of team results
Building confidence and trust
Being able to motivate the team, particularly when there are difficulties within it
Methodical competence
Techniques of moderation, presentation and rhetoric
72
IT-Service-Management
Methods of project and time management
Conflict resolution techniques
Problem-solving and creativity techniques
Discussion and negotiation techniques
Conference and meeting techniques
Managing organizational changes
Personal competence
Knowing his or her project management style and reflecting on it where necessary
Being enthusiastic about the ITSM project and innovation and having the ability to awaken the enthusiasm of others for it
Showing dedication and taking responsibility
Having the flexibility to change course when the old ways no longer work
Being able to listen
To fulfil the task, the project team, work groups and possible promoters need to have the corresponding specialised competence, social competence, methodical competence and personal competence. The project manager has to check whether a sufficient level of these competences is present and, where applicable, draw up a training plan to meet the needs. In many cases, investments in teaching competences are not made because there is an assumption that those involved will simply "pull together" on their own.
However, teamwork is no easy task. It does not come out of a vacuum. Teams evolve and pass through different phases. Precisely at the beginning of a project, therefore, a team-building measure can be a great help. Groups always evolve in phases, and all teams go through these. Sometimes the phases overlap, and sometimes there are loopbacks—especially when an attempt is made to artificially bypass or accelerate phases. An experienced project manager should be familiar with the various phases and provide constructive support to his or her team in the process. We can distinguish between the following phases:
Test phase (Forming): The group gets together, undertakes its task and envisions the objective.
"Hand-to-hand combat" phase (Storming): Different interests and ways of thinking and acting lead to confrontation and conflict.
73
IT-Service-Management
Managing organizational changes
Organisation phase (Norming): People work constructively on the basis of good collaboration. Consensus is found. The rules and guidelines pursue the goal of the task.
Performing: The prerequisites for the content of the work phase are created. All of the energy is put into in collaboration (synergy) and problem-solving and solution-oriented behaviour are in focus.
The various phases can be illustrated in what is called a "team development clock" (shown in the illustration below).
Figure 23 - The team development clock
In addition to a management and project team, the company's managers are also important promoters and stakeholders in the introduction of ITSM and innovation. Their willingness to support the project is often more important than assumed. They are the examples for their employee. The employees observe and register exactly the behaviour of the managers, which is reflected, for example, in the following actions:
Do the managers behave more sceptically, or are they excited by the ITSM project and IT innovations?
How do they talk about the ITSM project? Are they "passionate apologists" or simply "sceptical implementers" of top management, with their slogan something like: "What will those guys on the top floor think of next?"
What priority does management give the ITSM project?
74
IT-Service-Management
Managing organizational changes
What time resources do managers give the employees for the project?
To what extent do the managers play a role in helping to create business processes and IT services?
Do the managers prepare and advocate for it actively, or do they do only the bare minimum?
Change projects need the support and enthusiasm of middle management. They are the pillars that support the change process and provide orientation for the employees. Therefore, there is an urgent need to make the ITSM project a top priority at the highest levels and obtain a commitment from each individual manager. Manager training courses should explicitly:
Establish the necessity of active promotion
Agree on a uniform procedure for providing information and communication about the project
Promoting the active participation of the managers
Clearly communicating the importance of adjusting the IT and business strategy in order to ensure the company's competitiveness
Develop aids to argumentation for using IT innovations
Explain to managers the course and development of change phases and convey to them how they can provide help in these phases
Time should be allowed for discussion opportunities
All managers should be clearly aware that emotions play a great role in changes such as the introduction of ITSM or IT innovations in companies. Technical training programs on their own are not enough. Employees need help and support and in change processes. Managers must have the competence and willingness to offer this professional support to their employees.
5.3 Dealing with emotions constructively 5.3.1
Individual behaviour patterns and emotional intelligence
Many change agents speak positively of changes while criticising unwillingness to change among their fellows, colleagues or employees. This is particularly true of the introduction of ITSM. Sometimes, however, change agents are not familiar with their own ability to change and willingness to change. It should be a matter of course for each change agent to reflect on his or her own behaviour and solicit feedback regularly. Each personality is distinguished by different characteristics; the individual behaviour patterns when dealing with changes are correspondingly varied.
Successful implementation of changes depends on the ability of the change agents and, above all, on their emotional intelligence. The term "emotional intelligence" was coined by John Mayer of the
75
IT-Service-Management
Managing organizational changes
University of New Hampshire and Peter Salovey of Yale University to describe the ability to perceive, understand and influence one's own emotions and those of others. In many cases, changes are very emotional processes and emotional intelligence is thus an important success factor. Mayer, Salovey and Caruso have developed a test to measure emotional intelligence that follows the pattern of conventional achievement tests and can be greatly helpful for change managers in change projects. The MSCEIT (Mayer-Salovey-Caruso Emotional Intelligence Test) measures emotional intelligence in four areas. These are perceiving, using, understanding and managing emotions.
The first area, perceiving emotions, includes the ability to perceive emotions in other people's facial expressions, gestures, body language and voice. The second area, using emotions as a resource for support, includes knowledge about the relationships between emotions and thoughts (one's own and those of others) that is used for problem-solving, for example. Understanding emotions reflects the ability to analyse emotions, assess the changeability of one's own emotions and those of others and understand the consequences of these emotions. Influencing emotions takes place on the basis of objectives, self-image and social awareness of the individual and includes, for example, the ability to avoid feelings or correct evaluations based on feelings.
5.3.2
Emotional stages in change projects: the change curve
Feelings determine our thoughts and actions. Depending on the basic mood we are currently in (interest, fear, anger, sadness, joy), we think in a logic that is specific to this mood. As brain research has now proven beyond a doubt, there is no such thing as purely objective thinking— even if time and again, people like to assume that there is.
The emotional curve of a typical organisational change process illustrates the change curve (see following illustration).
Figure 24 - Change curve
76
IT-Service-Management
Managing organizational changes
The change curve is a phase model that describes seven segments of time. Each change goes through typical segments with characteristic behavioural and emotional patterns. These phases are similar for all people and all changes. Some people remain in one or the other phase for a long time. Sometimes they also go in circles, passing through phases several times. By taking these phases into account, helpful support can be provided to change processes and, above all, the employees affected by organisational change. We can distinguish between the following phases:
Phase 1: Foreboding – concern The initial signs of the change start to appear. People notice that something is afoot and that things are happening around them. Employees in the company have heard that "something new" is to be introduced. Some may be familiar with the terms ITSM or ITIL and have heard negative things about them. Others have the feeling that they cannot keep up with all of the IT regulations and business processes; now there is even more that they have to apply. Still others may even be enthused about the discussions in the specialised departments and the new technical platform. The employees know that how they use IT will change, but they do not yet know what that means on an individual level. The possible risks that can be incurred by a change are perceived. Employees see a threat to the existing status quo. There are rumours, disquiet and turbulence. People experience a "loss of control" because they have the impression that they cannot influence what is happening. Worry is a typical and adequate reaction in this phase.
Actions we recommend:
Communicate openly, clearly and directly, for example in person by managers or by means of articles in the employee magazine.
Provide information about vision and objectives of the ITSM introduction.
Tell the truth about the situation: What decisions are already set in stone?
Make the structure of the project process public to the greatest extent possible.
Tell the employees how their cooperation is being requested and what opportunities are being provided to this end.
Put a damper on office gossip with your own active communication measures.
Phase 2: Shock - uncertainty When the need for the change is made public, all fears and premonitions become real at once. In this fear phase, the affected employees tend to feel confused and take more of a "wait-and-see" approach. They can neither adopt enthusiastic visions of the future nor take part actively in the
77
IT-Service-Management
Managing organizational changes
change at this point. This is the phase in which many project participants experience frustration because employees do not immediately share the enthusiasm for ITSM and IT innovations. They behave more passively, thinking: "This too shall pass." However, this is precisely the point at which it is important to push forward with illustrating the benefits ITSM means for employees.
Actions we recommend:
Introduce questions to the communication to bring about a change in perspective: "What would happen if nothing changes and if we do not introduce ITSM?"
Work not on solving the problem, but on employees' resistance to change. This means calling as many resources as possible into action and showing the employees what support options they will have during the ITSM introduction.
Two-way communication: Repeatedly explain to the employees what the change is about and what goals are being pursued.
"Telling": The important thing is not only that the employees understand the planned change intellectually, but also that they feel valued and do not believe themselves to be an interfering factor.
Push phase: The introduction of ITSM should be advanced in a well-organised manner.
Phase 3: Defence – anger The initial fear phase is followed by resistance to the change. The affected persons attempt to deny the necessary extent of the change. "Who needs ITSM, anyway? Everything was fine up until now", is a typical statement in this phase. This can result in a brief sprint of heightened activity and performance. People try to do "more of the same." For example, typists who had to change their style of work with the advent of the PC increased their number of keystrokes on the typewriter by a massive amount during this phase, attempting to prove that the computer was not necessary. In the resistance phase, employees frequently get angry about upper management, which in their opinion decides the fate of the "little people.". They say that "the bosses can't do that to us." Many doubt the real benefit of ITSM and also express anger about it. In this phase, employees frequently curse everyone and everything.
Actions we recommend:
Anger needs time and space to be vented: the project members, steering team and managers have to deal with the emotional objections again and again—even when they themselves can't stand to hear it any more.
Offer personal communication: Do not take attacks (too) personally.
78
IT-Service-Management
Managing organizational changes
Remove distortions of the truth with constant follow-up questions and support a change of perspective.
Make pending changes more tangible by explaining in detail the concrete changes and possibilities that result for the employee from ITSM and IT innovations.
Phase 4: Rational acceptance – frustration After unsuccessful resistance, the employees finally realise that something in the company has to change in order for it to remain successful. They try—usually still half-heartedly—to agree to smallscale changes. However, these often do not provide the expected success. Employees understand rationally that the company's IT benefits from a service management concept and that an introduction is necessary. However, they hope that the introduction will be over quickly and that they themselves will be affected by it only little or not at all. The employees feel like they have to resign themselves to an unavoidable situation and are frustrated. Statements like "We don't have a chance anyway if the people at the top want to do it" are in peoples' heads and make the rounds. The affected employees think of avoidance strategies in order to be affected by the ITSM introduction as little as possible.
Actions we recommend:
Relate the changes clearly and break them down to individual persons.
Stop talking about "one" or "the organisation" or "in general".
"Selling": Present the benefits for the organisation and the individual employee.
Phase 5: Emotional acceptance – grief When the employees finally realise that there is no way back, they cross the emotional low point. What was still in the "head" in the fourth phase now sinks one level lower into the "heart". The affected persons feel depressed and beaten down. They notice that the established repertoire of actions is exhausted and it is necessary to say goodbye to old behaviours. The thoughts focus on what is lost: the lost sense of security and familiarity. Those affected by the ITSM introduction feel powerless and discouraged. This "valley of tears" is one of the most difficult stages of every change. The activity is at its lowest point and the employees feel like they will not be able to deliver what is required of them for the change. In many cases, they feel overwhelmed and do not see the value of the ITSM introduction. It is the critical threshold for reorientation. In this phase, it is precisely older employees who are in danger of giving up and not moving to the next phase. Even if the initiators or project participants think ITSM is a small step and cannot understand what all the brouhaha is about, they have to deal with employees' emotions and take them seriously. The
79
IT-Service-Management
Managing organizational changes
employees will need to manage business processes optimally and support them with IT services. Their acceptance is critical for the success of the ITSM project.
Actions we recommend:
Slow down the pace of change somewhat and do not fall into the trap of doing things merely for the sake of doing things. Sadness and negative emotions on the part of those affected need space and need to be heard.
Feelings have to be verbalised.
Give the past its due (what was good about the old way?) and consciously depart from it by initiating farewell and separation rituals.
Phase 6: Opening – confidence Once the sadness phase is finished, the path is clear for a fundamental reorientation. Employees become more curious about expanding the horizons of their experience. They start showing interest in the new and unknown. New action strategies are tried out and help and information is solicited to master the new challenges. Statements are heard such as "Surely I can do this." or "That can't be so difficult. After all, I have mastered completely different things before.". Confidence grows, but setbacks are still encountered and mistakes are made in this phase. The employees show an increasing interest in IT services. They seek out information about all the things they can do with it and how they can take advantage of it. They discuss the benefits and show each other what's new.
Actions we recommend:
Create a fault-tolerant culture and promote experimenting.
Offer information sources and fields of experimentation, for example in events, seminars and training sessions.
Offer concrete opportunities to make contributions, for example as part of a continuous improvement process or discussion in creative groups.
Provide opportunities for mutual dialogue and learning.
Phase 7: Integration – self-confidence The continuous learning successes in handling ITSM expand the employee's entire patterns of perception, thought and action. One success after the other is made with ITSM. The affected persons start getting along better all the time in the "new world," with which they are almost as
80
IT-Service-Management
Managing organizational changes
familiar as the old one. The new tasks are experienced as challenges. The employees use ITSM and IT innovations in the company. They value the benefits and wonder how they ever got along without it. The ITSM philosophy is integrated into everyday work and is lived out. Employees show interest in actively cooperating and provide information and knowledge ever more frequently.
Actions we recommend: 
Go through feedback loops: What was good during the ITSM introduction? What can be carried over to future change processes? What can be done better in the next process? How did the affected persons feel about the change? What rules supported the change? Which additional competences were gained, and which are still required?

Festive completion of the active change phase: Shared celebration and recognition of all those who participated and were affected.
5.3.3
Dealing with resistance and conflicts constructively
Not everyone likes to change. Giving up accustomed ways of behaving and learning new ones causes many employees to react at first with resistance and individual conflicts. However, resistance is an everyday by-product of the work process. There is no change, no development and no learning without resistance. Change and resistance are two sides of the same coin. Despite this, many project teams and initiators of change processes consider resistance and conflicts as burdensome, intolerable, annoying and unacceptable. They wonder why the employees do not understand the necessity of introducing ITSM. However, understanding is only one element of change processes. The critical factor for success is handling the emotions of those affected, particularly their fears and reservations. These emotions cannot be neutralised with rational explanations.
The most important factor in change processes such as introducing ITSM is dealing with conflicts and resistance constructively. Ignoring or simply bypassing these can put the success of the entire project at risk. Projects pushed through forcefully can cause serious delays and exploding costs and result in employees putting up serious roadblocks. In addition, the employees remember exactly how they were treated during the change process. The negative experiences will continue to circulate in the company as "horror stories" for a long time. In a worst-case scenario, the employees will approach the next change process with a high degree of mistrust and not give any credence to the project participants.
How does resistance come about? Resistance is a behaviour that seeks to maintain the status quo of a situation in the presence of pressure to change it. Whether the change is necessary and logical is not important. Due to
81
IT-Service-Management
Managing organizational changes
subjective perceptions, people react emotionally with reservations that cannot be explained immediately, diffuse rejection or passive resistance. Four major reasons lead to resistance in change projects such as the introduction of ITSM:
Information deficit: The affected employees have not understood why ITSM is to be introduced. They have not understood the triggering factors, the background, the objectives and the personal benefits.
Qualification deficit: Employees do not feel up to the task of the new technology. They doubt that they will make it through the switch. They may also be afraid of exposing a vulnerability in dealing with ITSM. They cannot go along with the change. However, these reservations are seldom voiced directly.
Organisation deficit: The ITSM project is not planned well. The employees cannot follow the course of the project or find it too hectic or chaotic. It is given inadequate support by those in charge and the employees feel that they are receiving too little support. The project may, in some cases, not be promoted clearly enough by top management or other managers.
Motivation deficit: The affected persons understand the need for introducing ITSM in the company and even believe the information being passed along by those responsible for the project. However, they do not want to go along with the change, as they do not expect any positive individual effects. Instead, they expect to be put at a personal disadvantage, for example with extra work. A major factor for the lack of motivation is that the affected persons do not have a stake in the change. The employees feel bypassed, though it is precisely they who are to use IT and are not motivated to deal with the new technical solutions.
How is resistance expressed? Resistance to a ITSM project is not always obvious right away. In many cases, employees shy away from direct confrontation and try to maintain their individual situation by not using the new medium. In practice, the challenge is to identify and uncover areas of resistance. Resistance is characterised by three behaviours that are oriented on the classic biological patterns: attack ("fight"), escape ("flight") or playing dead. The following are a few specific examples of boycott strategies and resistance.
Attack Some employees follow the maxim "The best defence is a good offence". Confrontational statements are often made in an attempt to avoid changes and discredit the project plans, such as "That may all be true in theory, but it doesn't work that way in reality or in our company." In many cases, the reaction is highly emotional and polemical: "We have to justify the cost of every little pencil, but there's enough money to introduce this expensive gewgaw that no one needs."
82
IT-Service-Management
Managing organizational changes
Sometimes, threats are voiced openly: "If we introduce ITSM, I'll simply stop passing on information." In many cases, people resort to rhetorical attacks to avoid arguments: "Can you tell me exactly how much ITSM saves us in dollars and cents?" or "ITSM is already old hat. If we make an investment, it should be in something really state-of-the-art." It is especially important to consider resistance that leads to intrigues and the formation of cliques in the company. These can easily bring about a high degree of disquiet, conflict and rumours and divide the employees.
Flight For some employees, initially withdrawing and fleeing is the best option for dealing with changes for some employees. It is a good way to find out whether the change will be lasting or the efforts are unnecessary. They want to go to any length to avoid pre-emptive obedience and do only what is absolutely necessary in the change process in order not to attract attention. "I'm just doing my job here" is a frequently heard statement of those who want to accomplish the maximum with the least possible effort. They support the introduction of ITSM, but only on "low flame". "I'm not paid to think, I'm paid to work" is another argument from employees who perceive work as an unpleasant burden and associate only negative things with it. This statement is not compatible with the age of the knowledge society, but is more widespread in the company than one might think.
Playing dead As much as people differ, so too do they react differently to change. Some people withdraw, shut themselves off, say nothing more and wait. They go into a kind of inner emigration, get sick or are absent from important informational events or training sessions. Another form of the "playing dead" reflex is sitting out. It is a highly effective method that presents great difficulties to even experienced project managers and project agents. People who "sit out" change agree with and say yes to everything, but do nothing, or do it only after being asked several times.
Which types of resistance exist? Employees display different types of behaviour when resisting. Come common types of resistance include:
Those who pay lip service: They find innovations "right, important, good, long overdue etc." They are the typical yes men and women who, in reality, do nothing and do not participate. They practice a mild form of resistance.
Harmonisers: They gloss over problems and have an attitude of: "Everything is going great" or "we got along fine until now." They are the typical maintainers of the status quo.
Indifferent: They are difficult to win over for changes. Characteristic statements include: "I have been through so much here" or "This too shall pass."
83
IT-Service-Management
Managing organizational changes
Principled opponents: They fight. They are concerned with the principle of the matter itself, not with privileges. They often have very good arguments. Their resistance is very helpful for implementing ITSM in the company optimally. These resistors often think of dangers one might have overlooked.
Emigrants: They no longer cooperate. They have inwardly resigned from the company. They say nothing at all any more, but at most shake their head in thought. In those situations, it may be useful to determine the reason for the resignation. It may be possible to restore the trust.
Schemers: They use each informal opportunity to convince others of that ITSM does not make any sense and are also referred to as coffee break celebrities. Theirs is often the most dangerous version of resistance, because it is not noticed or registered. However, it has a high degree of influence on other employees, as many fears and reservations are brought to light, and in some cases false rumours are started maliciously. These resistors have to be identified and given a serious talking-to about their behaviour.
Dealing with resistance constructively Resistance is not a secret phenomenon that appears out of nowhere for some hidden reason. No substantial change ever occurs without resistance. It is not the occurrence of resistance, but the lack of resistance in the company that should be cause of concerned. However, resistance to change is entirely rational, as maintaining the current situation can have individual advantages for certain employees. However, the reasons for the change are usually emotional. Therefore, resistance always includes a hidden emotional message. Therefore, sufficient effort should be put into watching for resistance to the ITSM introduction and taking into account. It is precisely the failure to give heed to resistance that cause the affected employees to stonewall and possibly also cause boomerang effects.
Some possible responses to and ways of dealing with resistance include:
Build in time to think, engage in dialogue, and discuss.
Respond to the resistance and do not attack it.
Remove the pressure: Give enough space and time for articulating concerns.
Search out the reasons and reach agreements.
It is possible to deal constructively with resistance if we know the background from which it comes and respond to any bad feelings and development errors that may occur at an early stage. Earlier, we already discussed the most common reasons for resistance. They are the starting point for managing looming conflicts. The following is a list of a few tried-and-tested strategies.
84
IT-Service-Management
Managing organizational changes
Passing on information and engaging in trusting communication
Communicate the reasons for the change clearly: People change and let go of their resistance if they understand that the change makes sense from their perspective. It is necessary to communicate clearly to the employees what benefits ITSM means for them personally.
Pass on information in a timely manner: In many cases, project managers or other management wait until the information is final and complete before passing it on. However well-intentioned this approach often is, it frequently results in rumours and resistance in the company and causes the right time to provide the information to be missed. When it is finally spread, the information follows on the heels of rumours and informal communication. The chance to take over leadership in forming people's opinions is squandered. In practice, therefore, it may make more sense to distribute information even if it is not complete, while at the same time providing information faster and more often. However, it is important to emphasise in such cases that the information is not yet complete and/or finalised in the company. Employees usually prefer the continuous flow of information, even if it is incomplete. This makes them feel valued, involved and well informed.
Communicate regularly and over the long term: An important aspect in dealing with resistance is continuous communication with employees. The top and middle management levels and the project team must never tire of talking about the planned changes involved in ITSM, no matter how many times they have to do so. Changes always mean a great need for information that has to be met.
Speak the right language with the right media. Employees who are affected by change processes will usually not be persuaded with glossy brochures or marketing presentations. They see through the attempt to avoid involving them in a serious manner and simply to persuade them of the need for ITSM. Therefore, selecting the right communication media is critical for communication and avoiding resistance. However, this must be supplemented by the correct address and a suitable communication style. Merely conveying information according to the slogan "Just the facts, Ma'am" is not enough to overcome resistance in the company. Approximately 80% of every interpersonal relationship is played out on the relationship level, with emotions as the central element. This 80% must be used to win over employees for ITSM in the company. Communication measures in the language of the affected employees that consciously take into account emotions can reach the employees and cause them to rethink their opinion.
Qualification programs
Take away employees' fear of failing: In many cases, situations such as the introduction of ITSM cause employees to be afraid that they will not understand the philosophy, the complex body of rules and regulations or the application of new IT solutions. They often have no feeling for what specifically is in store for them, what they will have to learn and what they will 85
IT-Service-Management
Managing organizational changes
need to do differently in future. Therefore, employees find it to be a great relief when they find out that it is "not so hard after all." For this reason, qualification programs also have to address employees' fears. This can be done, for example by inviting a company that is already using ITSM successfully to come and talk about their experiences. In some cases, another way to reduce fears and resistance is to offer a test phase without obligation and then to introduce ITSM in a binding manner later, after the employees give their consent.
Make organisation structures transparent
Give the process structure: A possible organisation deficit can be prevented in the earliest stages of project management with careful planning. If employees find an ITSM project to be chaotic, they will very quickly try to escape and work as "brakes." Despite the ever-increasing quality of project management tools, the quality of project planning and execution has not increased substantially. The human factor and time factor are often neglected too much, and thus develop their own dynamic that becomes almost uncontrollable, overwhelming project members. A way to avoid this trap is to create a realistic schedule at an early stage and monitor the project continuously.
Increase motivation
Turn the affected persons into active participants: Only motivated employees can implement change projects such as ITSM introduction in a fast and lasting manner. A principle which, in many cases, cannot be mentioned too often is "turning those affected into active participants". The employees have to build and develop "their" performance process. They should be involved in planning from the beginning and be allowed to play a part in creating it.
Find out hidden fears: In many cases, employee's fears are not readily apparent, and thus have to be brought to light in conversations. Leading questions to get to the bottom of hidden fears might include:
Are the employees worried about job security or are they afraid of a necessary change?
Are the employees concerned about whether they are ready for a new challenge?
Do the employees fear that their independence or existing freedom of action will be curtailed?
Do the employees have concerns with regard to their individual career development prospects?
Do the employees fear losing income or suffering other financial disadvantages?
86
IT-Service-Management
Managing organizational changes
5.4 Communication in change processes 5.4.1
Tools of change communication
When introducing ITSM, intensive communication with the employees should take place. They should notice that their opinion is wanted and taken into account, both in mediated communication using the intranet or other media such as discussion forums as well as in direct face-to-face communication with supervisors, colleagues or promoters. Companies can use different communication arenas when introducing ITSM:
Individual communication: The introduction of ITSM can be explained in personal conversations between supervisors and managers, particularly if tasks change due to ITSM or new tasks are added, such as updating service catalogues. Beyond purely conveying information, this can build trust and credibility for the ITSM philosophy. The effort made by the supervisor to provide information and communicate and his or her willingness to be available for conversations and questions has a lasting effect on the success of all employee communication measures.
Communication in teams/work groups: Team meetings and workplace discussions can be used as forum for discussing the introduction of ITSM. The manager of the ITSM project or others in charge of the project or IT organisation can be specifically invited to meetings to talk directly to employees and work teams about ITSM. Another option could be special events devoted to the subject of ITSM.
Communicating in large groups: Large groups allow many employees to be addressed at the same time. Usually, management will report on the ITSM project and give employees the opportunity to provide feedback. In particular, large-group communication can integrate different interest in the company and present the project's vision as well as its values and standards. They do not focus on concrete tasks of employees with regard to ITSM.
The introduction of ITSM must be communicated widely in the company. To do so, a wide variety of communication media are available, which should be selected carefully so as to take full advantage of their particular features when conveying messages. Precisely in change processes, the media mix should focus on two-way communication. One-sided pieces of information have to be directed towards employees in order to update them about the project. However, it is only conversations between the employees and their managers, the project team or management that can create lasting acceptance and effect change. Managers, in particular, should be prepared for this in a targeted manner and make themselves available to meet the need for discussion. The following illustration shows an example of the range of available, established and special communication media in the company.
87
IT-Service-Management
Managing organizational changes
Figure 25 - Communication media in the company
5.4.2
Communicating the change process
All affected employees should be provided with information about the ITSM project. The important thing is to then create a uniform status of information in the company and acceptance for ITSM. Not all employees can be heard and incorporated directly when developing the ITSM project. Therefore, the objective of employee information is to not only spread necessary knowledge about ITSM, but also to foster good long-term relationships in the company with an information policy that is based on trust. The challenge of internal information consists in demonstrating the concrete benefits of ITSM for the employees and speaking the right language for the target group.
In many cases, the opportunity is missed to make it clear to employees that ITSM is a new philosophy in dealing with IT. Of central importance in this phase is to win over the hearts of employees and spread a shared spirit, rather than handing out glossy brochures with technical details. Only then will they participate actively in the dialogue and use ITSM to manage their tasks. In the information phase, the media mix used has to be defined exactly. However, it is also necessary to clarify the following points: 
Information objectives: What concrete information objectives for the introduction of ITSM are to be reached? For example, are there emotional objectives in addition to the objective ones? What changes do the employees want for themselves, such as a higher level of knowledge or a positive attitude towards ITSM?
88
IT-Service-Management
Managing organizational changes
Target groups: What target groups within the company are the information measures intended to reach in the first place? What topical interest do the target groups have with regard to ITSM? Are there company stakeholders that have to be informed?
Statements and core messages: What benefits does ITSM offer the target groups? What central statements about the ITSM introduction can be derived from that? Which core messages should be spread in the first place, and which messages are to be avoided? What is the tone of the statements? Is the tenor of the address factual or emotional? Which perspective is chosen: is it that of the ITSM users or that of upper management or IT managers?
Media mix: Which internal media are to be used to provide information to the employees?
Monitoring success: What is the best way to measure and monitor the success and effectiveness of the information measures?
The employees can be addressed using informational brochures and flyers that tell them everything they need to know in a clearly arranged and attractive manner. The address should ensure that the employees feel that their emotions are being taken into account. Technical details and sprawling descriptions are to be avoided. More important is to name and thank the employees involved in development and design. In particular, the informal change agents – the promoters – play a central role here in creating acceptance and motivation. Printed and e-mail newsletters can also be a vehicle for reaching a large number of employees in a short time. Here, too, the focus should be on a marketing-type approach, presenting the benefits the individual employee has from using ITSM. Only if the employees see a clear benefit will they use ITSM. Conscious use should also be made of providing information in purpose in face-to-face situations to reach employees on the personal relationship level.
The following are requirements for successful employee information concept.
Credibility and trust: The target groups addressed have to trust the communication department and have respect for their expertise in the subject. Credibility determines whether the employees will listen to a message at all.
Context: Successful employee information has to fit into the context of all measures. It should reinforce the message, not contradict it.
Content: The message about ITSM has to include benefit and meaning for the target group. It must be compatible with the value system of the employees and the company.
Clarity: The messages have to be simple and clearly formulated. The chosen words should mean the same thing to the recipient that they do to the sender. Specifically, complex technical details have to broken down into simple statements. The more widely a message will be spread, the clearer and more understandable it has to be. All project participants and
89
IT-Service-Management
Managing organizational changes
upper management have to speak with a single voice, as otherwise employees will become confused and the measures will be ineffective.
Continuity: To attain a desired result among the employees, multiple points of information contact are required. Accordingly, messages should be repeated, but it is important to ensure that the statements remain the same.
Information channels: Existing channels should be used to spread the message first, such as the employee magazine, newsletter or bulletin board, as employees are already familiar with them. In addition, an intranet can be used as a powerful information medium in the company.
In practice, the following tips for communication have proven useful:
Less is more: Messages, subjects and amount of text should be kept to a minimum and target groups have to be selected carefully.
The core messages have to be defined, focal points determined and an intensive effort should be made to distribute this information throughout the company.
Specific, targeted address or groups of persons and internal stakeholders: Internal interest groups, formal and informal opinion leaders and key communicators have to be identified.
Cross-media information: Multiple media have to be used in order to spread messages effectively. In-person measures must be used in a targeted manner to maintain relationships.
A positive image of ITSM must be conveyed. Avoid giving the impression that ITSM is "difficult," "complicated" or "removed from reality." Rather, ITSM should be portrayed, for example, as "future-oriented," "lively" and "exciting."
90
IT-Service-Management
Innovation management
6 Innovation management The INNOTRAIN IT innovation method not only allows medium-sized enterprises to optimise business processes, it also creates the basis for new products and services by freeing up company resources. But how can new business ideas be developed pragmatically and in a targeted way for SMEs? We already introduced the topic of "IT-based innovation management" in Chapter 3. The following chapters build on this, showing how freed-up resources can be used and provide the framework for what is known as the blue ocean strategy, which systematically sketches out the most important steps of innovation management. As a practical example, let's now leave Charly's world and devote our attention to Apple‗s iPhone as a real-world instance of one of the best-known innovations of recent years.
6.1 Blue Ocean Strategy: idea and concept As mentioned briefly in Chapter 3, the term "innovation" - in contrast to "invention" - means that a company is capable of implementing its ideas in such a way that they are marketable (e.g. as a product, service etc.). The success of innovators is based partly on solid partnerships in the area of technical development, skilful selection of innovative ideas while taking into account the potential market size and financial opportunities, powerful and routine procedures for time and budget planning and one-of-a-kind products that stand apart from what the competitors offer.
The INSEAD Business School in Fontainebleau, France came to this realisation when investigating 150 successful companies of the last century. Based on that, INSEAD developed a method of innovation in which many existing innovation methods were integrated in a novel way. The objective of this approach consists in distinguishing oneself from the competition with the products and services offered and thereby finding mass markets that still have not been developed. These as yet untouched mass markets were called "Blue Oceans," and the associated innovation strategy was
labelled
accordingly
as
the
"Blue
Ocean
Strategy"
(BOS,
see
also
http://www.blueoceanstrategy.com). A large advantage of this approach consists in the use of a consistent method from the time the technical product development begins until the new ideas are implemented in the organisation structures of companies. The BOS innovation process consists of three main steps:
91
IT-Service-Management
Innovation management
Figure 26 – BOS innovation process
1. A value curve analysis based on customer opinion of a current, average product concept in a certain sector compared to a product concept planned for the future 2. A creative method, which is helpful when researching new markets and adapting product concepts and is called the "Six Paths Framework" 3. A control method, in which the following is checked:
Customer benefit
Pricing structure
Costs
Implementation effort
In SMEs, upper management usually controls the development of new product/market combinations. However, IT managers should also be familiar with the bases of innovation management, since they can make valuable contributions in the innovation process owing to their knowledge and experience. The following chapters provide a basic introduction to the BOS method.
6.2 Blue Ocean Strategy: Value curve method The basic idea of the value curve method within the BOS consists in making the limitations and opportunities of the existing and future product concepts transparent. In the following, application of this method is described using the example of the Apple iPhone.
92
IT-Service-Management
Innovation management
Figure 27 – Product offer vs. expectations of smart phone users
When Apple entered the market for mobile phones in 2007, the value curve of the sector looked as it does in Figure 27 – . On the one hand, there were inexpensive telephones which were frequently sold via discount supermarket chains like Aldi or Lidl. They had only telephone functions and a simple user interface and were offered at a favourable price to less affluent consumers almost without any marketing expenses. On the other hand, at that time there were already premium-class smart phones such as the Nokia Communicator and RIM Blackberry. These slowly began to replace the still existing PDAs (Personal Digital Assistants), which were used in addition to conventional mobile phones in order to be able to achieve a minimum of office work while on the road. Thus there was a separation between the private and business use of the mobile phone. At the same time this meant that it was not particularly attractive for personal telephone users to decide on a phone for the business area, and vice versa. For this reason, in addition to using their phones for business, most business users used MP3 players (usually an iPod) or digital cameras for personal purposes on their business trips.
From the BOS perspective, Apple's development department considered which functions they could eliminate, reduce, raise or create (ERRC method): to achieve innovation with the overall product concept and market (refer to Figure 28). Apple increased the value of a central function: the user interface of smart phones, which was a weak point at that time. In 2007, most phones used for business had a mechanical keyboard, which was usually too small for normal-sized fingers. In those cases where the keyboard was large enough, the size and weight of the phone increased to such an extent that no one wanted to carry it around for very long. Aside from this, the mechanical keyboards offered only static functions and thereby limited the use of the mobile phones.
93
IT-Service-Management
Innovation management
Figure 28 – Product offer vs. expectations of smart phone users vs. iPhone offer
With the obvious idea of transferring the software-based user interface of the iPod to the phone, Apple achieved a genuine breakthrough with the radical reconfiguration of the smart phone world. In addition to the software-simulated keyboard, Apple also greatly enhanced the phone with an MP3 player function. The iPod software was transferred to the iPhone for this purpose and enabled access to the world's largest online music store, iTunes. 70 % of the software that runs on an iPhone was taken over from the iPod. However, Apple also created completely new value for customers within the framework of the product concept. This included, for example, applications (apps) for consumers with which the iPhone—in conjunction with the software-based user interface—can be used with great flexibility. Together with the App Store, a counterpart to iTunes for applications, Apple introduced a powerful platform with which the possibilities for using the iPhone have been continuously expanded. With this system-oriented approach, Apple also addressed new types of customers, for example programmers of apps and individual telecommunication companies, which received the exclusive marketing and sales rights for the iPhone. This also contributed to Apple being able to reduce its own marketing costs, while nonetheless reaching a large number of end customers.
But how could all of these ideas for creating values (functions highlighted in blue on the x-axis of the second figure) be implemented? The BOS makes available a method with which such solutions can be systematically achieved: the "Six Paths Framework."
6.3 Blue Ocean Strategy: Six Paths Framework What kind of innovations can IT managers provide to change the value curve of a product or service? New IT services can be developed which significantly reduce the effort and/or expense for
94
IT-Service-Management
Innovation management
providing a product with additional value. For example, product marketing can be supported by hosting a social network, using viral marketing methods instead of traditional channels of advertising, such as radio or TV commercials. In terms of the product being advertised, this IT service reduces the costs of the existing advertising function while also making it possible for the customers to give interactive feedback. A similar effect can be achieved, for example, by devising new navigation and scheduling systems to reduce the costs for companies with large sales departments.
The Six Paths Framework can be regarded as a creative way of thinking, which supports the product developer in drafting innovative product ideas and solutions. Ultimately there are six questions to ask in order to find the right "paths" in the context of this framework:
Path 1: Can the product concept be placed in another sector? Taking Apple into consideration, you can see that this company was able to transfer the product concept of the iPod. This consisted of a software-based user interface and a music store and was taken over in the smart phone area with a similar user interface and an app store. Even the pricing model in which the music industry has to pay 30% for each unit sold was transferred into the world of the application programmers.
Path 2: Are there strategically important user groups in the market that still have not been taken into account, for example people who do not use the product?
Level 1: Future customers who will soon enter the market. Business customers who were persuaded by the possibility of being able to use entertainment functions even on their business trips, and who already used an iPod.
Level 2: Neglected customers who decided not to enter the market. The availability of millions of applications used to solve everyday problems (navigation in unfamiliar cities, workflow solutions for standardised business processes in companies, such as travel applications etc.) produces pressure to use these environments.
Level 3: Inexperienced non-customers who appear as consumers in various markets. Customers who previously used MP3 players and webcams separately, but were not in a position to use, or saw no additional benefit to using, a phone designed for the business user. Today they use the iPhone environment as a kind of integrated platform for personal use and entertainment.
In addition to the consumers, Apple found other customer groups that were ready to pay for the products. They also contributed to the business success of Apple in this way: 
Application developers have to pay 30% of their revenue in the App Store to Apple. On the other hand, Apple makes a high-quality development environment available to them. This
95
IT-Service-Management
Innovation management
makes it possible to transfer the code very easily to other Apple platforms, such as MacBook and iPad. In 2011 Apple projected revenues of 15 billion US dollars from programmers of apps. 
Telecommunication companies: Owing to Apple's strategy of having only a single provider sell the iPhone in the initial years, telecommunication providers with the exclusive sales rights have to pay Apple 30% of their earnings from the contracts.
Path 3: Can I change the chain of buyers in order to change my own profit margin? With the App Store and the strategy of allowing only one provider exclusive rights, Apple was able to change the profit margin of the chain of buyers and the chain of buyers itself.
Path 4: Can I change my product portfolio by adding product objects from different sectors? Apple, for example, added access to iTunes to the iPhone. This increased the degree of utility for consumers in market segments.
Path 5: Can I change the value of a product for the customer by changing the proportion of functions to emotions? With the specific Apple design and the typical presentation of the iPhone by Steve Jobs, the iPhone brought the familiar Apple philosophy to the smart phone sector. Therefore, no other product in this sector could compete with the emotional factor of the iPhone. The design and philosophy of userfriendliness that defines the entire product concept could be considered a real unique selling proposition on the part of Apple.
Path 6: How will the value dimension of the ERRC grids change in future? Can I assess the change? Apple determined that along with the increasing success of the iPhone, the significance of the App Store would also increase, having a lasting impact on the area of commercial applications. Therefore, Apple began by introducing the applications from ERP systems from SAP or Oracle that support top management in their work and ultimately, also in purchasing decisions.
What types of innovations can an IT manager provide starting with the Six Paths Framework? If the value curve analysis focuses on the quality of a product function and the question of whether it is to be eliminated, increased or reduced, new solutions and strategies can be developed, for example using IT services. The following examples from traditional companies demonstrate the strengths of the questions asked by the Six Paths Framework.
Are there strategically important user groups in the market that still have not been taken into account, for example people who do not use the product? (Path 2)
96
IT-Service-Management
Innovation management
A network of tradespeople from different trades could specialise in particular complete services, such as renovating balconies. Earlier, if a household customer wanted to obtain these services, he or she had to hire a blacksmith, a bricklayer and a painter and co-ordinate the various providers himself or herself. However, because it was a small job, the tradespeople did not have any particularly great interest in it. After weeks of waiting, many customers withdrew their request for quotation to take over the renovation themselves. The network of tradespeople was conscious of this situation and developed a standardised service that included their respective individual abilities, specific products and processes. To publicise and co-ordinate this solution, the network's IT experts developed a platform that combined an online store, product configurator and CRM function. This platform not only advertised the service offer under the network's brand name, but also took care of all project co-ordination between the customer and the various tradespeople electronically. Moreover, the network developed a number of additional services that were not of specific benefit for the individual company, but for standardising and professionalizing these services. In this way, the business model showed excellent growth, with each tradesperson seeing an annual increase in profit of 30% due to the services provided by the network. With their specific services, they succeeded in winning over non-customers as new customers who had previously carried out this work themselves, even if often in poor quality.
Can one change the chain of buyers in order to change one's own profit margin? (Path 3) A company of the INNOTRAIN IT analysis sold its products via a personnel-intensive direct sales channel and via middlemen who offered the products to the end customer. After the analysing the actual situation of the process for transacting orders, the company reached the realisation that the sales costs were twice as high as production costs of the product. To survive in this market with truly standardised products, the customer implemented an online store, as a survey of customers found that they were willing to make use of a substantially more convenient method of ordering products via the Internet. After implementing the online store, the company because one of the most profitable companies in this sector, as the middlemen were no longer necessary and a portion of the sales staff could be moved to other product groups, significantly increasing their productivity in sales.
Can I change my product portfolio by adding product objects from different sectors? (Path 4) A good example for a change of this type is the network of tradespeople described above who combine services from various sectors to offer the customer a new type of service. Another example is the combination of a machine tool manufacturer's tools with a special software program that improves the features of the machine or the service quality. Today, many manufacturers offer IT server and network solutions that link their machines to other ones in process chains. These, in turn, can be controlled and adapted using the tool manufacturer's software. In addition, the machines have an internal memory with a telematics function which, if necessary, transmits alarm messages about required maintenance measures. As soon as an alarm is received, a service technician can access the machine remotely via the Internet to determine the level of urgency. If
97
IT-Service-Management
Innovation management
necessary, he or she can drive the required spare parts directly to the customer's facility to remedy any imminent problems, even before they occur. This provides the customer with a high degree of value, as the desired level of availability of his or her production resources is ensured. Thus information systems, software and consulting services complement each other optimally to provide customers with a high degree of additional value. This means that the entire hybrid product of the availability of the network and the server services and a good version management of the control software.
6.4 Blue Ocean Strategy: Control methods After the Six Paths Framework has been used for developing new product and market ideas, the BOS offers a number of control methods to check the customer benefit and advantages for the company. The methods include four different analysis tools, which are described in the following chapter.
Figure 29 - Analysis tools of the Blue Ocean Strategy
Analysing the customer benefit The customer benefit of a product concept can be analysed by looking more closely at the following criteria. Product focus: The product provides customer benefit if it is focused. This means that the product costs should be low and the business plans for the product should be simple.
Product differentiation: A product is one-of-a-kind if: 
Its value curve differs significantly from the average in the respective sector

The product strategy differs significantly from a "Me too" strategy

The product concept is positioned outside existing markets
98
IT-Service-Management
Innovation management
It offers exceptional customer benefit
To ensure that exceptional customer benefit is being offered, the "Buyer Utility Map" method can be used. The idea is to reconcile the criterion of a product's customer benefit with the buyer's experiences over the entire lifecycle, from the purchase of the product to its disposal.
Figure 30 - Six utility levels
The six utility levels allow you to check your product for the various phases with the following questions:
Does my product have the ability to increase buyers' productivity?
Can my product be used as easily as possible?
Does my product increase users' comfort?
Can my product decrease buyers' level of risk?
Can my product have a positive impact on the buyers' fun and image factor?
Is my product environmentally friendly enough so that buyers can use it with a good conscience and no additional costs for disposal are incurred?
How can the IT department assess its contribution to the exceptional customer benefit? This question, which arises of each of the company's functions, can, of course, also be directed with regard to their IT service by the IT department. The example described earlier of the company that uses an online shop for selling its largely standardised product in the cell with number 2. This is due to the fact that business customers find it more convenient to order to products as needed with just a few mouse clicks instead of having to wait for the next visit from the salesperson and fill out order forms.
99
IT-Service-Management
Innovation management
Figure 31 - Six utility levels, example
In the cell with number 1, we discover that an online store and simple configurator make it significantly easier for the customer of the tradesperson network to convey more detailed information about the renovation work (square metres, colours of the balcony, length of the baluster, type of damage to the floor covering) and placing the order compared to co-ordinating the three different companies. In the cell with number 3, the contribution of the IT service which has been engaged after the sales services and reduces the customer's risk of failure of the production line. However, the Buyer Utility Map provides a unique contribution when specifying and designing IT services, which not only have a positive effect on the customer's business, but also ensure additional benefit for the product shipped by the company.
If we deal with pricing and cost model of a new product concept, IT services can provide a significant reduction of both factors. Many innovations in the pricing structure can be introduced by strategic purchasing of IT services. If we return to our example of selling standardised products using a web shop, this reduces the process costs for the sale of goods dramatically—while providing complete flexibility with regard to who hosts the application and service. However, if the company's in-house IT employees are inexperienced or their number is insufficient, outsourcing may be useful. In this case, the online store service is leased from a strong partner and integrated into the network of their partners if the company is in a position to control and manage the service.
100
IT-Service-Management
Innovation management
Analysing the pricing
Figure 32 – Analysing the pricing
"Blue oceans" have to be capable of winning over mass markets. Therefore, the price should be affordable for customers on the mass market. Innovations are frequently targeted only to niche customers, which means a high price for customer in the market niche. In this case, Settlers can use techniques from the "me too" companies to make investments in the development of pioneers.
Analysing the costs
The cost analysis of the product concepts in BOS is specified first and foremost by the price that the customer is willing to pay for a revolutionary product. This price can sometimes differ significantly from prices for comparable products in the entry-level market. The desired profit is subtracted from this price to determine the target costs. To implement this cost structure, cost reduction initiatives can be used, for example to make corporate processes less expensive. It is worth a try to select new materials or service suppliers with whom the price structure can be newly negotiated.
101
IT-Service-Management
Innovation management
Figure 33 - Analysing the costs
Analysing the implementation effort To implement the changes and turn the development into an innovation, a good method of change management
is
required
(for
more
detailed
102
information,
refer
to
Chapter
5).
IT-Service-Management
Index
Index Action competences .................................................. 71
Job title ........................................................................ 7
Analysis methods ....................................................... 98
Key Goal Indicator ..................................................... 39
Application support ................................................... 32
Key Performance Indicator ........................................ 39
Audit .......................................................................... 35
Known error............................................................... 28
Availability management ........................................... 29
Lag Indicator .............................................................. 39
Best practices ............................................................... 7
Lead Indicator ............................................................ 39
Blue Ocean Strategy ................................................... 91
Operating Level Agreements ..................................... 20
Business strategy ....................................................... 11
PMBOK....................................................................... 50
Capacity management ............................................... 31
Portfolio management............................................... 16
Change communication ............................................. 87
PRINCE2 ..................................................................... 51
Change management ......................................28, 40, 66
Problem ..................................................................... 28
Change processes ...................................................... 68
Problem Management ............................................... 28
Compliance ................................................................ 40
Process......................................................................... 7
Configuration items ................................................... 24
Project ....................................................................... 49
Continual service improvement ................................. 46
Project management ................................................. 49
Controlling ................................................................. 35
RASCI matrix .............................................................. 39
Demand management ............................................... 17
Resistance .................................................................. 81
Emotions .................................................................... 75
Role .............................................................................. 7
Framework ................................................................... 7
SCRUM ....................................................................... 51
Good practices ............................................................. 7
Service availability ..................................................... 30
Incident ...................................................................... 24
Service catalogue ....................................................... 19
Information architecture ........................................... 17
Service desk ............................................................... 23
Innovation ............................................................ 21, 91
Service Level Agreements .......................................... 20
Innovation management ........................................... 91
Service portfolio ........................................................ 19
Investment portfolio .................................................. 16
Service Request ......................................................... 24
IT architecture............................................................ 12
Six Paths Framework ................................................. 94
IT disruption ............................................................... 24
Strategic planning ...................................................... 10
IT investments............................................................ 16
Supplier management ............................................... 33
IT procurement .......................................................... 32
Teamwork .................................................................. 73
IT risks ........................................................................ 19
Technological orientation .......................................... 18
IT security................................................................... 34
Underpinning Contracts............................................. 20
IT strategy .................................................................. 15
Value contribution ..................................................... 12
ITSM implementation ................................................ 52
Value curve method .................................................. 92
CIII
IT-Service-Management
Bibliography
Bibliography i
Cartlige et al., "An Introductory Overview of ITIL速 V3", itSMF, 2007.
ii
Johnson, G., Scholes, K., Whittington, R., (2008). Exploring Corporate Strategy, 8th edition, FT Prentice Hall:
Essex. iii
Strassmann, P. (1997) What is Alignment? Alignment is the Delivery of the Required Results. The
Squandered Computer, The Information Economics Press, 1997 [taken from: http://www.strassmann.com/pubs/alignment/]. iv
Luftman, N.J. (2003) Measure Your Business-IT Alignment". Optimize: Business Execution for CIOs
Magazine. Issue 26, December. v
IT Governance Institute (2007a) Control Objectives for Information and Related Technology (CobiT) 4.1. IT
Governance Institute, Rolling Meadows, IL, http://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages/COBIT-4-1.aspx (retrieved on 2011-03-15). vi vii
http://www.theiia.org/theiia/about-the-profession/internal-audit-faqs/?i=1077 (retrieved on 2011-03-15).
viii
http://coso.org/IC-IntegratedFramework-summary.htm (retrieved on: 15.03.2011).
ix
IT Governance Institute (2007a) Control Objectives for Information and Related Technology (COBIT) 4.1, IT
Governance Institute, Rolling Meadows, IL, http://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages/COBIT-4-1.aspx (retrieved on 2011-03-15). x
IT Governance Institute (2007b) COBIT Quickstart, 2
nd
Edition, IT Governance Institute, Rolling Meadows, IL
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/COBIT-Quickstart-2ndEdition.aspx (retrieved on: 15.03.2011). xi
Software Engineering Institute (2010) CMMI for Development, Version 1.3, Carnegie Mellon University
Software Engineering Institute, TECHNICAL REPORT CMU/SEI-2010-TR-033, ESC-TR-2010-033, November, http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm (retrieved on: 9.05.2011).
CIV