Hello all. I’m back from a brief blogging hiatus. I thought I would preach some today on the importance of establishing corporate data standards as it relates to Service Management and for that matter all other applications that share similar corporate data. By corporate data I am referring to things like Locations, Employees, Departments and Cost Centers. From a Service Management perspective these data elements are typically captured each and every time the service desk takes a call. In order to accurately capture this information it must be maintained in a database. Unfortunately, for most organizations this information is often maintained in many databases manually and independently with the following negative consequences:

• Manually maintaining this data is time consuming and multiplied by the number of applications where the data is maintained
• Integrating or sharing data between applications becomes very difficult and expensive if data is not synchronized because it must be translated
• Inaccurate data leads to delays in servicing the customer
• Manual verification and/or addition of data leads to delays in servicing the customer and costs additional resources

The number of organizations that don’t manage this data in a single repository amazes me. Almost every large company has some sort of ERP tool that’s purpose is to serve as the repository for this type of data throughout the organization. Standardizing and managing corporate data in a single repository and then using that repository to feed other systems that require the data can create huge cost savings.

One real world example I came across recently involves a company that uses Peoplesoft. They have deployed both the Peoplesoft HR module and the Peoplesoft Financial module. Surprisingly both of these modules manage Employee data independently and each has its own definition of employees. There is no key that can be used to relate the independent employee records. Furthermore, the data stored in Peoplesoft HR does not include the person?s phone number; the phone number is stored in the Financials module.

I was involved in managing an upgrade to this company’s service management application. One of their goals for the upgrade is to get an automated feed from Peoplesoft to maintain employee data so that the employee data does not have to be manually reviewed and often updated during the course of each call. An obvious time and cost savings. Unfortunately, since the Peoplesoft HR data does not have phone number (a critical piece of data in Service Management) this goal will be a challenge. The company plans to merge Peoplesoft data with Active Directory, which presumably will carry phone number, and then integrate AD with the Service Management application. Of course, this complicates the integration and will add to the cost of the upgrade.

My advice to any company is to launch a project to standardize and centralize the management of corporate data if you’re not already doing so. In the long run this will significantly reduce maintenance costs of every single application in your organization that leverages this data - and typically this is many applications. Furthermore, it will significantly reduce implementation costs for any future application deployments that will require this sort of data.

OK. I’ll step down off my soapbox for this week. Let me know what you think. Obviously, standardizing corporate data is easier said than done. I’d love to hear some real world examples of the challenges you’ve faced in these efforts and what you’ve done to find solutions.

—–

Happy Monday, everyone, and welcome back to another week doing ITIL in the real world. If you’re new to this blog, I write once (approximately) weekly (usually on or near Friday) about the joys & sorrows of implementing ITIL ‘out there’ in corporate America. Thanks for reading!

Something funny happened on the way to ITIL nirvana this week!

Before we hear about that, though, Real World ITIL would like to say “thanks” to Adam Beck, Jack Bischof and John [Visitor] for their thoughtful responses to last week’s post on Asset Management vs. Configuration Management. Guys: please check the thread for my response to your comments. It’s great that we’re having an intelligent and informed discussion.

I’m a bit late with the blog entry this week because we had to focus on a major deliverable for the ITAM implementation project that we’ve been blogging about. Our draft design document, which the team finished this week, comprised nearly 200 pages of fairly detailed process and technology specifications. It was accompanied by a 3′ x 4′ wall chart of the ITAM IMAC process and a project plan covering the next 10 months’ worth of work. It was a major piece of work and a true team effort - way to go, folks!

The team is now reviewing its work prior to releasing it to any other consituents. As you can imagine, the document will be a key tool in gaining sign-off from all the many departments that are going to be affected by the proposed changes to workflow and supporting tools. We’ll see what happens!

Anyway, sometime during this very busy week, while everyone was focused on finalizing the design, a photocopy of an old Meta Group opinion paper ‘magically’ appeared on the chair of an influential manager while he was away from his desk. This particular manager is one of the leaders of this company’s early ITIL implementation efforts. The May 2002 article, by Wissam Raffoul, was entitled, “ITIL Does Not Reduce Cost”. No one knows who put it on the manager’s chair.

The abstract of the article confidently states, “IT organizations implementing ITIL to reduce cost should not expect considerable savings because the prime potential of ITIL is to improve service quality and elevate performance consistency of the IT organization”. (Source: #31434 © 2002 Meta Group, Inc.).

You’ll have to purchase the article to learn the details, but suffice to say that there is nothing surprising in it (statistically speaking) other than a bunch of predictions that seem questionable from the real world perspective of June 2005.

If you feel differently after reading it, though, I’d like to hear from you - just click the Comment link below.

But the funny thing is that someone living in this company’s everyday IT world should react strongly enough to the title as to leave it on the manager’s chair without raising the question in a setting where it can be discussed. Certainly, there is scant enough analytical information in the opinion paper to adequately support its title and the author’s points are easily refuted. In fact, most of the rest of the paper has nothing whatever to do with cost-justifying ITIL implementations.

So who knows what really motivated some anonymous someone to spend their work time searching Meta’s database for such a thing and then going to the effort to time the delivery so as to remain anonymous?

Is it a sign of personal resistance to changing the cultural status quo? Is it rather a covert caution to management against taking the advice of consultants who preach ITIL? Is someone only trying to present all sides of an argument, perhaps? Or is it really just the opinion of someone who isn’t fully informed about what ITIL can do?

Let’s for a moment recall some basic real world facts:

Anyone who works in the for-profit world knows that any significant project requires a business justification expressed in for-profit terms. ITIL can be implemented in a cost-effective way. It can also unquestionably be implemented in a way that wastes corporate resources. Is this really surprising? After all, the challenge of defining ROIC is one of the major reasons why many organizations have a difficult time determining where to start with ITIL in the first place.

But perhaps the important thing to realize in this case, though, is that there is a subsurface debate happening in this company about the value of implementing ITIL. At the very least, this is a small real-world example of why ITIL project leaders must never underestimate the amount of human change leadership that will be involved in any ITIL effort - no matter how small. Resistance to change will appear in both overt and covert forms and should be dealt with on a continuous basis.

Moral of the story: if you’re leading ITIL in the real world, it’s never too early (or too often!) to begin communicating these few basic things to everyone involved at all levels whenever a ‘teachable moment’ arises:

• what ITIL is and
• what ITIL isn’t
• why ITIL is worth doing (in business terms)
• why learning more about ITIL is a Good Thing
• why people shouldn’t be afraid of it, and
• always invite them raise their questions and concerns in an open forum where we can communicate these things to them all over again

Now, let’s get going and lead our people! There’s lots more ITIL to get done this week.

Have fun out there,
Scott (moderator)

—–

Hi Guys-

I have been a poor correspondent! I have been working on a number of client success stories, digging thru the value and clarifying it. Here’s one that might be interesting. It combines ITIL, CoBIT, good governance, good process, and efficiency gains all in one! Proof you can automate compliance with Sox 404 and gain efficiency too.

I welcome your feedback. Please forgive the more formal tone–it is a “marketing” piece. But–it really did happen!

Automate SOX 404 Compliance, Reduce Risk, Improve Quality, & Reduce Costs. A Bridge Too Far?

Challenge:
GlobalFoods, based in Europe, is one of world’s top 5 grocers. They watched the first round of Sarbanes Oxley compliance efforts in the US. What they learned was this: multiple compliance requirements are here to stay, so it makes sense to address the need strategically and make compliancy a core competency.

But Retail is a commoditized, highly competitive market, with narrow margins. Future competitive differentiation rests on knowing each customer, reacting quickly to change, improving inventory effectiveness, and driving down costs.

Any opportunity to actually improve IT execution at the same time would be very valuable to help face the increasing complexity and rising volume of change facing IT.

Approach:
IT management saw opportunity. There was a belief that core service delivery processes could be improved significantly, with potential to deliver effective compliance, but also to simplify the work, improve the quality, and improve the consistency.

GlobalFoods turned to their long term partner, Evergreen Systems, based on five key factors:

• Proven track record of success with GlobalFoods
• Deep understanding of IT operations in Fortune 1000 Grocers
• Strong experience and best practices for enterprise level change and compliance solutions
• Ability to lead large, complex entities through organizational change
• Depth of knowledge in the Peregrine suite of technologies

Evergreen worked with the client to identify the key, high volume processes that might benefit from process improvement while meeting compliance requirements.

Recommendations:
Lead GlobalFoods from strategic design to operational adoption.

Design:
Design a single IT Process Framework built on ITIL and CoBIT standards, but simplified to address only the business needs of GlobalFoods.

Baseline and Improve:
Analyze current processes, define best practice based improvements, simplify processes and ensure policy adherence

Integrate process and technology:
Upgrade systems to reflect process with technology improvements, create user self service portal

Drive adoption:
Train, support, and lead organization to adopt new processes and technology, leveraging portal as an adoption mechanism

Results:

Prior to this, GlobalFoods estimated that 70%+ of all IT changes were done without record or via approved Sarbanes Oxley compliant process, clearly out of compliance. This put the company at risk not only for compliance, but also for potentially significant business disruption events.

By automating policy compliance through a user self service portal with a change risk calculator, GlobalFoods got 100% policy conformance in 2 weeks, and significantly eased the burden of routing, reviewing, and approving requested changes. They estimate an efficiency gain in IT overall of 15-20% but most importantly?they now have an automated way to quickly achieve adoption of new policy / processes for the organization.

Not surprisingly, they passed their 404 Sox compliance review with flying colors.

—–

Man, lately it seems like a lot of stress is being poured onto conference room tables as people debate questions like
“how is ITAM different from ITIL?”
and “what the heck is a CMDB”
and “how is CMDB different from ITAM?”
and “do we really need all three…?”

I understand the reason for those qustions - enterprises need solid roadmaps to sell to management. And those are good educational questions to help stakeholders understand the tradeoffs in the roadmap.

Here’s my over-simplified, consultant-ese shorthand:

ITAM - IT Asset Management - seeks to answer a few simple questions:

“what do we own?” “where is it” “what’s it cost to acquire and maintain” and “what’s been happening to it over time?”

When you have reliable, easy-to-get answers to these questions, you can do all sorts of cool things with the data - continuous improvement of processes, stronger vendor management, better compliance (especially software, oh man is that a biggie).

BUT… it’s up to you, the IT manager, to ACT on the information. Just plugging all that data into a repository won’t gain you a whole lot.

ITIL, as you know, is a big body of best practices and a reasonably useful collection of definitions so that we can all speak the same language.

My opinion, ITIL falls short on details regarding ITAM, and especially regarding the financial management of assets (both hard $ and soft $).

On the other hand, the ITIL concept of a CMDB is really powerful and has great promise for long-term improvements in IT’s service to the enterprise. Only problem is, there’s no practical way (that I’m aware of) to build a true CMDB today. We’re not far off though - several vendors are rolling out products now.

But really, I think a better question would be “what are the key business value opportunities in IT Operations, and how can we best exploit them for short and long-term gain?”

More on that topic later.

-Scott B

—–

Hey Gang…
The debate continues… the articles that I have read in regards to the subject of SOX compliance have addressed some interesting points both for and against compliance. I thought that I present them to see what everyone thinks. The points are as follows.

For Compliance…
Recently in the WSJ, there was an editorial that really questioned the registered complaints that public companies are spending a lot of money to meet compliance. The point of the article was that while there is an undeniable cost associated with being compliant; there is clearly a benefit to a public entity for complying. The article goes on to discuss how does one measure confidence in a particular brand and more importantly does the benefit out way the cost?

Against Compliance?

Recently in Barons, there was an article that defended public entities position against compliance and predicts that the SOX compliance will generate negative consequences by discouraging companies going public and more importantly establishing a trend of public companies reversing and going back to the private world. What does this mean and how realistic is this?

Two Cents?
While I am not qualified to predict what will happen to our economy in the short and long run if companies return to being a private entity, I think both sides can agree that company structures are unique and the benefit of compliance does not provide the same return for all companies. I think that it is safe to say that some companies will return or will stay to being private but is that a bad result? I think it is interesting that both of these articles stress the fundamental point that all of this energy is to protect the investors.

—–

Welcome back!

Before we get started with this week’s entry, we at Real World ITIL would like to recognize Ron (from http://tisgarplen.blogspot.com) for his helpful comments on our new blog format. We would also like to thank the folks at http://www.itsmexams.com for their kind supportive comments on what we’re trying to do on this blog. We’re glad that you’re reading along, and hope you will choose to contribute to the discussion.

This time, I’m writing on plane home from Peregrine’s Synergy ‘05 conference in Las Vegas. While there, I attended a roundtable discussion hosted by the Gartner Group. A prominent topic of discussion concerned what the difference was between ITIL Configuration Management and the practice of asset management in general. Apparently, many companies are requesting research and opinion from Gartner on this topic.

Well, in my humble opinion, it’s not a very complex matter and the difference is pretty clear. I’ll tell you what I think, but would also like to hear your opinions on this topic. Just click on the Comment link below to share your thoughts.

So here’s my $00.02:

The developers of ITIL have defined the difference between ITIL Configuration Management and the practice of Asset Management in this way:

“It should be clear that Configuration Management is not synonymous with Asset Management, although the two disciplines are related. Asset Management is a recognised accountancy process that includes depreciation accounting. Asset Management systems maintain details on assets above a certain value, their business unit and their location. Configuration Management also maintains relationships between assets, which Asset Management usually does not. Some organisations start with Asset Management and then move on to Configuration Management.” — Source: OGC © Crown Copyright 2000

So, understanding the difference in nomenclature is really all about understanding how the asset data are used. In my mind, asset managers have a financial interest in assets, while configuration managers have an operational interest in them. That seems pretty clear to me.

It may also help to think about this issue in this way:

“Assets” in this context are physical things that an enterprise owns - like desks, chairs, lathes, cruise ships, skyscrapers, computers, etc. The acquisition, installation, maintenance and disposal of these things consumes capital. Therefore, assets need to be tracked and managed from a financial perspective. That’s what asset management is.

Of course, IT folks only care about the subset of corporate assets that includes computer hardware, computer software, software licenses, maintenance contracts, and the like. While we care to some extent about the financial aspect of these assets, we primarily have a different interest: how to combine assets appropriately to satisfy some operational need. This requires that we have knowledge not only about the technical configuration of the individual assets but also the relationships between assets in order to manage the effects of incidents, changes and releases on the IT infrastructure. That’s what ITIL Configuration Management is.

For example, implementing a business service called a ‘web portal’ requires a collection of related corporate assets: a server, router, LAN switch, cables, operating systems, web server software, a firewall, etc. So, implementing this single service might require a dozen or more corporate IT assets, all of which need to be accounted-for in the ITIL incident, change, release, availability, service level, security, capacity, and service desk processes.

However, given that there is a clear difference between Asset and ITIL Configuration management, maybe what people really want to know is, which type of management do we implement: Configuration or Asset? Furthermore, what tools and processes should we implement to support whichever we choose?

For additional insight into questions such as these, I’d like to refer our readers to the IT Asset Management blog on this website, which is written by our expert colleague (and generally great guy), Scott Braden. His blog is well worth following if you have an interest in ITAM and I’m sure he’ll have something to say on this topic.

On our current project, we’re doing ‘asset management’ of IT hardware assets for now, with the intent of implementing ITIL-style Configuration Management workflows to manage the data, all upon a Peregrine AssetCenter technology platform. We’ll integrate other IT assets later, such as software (shrinkwrap), applications (custom apps), licenses, contracts, etc.

As you might have inferred from the ITIL definition above, this means that we’ll have to develop automated data feeds between AssetCenter (to wit, the asset data) with the company’s Fixed Assets, Accounts Receivable and Accounts Payable systems (that is, the financial data about the assets). We’ll also have to design a reporting and a GUI solution so that people who have either financial or operational interest in the IT assets can get the information they need to do their jobs.

However, clarifying the terminology is the easy part. In my mind, the really hard question about Asset Management is not how it differs from Configuration Management, but instead how to make this new asset system work in the real world, and how to keep the asset data both current and accurate on an ongoing basis once we get the thing built.

That’s the question that’s keeping me up at night - I bet it will for you, too!

So, rest up this weekend, everyone. There will be plenty more ITIL to do in the real world next week!

Scott (your moderator)

Technorati Tags: configuration management asset management itil fixed asset asset

—–

Surely your company would never enter into a binding contract without reviewing the terms, right?

And of course, only authorized individuals are allowed to commit the company to binding agreements. We can’t have just anybody making deals with vendors, right?

Surprise surprise - many companies do just that every day. Here’s how - the EULAs (End-User License Agreements) that come with shrinkwrap and “free” software is a binding contract.

So everytime someone downloads freeware or shareware or trialware to a company-owned computer, they are binding the company to the terms of that EULA. Nice, huh?

Do you have a policy that requires formal review and approval before anyone can download or install software? How do you enforce it? Do you use discovery tools and desktop lockdown to prevent unauthorized loading? Does your procurement and legal team reveiw every EULA before authorization?

They should.

Here’s an article that talks about some of the down-sides if you don’t:
http://www.pcworld.com/howto/article/0,aid,120767,00.asp

Watch your back…
Scott

—–

Welcome back to Friday again, everyone. It’s been another busy week doing ITIL in the Real World.

We hope you enjoy the blog’s new look! This new format is supposed to organize things a bit better and also be somewhat easier to read. Let us know what you think by clicking on the “Comment” link below.

I’m writing on the plane again, this time on the way to Las Vegas to attend the Peregrine Synergy ‘05 conference. We’re interested in seeing how Peregrine is progressing toward its Active CMDB strategy, which will benefit us on our present asset management project. No software vendor seems to have developed a complete ‘ITIL in a Box’ product yet, but at least a few, including Peregrine, seem to be on the right track.

On this project this week, the team was busy finishing the requirements gathering phase. Several of us have also begun writing our portions of the design document for what will become the foundation of a CMDB in support of an ITIL Configuration Management implementation.

We’re working to a very compressed time schedule, so we’ve designed a project plan that supports a lot of overlapping of the requirements and the design phases for the process, organization and technology parts of the project. It’s a bit complex to manage from a PM standpoint, but as a result we hope to have our design document done within two weeks of completing the requirements phase.

On the topic of compressed project schedules, you might want to check out the article on page 51 of the June 2005 issue of “PM Network” magazine (published by the Project Management Institute), which talks about how to effectively manage IT projects on a compressed schedule. Some of the tips offered in the article include:

• Consider not only the cost of blowing the budget [if something goes wrong], but also the opportunity costs of slippage
• Budget, budget accurately, and budget with sufficient granularity?
• Define required skill sets as far in advance of when they are required as is possible to do
• Act decisively to mobilize those resources, once skill sets have been defined
• Drive as much concurrency into the project plan as possible (without adding undue risk) in order to compress timelines. Projects do not have to be run in serial phases in order to be successful.

We’re employing all of these techniques on this project and have benefited from them.

However, the article also offers this rather stern warning: “Project acceleration - can prove perilously expensive, resulting in unsatisfied customers and blown budgets.” Well, I think that everyone probably already knows this, but the point nonetheless bears repeating. Needless to say, we’re keeping a sharp lookout for any potential risks on our project.

Also this week, I had the opportunity to talk with someone who was trying to reason out how and why to justify an investment in ITIL process improvement projects. The issue was that his business counterparts had told him that they were quite satisfied with the infrastructure delivery services being provided by his IT organization. So, if the users were happy with the current services, why should his team care about ITIL?

Good question, no? I thought so.

Well, upon digging a little deeper, we discovered that his business counterparts, while generally happy with things like help desk, application uptime and the network, were very dissatisfied with the IT department’s ability to provide credible information on the cost of the IT services they were being charged for. Not good news, but ITIL can help!

To use a crude analogy, if you took your car to a mechanic for repair, and his invoice for services consisted only of a price listed on an otherwise blank piece of paper, would you be satisfied with that amount of information? I wouldn’t.

Neither are this executive’s business counterparts happy with their IT chargeback invoices. Sounds to me like a great reason to implement ITIL’s Financial Management and Service Catalog concepts, supported by a strong asset management platform.

Do you agree? What are your thoughts?

My point is that, when deciding where to start with an ITIL implementation, many organizations choose Configuration Management or Service Desk because these areas are often perceived as having the possibility for a “quick ROI”. However, we must realize that other ITIL phases also offer justifiable returns. For this particular IT department, Financial Management would have been an equally great place to start.

So, as we go about the daily business of IT, let’s stay flexible in our thinking about ITIL and how it can benefit our organizations. A little openmindedness can often lead to solid business cases for improvements to our existing processes.

Until next time, have fun doing ITIL in the real world!

Scott (moderator)

—–

With the emergence of ITIL over the last couple of years, CMDB (Configuration Management Database) is becoming a popular discussion among IT Departments. I have struggled with what is the difference between Asset Management and CMDB. Maybe some of you out there could enlighten me more, but I see Asset Management as simply tracking the financials and the lifecyle of an asset. CMDB tracks relationships with assets, for example services impacted, documentation, users, etc. Therefore, if a router goes down, you can see what services and what users were impacted.

I attended a seminar this week that discussed why CMDB is becoming popular. The presenter made his argument that the trend in IT departments these days is to not necessarily just manage the lifecycle of assets, but more of managing business services and truly understanding your business and how IT impacts it. For example, you have a web server that is down, that hosts your company’s website and customers can’t place orders. You also have a backup job that keeps failing on a database. They both take 2 hours to troubleshoot. IT departments needs to first address the issue that impacts the business more. Does it make sense to fix the backup job first, when you have a successful backup from two days ago or get the web server up that customer’s access? I think having a CMDB in place would help IT make better decisions. The problem is not many organizations have the technology in place for a CMDB and not many vendors have released a mature CMDB package.

Over the next couple of blog entries, I would be interested in seeing how many people are planning on implementing a CMDB in the future? What technologies will be used to meet this need? Do you feel there is enough ROI in implementing a CMDB or can Asset Management meet the need? What obstacles and how to overcome them? As an example, I think convincing management will be a huge obstacle. In addition, a CMDB will more than likely have millions of records. What will performance be like? Will it be easy to pull reports? As you can tell, I have lots of questions and am excited to dig deeper into the CMDB world.

—–

So what are companies supposed to do, you ask? Faced with increase scrutiny on budgetary spending and pressure from regulators, companies are stuck between a rock and a hard place. Already burned by attempting to fix fundamental business issues with technology, companies understand that implementing new technology in a like for like fashion on a foundation of flawed business processes will lead to only to project failure.

So if there is not a magic box, how can companies obtain the proper controls required to alleviate SOX issues, higher audit costs, and most importantly keep Wall Street at bay? This can be achieved by first improving the way business is conducted before implementing any enterprise technology. One way of completing this is by adopting a best of bread process model. This is nothing that should be done in blind faith; each component of a model should be rationalized to the organization. While there may be commonality in the approach used to apply a model to an organization, this is clearly not a one size fits all kind of undertaking. Taking a top-down approach where governances are addressed initially, allows processes to fit within the logical boundaries of governance. This is where the COBIT framework fits into an organization. While COBIT has been established as a framework for sometime, the demand for this framework has increased due to the pressure the SEC has placed on the Private Sector. What is the buzz all about?

In the next weeks, I would like to dust off my virtual book shelf and get into the COBIT Framework. (COBIT is broken down in the following hierarchical structure: 4 Domains, 34 Process, and 318 Control Objectives.) I will be publishing an abstract for each of the processes that make up COBIT. My intent is to initiate a productive dialogue where participants can share thoughts and obtain a better understanding of COBIT. I want to discuss where theory fall short of reality and where Mr. COBIT needs to pay a visit to Real World University. That being said, I welcome thoughts, ideas, and feedback. Let the games begin.

*Source: http://www.isaca.org

—–