Published: itSMF Australia - June 2002

ServiceTalk - The Journal Of The IT Service Management Forum - April 2002

Answering The ITIL Sceptics

Karen Ferris - IT Service Management Consultant

KMF Advance - Melbourne, Australia

Incident Management
“We manage our faults – we fix them as and when they happen” 

This sounds like fire fighting to me! …And this is all it will ever be without structured Incident Management processes that include classification, categorisation, impact and priority assessment, and monitoring and tracking. 

A power generating company in Australia, for whom I provided some consultancy services, soon realised the benefits of Incident Management when a call was received by the Service Desk to inform IT of a problem with outgoing email. The incident was recorded along with all other incidents. There was no proper classification, or impact assessment carried out. The IT staff dealt with the incidents as they came across them and there was certainly selection on the basis of “easy to” or “nice to fix”. Email certainly did not rank as a priority. 

It was only when the Sales & Marketing Manager started screaming about the lack of email and the impact on the organisation, did IT address the incident. IT was unaware that the organisation’s trading of power was carried out via email. For each minute that email was unavailable, the organisation was loosing money – big money! 

The implementation of Incident Management (and Service Level Management) ensured that IT would not make the same mistake in the future. Otherwise, their futures could be at stake! 

Problem Management
“We don’t have time to do problem management – we are too busy fire-fighting” 

This was the situation in a large retail organisation in Australia. They stated that they were doing Problem Management but on investigation the Problem Management team were just looking after major incidents. There was no formalised effort to get to the root cause of incidents, reduce the impact and prevent them from reoccurring. 

Problem Management may require dedicated resources and therefore incur a cost but what is the cost of not doing it? 

In this organisation I calculated the average contribution per employee to the annual turnover of the organisation. This was broken down to an hourly figure and then divided by 2 to reflect a 50% dependence on IT. This figure indicated the potential loss in productivity for each hour that an incident was open. 

An analysis of one week of open incidents produced a lost productivity figure of over AU$2 million dollars per week. I think this would justify allocation of Problem Management staff to analyse the incidents and ensure that the underlying cause is determined and removed? 

This analysis has to assume that the incident statistics from the Service Desk are accurate. If an organisation refutes the figures based on this assumption, I would then ask the question “So how do you know what it is costing you?” 

Change Management
“We don’t need a Change Advisory Board! I know the best time to make changes. We don’t have time to test back-out plans. We will fix it if it fails” 

80% of mission-critical application downtime is directly caused by people or process failures. 

When the Australian Stock Exchange (ASX) closed its doors on a Friday in 1995 after a Federal Election, the expectation was that a change of government would be followed by a buoyant market, when the exchange reopened. The financial press predicted a turnover of A$1 billion for the following Monday. However, a software upgrade over the weekend caused the ASX share trading system to fail with catastrophic results. The 2 hour outage resulted in a turnover of just $A550 million. 

The ASX attempted to rollback to the earlier version of software – but this failed. The production database was corrupt and had to be reloaded. Disaster Recovery was invoked but the failure still resulted in a costly 2-hour outage. 

Effective Change Management with procedures to cover Request For Change (RFC) initiation and tracking, impact analysis, creation of testing and back-out plans, change testing, coordination of implementation and quality reviews may have avoided this catastrophe. This would have to be supported by effective Release Management to manage version control, security of software assets, software release and distribution. 

Configuration Management & Release Management
“It is just too hard….” 

No one will deny that Configuration Management is expensive to implement and maintain. However, once again what is the cost of not doing it? 

How many IT organisations have experienced the following scenario? 

A weekend upgrade to a widely used client –server application takes place. The server upgrade means that the old client software will no longer function. Monday morning the Service Desk are inundated with calls from frustrated customers who can no longer use their application. Why? Because IT did not know they were using the application and their desktop did not receive the update. Try and measure the lost productivity of customers whilst IT struggles to deal with each reported incident. Try and measure the lost productivity of IT staff that are now diverted from planned activities to resolve incidents. These figures themselves will justify the maintenance of a Configuration Management Database (CMDB). 

An organisation in Western Australia recently reported a saving of AU$750,000 when they underwent a software audit from an external organisation. The existence of an accurate CMDB allowed them to challenge the claims of the audit and prove that it was inaccurate. Without the CMDB, the organisation would have had to accept the claim and pay $¾ million in fines. 

In 1999, all IT organisations undertook Configuration Management and built some form of CMDB in a response to Y2K. It was not ignored because it was “too hard” because it HAD to be done. Most organisations then ceased to maintain the CMDB into and beyond 2000. For many organisations, the conversion to the Euro has been more expensive than the preparation for Y2K. What savings may have resulted if the CMDB had been maintained during 2000 and 2001? 

I wonder whether organisations around the world that trade with the 12 Eurozone countries are fully prepared for the withdrawal of dual currency on 28th February 2002? Perhaps a CMDB would help? 

Capacity Management
“We have the best technology in place – we don’t need to do Capacity Management. It is cheaper to just buy another server than waste time doing Capacity Management” 

According to Gartner: “Companies wasted more than US$1 billion between 1998 and 2000 on high-end Java application servers that provide far more capabilities than are needed on most Web sites”. If the trend continues, Gartner estimates that companies could throw away another US$2 billion from 2001 to 2003. Source: InformationWeek August 22, 2001 

It is only through effective Capacity Management and the activities of demand management, modelling, application sizing and the iterative activities of monitoring, analysis and tuning that organisations will be able to ensure that their IT resources are being utilised appropriately. 

Availability Management
“Our downtime is minimal – no-one has complained. We don’t need Availability Management”. 

With the growth in e-commerce, more and more companies will be striving to meet the demand for continuous service. This demand is driving availability expectations toward 24x365. Traditionally, industries with a need for high availability included government, finance, health services etc., but with the growth in e-business, high availability needs are penetrating large to medium organisations across all industries. 

On June 10 1999, the online auction site eBay experienced a 22 hour outage and resulted in the company paying users approximately US$3.9 million in credited fees and sent the share price tumbling. In July 1999, eBay announced to its members the steps the company was taking to increase availability and reliability including running two database servers simultaneously. The company said it had spent more than US$10 million on hardware and boosted engineering staff by 75%. 

Unfortunately for eBay, it suffered another unscheduled outage only days after the announcement. What impact on company credibility? Now that downtime is public information, it can seriously tarnish a company’ s image and reputation. 

The eBay announcement also included an explanation of the 22-hour outage, which was blamed in part to an update to the database software “that triggered a series of events that led to the corruption of our data and prevented us from restarting our system”. 

See Change Management I think!! 

Financial Management
“We do the best we can with the resources we have” 

But…without Financial Management for IT services, how do you know you are doing the best you can? 

It is not possible to know the true cost of service delivery, justify changes, appraise investments, understand the Total Cost of Ownership (TCO), introduce a sound charging strategy and realise a Return On Investment (ROI) without Financial Management. 

It is essential in the support of most of the other IT Service Management processes and in particular Service Level Management (knowing the cost of meeting customer requirements), Capacity Management (knowing the cost of increased capacity and availability) and Configuration Management (knowing the cost of the IT assets). 

Most of us know the cost of maintaining our households, we have estimated our assets for insurance purposes, we justify expenditure before making major purchases, we budget and account for money we spend. 

Why then should IT organisations with million dollar budgets be any different? 

Service Level Management
“Our customers are happy, we don’t need Service Level Agreements” 

If this is the case why is the most common complaint I receive from both the IT organisation and their customers, always concerning a lack of communication? 

The IT organisation strives to deliver high quality services to customers whose expectations continually change – expectation creep. The customers feel that their needs are not being met and do not understand what the IT organisation does with the money it receives (apart from pay IT staff extortionate salaries!!). This tension is the result of a failure to communicate that can be resolved through Service Level Management. 

Service Level Agreements are needed to manage the expectations of both IT and the customer. 

An IT organisation with internal customers can no longer assume that the customers cannot go anywhere else. They can! IT departments that are negatively perceived by their customers need to be able to demonstrate in measurable terms what they are delivering. Use SLAs as a defensive strategy against outsourcing by replacing perceptions with facts. 

An IT organisation providing services to external customers needs to retain those customers by setting expectations. It can cost 30 to 40 times more to attract a new customer than retain an existing one, and therefore customer retention is crucial to the organisations profitability. 

IT Service Continuity Management
“It will never happen to us” 

Can anyone say this after September 11 2001? 

It can happen to anyone, at any time, for any reason. 

“Two out of five enterprises that experience a disaster — such as the World Trade Center attack — go out of business within five years. Business continuity plans and disaster recovery services ensure continuing viability”. Source: GartnerGroup September 2001



And if they’re still not interested and think ITIL is just another fad:- 

The ISEB have certified 8489 people in the Foundation Certificate in IT Service Management and 2799 in the Managers Certificate[1]. EXIN has certified over 30000 professionals in IT Service Management in over 30 countries[2]. 

Computer Weekly (11 Sept 2001) reported: 

"Having qualified people is a major differentiator for IT providers, whether they are internal or external," says Adrian Leach, business manager at Parity Training. "If a big company tries to outsource all or part of its services, it would prefer to go to a supplier which has ITIL qualified people." 

So ITIL accreditation makes you highly marketable? Now that should get them interested. 

***

Karen is an IT Service Management consultant and a committee member of the itSMF Australia. 

Karen can be contacted at KMF Advance via www.kmfadvance.com 

[1] Source: www.bcs.org.uk

[2] Source: www.exin.nl