As IT service providers move up the enterprise value contribution ladder, the need for a repeatable and reliable service management framework becomes clear. There are several to choose from – most notably the IT Infrastructure Library (ITIL). ITIL continues to be one of the best known in our industry. However, you may be surprised to learn that there is another very viable service management framework that you may want to consider: the Microsoft Operations Framework, or simply MOF.
I stumbled upon MOF years ago when I was an IT director in a predominantly Microsoft shop. My goal was to figure out the best approach to running IT like a business, while treating my customers like customers (and of course, provide value). My Microsoft rep suggested I take a look at MOF, and the two things that immediately caught my attention were that it was a well thought out framework that I could use effectively, and…wait for it…it was free. Don’t let the “free” part mislead you. This is a very robust framework that can coexist with other frameworks (ITIL, COBIT, etc.) to provide a solid structure for providing value to your customers.
Created to offer knowledge and processes that help IT service providers leverage Microsoft platforms while demonstrating value, MOF also integrates many facets of the Microsoft Solutions Framework (MSF). This practical guidance is organized by using the IT service lifecycle approach:
The MOF structure consists of four phases. The first three are ongoing, plan, deliver and operate, while the fourth is a foundation layer, manage. This essentially describes the lifecycle of an IT service. These phases are further supported by Service Management Functions (SMFs) that provide structure for the people, processes, and activities needed to align IT services with needs of the business. Additionally, each phase includes Management Reviews (MRs). These internal controls assist in establishing readiness to move forward.
MOF is not a standard, it is a suggestive framework – which means, like ITIL, can be used as a good practice guide to creating a service oriented IT organization. To take this a step further, it has been my experience that MOF and ITIL can co-exist in an organization that, together, can build a solid framework. I found that once I understood the basic organization and makeup of MOF, it seemed very easy to navigate and use.
I hope you get a chance to take a look at MOF – if you do, you will most likely be asking yourself the same thing I asked, “Why haven’t I heard more about this?”
Considering the many challenges faced by IT service providers today, leveraging frameworks to assist in managing and controlling IT services is a logical, yet difficult task. With so many best practices in the market today, how can you know which ones are applicable? There are several methodologies and frameworks competing for the attention of IT leadership, and they all have valuable contributions. If you are looking for a good overview of these, watch this webinar where I discuss this in more depth: https://www.brighttalk.com/webcast/845/60841.
Frameworks are becoming so popular because the rising demand for best practices is driven by requirements to be more competitive while holding costs down and ensuring the performance and conformance of IT services. Historically, IT Service Providers were self-directed and considered cost centers. Today, best practices help these providers focus on meeting enterprise objectives. As IT moves up the list of strategic goal priorities, justifying technology investments grows – therefore the need for best practices.
With the overall goal of providing value to the business, consider two core tenets of every IT service provider: provide value in delivered services, and ensure proper governance and control of the processes that support them. This is where the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) play a valuable role.
ITIL is a widely adopted approach for IT Service Management that helps identify, plan, deliver and support IT services to the business and is detailed within five core publications (Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. ) It enables delivery of appropriate services that continually ensure benefits delivery and business goal achievement.
COBIT is the latest edition of ISACA’s globally accepted GEIT framework that providesan end-to-end business view of the governance and management of enterprise IT by integrating other major industry frameworks such as ITIL, TOGAF, PRINCE2, and related ISO standards. COBIT effectively helps govern enterprise IT with five principles and seven enablers.
Pick one or use both?
So, where would I start? It depends on what you are trying to accomplish. From my experience, most organizations are in one of three situations (or worse, more than one.) I’ve described these below, with my suggestion on which framework seems to make the most sense to lead with.
Integration objectives
Remember, the goal is to implement and manage IT services to achieve business benefits while meeting governance and control requirements. Because of its high level approach, broad coverage, and foundation on many existing practices, COBIT can easily be used as the integrator that brings multiple practices under one framework which links those to business objectives. With this in mind, the following table will help you understand how COBIT and ITIL fit together.
Critical Success Factors
Whichever approach you choose, there are a few critical success factors that should always be considered when adopting frameworks:
Focus on value. This is why IT service providers exist – to realize benefits while optimizing risks and resources. Don’t get caught up into adopting framework capabilities unless they have a real positive impact to your business.
Management commitment. Without it, you’re spinning your wheels. Leadership must be involved in any framework adoption. Grassroots movements sound great, but business priorities must be understood, communicated, and monitored by management.
Process ownership and accountability. Processes don’t manage themselves. Identify process owners and ensure that they are accountable. Use RACI charts to assist in determining who is Responsible, Accountable, Consulted and Informed.
Training and communication. Certifications aren’t required but are certainly a plus. Consider foundation level training (at a minimum) for both ITIL and COBIT. One challenge I see is that when a limited number of people at a company are trained, they fail to effectively communicate and transfer that knowledge across the organization. Create a communication and training plan that supports the goals of your framework adoption.
Continual improvement and measurements. Embrace and embed a service culture. Don’t just stop improving once you’ve started seeing initial wins. Ensure that the culture continually improves on successes, and base these on measurements. Both ITIL and COBIT have excellent models to help here.
In order to achieve competitive advantage, business must continually strive to innovate. Innovation, coupled with improved operational effectiveness and efficiency can exploit and leverage information technology that results in greater business value and potentially market share. In order to overcome the famous “open door, closed minded” policies that wreak havoc on thriving businesses, innovation must be understood, recognized and encouraged.
With so much focus on current operations, it’s often difficult to change mindset towards the future. This is where a having a formal process to manage innovation is key.
Enter COBIT.
Most IT and business professionals think of COBIT as a framework to assist in the security, control, and assurance of processes. The usual suspects include processes such as change, configuration, incident, security, and so on. If you look further in the framework, you may be surprised to find a process in the Align, Plan & Organize (APO) domain called APO04, Manage Innovation. This hidden gem, if used correctly, can provide a formal means of viewing the future of the business through a much more powerful lens – one that looks beyond the short term and encourages value creation through the qualification and staging of the most appropriate technology advances, methods and solutions.
Quoting directly from the COBIT5 Process Reference Guide (available on the ISACA website, www.isaca.org), the purpose of APO04, Manage Information is to “Maintain an awareness of information technology and related service trends, identify innovation opportunities, and plan how to benefit from innovation in relation to business needs. Analyze what opportunities for business innovation or improvement can be created by emerging technologies, services or IT-enabled business innovation, as well as through existing established technologies and by business and IT process innovation. Influence strategic planning and enterprise architecture decisions.”
If you are familiar with the process guide in COBIT5, you know that each process is described with a rich mix of information including: description and purpose, process goals and metrics, IT related goals and metrics, and management practices. Management practices consist of activities, RACI charts, and inputs/outputs. Although the goal of this is not to walk you through all of the details of the process, it’s important that we take a look at the management practices of APO04. These include:
APO04.01. Create an environment conducive to innovation.
APO04.02. Maintain an understanding of the enterprise environment.
APO04.03. Monitor and scan the technology environment.
APO04.04. Assess the potential of emerging technologies and innovation ideas.
APO04.05. Recommend appropriate further initiatives.
APO04.06. Monitor the implementation and use of innovation.
So what’s the business value? If you look in COBIT5, A Business Framework for the Governance and Management of Enterprise IT, you’ll find the goals cascade (see below). If you walk through the goals cascade, you will find that APO04 eventually supports multiple IT-Related Goals, Enterprise Goals, and Stakeholder Needs. Although this is only one way to identify business value, it’s a great start.
Reference: COBIT5, Goals Cascade Overview, Page 18. So, if you’re struggling with how to formally recognize innovation efforts in your IT organization, start with COBIT, you might find more than you expected. It is important to remember that COBIT is not a standard! It is a framework, and therefore designed with the flexibility that allows you to adjust processes and activities to meet your needs. In any case, don’t forget that the ultimate goal is to provide value for your customers, not just in the short term, but the long term as well. This is precisely why you should consider this process.
Yes ‘decision by committee’ is often negatively associated with non-essential, seemingly off-target, purposeless meetings. Agreed (sometimes) – meetings for the sake of meetings is unproductive and a waste of a valuable resource…TIME. But if you think about meetings conceptually, meetings are actually the organizational thread – a venue for intellectual property (a.k.a. knowledge) that becomes a strategic asset for organizations. So then, I propose it is the actual structuring of people– knowledge embodied individuals – within the organization that is truly compromising (or not) to business success.
The members, setting and climate unify groups within an organization. The members, the setting and the organizational climate inevitably bring the right pairing and/or unification to any group/sub-group within an organization. So while not a one-size-fits-all theory, hierarchically structuring leadership discretion will inherently bring collective vision and cross-boundary collaboration.
For our purposes today, we will focus on the distinguishing hierarchy between Governance and Management – both vital processes for high-performance organizations. COBIT5, a framework by ISACA for the Governance of Enterprise IT (GEIT) explains the difference between the two:
Compatible to organizational structures are interconnected roles, activities and relationships. I will again turn to the COBIT5 Framework to help distinguish functional stratums and further identify the need for compatible profiling when pairing individual competencies across function and/or operational specialty [Note: While COBIT5 uses an enterprise perspective, models can be paired to fit organizational need].
Owners and Stakeholders. Think highest power. Driven by fiscal and sustainability interests. Particularly charged by changes in: strategy, technology and regulatory.
Governing Body. Think board of directors. Accountable to owners/stakeholders for organizational success; responsible for management foresight. [Note: Identifies with COBIT5’s Governance structure referenced previously]
Management. Think executive leadership/’C-suite’. Accountable to Governing Body for organizational performance and responsible for management directives. [Note: Identifies with COBIT5’s Management structure referenced previously]
Operation and Execution. The people, technology and processes necessary to produce a product or service of value to end customers.
Once you conceptually identify with the functional differences between Governance and Management, you can profile and organize forums (committees) that maximize knowledge share and bring aspiring organizational value to stakeholders.
The difference between IT Strategy Committees and IT Steering Committees. Compatible mind-share is critical for committee success, and while enterprise processes/principles can be conceptually neutral across business function (IT, Finance, etc.), performance outcomes are widely differentiated by functional sector. Thus for our purposes herein, the remainder of this paper will focus on IT practices explicitly for maximizing committee efficacy.
IT STRATEGY COMMITTEE. Ensures alignment between IT and business strategy through enterprise IT governance. Although this committee is often assumed to operate at the board level, it does not carry decision authority exclusively. This committee has dashboard authority and oversees IT management in partnership with other board committees (audit, business strategy, finance, etc.). The committee is composed of a chairman (usually board member) and board/non-board members based on IT knowledge and corresponding business insight.
Responsibilities:
Provide IT insights to board and act as subject matter expert
Monitor strategic IT plans
Monitor enterprise resource availability to support IT initiatives
Understand, Communicate, Mitigate IT risk (may also be coordinated with a Risk or Compliance Committee)
IT STEERING COMMITTEE. Oversees major projects – managing priorities and allocating resources with guidance from the IT Strategy Committee. There may be several steering committees within an organization depending on size, complexity and management culture. In any case, the steering committee should be the responsibility of executive management, providing a conduit between the governing body and program/project teams. Membership generally consists of varying business sponsors, the CIO and key advisors as applicable.
Responsibilities:
Ensure programs/projects meet business requirements and align with IT strategy
Determine overall level and allocation of resource to extend IT value across enterprise
Communicate strategic goals to project teams and recommend changes to strategic plans
Monitor and approve various architectures to support achievement of IT strategy
Final Thoughts. Although an enterprise can have multiple committees and boards for various functions or specialties, the intent of this blog was to highlight two critical assemblies that can help in your quest for IT value. While I recognize there isn’t a one-size-fits-all approach, profiling roles and structuring by compatible competencies/interests, will improve productivity and ultimately increase meeting satisfaction. Following are four high-level take-away’s for optimizing both IT Strategy and IT Steering Committees:
Ensure that your committee has tasks outlined and all members understand their charge.
Strive for cross-boundary collaboration – IT Steering Committee should have representation from the IT Strategy Committee.
Avoid getting lost in the details – committees are designed to guide, not solve tactical issues that should be handled at program/project level.
ALWAYS remember – governance exits to provide value through benefit realization, resource optimization and risk mitigation.
Recent Comments