06 October 2014

Is the board on board?

At the annual itSMF Finland conference in Helsinki on October 2nd, I asked the opening keynote speaker, Frans Westerlund, CIO at Fiskars Corporation, about the attitude of the Fiskars board members with respect to IT. He said that he considered himself very lucky because the board members had a good understanding of IT and how to deal with it. He explained that many of them had learnt the hard way that you need to treat IT seriously in order to prevent disasters and ensure a good return on investment. He also mentioned being fortunate to be a permanent board member, instead of being invited to a board meeting just to report about IT, and often being the last and least important item on the agenda. I believe that it’s useful to distinguish between three scenarios:

Board on board
The Fiskars scenario is pretty much ideal, in which the board is conscious of the need to take ownership and is competent to govern IT. Unfortunately this is not often the case, as Frans intimated with his remarks about being lucky.

Lost at sea
The doom scenario at the other end of the spectrum is of course the unconscious/incompetent combination. Attempts by the CIO to ‘sell’ the governance role to the board have fallen on deaf ears, and only a (near) disaster will get the message across. The CIO and his or her team will just have to play a defensive game in damage control mode until the climate changes.

Waving, not drowning
A more promising scenario is when the board is conscious of the importance of IT and is managing but struggling with their governance capabilities. This is probably the ideal situation to play the BRM card. Not that you shouldn’t deploy Business Relationship Management in the other two scenarios, but you’ll probably get the most return in terms of capability growth.

According to the BRM Institute, Business Relationship Management is not only a role ‘Business Relationship Manager’ but also an organizational capability in the sense that many roles contribute to BRM, particularly the customer-facing ones such as those tasked with service desk and service level management. The Business Relationship Manager fulfils the role of an expert trusted advisor who has sufficient expertise in key business domains to be able to communicate the costs, the business value, and the risks of services in clear, specific, and meaningful terms using the language the business partner understands. The Business Relationship Manager is completely transparent about the costs, benefits (business value and ROI), and risks of a service. It is the Business Relationship Manager’s job to make sure that both the business partner and the service provider have complete clarity. Finally the Business Relationship Manager practices informed leadership, engaging from the moment the business strategy is formulated to shape its implications on the IT service delivery, overseeing its execution, and planning the next improved iteration. The Business Relationship Manager understands the business and service dynamics well enough to foresee and guide rather than be pushed around by changes.

CIO’s who recognize this opportunity to demonstrate their collaborative value are well-advised to invest in this strategic role. An important precondition is that ‘IT-as-usual’ is under control before you start talking about the strategic use of IT. If so, carefully select somebody who will serve as the strategic interface between the provider and one or more business partners to stimulate, surface, and shape demand for the provider’s products and services and ensure that the potential business value from those products and services is defined, realized, optimized, and recognized. Consider not only the technical proficiencies but in particular the relational competences and personal fit with the business partners.

Various standards and frameworks provide board level guidance, amongst which:

ISO/IEC 38500:2008
The international standard for Governance of IT sets the scene for the board’s role by providing a principles for evaluating, directing and monitoring the use of IT in their organization. ISO 38500 assures stakeholders (including consumers, shareholders, and employees) that, if the standard is followed, they can have confidence in the organization’s corporate governance of IT. It also informs and guides directors in governing the use of IT in their organization and provides a basis for objective evaluation of the corporate governance of IT.

COBIT® 5
The COBIT framework helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. In particular, COBIT’s Goals Cascade is useful in translating strategic business goals into concrete goals for IT-related enablers.

ITIL® 2011
The ITIL framework is referred to by COBIT for more detailed guidance for the supplier of IT services. This guidance spans service operations to service strategy, and at the strategic level, the service portfolio represents the commitments and investments made, and the related value, outcomes, costs and risks.

BiSL®
Similarly, COBIT also refers to BiSL. This framework provides guidance from operations to strategy for both information management and demand and use of IT services, complementing ITIL’s supply-oriented guidance. At the strategic level, policies regarding data ownership and strategic use of information – e.g. Big Data and Social Media – are board level topics.

With the exception of ISO 38500, board members are not expected to understand these frameworks but the BIO and the Business Relationship Manager will make use of this guidance in their board level interactions. The board should foster a culture in which business and IT share the same table and have a joint vision. The board should also encourage effective behaviour. Examples of effective behaviour are that the business takes the lead by specifying and prioritizing desired outcomes from IT investments, and trusts IT to propose options for solutions. IT then communicates the various solutions in terms of the associated benefits, costs and risks, in order that the business can take well-informed decisions.

COBIT is a registered trademark of ISACA.
ITIL is a registered trademark of AXELOS Ltd.
BiSL is a registered trademark of the ASL BiSL Foundation.


05 October 2014

Behaviour that gets more business value out of IT

Defining desired behaviour is recognized as an essential part of getting more return on investment in training and improvement initiatives. It is the bridge between the problem that an organization wants to solve, and the competences and training that are needed to solve it. The 8 Fields Model that GamingWorks uses and recommends described this in more detail.

I conducted a workshop about desired behaviour at the annual itSMF Finland conference in Helsinki on October 2nd 2014. The question that the participants discussed, was “Which behaviour will get most business value out of IT?”. The participants focused on the behaviour that the business should exhibit, in their role of IT’s customer. They said that the business ideally:
·        Shares the strategy / big picture / longer-term plan with IT
·        Discusses the ‘why’ behind IT investments with the IT department and reaches agreement
·        Improves its understanding of IT and the IT dept’s capabilities
·        Trusts the IT department with the ‘how’
·        Formulates concrete and simple targets, and expected measurable value 
·        Defines and prioritizes needs and requirements
·        Leads and executes business change management and global portfolio management, in close collaboration with IT
·        Takes charge of the business’ information and its flow

In the past 12 months I have conducted two similar workshops together with SDI’s Howard Kendall for itSMF UK in Birmingham and itSMF Ireland in Dublin. The two workshops also considered the behaviour that IT should exhibit. Combining the findings from these three workshops, we have three groups of desired behaviour from the business, the IT function and the enterprise as a whole.

The business:
·        Has a good understanding of IT capabilities
·        Shares the strategy / big picture / longer-term plan with IT
·        Discusses the ‘why’ behind IT investments with the IT department and reaches agreement
·        Specifies outcomes rather than output
·        Prioritizes outcomes
·        Formulates concrete and simple targets, and expected measurable value 
·        Is the accountable owner of information systems
·        Leads IT
·        Doesn’t bully IT but trusts them to be their IT partner
·        Allocates more time to IT, e.g. explain situation to IT, train users, inform users about changes
·        Leads and executes business change management and global portfolio management, in close collaboration with IT
·        Takes charge of the business’ information and its flow

The IT function:
·        Has a good understanding of the business’ need and context
·        Communicates in terms of benefits, costs and risks, in order that the business can take well-informed decisions
·        Abandons ‘technical’ SLA’s and explains in more meaningful ways what they’re doing for the business, involving the business in designing the reporting
·        Regards itself not as a separate silo but as an integral part of the business

Finally, the enterprise fosters a culture in which business and IT share the same table and have a joint vision, and the business and IT talk to each other more often, creating more mutual understanding of pains, priorities, possibilities and limitations.

04 October 2014

ITSM in 2020

When I was asked to participate in a panel discussion at the annual itSMF Finland conference in Helsinki on October 3rd 2014, I did some preparation. Unfortunately, I misread the topic and prepared to share my vision about IT Service Management (ITSM) in 2020, rather than my vision about itSMF and ITIL as requested. The good news was that ITSM is of course closely related to itSMF and ITIL. It added an extra dimension to the discussion in the sense that both itSMF and ITIL exist to serve ITSM. Both itSMF and ITIL should therefore be aligned with how ITSM is changing. We discussed that itSMF and ITIL should have different value propositions for each of the markets that they serve. I distinguish between internal IT departments and external service providers (ESP), and within internal IT departments I make the distinction between centralized IT departments and decentralized I&T departments within the various business divisions. ‘I&T’ refers to information and related technology: two intimately intertwined entities that should be managed in their own right. My vision for ITSM in 2020 is summarized in the following statements:

  • Non-differentiating IT services will be provided by ESP’s; differentiating application of I&T will be performed by decentralized I&T departments in the business; centralized IT will focus on governance and architecture
  • ESP’s will provide more and more of the services that IT departments used to provide - better, quicker, cheaper 
  • Centralized IT departments will transform into brokers – if they can integrate services better than ESP’s
  • Decentralized I&T departments will perform ITSM as part of their activities but the major part will be the application of I&T
  • ITIL will remain the same but will be applied selectively, depending on who uses it:
    • ESP’s need full blown ITSM but will they use ITIL? (does Amazon use ITIL?)
    • Brokers will focus on Service portfolio management, Business relationship management, Supplier management, Information security management
    • Decentralized I&T departments will be innovative but ‘immature’ in ITSM, and will benefit from the basics, e.g. incident / problem / change