INFORMATION SYSTEM MANAGEMENT

Size: px
Start display at page:

Download "INFORMATION SYSTEM MANAGEMENT"

Transcription

1 Università degli Studi di Padova Facoltà di Economia Corso di Laurea Magistrale in Economia e Direzione Aziendale INFORMATION SYSTEM MANAGEMENT THE REENGINEERING OF AN ICT DEPARTMENT Relatore: Ch.mo Prof. Martina Gianecchini Laureando: Mattia Bozza Matricola n.: Anno Accademico

2

3 INDEX ABSTRACT (ITALIAN) CHAPTER ICT INDUSTRY OVERVIEW Introduction Definitions and terminology ICT evolution and ERP The Recent Trend in IT Outsourcing industry IT Compliance and Corporate Governance CHAPTER IS MANAGEMENT ITIL Service Lifecycle Introduction Service Strategy Service Design Service Transition Service Operation Continual service improvement Ambidexterity theory. Exploration and Exploitation, in the tradeoff between standardization and customization Introduction Ambidexterity and Modularity Product design modularity Production System Modularity Organizational Design Modularity CHAPTER ICT DEPARTMENT CASE STUDY Objectives Case Story Narration Data Elaboration... 80

4 3.4 Final Remarks REFECENCES BIBLIOGRAPHY AND WEBORGRAPHY Books and Scientific Papers Magazines, Business Reports, Government Documents and Website Contents II

5 ABSTRACT (ITALIAN) La tesi si prefigge di dimostrare l applicazione della teoria dell ambidexterity nell ambiente ICT e di studiare l evoluzione di un dipartimento che fornisce servizi tecnologici a clienti aziendali. Il primo capitolo è incentrato sull analisi della attuale situazione del mercato ICT e sulle sue principali linee di evoluzione. Vengono quindi affrontati argomenti quali la delocalizzazione e l outsourcing dei servizi informativi e le ripercussioni di queste scelte nell ambiente aziendale oltre ad un excursus sulle tematiche dell ambiente competitivo dei service providers. Nel secondo capitolo ci si addentra in una dettagliata rappresentazione e analisi critica del protocollo ITIL il quale rappresenta un punto di riferimento per il management e la compliance di un dipartimento IT a livello mondiale. Analizzate le best-practice nel campo dei servizi informativi e gli standard che regolano il settore del outsourcing del sistema informativo aziendale prendiamo spunto dallo studio della teoria dell Ambidexterity e la applichiamo al contesto delle tecnologie informatiche. Il caso di studio aziendale che viene analizzato nell ultimo capitolo ci permette la rappresentazione del ciclo di vita di un provider esterno di servizi informativi basati sull utilizzo dei sistemi ERP. La storia dell azienda viene presa a campione di una realtà di business largamente diffusa, che deve fare fronte a sempre rinnovate sfide tipiche del settore ICT caratterizzato da elevata dinamicità con numerose possibilità di ascesa ma anche crescenti minacce.

6

7 1. CHAPTER 1 ICT INDUSTRY OVERVIEW 1.1 Introduction The thesis is structured in three chapters, the first one provides to the reader a professional overview of the topic with a precise frame of inspection, the second one explores some relevant technical aspects and provides the theoretical foundations, the third one is a business case study with case story narration and data analysis. The aim of the first chapter is to explain what are the Information System (IS), the Information Communication Technology (ICT) and the Enterprise Resource Planning (ERP). We will introduce the specific terminology, give a picture of the outsourcing industry status and describe his evolution, identify the main players and the rules of the providers competition. 1.2 Definitions and terminology The information systems exploit the ICT to provide the right information at the right time to those who needs it. So the ICT is the tool to perform the activities of register, stock, elaborate and share the information. In this era no effective information system can exist without a good technology and none technological infrastructure could be built regardless of the information system so the two concepts are deeply connected. Also the technology is one of the main feature of the information system and quite all the medium and big firms have a dedicated function and one Chief Information Officer (CIO). The introduction of new technologies in the organization will affect most of the business process and the informative science studies the interaction of the various actors in relation to the information flow (Callaos 2002).

8 Information System Management: The Reengineering of an ICT Department Figure. 1.1 Informative system hierarchy Source: Research Commentary: Desperately Seeking the "IT" in IT Research A Call to Theorizing the IT Artifact, pag.46 The Information Technology Outsourcing (ITO) is a contract between two economic entities about the provision and management of the informative system. The contract can be categorized in four main groups according to the society structure adopted (DiRomauldo, Gurbaxani, 1998). In addition to the simple outsourcing we can identify: transfer outsourcing if the customer externalizes the previous IT function through the selling of a branch of the company, joint-venture outsourcing if the IT branch is sold to a new joint-venture share between customer and provider, group outsourcing if the IT branch is managed by a company from the same holding. Regardless of the corporate structure, common feature of the ITO is to provide informatics services that substitute or integrate the internal IT function of the customer. The service can subtend single or multiple activities and it is realized by transferring to an independent economic subject the management and maintenance of the informative system made by knowledge, infrastructure operational and managerial activity. 4

9 ICT industry overview The ITO economic reasons for the customer are the increased flexibility, the access to modern technology and specialized services, the quicker implementation and development, and overcome the lack of internal competences and resources (Loh, Venkatraman, 1992). At the same time, the importance of the ICT function is critical on most of today s companies. The decision to externalize the IT function concerns multiple risk and the consequences of a wrong choice are not easily reversible. A bad implementation of the outsourcing process can be easily fatal to a distressed business. The ITO can expose the firms at a decrease of internal control, depletion of the core competences and a rise of indetermination on future (DiRomauldo, Gurbaxani, 1998). The object of outsourcing could be limited to a technical aspect like software coding or spread to the whole process design and the system management up to include all the services to the core business. This situation is identified as: facility management outsourcing. The management of the informative system is made by the following main technical activities, each one of them could be externalized: Incident management Problem management Change management Capacity management Availability management Access management Printer management Defect management Hosting Clouding User Guidance Disaster Recovery management Database maintenance Backup management 5

10 Information System Management: The Reengineering of an ICT Department Security management ICT Process Scheduling Network management The relationship between customer and provider is quite complicated due to the difficulties to define and measure the matter of the service. A common characteristic of general services is to have a degree of dematerialization but, especially in this field, the nature highly specialized of the tasks require special attention in order to define the procedure and the standard level of the service. The mere list of the services is not enough to guarantee a smooth dialectic between the parts. In order to define a precise standard of service is highly recommended to define in the contract a service level agreement (SLA). Also to reduce the vagueness it is a common practice to define a precise methodology of measurement of performance in terms of efficacy and effectiveness (Iaselli, 2011). The general contractual terms include: 1. Confidential restriction 2. Personal execution 3. Invoicing schedule 4. Copyright and license rules 5. Personal insurance 6. Court jurisdiction 7. Resolutive clauses and contractual penalties The contractual penalties are utilized like a warranty in legal practice but is important to highlight that the damage that a company can suffer in case of a serious problem like data corruption or service disruption can be far larger and bear backwash far beyond the IT function. Thus, even if the penalties are an important contractual step, they cannot overcome the credibility of the provider. The selection criteria of the IT service provider must rely more on provider reputation than on contractual lifebelt. The service providers are knowledge intensive business firms (KIBS) (Miles and others 1995) that provide a bundle of package services that can be mixed in different ways to meet the customer demand. The services are usually divided into modules that can been 6

11 ICT industry overview requested or not thus the service provider can gain the benefits of a standard operation procedure (SOP) and offer a range of services. The different activities are deeply interrelated each other and need a good level of coordination to be well performed. Another common widespread practice is Business Process Outsourcing (BPO). BPO is the act of transferring some of an organization's repeated non-core and core business processes to an outside provider to achieve cost reductions while improving service. In BPO, usually the outside provider not only takes on the responsibility to manage the function or business process, but often re-engineers the way the process has been traditionally done following the world best practice achievable through the experience with specialization and networking customers abilities. Call centers, human resources, accounting, medical billing, web design, writing, translation and payroll outsourcing are the most common examples of BPO services. 1.3 ICT evolution and ERP In this paragraph we will go through a brief overview of how technology integrates in the enterprises and helps the operations to manage information and link the business function. As technology we mean a tool that supports the management process in collecting, analyzing, elaborating, and transmitting information in a view of reduction of uncertainty (Thompson 1967 in Caporarello 2008). Another fundamental way to consider technology in literature is the interaction between business characteristics and business objectives. The main characteristics of an organization are: structure, dimension, competences, culture and internal relations. The objective may be synthetized in: build human resources network, organizational knowledge coding, business development, increasing efficiency through information management, coordinating development and innovation skills. The technology aim in businesses is to help the achievement of the previous objectives that directly impact on the organizational characteristic through increasing efficiency and informational synergy. The increased efficiency could turn out through a number of way like HR raised efficiency, increased performance, business structure development, cultural enrichment, rising dimension i.e. doing more 7

12 Information System Management: The Reengineering of an ICT Department with the same resources. Informational synergy come instead from an inter-functional collaboration that allowed a resource sharing which enables cost and time savings. From the 1960s organizations started to implement computing systems and use centralized inventories controls. In the 1970s was developed Material Requirement Planning (MRP) a system that through a set of volume and time calculations helped the operations on planning and control. The MRP is considered a dependent demand system and its typical inputs are based on the combination of both preventive orders and forecasts demand. The demand management that interfaces with the demand market has to deal with customers orders and forecasted order on different percentage depending on the business. A make to order business has a great visibility thanks to known orders over time so it can organize the production consistently, a make to stock business has to rely basically on forecasting using historical data and industry information to predict trends, cycles or seasonality, a purchase to order business on the other corner wait to receive the customer order before stat the sourcing of the raw materials. The time and quantity information will merge in the Master Production Schedule (MPS) that, in the light of the bill of material, drives the operation and the process flow. The information of the MPS provide the track to organize the production, manage the inventory levels and coordinate the sourcing process. With an adequate visibility of the future requirement the production manager can lead the inventory to the wonted level avoiding brake of stock and over amounts according to the strategy. The time needed for the order fulfillment must be also kept under control (Slack, Chambers, Johnston, 2010). The amount of data is huge, especially for complex products that are made of thousands of single parts. Then, the database keeps truck of the inventory levels of raw materials, the different step of processing materials, the finished goods, with details regarding location, price, general description, technical proprieties. The importance of the IT function rises considerably since the database needs maintenance to be efficient and the backwash of bad information spread in all the company field with severe economic effects (Rashid, Hossain, Patrick, 2002). In the 1980s was introduced the MRP 2 with the propose of grouping all the information of the different function in one central database. So engineering, accounting, R&D and sales can access to the same database and the changes are available immediately to all. 8

13 ICT industry overview Thus also thanks to the improved ICT the annoying problem of reconciliation among different discrepant database was eliminated. This evolution brought at the beginning of 1990s to the Enterprise Resource Planning (ERP) an inter-functional system that reassumes and links together all the important resources and process of the enterprise without duplication on information. This powerful software gives the mean to the management to view the company in an holistic way. The focus move from the separate function and department to the natural process of the product that creates value to the final customer. This movement started the waves of reengineering of a number of company and brought them in the information based era. ERP was not just a passing phenomenon but e real revolution of organizations. The ERP systems represents one of the engine of the worldwide changing process in the utilization of the information started in the last decades of the twenty century and not even finished. It represents the connection point among technological, organizational and managerial innovations. This process have involved many different actors with different culture, language, objectives and social power. The economic field melts with the political, the technical and the social one, not without clash of interests of the groups involved in the ERP adoption process (Robey 2002). ERP systems are designed as integrated sets of software modules linked to a common database, handling basic corporate functions such as finance, human resources, materials management, sales, and distribution. The quality of this kind of system is that all the modules are well integrated from the development stage. The difficulties are mainly located in the adoption process in which the software has to adapt to the organization or the organization has to adapt to the software. Instead the best-of-breed approach identifies the best software solution available specially born to fit a specific function or process. Thus on behalf of a better match between software and function structure, the organization will lose integration degree that will cost more resources to join the information in a consistent bulk. This tradeoff is not an easy solution but an open issue and it needs plenty of strategic reasoning. ERP is not just an integrated communication system but its adoption bears a real renewing of the organization system. The management cannot consider a matter only of the IT 9

14 Information System Management: The Reengineering of an ICT Department function but it spreads in all the corporate aspects. When an ERP system starts to operate the overall integration of multiple information source brings new visibility through a new concept of operation monitoring. The leeway of a specific function will be tight by the most important corporate objectives. The rigidity in the control system is the penalty to pay for have a working and consistent integrated information system with reliable data. The redesigning of the informative system structure and the reengineering of the process in the project phase is critical, because, once the ERP is working, to modify processes or recalibrate the system is tough like operating on a moving machine. ERP rigidity has not to be thought only like a problem but a useful feature to deal with high complexity of the managerial model and to quickly react to the global market environment. The importance of the speed and the accuracy of the information flow inside and outside the firms boundaries is crucial in the highly dynamic competitive environment of the 21st century. The efficiency of the organizations is deeply related with the ability of access to the current information for all the function and for each level. From the operation to the corporate level it is important to have the correct perception of what is going on in the organization, otherwise is like drive blind. According to this assumption the non-integrated informative systems lack of the right degree of fluidity on the information flow. The inefficiency of the fragmented IS is identifiable in the extra-cost of updating and linking of the different systems and the inconsistency that easily could been generated among conflicting data. Some benefits that could gain from an integrated IS are (Shang 2002): 1. Gain in personal and firms productivity, better customer service, cost reduction. 2. Gain of process visibility, valid sustain to decision making, helpful tool for effective financial and strategic planning, better performance measurement. 3. Ease the organization changing, the creation and the diffusion of a common vision, help to the process standardization and to the resource sharing. From a financial point of view a research by Brian L. Dos Santos et others (1993), investigates the relationship between IT investment and value generated. The methodolo- 10

15 ICT industry overview gy used was to verify whether the decision to make an IT investment generates an increasing on the market shares value. The empirical analysis was performed on a sample of 97 events from financial and manufacturing industries, from 1981 to There were no statistical evidence of differences among the different industries reaction but an interesting funding rise about the nature of the investment. On average, common IT investments are zero net present value investments, i.e. they are worth as much as they cost. Instead IT investments characterized by high innovation degree and architecture renewing, averagely cause an increasing of the firm value. Anyway the gain related to IT investment has difficulties of measurement because of the deep relation between ICT infrastructure with all the firms function. Some scholars argue that the ICT infrastructure produces benefits for the firms not because of this standing alone body but in the relation with some human and business complementary resources. ITs development project carry an enormous power but the related advantages come to light on the premises of some organizational variables like culture, communication, commitment, flexibility and most of all the consistency with business strategy (Powell e Dent-Micallef, 1997). It is crucial to understand the role played by the ICT function in the whole organization. It is both a support infrastructure that connects and eases the information flow and a source of business development that drives the evolution path. The model of the competitive forces and ICT resources (Caporarello 2006) offers a summary of the key elements of the ICT management. The dimension considered are: services to stakeholders, definition of ICT strategy and support to corporate strategy, ICT service level of competitors, resources invested by the competitors in ICT function. This analysis will offer a snapshot to the ICT environment that helps the decisional process. To have a complete representation of the ICT function management is also good to define the main tasks commonly operated: 1. Leadership: the ICT manager has to build a strong relationship with the other functional managers and with the top management. He has to be a strategic partner for the organization, to evaluate and rate actions priority, to define ICT investment plan according to the business strategy needs. 11

16 Information System Management: The Reengineering of an ICT Department 2. Organizational perspective: is crucial the adoption of an overall process view that analyzes the business needs from a client perspective. 3. Cooperation with users: sustain users in the different phases of adoption, use, changing of devices, software and procedures. 4. Define system architecture to meet business needs. 5. Schedule and carry out purchasing and maintenance of IT infrastructure. Define outsourcing contracts, manage and control their execution. 1.4 The Recent Trend in IT Outsourcing industry For many years offshoring or Lift and Shift was widely adopted in many IT functions. The strategy consists in moving the function in a country with lower labor cost and hire human resources with a fraction of the homeland s salary. But according Geraldine Fox (interview source IT Outsourcing : Market Dynamics, 2012), Global Director of Compass' Sourcing Service Line, despite the immediate money saving the strategy can be very risky in the long run. The classical offshore approach to move operations as soon as possible to a developing country risks not to face adequately the transitional issues and the preexisting process inefficiency. The situation can be even worse if is involved a service provider. As well as the loosing internal competencies the IT function often experiment a loosing of efficiency proved by extended cycle time, increased errors. Moreover the excessively high turnover rates and the linked inefficiency will deplete quickly the gain from the lower salary. Although the salary differential between onshore and offshore workers remains substantial, the combined effects of lower productivity, increasing salaries, hiring/training replacement staff, and managing problems associated with continuity will close the gap far sooner than originally planned. The data released by the Everest Research (2012) prove that the best performer of a sector onshore can beat an average offshore performance so a winning strategy cannot overcome to solve the outstanding process problem and a mere delocalization will only postpone the problem. Besides cost savings, an efficient strategy have to look at process 12

17 ICT industry overview reengineering, troubleshooting, time zone availability, risk arbitration and talent available. In the international landscape of outsourcing contract a big turning point is coming. A number of multiyear contracts of ITO and Business Process Outsourcing (BPO) are coming to the natural expiration in the next 18 months. The total contract value (TCV) going to end between June 2012 and December 2013 is US $85 Billion (data source: Everest Research Press Release from Global Service Media, 2012). This situation open ups several questions because many long term contracts are been sign up in the precrisis situation. Probably most of these contracts will follow up with the same service provider but not necessary. The moment is prone to final balances to rate the services received and renewal project. This state of things will probably result in a liven up of the market, with the opportunity to gain market share for the good performers that will boost new proposals. Some highlights about the incoming trend in the ITO and BPO market from an Ross Tisnovsky interview, senior vice president, Everest Group (Posted on June 6, 2012, in Everest Group Press Releases) are: 1. Cloud computing is fast emerging on the IT outsourcing scenario and is likely to play a disruptive role, with maximum impact visible initially in data center and applications projects 2. Western Europe picks up the lead in the IT and BPO contracts approaching renewal during the subsequent six months 3. Recent deal signings are indicative of new trends, such as increasing popularity of multi-sourcing, decline of lift & shift models, reinvigorated attention to pricing models, and increased importance accorded to analytics The service outsourcing industry is an important component of modern high-end service industry. It is a typical example of knowledge based economy made by human- 13

18 Information System Management: The Reengineering of an ICT Department technology interaction. This industry is characterized by a reduction of consumed resources, high added value and rising information capacity processes. The new rules for the services organization are to consolidate and standardize delivery; to balance internal, external, and virtual capabilities; and to manage services like a portfolio. These are the essential steps to build and sustain excellence in services. These are the words of Ed Nair, editor of Global Services, a media platform focused on the global outsourcing industry, about the 2012 trend in the ITO market. According to him the industry in his evolution had experimented a transformation process from insourcing trough outsourcing, co-sourcing, and finally co-creating competencies with service providers. A market research among ITO buy side (Figure 1.2) shows that cost reduction is still a core motivation but cannot be the only objective without a proper strategy. In fact beyond the immediate cost reduction what is motivating buyers to outsource is achieved greater flexibility, access to standardize business processes and access to high level support assistance. Figure. 1.2 Informative system hierarchy Source: HfS Research September 2011, Sample: 177 Buy-side Organizations, pag.15 14

19 ICT industry overview Until today the enterprises has commonly cut costs thanks to BPO particularly in labor intensive areas such software maintenance and development, transactional accounting, administrative HR and customer managed services. Anyway the labor arbitrage alone cannot drive breakthrough outcomes and is coming even more tough to perform without a proper overall strategy. Moreover the changes in high technology process areas are coming faster and faster and a better management strategy is needed. The investment in ICT infrastructure in the past two decades was conspicuous and the high rate changes in this area rise the obsolescence risk and breaks down the assets value. The presence in the market of specialized provider of BPO and ITO that embedded the best of class technology drives the outsourcing choice in this way. In fact the knowledge gained in a multiyear effective work in the learning by doing experience like detached branch of big enterprises, is a worth added attribute that can be reinvested in the market like a multi-customer standardize efficient service. This ICT providers offer a good alternative to avoid risky large internal investment. The nowadays focus of ITO industry is on platforms, and summarize the benefits provided by standardized business processes, cloud computing, Software as a service (SaaS) and managed services delivery. The key characteristics of business platform are: 1. Business Platforms deliver standardized business processes 2. Business Platforms service more than one client 3. Business Platform providers manage the business processes associated with the Business Platform and furnish the complete solution, including people, software, and infrastructure 4. Business Platforms focus on business outputs or outcomes such as improved working capital and higher customer loyalty, not inputs such as labor and physical assets Platforms represent a turnkey process portfolio solutions. They embodies standard proved methodologies to: manage the complexity of a modern process, drive productivity improvement and push process reengineering. Often organization specific solutions 15

20 Information System Management: The Reengineering of an ICT Department are too complex to be built from zero, they require huge investment, and have no warranty to achieve goals in short terms. Also internal ICT functions develop a change resistance behavior that preserve the organization from meeting the overall company objectives. Another remarkable characteristic of platform is scalability, the possibility to adapt the offer to the needs of the customer in horizontal or vertical terms, so add more nodes to a system or increase the process capacity of a node. Scalability provides a greater business agility and shields the customer from demand fluctuations, financial shocks, business enlargement, and reorganization lags. The global financial crisis boosted the ongoing trend: the organizations are even less willing to make expensive capital investments to update internal processes in a fast changing environment. Business platforms architecture is attractive to customers because, with a periodic service bill, you can access to consolidated and updated infrastructures and process expertize. Outsourced customers do not worry anymore of sharing applications and tools with competitors if there is no competitive advantage to develop a dedicated one. Instead the sharing path is beneficial for many reasons. First, the platforms give win-win payoff away from the core business competition: this frees resources that can be better reinvested. Second, the service platforms provide a quick implementation of the best practices on the industry already tried and tested on similar environment. Third, the externalization of the IT function allows a notable reduction of the organizational complexity and cost linked to software, human resources, licenses, architecture development, support. 1.5 IT Compliance and Corporate Governance Consequently to bankruptcy, scandals and forgery of economic documents many nationals and internationals lawmakers have begun an activity of preventive protection of the investors. This activity went in the direction of asses the veracity of the financial statements and increase the information visibility for all the stakeholders. This issue is 16

21 ICT industry overview known with the name of compliance and many organizations have adopt regulations to establish good practices regard the corporate governance security. Some of them are: 1. The Sarbanes Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act a United State federal law that enhanced security standards for all U.S. public company boards, management and accounting firms. 2. Basilea II is an international agreement among the central banks of G10 countries plus other states, that sets some rules about the risk exposure of the banks in relation of the real capital. 3. The OECD Principles, first released in May 1999 and revised in 2004, are one of the 12 key standards for international financial stability of the Financial Stability Board and form the basis for the corporate governance component of the Report on the Observance of Standards and Codes of the World Bank Group. 4. CACG guideline principles for corporate governance in the Commonwealth in 1999 by an independent organization that promote good standards in corporate governance and business practice throughout the Commonwealth. 5. A Framework for Implementation in 1999 by the World Bank that explain the importance of a good compliance and draw the guideline to conform at. 6. Health insurance Portability and Accountability Act (HIPAA) of 1996, that set standards to improve the efficiency and effectiveness of the U.S. nation's health care system by encouraging and regulated the use of electronic data interchange. 7. Bank Secrecy Act (BSA) of 1970 requires to financial institutions in the United States to adopt some practices aimed to assist U.S. government agencies to detect and prevent money laundering. The number of disposition about corporate governance is an indicator of its importance for the national government and international economic stability. The establishment of common roles that forward fair and transparent behaviors of administrative board of public and private company enhance economic trust and market stability. Shifting corporate governance from a narrow view limited to shareholders interest to a wider view set on common interest, sustainable economic development and a mutual respect is one 17

22 Information System Management: The Reengineering of an ICT Department of the main goals set by the policymaker necessary to protect the society right in the capitalistic market. The application of compliance rules provides helpful guidelines for a good utilization of the capital, builds trust on the investor side and attracts new long term capital. Corporate governance has foundation on the management board structure, its relation with the other corporate agencies, the top management remuneration plan and the incentives aimed to align private interest with the public one and prevent conflicts of interests. The board that is overall responsible for the resource allocation usually delegate the power of the current business administration to an executive team that pursues the organization strategic objectives keeping under control the risk exposure. For its nature the IT function is central in compliance policies for the assessment and management of business risk. In fact most of the phases to collection, elaboration and sharing of the accounting data are performed trough the ICT infrastructure. The ICT managers are in charge to adopt the procedures aimed to control that the financial information produced by the IS are accurate and comprehensive. The IT governance is considered part of the corporate governance and regard the organizational control by the management on the ICT strategy and alignment on the corporate strategy (IT governance institute 2005). The IT function has to oversee the internal resource allocation and the continuous maintenance of technology and process efficiency. The IT governance has to assess the risk of new ICT project implementation like ERP adoption or functional software adoption. It has to guarantee the adequate visibility to the project and provide constant information to the project upgrading and proactively identify possible obstacles (Weill and Woodham 2002). Adopting good practice can help a service provider to create an effective service management system. Good practice simply follow the process guideline that have proven to work and to be effective. Good practice can come from many different sources, including public frameworks such as ITIL, COBIT and COSO, standards such as ISO/IEC and ISO 9000, and proprietary knowledge of people and organizations. A short overview of the main public frameworks will follow. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) a private organization that takes care of internal controls, has emanated a framework that describes the principles of IT risk management. Risk management is defined as a pro- 18

23 ICT industry overview cess that, flowing through every level and in every unit of an organization, identifies potential events that, if they occur, will affect the strategy setting and may compromise the achievement of the business objectives (Enterprise Risk Management COSO Integrated Framework 2004). COSO framework is divided in two main parts: 1. General controls: a. Control in data center operations like backup and recovery b. Control in systems software like data acquisition process and program implementation c. Control in access security d. Control in system application development and maintenance 2. Specific controls: a. Data elaboration process b. Transaction integrity, processing authorization and action validity c. Data exchange, system interface, transmission protocol Another widespread framework on IT governance is the Control Objectives for Information and related Technology (COBIT). The COBIT was created by Information System Audit and Control Foundation in 1996 and then cared by IT Governance Institute from the third edition. (COBIT ). The COBIT framework describes management guidelines and identifies specific responsibility in ICT management. Its structure is made by four levels: 1. Plan and Organize: This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organization as well as technological infrastructure should be put in place. This domain typically addresses the following management areas: 19

24 Information System Management: The Reengineering of an ICT Department Business strategy alignment. Optimizing use of its resources. Understanding of the IT objectives. IT risks management IT systems quality assessment 1. Acquire and Implement: The domain covers the realization of the IT strategy, IT solutions identification, acquisition, development, implementation and integration into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure the solutions continue to meet business objectives. This domain typically cover the following key process: Software and ICT infrastructure acquisition and maintenance. Implementation process monitoring. Systems functionality test and assessment. Changes management. 2. Deliver and Support This domain is concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities. This domain typically covers the following key process: Service level definition and management IT costs optimization User trainings, problem management Security, confidentiality, integrity and availability management 3. Monitor and Evaluate Provide guidelines about IT processes that need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses perfor- 20

25 ICT industry overview mance management, monitoring of internal control, regulatory compliance and governance. This domain typically covers the following key process : Proactive problem detection Establishment of effective and efficient procedure of internal control Linked IT performance measurement to business goals One of the most popular and widely accepted framework about the service management is the Information Technology Infrastructure Library (ITIL). The ITIL provides a framework of Best Practice guidance for IT Service Management and since its creation, ITIL has grown to become the most widely accepted approach to IT Service Management in the world. ITIL is focused on how the ICT service has to be managed in terms of IT business consistence, ICT service quality improvement and cost reduction. ITIL principles help to draw an accurate process description integrated with hardware and software infrastructure that provides a comprehensive map. In the table 1 are synthetized the milestones of ITIL evolutions elaborated from studies of Doctor (2007) and Viet (2008). The first service protocol widely known was created in the 1980's by the UK governments Central Computer and Telecommunications Agency (CCTA) with the objective to promote efficient and cost-effective IT operations and establish support and delivery standards within government controlled computing centers and was named Government Information Technology Infrastructure Management (GITIM). Large companies and government agencies in Europe adopted the framework very quickly in the early 1990s. ITIL was spreading far and was used in both government and non-government organizations. As it grew in popularity, both in the UK and across the world, IT itself changed and evolved, and so did ITIL. In year 2000, the CCTA merged into the Office for Government Commerce (OGC) and in the same year, Microsoft used ITIL as the basis to develop their proprietary Microsoft Operations Framework (MOF). In 2001, version 2 of ITIL was released. The original Service Support and Service Delivery books were redeveloped into a more advanced concept. Over the following few years it became, by far, the most widely used IT service management best practice approach in the world. 21

26 Information System Management: The Reengineering of an ICT Department In 2007 version 3 if ITIL was published. This adopted more of a lifecycle approach to service management, with greater emphasis on IT business integration. ITIL protocol migrated from internal government best practices to public domain, before in 2000 it became a UK standard (BS15000), then in 2005 became an international standard (ISO/IEC 20000). Under the opinion of Otjacques et al. (2007) the spread of the ITIL was burst by the suppliers and contractors who did business with any of the UK government agencies. In fact the use of a common language and procedure in a complex system is fundamental for inter-organizational effective communication. The standard approach to ICT set a common operational platform to build strong and effective business relations. It is not possible to know the exact number of organization that have adopted the ITIL, and also the counts of ISO/IEC 2000 certification is not feasible because the registration of certificate is voluntary but the number of the registered ones can be user to proxy the spread. The number of registered organization at June 2012 provided by APM Group itsmf is 640 and the trend of registration is shown in Figure

27 ICT industry overview Figure. 1.3 ITIL History Source: Cater-Steel, Tan & Toleman, (2009), Using Institutionalism as a Lens to Examine ITIL Adoption and Diffusion". 23

28 Information System Management: The Reengineering of an ICT Department Figure. 1.4 Cumuletive Number of Certified Organizations Source: Cater-Steel, Tan & Toleman, Using Institutionalism as a Lens to Examine ITIL Adoption and Diffusion" (2007). The diffusion of ITIL was considerable and went hand in hand with the massive use of integrated enterprise software solution and the rising share of outsourced IT functions in medium and big enterprises. We can identify a number of factors that boost the ITIL standard spread. From the history of ITIL Cater-Steel, Tan & Toleman (2007) identified the following factors that contributed to the diffusion of ITIL: 1. OGC put coercive pressure on UK government departments to adopt ITIL 2. ITIL books are readily available at reasonable cost from OGC, itsmf offices 3. itsmf international/national offices provide support to IT Service Managers for ITIL adoption 4. Professional network exists through itsmf conferences, local interest groups, special interest groups and regional seminars 5. ITIL standard and consistent lessons and certification was readily available for individuals on international network 6. When ITIL is adopted by head office it diffuses to national/local offices 7. Adoption spreads as ITIL professionist move from one organization to another 8. Decision to adopt is influenced by legislation (e.g. SOX) and desirable for better IT governance 24

29 ICT industry overview 9. Industry press reports extensive ITIL adoption (e.g. Computerworld, ZDnet) 10. Tools vendors provide ITIL-compatible systems for configuration management, service desk (e.g. HP, IBM). 25

30

31 2. CHAPTER 2 IS MANAGEMENT 2.1 ITIL Service Lifecycle Introduction In this chapter we will explore the IS management from the service provider point of view. We will go through service management analyzing inputs and outputs of the processes. The inputs are made by resources and capabilities (i.e. the assets of the service provider), and the outputs are the services that must provide value to the customer. Let s start defying some core concepts according to ITIL. Service: A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks (OCG, 2007). This means that the value of the service delivered to the customer is directly dependent to the reason why it has purchase or use the service. Therefore service management is fundamental to enable the provider to understand the service reason and really facilitates the outcomes of the customer. Also the risks have to be monitored to provide a reliable and non-disruption service. Service Management: is a set of specialized organizational capabilities for providing value to customers in the form of services (OCG, 2007). This description of service management links the concept of the value for the customer and the specialized organizational capabilities that are a bundle of consolidated capabilities that include all of the processes, methods, functions, roles and activities func-

32 Information System Management: The Reengineering of an ICT Department tional to generate value for the customer. The service delivery is conceived in a lifecycle perspective, from strategy through design transition to operation and continual improvement (Beard, 2008). The five main stages of service management lifecycle are: 1. Service strategy: describes the way to set a service management like a strategic asset to reach objective. 2. Service design: describes the design and governance of IT processes, practices and policies in the live environment to provide customer satisfaction and cost effectiveness. 3. Service transition: is focused on the introduction of new service operations encoded in service design to meet the service strategy goals managing risk. 4. Service operation: is the specific expression of service strategy and follows the principles of effectiveness and efficiency and value creation for customers and service provider. 5. Continual service improvement: is a guidance in reviewing and improving all the previous steps reducing waste. 28

33 IS Management Figure. 2.1 The service Lifecycle ITIL itsmf Source: An Introductory Overview of ITIL V3, (2007), pag Service Strategy The service strategy is the core of ITIL lifecycle map and is deeply connected with the overarching strategy and culture of the organization of the service provider. So it does matter if the service provider is a standalone business or if it is a branch of a bigger scope corporation like an ERP software house or a consulting group. Also the service provider may exist within the organization to deliver services to a specific or multiple business unit or otherwise can be an external service provider, single-customer or multicustomer oriented. In all cases the strategy adopted must fulfill the strategic purpose of provides sufficient value to the service recipients and to all the service provider stakeholders. So is crucial a deep understanding of the customers process structure to provide 29

34 Information System Management: The Reengineering of an ICT Department exactly what is needed because customers are not buying products but a specific IT solution. In any context a good strategy does not exist without a competitive analysis in the light of awareness that each side has choices, even doing nothing is one. The competitive analysis must identify the as is and to be situation in an efficient and effective way (Mehdi Khosrow-Pour, 2006). Specifically the guideline for a good strategy bids to gain a precise understanding of the following points: What services should be offered Who the services should be offered to Existing and potential competition, differentiation objectives Value perception and value creation for customer and stakeholders Customers provider selection procedure Financial control and visibility Performance measurement Strategic investment in service assets and resources allocation in service portfolio perspective The service strategy has foundation in four Ps of strategy (based on Mintzberg, 1994). that represent a useful guide map to perform a good strategy. High business competition in global market is extremely fierce, only who manages to keep a competitive advantage may survive. That is why it is necessary to have a precise idea of what it takes to be successful. An integrated strategy to help maintain excellent service results and high customer satisfaction. ITIL Service Strategy, the core point of ITIL, offers guidelines on how to approach an IT firm management. The model shares nuggets of wisdom from trusted service owners and suggests a kind of mental approach. Here is a look at the four Ps of ITIL Service Strategy (ITIL V3, 2007). 30

35 IS Management Figure. 2.2 Service Strategy four Ps Personal graphical representation, concepts from: An Introductory Overview of ITIL V3, (2007), pag.15 Perspective: Having an explicit vision of the company service list will mostly give a better understanding of their business goals and objectives. A company that has a clear vision of the services that want to offer can better deal with the customers, and empower the CRM in a philosophy of cooperation with their customers. By having a strategic perspective, the company can differentiate the services from the competitors and create a distinctive stance against their competitors, pursuing the KSF. This would help the customers to identify a provider for their specialized services and products. Position: To have a successful IT firm, it is necessary to have a precise view of the kind of business that you are going to provide. ITIL Service Strategy affirms the need for a company to have a precise view of the market structure and identify a segment to serve with profitability possibilities. First of all the company has to decide early what needs of the 31

36 Information System Management: The Reengineering of an ICT Department market fulfill before taking any other serious step. Some issues to analyze are the budget, the kinds of service they are going to deliver, characteristic of target customers. A company with a well-defined position, informs its customers about its policies and gives them a customizable service to meet their specific needs. Plan: A plan is a precise description about how you are going to make happened the desired events and how to reach the settled objectives. An IT service provider must describe the current situation as is and the desired situation to be and all the steps on the way to realize it. This process realizes a document that discusses which methods and forms of execution the company has plan. Pattern: A pattern is a series of actions and adjustments that the company knows, that enables a company to run smoothly the business. The company should decide which features, policies, technology applications, service providers and training procedures are consistent with the company's positioning. Knowing which patterns and actions are good for the company is one of the key ITIL Service Strategy principles in achieving great business results. Service Provider can be grouped following the nature of the customer served. ITIL design categorize three types of service provider according to the relation between service provider and customer: Type 1: this service provider is internal to the organization and serve only one specific business unit. It is usually adopted in large organizations and serves function like: IT, HR, finance. The model assumes a developed internal network used to share corporate directives and align the functions objectives with the right incentives. This model allows to avoid most of the costs associated with the relations with external parties. The narrow set of tasks assigned give the opportunity to provide highly customized service. 32

37 IS Management Type 2: this kind of service providers are business units operating among multiple business under the same corporate umbrella. This model can produce conflicts and drawbacks if not well integrated but cost savings are visible on the group level. The customization demanded by the different business served enhance the operational complexity and could cause service overhead. This type of service provider is in competition with external providers. Type 3: this service provider is a separate external business that supplies the needs of the customers in terms of service delivery. The CSFs that characterize a service provider are: knowledge, experience, scale, resources, price and capabilities. The choice of this configuration respond to the need of flexibility of the organization and is functional to the pursue of a lean structure. For assess the value of an IT service in terms of customer perceived outcomes ITIL V3 introduces the concepts of Service Utility and Service Warranty (Kinnear, Lewin, Sowerby, 2010). This two concepts help to define the Service Level Package. The service Utility concerns what the service does, and the functionality offered to meet a specific need. The Service Warranty concerns with how the service is done, and if it meets the agreed requirements. The warranty is measured in terms of availability, capacity, continuity and security. This two dimensions give an idea about the perception of the value received by the customer. Both Utility and Warranty are important indicators of the customer expectations and must be taken into account in the service level agreement. The ITIL framework considers the service management capabilities as a strategic asset critical to provide the basis of core competencies and distinctive performance through a wise use of resources. The resources are the direct inputs for the production of services like financial capital, human resources, infrastructure, know-how and information. The capabilities are defined as the provider s ability to coordinate and exploit resources to reach the objectives. Thus the capabilities are a set of organizational, process and managerial knowledge that permit to reduce waste and increase efficiency. Very important for the provider is to identify the Critical Success Factors (CSFs) to successfully implement the desired service strategy. The CSFs need a periodic review to align them to the environment and a constant monitoring to verify the correct deployment of the resources. 33

38 Information System Management: The Reengineering of an ICT Department The service strategy setting needs to consider the service provisioning models that is the way to deliver the service. It includes the action of preparing and equipping the network to allow it to provide new services to its users. The analysis and categorization of different models permit to supply the customer in the desired way, doing the best to meet the demand. The establishment of an automatic activation of the service requested speeds up the deployment and eases the administrative procedures. Ideally, a provisioning system should interface with other business systems in order to define and track the workflow for processes that extend beyond the bounds of the IT department. According to the nature of the request, certain requests need to be automated, others not. In fact some procedures, like security access allocation, always require the human supervision. Some variants are: Managed service: the business unit that requires the service, finances the provider and makes available all the resources related to the request. Shared Service: the provider serves multiple business unit with a service portfolio through shared infrastructure and resources. Utility Service: the service is provided as much as needed, when is needed by each customer. The provider has to manage the complexity of a variable scheduling. Service strategy draw, concerns also the organization development plan, that has to oversee multiple factors on behalf to the stakeholders objectives. Sourcing strategy: makes informed decision on service sourcing. Its evaluates all the strategic options to choose which element of service outsource, which assign to internal service department and whether or not, use shared services bases. Development stages: this stage identifies the current stage in the development path and adopts the right measures to face its characteristic. Service analysis: uses technology to achieve an understanding of the provider performance in the different competitive fields. Risk assessment: mapping and managing the area of risks underlying a service portfolio. In addition to the strategy generation, service strategy includes other processes under its domain: Financial Management, Service Portfolio Management (SPM), Demand Man- 34

39 IS Management agement. This processes are deeply related to the service strategy and are functional to the background inspection for an effective strategy setting. Demand management is the mean to understand the customer behavior and drives demand. It includes a set of instruments to evaluating patterns of business activities and user profiles. Tactically it may list some procedure to influence demand level, principally aimed to smooth the pick and redirect the excess demand in less busy times with the use of incentives. Demand management also regards the calibration of capacity level according to the forecasted demand pursuing a better meeting between demand and supply of IT services. A poorly managed demand is a source of risk for service providers and rises considerably uncertainty. Excess capacity generates a waste of resources with following costs without value-creation, on the other hands an insufficient supply capacity may cause delays and bad performance that could bring to contractual penalties, low customer satisfaction and demand migration. The Service Level Package defines the level of service utility and service warranty to meet specific needs of a customer and is a contractual instrument to set as clear as possible the expectation about the service features. Financial Management cover the function responsible for IT budgeting, accounting and billing request. It assess the economic value of the IT services and the IT provider assets, forecasts the operational budget. The importance of IT financial management exceed the functional boundaries, many parts of the organization interact with financial information. Financial data feed critical decisions and activities, and need to be shared, manipulated, aggregated and sorted by many decisional nodes. The Service Portfolio Management involves proactive oversees across the lifecycle management targeting and scheduling investments. The activity goes through concept, design and transition steps on the service catalogue list. The main stages of the process are: define inventory services list, ensure business availability, verify cases data analyze and align supply and demand in terms of volume and characteristic maximizing portfolio value finalize portfolio services, approve temporary list, authorize resource usage deliver services required, following the agreed standard 35

40 Information System Management: The Reengineering of an ICT Department The key roles and decisional powers has to be linked to precise responsibility. The service strategy dictates the establishment of specific figure with a set of characteristic and precise task. This three roles that split main directive tasks in service strategy are Product Manager (PO), Business Relationship Manager (BRM), Chief Sourcing Officer (CSO). Product Manager: is responsible of a service or a bundle of services through the whole life-cycle, from develop to deliver. He monitors current service capacity and takes corrective actions to meet the customer requirements and respect contractual obligations, update the catalogue with innovative solutions and packages on the light of the most important findings to gain and maintain competitive advantage. Business Relationship Manager: works in strong collaboration with the product manager and performs customer oriented tasks. He has a deep understanding of the customers business and works close to them to assemble the most suitable product bundle to meet their specific needs. BRM has the tough task to manage the tradeoff between standardization and customization of the services pursuing the objectives of high customer satisfaction and low specific cost for the provider. He also negotiates productive capacity with the specific customer and sets the Utility and Warranty dimensions. Chief Sourcing Officer: is the main referent for the sourcing strategy in the IT function. He works in tight relation with suppliers, coordinates the codevelopment projects, maintains the relation with strategic partners. He refers directly to the CIO for all the main issues of the sourcing office Service Design The service design is a stage of the service life-cycle and an important element of the changing process to meet future business requirements. The main objectives are: Design processes aimed to support service lifecycle Design services structure capable to reach agreed outcomes Design a proactive organization that early identifies the problems and a resilient IT infrastructure capable to adapt to fluctuation and shocks 36

41 IS Management Elaborate a standard framework to monitor and improve IT service quality Develop personal IT skills and built up an organizational stable expertise Establish a control method based on precise and reactive performance measurement Service design is a process that dictates some basic business requirements fundamental to develop a service solution specifically projected to satisfy documented business requirements. The outcome of Service Design is a Service Design Package containing all the main features to handover the process to Service Transition Stage. Service Design phase is necessary to intervene in the following aspects: Introduction of new service solution or changing existing portfolio Updating the systems to adapt them to a mutated technology environment Update and reinvent processes at the light of new capabilities and adjourning the roles Introducing new methods of performance measurements and changing metrics The service design holistic approach (OCG, 2007) should be adopted in all the IT activities because the process perspective helps the integration of related functionality and enhance quality. The ITIL service design guideline recommend to follow the four Ps stages in order to perform an effective and efficient process design phase. People: human resources are the first element to consider in service design. Skills and competencies are engine of the service deliver so it is necessary to well dislocated them on the core nodes of the organization. Processes: are made by a group of actions and activities logically linked among each other. The service design stage has the responsibility to set roles and activities involved in the provision of IT services. Products: is made by all the systems, software and hardware engaged to the service provision and delivery. Partners: are all the separate economic entities committed to supply, support and assist the IT service provision. To define all aspects of IT service is useful to write a Service Design Package (SDP) for each service. The SDP needs to be updated after every major change of the service feature. An important source of internal information is the Service Catalogue. It provides a 37

42 Information System Management: The Reengineering of an ICT Department consistent picture of the IT service available, their status and details ensuring that outlying business areas have a complete and exhaustive picture of the complete service. Service Catalogue Management (SCM) provides a single, consistent source of information on all of the agreed services, and ensures that it is widely available to those who are approved to access it. The service catalogue is updated according to the service portfolio items that can change and evolve consequently to service portfolio enrichment and new service development. Thus the strength collaboration between SCM and CRM ensures the internal and external quick information on the business evolution. The service level management (SLM) is in charge of negotiate the IT service level with the customer and monitors the delivery against the agreed level of service. The aim of SLM is to measure the performance of the service delivering in a consistent and standard manner, to track the service level history, and take some corrective action in case of red flags. Usually the contract of service delivery sets some service level agreement, target level and minimum service level, a sort of wedge in which the real service has to lie. The complexity of the operation often require to set Operational Level agreement (OLA) and other support agreement, and again Service Improvement Plan (SIP) that frame the agreement into a dynamic perspective (Sturm, Morris, Jander, 2000). Another important component to start to consider during the design stage is Capacity Management (CM). CM includes component, service and business focus across the whole service lifecycle. The aim to capacity management is to match the evolving IT services agreed demands of the business with the available service capacity in the most cost effective and timely manner. The proximity to service saturation needs to be reported by appropriate warning that allowed corrective action and prevent errors and damage. The capacity management is divided in three sub-process areas that even performing similar activities are focus on different conceptual frame i.e. future requirements, current delivering, technical infrastructure: Business Capacity Management: translate business needs and plans into requirements for service IT infrastructure. This procedure imply the preventive explication of the future resource needs based on data analysis, trend, forecast and prediction model. These future requirement comes from Service strategy plan and service portfolio enrichment. 38

43 IS Management Service Capacity Management: regards the control and prediction of the current operational IT service usage and technical workloads. It control that all the service performance are correctly measured and are into the SLA boundaries. All the informative collected data are analyzed and reported, in case of necessity proactive and reactive investigations are adopted to ensure that all SLA are respected. Component Capacity Management: ensure that the utilization and capacity of all technology components within the IT infrastructure are monitored and measured. Whether possible the monitoring should be performed by an automated thresholds measurement system, that allowed a cost-effective, error-safe and rapid problem identification. The capacity management information system is an useful tool to analyze and monitor all the sub processes, collects precious data and plan proactive actions. Is crucial for: Workload and Performance analysis Reports: is a source of data important for a number of others processes related to SLA. Make capacity plan: is used by all business areas and the senior management to plan the capacity of the IT infrastructure Investigation reports: for ensure that the most effective and efficient solution is implemented on a specific area linked with ad hoc analysis to specify and resolve eventual service and performance issue. Forecasts reports: focus on the short and long run forecasts analysis, to predict possible course changing, schedule or re-schedule the IT operations. Availability management is related to services, components and resources and is devoted to ensure that all availability target are achieved and they at least match the agreement with customers. The measurement and monitoring of IT availability is a key activity to ensure that service is correctly delivered. Good availability management is considered the first quality signal, essential to provide a reliable and stable service and gain customer loyalty. It objectives are: Produce a document called availability plan that reflects the current and future system status, the possible source of problem and the corrective action proposed. Assists the diagnosis and resolution of availability incidents and problems 39

44 Information System Management: The Reengineering of an ICT Department Provide guidance to other areas to all the availability related issues and ensure that their agreed targets are met. Assess the impact of all possible disruption in the service delivery, and the cost of system recovery Adopt proactive action to avoid availability disruption The availability management aim to continual improvement of the availability reliability of the IT services and support to the organization performance. The process take place in two inter connected key levels: Reactive activities: this aspect is related mainly with operational task and consist in measuring, monitoring, and management of the events, incident or problem concerning unavailability. Proactive activities: this aspect is related principally with design and planning tasks and consists in preventive problem identification and availability improvement. The Availability management activity do not stop at the rising of an incident but boost the reliance of the system restoring the functionality of the system as soon as possible. The customer satisfaction principle keeps holding in the incident approach, aim of availability management is to ensure that duration and impact of any incident is minimized and resume as quickly as possible the normal business operability. To do that the availability management in collaboration with incident management adopt the analysis of the expanded incident lifecycle that map the main stage for all the IT service downtime. Important preventive risk assessment activity is to identify all the Vital Business Function (VBS) supported by an IT service, and adopt a special design to preserve this activities. Separate core activities from less important activities is a fundamental process for the availability requirements setting. Thus the availability requirements of the business could be affordable and cost justifiable. The IT Service Continuity Management (ITSCM) is a form of risk management that intervenes in case of service failure of extreme magnitude. In fact, even under optimal management, the risk to be victim of catastrophic failure cannot be completely eliminated. ITSCM is a part of ITIL that assess the optimal level of insurance measures to protect the business in disaster events. The purpose of ITSCM is to maintain the appropriate recovery capability to match the agreed requirements of the business. The technolo- 40

45 IS Management gy is a core component in many business processes and ITSCM has to elaborate a recovery plan to guarantee the survival of the business as a whole in cases of disaster occurrences. The ITSCM supports the overall business continuity management ensuring that the IT technical facilities including service desk, technical support, telecommunications, applications, databases, network and computer system in case of failure are restored and again available in the agreed timeframe. The main objective of ITSCM could be reassumed in the following: Produce and maintain a set of IT service continuity plans and IT recovery plans Perform regular Business Impact Analysis (BIA) and risk assessment to ensure that all continuity plans keep up with the business evolution. Ensure proactive detection measures according to risk level and activity importance, especially in the vital business function. Negotiate and agree with suppliers the service provision necessary to manage all the continuity plans. The ITSCM is implemented in four stages: 1. Initiation: defining scope and terms of action, policy setting, resource allocation and planning. 2. Strategy and requirements: risk assessment and BIA. 3. Implementation: operate risk reduction procedure, test the plans. 4. Ongoing operation: Education of recovery procedure, ongoing testing. Information Security Management (ISM) needs to be considered in the overall corporate governance security framework. The terms information includes the corporate intellectual capital, data stores, databases and metadata. A service provider is responsible to guarantee that the company sensitive information are protected from unauthorized access, theft, tampering, fraudulent deleting. ISM provides the strategic direction for security activities end ensure that the information security risks are adequately managed. Also allocate the adequate resource amount for develop countermeasures to prevent possible security issues. Information security is effectively managed when the following objective are met: 1. Availability: Information is available when required and the system can resist access attempts from unauthorized source, prevent failures under the agreed percentage and recover in the agreed timeframe. 41

46 Information System Management: The Reengineering of an ICT Department 2. Confidentiality: information could be accessible only by authorized access. 3. Integrity: Information is accurate, complete and protected against unauthorized data tampering. 4. Authenticity and non-repudiation: internal and external business transaction and data exchange are safe and inaccessible to unauthorized interception. Security level definition must be done by the management considering the entire business process. The end to end overall approach will permit the right prioritization of availability, confidentiality, Integrity and authenticity considering the business context. The ISM should be driven by an overall security policy supported by the top executive management. The ISM contribute to the overall security policy in term of: IT use and misuse guidelines, access control policy, password control policy, policy, internet policy, antivirus policy, information classification policy, document classification policy, remote access policy, supplier IT access policy, asset disposal policy. These policies should be highlighted to customers and users, mentioned in all the SLAs and SLRs contract annually reviewed and kept updated. The cycle of the Information Security Management System (ISMS) are made by the following five elements: 1. Control: establish an organization structure to implement and work according the information security policy, establish a management framework to manage the information security in the organization, allocate responsibilities and document actions. 2. Plan: collaborate to the establishment of a corporations wide document about the information security policy that contain the recommended security measures based on the understanding of the organization requirements. 3. Implement: build up the adequate procedures and tools to meet the agreed security standards. 4. Evaluation: assess technical security, supervise compliance with security policy and requirement of SLAs and OLAs 5. Maintain: improve security agreements of SLAs and OLAs, improve security measures. 42

47 IS Management Figure. 2.3 Security management lifecycle Personal graphic representation, concepts from: An Introductory Overview of ITIL V3, (2007), pag.45. Supplier management process is essential to the provision of quality IT services. The principal processes are aimed to ensure that the supplier provides IT services meeting targets and business expectations. The Supplier Management process is involved in all stages of the service lifecycle from design to improvement. It is important to keep update the Supplier Contact Database (SCD) that contain information about all the suppliers and the partners, and provide quick access to all the present and past contract. Another central activity is the supplier performance assessment and the consequent substitution of the under acceptable rated. Many activity of contract development, negotiation, agreement, renewal and termination are functional to a correct supplier management. 43

48 Information System Management: The Reengineering of an ICT Department Service Transition The previous step of the ITIL lifecycle was the Service Design and we look at creating and improving services following the Service Strategy path. In this paragraph we will examine Service Transition. This is the step that ensures that what is planned will be correctly implemented and that the expected objectives will be met. The Service Transition is aimed to manage operational areas and current service delivery. Service transition is focused on supervise and coordinate the normal live environment but also to implementing planned changes and pursuing service improvement. To assess the service delivery status in necessary the understanding of: 1. The business value creation and the service delivery process, identify the receiver of the service and who judges service value. 2. Identify all the players and stakeholders, of the business 3. Decoding and applying of the service design, detecting eventual unexpected circumstances in the environment and operate coherent live adaptation of design in case of need. The service transition process is based on the principles of: Understanding of the nature of the services explained by service utility and service warranty. Establish a formal policy and a shared framework for service changes implementation Supporting knowledge transfer and codification, the establishment of process of exploration and exploitation Intervene in live course corrections proactively interpreting environmental signal. Change management is the process that analyze changes in the operational standard environment. Basic task are: the control of change authorization, test and implementation of new service solution, document and evaluate the performed changing actions. Another purpose is to record in the Configuration Management System all the intervention that could modify the current system status. The impact assessment guideline set a group of questions that helps to balance risk and benefit in order to understand and 44

49 IS Management make visible the possible backwash of a changing action. The questions are known as the seven Rs of change management (Johnson and Waterhouse 2007): 1. Who RAISED the change? 2. What is the REASON of the change? 3. What is the RETURN required from the change? 4. What are the RISKS involved in the change? 5. What RESOURCE are required to deliver the change? 6. Who is RESPONSIBLE of the change? 7. What is the RELATIONSHIP with other changes? The Change Advisory Board (CAB) is an organism that assists the change management with risk assessment and authorization procedures. The CAB is usually convened for a deep analysis for high level authorization requests and gives an opinion about the adoption or rejection of the request. The CAB needs a clear understanding of the stakeholders needs so it usually includes the presence of different representative members of the following categories: customers, users, application developers, technical consultants, service operation staff, third part stakeholders like providers and outsource supplier. The Request For Change (RFC) is an event that usually have foundation in the customer mutated needs or in an environment evolution. The change models are defined process flow that follows the necessary steps to satisfy the RFC according to the authorization level and the risk impact. Three basic change models are the following: Standard Change Model: commonly used for service operational planned changes. This kind of change is repetitive and has a proved low risk. It is usually managed by preauthorized execution. Normal Change Model: is a complete model used for medium level changes. The procedure that must be followed goes through assessment, authorization and CAB agreement, then implementation. Emergency Change Model: is a model reserved for critical changes that have a characteristic of high business impact or a limited time horizon. They usually matter with serious failure restoring or imminent failure avoidance. In a modern organization services are deeply correlated and need a system of overall coordination that set the specific configuration of the functions to align the service de- 45

50 Information System Management: The Reengineering of an ICT Department livering. ITIL includes a function called Service Assets and Configuration Management (SACM) projected to ensure consistence across the service lifecycle and manage the service assets and configuration items. This process manage the service portfolio assets in order to support and coordinate the overall service performance. The scope action of SACM also extend to all the shared assets that include IT participation. SACM goals are: Risk and changes forecasting and traceability Respect of incidents and problems into the SLA targets Conformances to standard, legal and regulatory obligations Service cost preventive identification The Configuration Items (CI) are some basic operational unit under SACM control. This component may vary widely in size and complexity depending on the identification criteria adopted. They could include hardware, software from a single part to the entire system and should be identified in such a way they are manageable and traceable through the service lifecycle. A set of CIs could be grouped together into a release to ease the process. Some main categories will help organization to adequately identify CIs: Service Lifecycle CIs: they provide a picture of the service portfolio, how these service are provided, benefit for the customer, realization costs, delivery timeframe. Service CIs: they provide information about a service background like resources assets, financial capital, infrastructure, facilities and people. They also give a picture of the service model showing package, capability, organization, process and release updating. Organizational CIs: provide a picture of the organization s business strategy or other internal policies. External requirements that need to be tracked also are included. Internal CIs: provide information about internal project, including tangible and intangible assets External CIs: reassume customers requirements and agreements for services, or releases 46

51 IS Management Interface CIs: those that are related to service provider interface with external customer application SACM usually require the support of a Configuration Management System (CMS) to manage complex IT services and infrastructure. The CMS holds all the information organized by CIs for example customer and supplier data, SLAs and contracts, maintenance and other secondary contract. One purpose of CMS is to easily extract data and report about service configuration, for internal or external use. Another central propose of the CMS is to maintain the relationship between service component and any related incidents, problems and related error with the relative solution or change operated. This is fundamental to ease recurrent problems solutions and systems knowledge structuring. The CMS also keeps track of the people relation to CIs like employees, suppliers, customer and users, to retrace responsibilities, process owners and information holders. The value generated by SACM is of difficult measurement because expresses itself with other service management processes within the service lifecycle. The CMS is an important source of information for areas like: service desk, incident and problem management, availability and continuity management, service level management. Knowledge Management has the purpose to ensure that the people working in the service delivery have the right skills and knowledge to perform the assigned task effectively. Also the function ease the codification, sharing and communication of the information, know-how and best practice that allowed an high level performance. Important studies on knowledge management were done by Ackoff a professor of management science, specialized in operations research and organizational theory at the Wharton School. One of his most important theory was the Data-information-Knowledge- Wisdom (DIKW) hierarchy (or pyramid) that was first given in The knowledge pyramid is a useful and intellectually stimulant construct that tries to describe the process of knowledge codification through the relationship among data, information, knowledge and wisdom. Data are the simple product of observations and measurement of phenomena, and they have of no value until they are processed into a usable form to become information. Information is an organized set of data that prove assumption and contained answers to questions. Knowledge is the next layer and makes control of a system possible transforming information into instructions. Knowledge makes possible solution to problems, increases efficiency and process understanding. Further, on the top 47

52 Information System Management: The Reengineering of an ICT Department of the pyramid wisdom is related with long term strategy and means an ability to see consequences of any act and pursuits the ideal total control and total quality in a sort of omni-competence (Rowley, Frické, 2007). The model was directed primarily to the management of organizations and can be used over various kind of data. The notion of interconnecting these phenomena as processes leading from raw data to wisdom through filtration, reduction, and refinement created a powerful image to show how the knowledge management operate in an organization for make available one of the more valuable and hard to manage corporate assets. Figure. 2.4 The knowledge pyramid. Source: Rowley, J., (2007), The wisdom hierarchy: representations of the DIKW hierarchy, p. 9 Transition Planning and Support is a process aimed to improve service provider ability to handle high volume and complex changes schedule. The principal tasks is coordinate the transition between Service Strategy and Service Design and assist the effective application of planned strategy and design in current operations. A good Transition Planning and support is expressed by a preventive identification and management of the risks of failure and disruption across transition activities. The process works in collabo- 48

53 IS Management ration with the Release and Deployment Management that is the mean to express the service directly to the customer. To prevent significant amounts of time and for reduce service delivery complexity is important an effective Release and Deployment Management. It will add value to the business by delivering change to customer and keep service update and responsive. Release management works closely to service transition and improves consistency in service implementation and service development contributing to rise performance and better fit the service requirements. The goals of release and deployment management are: Built clear and comprehensive release plan, that allowed customers to operate coherent change projects. Successfully built, install and test release packages respecting schedule, managing unexpected complications. Enable systems, technology and organization to successfully deliver a changing or a system upgrading, adjourning utilities, warranties, and service level. Helps knowledge transfer to enable customer users to optimize the exploit to the changed functionality to improve the customer business A sensible task of release management is to set the correct time schedule and the appropriate unit level to minimize unpredicted impact on the service delivery. The decision to postpone business critical application release to ensure that the testing stage is comprehensive may prevent catastrophic consequences. The sensibility of the intervention in the live environment makes the release management a tough exercise of resource and time balance. Service Validation and Testing is the stage in which all services, whether internally built or bought, need to be tested appropriately to validate business requirements satisfaction. The purpose of service validation and testing is to ensure that different systems block, often from different suppliers, can integrate together and perform holistically. The tests are aimed to provide or not the confirmation of the explicit meeting of utilities and warranties requirement. The test environment is used to assess the component performance in the system and prove the satisfaction of the SLAs in terms of: business functionality, availability, continuity, security, usability and resilience. The software environment needs to be tested together with the physical infrastructure elements to avoid possible incompatibility. Some application software could be automatically in- 49

54 Information System Management: The Reengineering of an ICT Department stalled onto servers and workstation to standardize the process and reduce the people dependence, but some release and deployment plans need a human constant supervision. Test environment need to be maintained as similar as possible to live environment to drop the possibility that relevant discrepancy will cause a different behavior to application appliance Service Operation All the ITIL phases that we have analyzed contribute to ITIL Service management quality. Strategy, Design and Transition are fundamental steps to build a solid consistent service management process but is only in the Service Operations that the business customer can see directly the value expression. Service Operation is the everyday expressions of strategy design and transition and the contact point between service solution and customer needs. Service Operation can be seen as the never-stop working factory engine of the service delivery. The substance of Service Operation is the day-to-day activities and the knowledge-infrastructure exploitation that are used to deliver services and support them. It exists a deep relation between sort run operation management and medium and long run service performance improvements. Neither of these make sense if the others linked activities are not performed adequately. Improvements studies and strategy could be misleading if the current monitoring and data gathering are not systematically conduced and also well planned and implemented process have no value if the current operation managing is not properly conduced. Service operation is responsible for coordinating and carrying out all the activities needed to deliver services according to the SLAs requirement. Some conflicting goals that take place into this phase are: Quality service delivering versus cost savings Internal versus external value perception Reactive sensibility versus proactive intelligence Organizational stability versus environmental adaptation The Service Operations is the connection point between internal and external environment, and even if every stage of the ITIL service management lifecycle contribute to 50

55 IS Management value creation from strategy to Continual Service Improvement, the customers perception of value is concentered in service operation activities frame. The Event management is a process that monitor any occurrence that has significance for the IT management. An event may indicate a change of the state and bear a deviation from normal or expected operations that need to be monitored. The alerts usually are notified by Configuration Items or monitoring tools. The control system are based on two types of control tools: Active monitoring tools: check the key CI to determine their availability and communicate the exception to the deputed team for action. Passive monitoring tools: are triggered by operational alerts generated by CIs. Event management has a wide use and can be applied on any aspect of service management that needs to be controlled and the control process can be automated: Configuration Items: some of them need to stay in constant state, others need to change frequently following specific rules Software license: need to be renewed at the expiration date according to the plans Security and environmental condition electronically detected e.g. fire alarm, anti-intrusion system Track and monitor of normal condition activities e.g. server performance, memory usage. Event Management adds value to the business generally indirectly, but it is possible to identify the main activities that provide notable advantages to the service delivering when the event management is well performed. The main sources of value are: Incidents early detection. In many cases events monitoring permit the identification and fixing of a problem before it occurred. So the identification mechanism trigger the assignment of the issue to the appropriate team that avoids the occurrence of any service disruption. Monitoring by exceptions. Some events can be effectively automatically monitored highlighting only the shifts from normal range. This system allowed to perform intensive and extensive real-time monitoring saving resources. Quick reaction. If events management is integrated with others service management processes, like capacity or availability management, the problematic event 51

56 Information System Management: The Reengineering of an ICT Department detected can quickly alert the team on duty and trigger the solution or recovery process. Frees human resources. The highly automated nature of IT event management permits to use the technology power to perform repetitive and extensive job and frees human resources to assign other tasks. Incident management is an highly visible process and the value added to many Service Operation areas is easier demonstrable. An incident is an unplanned interruption to an IT service, or a reduction in the quality of an IT service. Failure of a configuration item that has not yet impacted service is also an incident. (itsmf, 2007). This incidents can be communicated by an user, directly or through the service desk interface, or raised by the event management tools. Also an incident can be reported by the technical staff if they notice some malfunctioning in a network or hardware component. Incident management is often one of the early project that are implemented because can be used to monitor the system status and redirect resources on the areas that need more tough interventions. The general main goals of Incident management are: Real time identification of the business priorities and fast alignment of IT operations to the needs. Incident management include the tactical capability to dynamically reallocate necessary resources. Enhance availability solving quickly the incidents that cause service downtime. A fast restoring of the normal system functionality permits to better exploit of the power of system design. The close contact between service desk and the customer helps to identify additional services or training that could result complementary to the current portfolio delivered. The analysis of the root cause of the incidents helps to identify potential system weaknesses and gives the ability to perform improvements to services and procedures. An incident model is a set of pre-defined steps to handle an incident in a standard way (Kelkar S.A. 2012). Pareto law, also known as law, suggests that the most of the incidents have the same cause and need to be handled in a similar way. Also some kind of incidents are recurrent and a solution or workaround is already available. A typical incident model should include: responsibility, timescale, chronological order and accu- 52

57 IS Management rate description of the steps to handle the incident; escalation procedures guide, if necessary the evidence preservation and process tracking activities list. The process of incident management is divided in 8 main steps: 1. Logging: all incidents need to be traceable and scrolled through in each resolution step. The log record date and time, source of incident alarm: that could be a user call or automatic detected. 2. Categorization: Subtask of logging is identifying and coding the exact type of incident. This is extremely important to have accurate statistics to improve problem management and to forward the incident in the right way for further investigations. 3. Prioritization: is usually assigned taking into account the matrix urgency-impact. The urgency represents the timeframe of the incident occurrence i.e. how quick the incident needs to be solved. The impact is the magnitude of the incident effect on the service and on the business, a proxy commonly used (but not exhaustive) is the number of user affected by the incident. 4. Initial Diagnosis: when the incident is raised through helpdesk the First Line Officer (FLO) must investigate the incidents, collecting exhaustive information discovering the full symptoms of the incident. At this stage diagnostic tools and common case knowledge permit a quick resolution and an important resource savings. 5. Incident Escalation: is divided in two branches, functional and hierarchic. Functional escalations are triggered when service desk is not able to provide itself an incident solution or when target times for first level solution come to end. In this cases the incident is passed to a more competent support. Hierarchic escalations are adopted in case of high priority incidents and if it is appropriate an IT manager involvement for the particular nature of the issue. Hierarchic escalations are also an important mean to notify up to the managerial chain if the diagnosis or resolution process of the issue is stuck for some reason, so the senior manager will be informed of the situation and can take some actions e.g. allocate additional resources. Hierarchic escalation is invocated also in case of internal disputes on internal duty and responsibilities. 53

58 Information System Management: The Reengineering of an ICT Department 6. Investigation and Diagnosis: is a complex activity and vary depending to the issue. First of all it is central to have a comprehensive understanding of the incident with a detailed chronological order. Collect data regarding the full impact of the incident including the number of user affected and the downtime. Then one will proceed to identify any events that could have caused the issue and find possible connections with previous occurrences searching in the databases of known incidents/problems. 7. Resolution and Recovery: when a possible solution is elaborated or identified, it needs to be tested in a test environment coherent to the live one environment affected by the issue. Once the test gives positive feedback the solution team should proceed to undertake dedicated activities that may be performed directly and centrally, or use the collaboration of the users to operate remotely to solve the fault. Some solution task needs to be performed by an authorized support group or by a third-part supplier 8. Incident Closure: when the incident is fully resolved and the user is satisfied the service desk could close the incident procedure. It is important do not forget to check that the initial categorization is correct and all solution phases are been correctly registered and the incident documentation could provide an overall incident picture. If the incident is recurrent is necessary to elaborate a preventive action or in collaboration with the problem management eliminate the root cause. Satisfaction survey are useful tools to assess the solution performance of the team in duty. Request fulfillment is the process handled by the service desk that takes over the service requests. The requests are usually frequent, low risk and they can be performed following a standard process, e.g. password reset, software installation, desktop setting, information request. It is advisable to process service request in a separate process to do not congest the normal incident and change process, even if some organizations find comfortable to share the same process and tools, where a number of service request have to be handled and they required specialized action to be fulfilled it may be appropriate to manage request fulfillment by a separate work stream. Anyway service requests are 54

59 IS Management conceptually separate from the incident, the first are most of the time schedulable and intentional, the second unpredictable events that affect the service. Some service requests occur frequently and need to be treated according to a model, i.e. a predefined process flow. Usually requests can be broken down into a set of activities needed to fulfill the request, some individuals or support group are involved, target timescale and SLAs need to be respected. An extensive application of the concept of incident models can effectively be applied to service request work frame. To assists frequent requests are established pre-defined service request models that include some preapproved change action. To automate the process most requests could be triggered by self-help web based input screen in which the customer can autonomously select from a portfolio of available pre-defined request types. For a good performance of request fulfillment is critical to understand the strong link among request fulfillment, release, asset and configuration management. For instance non all the upgrade are automatically delivered to the customer, but in some cases pretested release are deployed only upon specific request. Again it is necessary that all the service requests, if it is the case, are linked to related incidents and problems. A good request fulfillment performance relies on the following elements: Preventive agreement on what services are included in the service package and who is authorized to request them. The cost of the service or a metrics to calculate it have also to be agreed in the service contract. Service list of available services has to be easily available to the customer, and clearly described in the service catalogue. Definition of a standard fulfillment procedure for all the most common service request. This provides the ability to generate in autonomy work orders, purchase orders and delivery order. Define an unambiguous procedure to request the service through the service desk. Thus the probability of loose request or double entry request drop sensibly. The process has to be more automated as possible, but keep high integration between front-end interface to customer and back-end fulfillment tools. Problem Management is the process responsible to take over the problem during their all lifecycle, from identification to solution, to effect mitigation. A problem is defined in ITIL guideline as the cause of one or more incidents, problem management is respon- 55

60 Information System Management: The Reengineering of an ICT Department sible for problem investigation, roots cause identification, prevention for future incidents happenings and minimization of the impact of unavoidable incidents. Problem management procedure is also responsible to take over the resolution process through the appropriate control procedures, in strong link with change management and release management. Another important function of problem management is related with the knowledge management and consist in maintaining and keeping available information about problems, workarounds and resolution findings. One of its main tools is the Known Error Database. In this perspective problem resolution process is a fundamental source of knowledge that if adequately managed is able to reduce the number and impact of incidents over time. In fact problem management consists of two major process: reactive and proactive. The first is mainly managed in everyday work into process operation, the second even if receives boost from operations finds his natural consecution in Continual Service Improvement processes. On the connection side, even if incident and problem management are conceptually different processes they are deeply related and often share the same tools. Categorization, impact, priority, coding system need to be kept compatible allow effective communication and inspection methods. The task of problem management is built by eleven main stages: 1. Detection. Problem detection is a multi-face activities. Incidents management process by Service Desk may solve the incident but not determine the definitive causes. In such cases a record of problem management will be opened and further inspection will be performed. Signal for open a new problem record and investigate on an unknown problem may come also from technical support, automated incident detection system, supplier notification, proactive problem analysis result. 2. Logging. All relevant details related to the incident that trigger the problem inspection need to be reported in the problem record from the incident record, and a cross-reference has to be established. Typically the minimum details are: date, time, user, system, priority, categorization, incident description, diagnosis and recovery action history. 56

61 IS Management 3. Categorization. Problems must be categorized following the same roles of incidents and trough the same coding system. This permits easy trace of problem history and precious information mining. 4. Prioritization. Problems must be assess with the same rational attitude of the incidents but the frequency and impact of related incidents must also be taken into account. Another concept that helps in problem prioritization process is Severity. Severity is an infrastructure perspective that takes into account: number of CIs involved, possibility to recover the affected areas or needs to replacements, recovery replacements costs, recovery team structure in terms of people, time and skills. 5. Investigation and Diagnosis. The investigation process to identify the root cause of the problem should be coherent to the priority of the problem. The appropriate level of resources in terms of people, skills and expertise should be exploited to find a resolution according to the service target in place for the related SLA. A common diagnosis method consist to try to recreate the failure in a controlled environment to understand what component and what process trigger the incident. Once isolated the problem core the environment test will be used to identify the most functional and cost-effective solution. 6. Workarounds. In some cases is possible to find some temporary overcoming to the problem. Workarounds are not permanent solutions and do not solve the root cause, they are only a way to avoid the total interruption of the process, and usually include some heavier tasks that could not be carried out over time. In case that a workaround is adopted is anyway important that problem record remain open and work on a permanent solutions continues. All the details on workaround need to be added to the problem record. 7. Update the Known Error Database (KEDB). The KEDB provide a needful source of knowledge and permits a faster identification and resolution of the future linked incidents or problems. It is important to add a record in the KEDB at last as soon the diagnosis is complete but even before if a workaround has been found or earlier if it could be useful. In some cases is advisable to rise the record at the beginning of the overall process just for information purpose. 57

62 Information System Management: The Reengineering of an ICT Department 8. Resolution. The problem resolution step is not so linear as could seem at the first look. In fact some safeguards are applied to ensure that the solution process do not cause further problems. Any change in functionality needs a Request for Change (RFC) that has to be approved by the change management or, in cases of urgent fix for business reasons, an emergency RFC should be handled by Emergency Change Advisory Board. 9. Closure. When the solutions is been applied and any related change is complete the problem record should be formally closed and also any related incident still open. Before archiving the problem record a check should be performed to ensure that it contains a full historical description and all the related information. 10. Major problem review. It is useful to operate a review after high priority problem to critically analyze the resolution performance and learn important lessons for the future. The timeframe is important, the review should be done not immediately but not too late from the problem solution to gain a calm reasoning but keep clear details in memory. The process will focus on what is was done correctly and what not, identification of the possible improvements and of the reason of the procedurals errors. Also the problem review have the objective to identify possible third part responsibility and whether follow-up actions are needed. Again the problem review procedure could be used for training purpose. 11. Errors detected in the development environment. During testing of new applications, systems or releases is common to detect a number of errors. Usually the balance utility-correction time is such that not all the minor faults are completely eradicated before the delivery. The others errors are logged in the KEDB and fixed in future release. Access management is the process that manages the security access to the IT system, provide the right level to the information access, and prevents access of non-authorized users. The tasks of access management work in deep relation with availability and security management to protect integrity and confidentiality of intellectual property. Access management usually is not executed by a separate function but is integrated in local function or managed by Service Desk. Usual tasks are the management of username and password that grant access to information according to the security level and the matter. 58

63 IS Management The value to business is provided by: restricted access to critical application and consequently error reduction, access and abuse traceability, quick access restriction. The user profile management permits grouping of user following mansion and other criteria that allowed fast and efficient desktop setting including automatic setting of, office automation processes, messaging system, telephony communication, personal training and support. Some people have some access to special tools used to perform the role, like marketing or managerial tools to perform modeling and data analysis. Some groups may have special access requirements like field or home workers. The access management function in collaboration with HR is responsible to keep and update an users catalogue containing all the roles information and the list of services provided per each role. The ITIL guideline advise to follow the lifecycle below: 1. Access request 2. Verification 3. Providing access credentials 4. Monitoring ID status 5. Logging and tracking access 6. Removing or restricting Rights Continual service improvement Continual Service Improvement (CSI) is a module of ITIL that provides a guidance in the process of service quality evaluation and improvement during the overall service lifecycle. The core point are the alignment of the portfolio IT services with business needs, the maturity of the enabling IT processes that support the business, the overall IT service management health. The businesses usually are in constant evolution and also their requirements change over time, CSI provide a constant monitoring of the business needs and the possible improvements that can be done through the service lifecycle: Service Strategy, Service Design, Service Transition and service operation. The principal objectives are: Make recommendations on improvement opportunities Review service level achievements results 59

64 Information System Management: The Reengineering of an ICT Department Improve individual activities Improve cost effectiveness saving customer satisfaction Promote and evaluate management methods to support continual improvement activities A number of activities are adopted to support CSI: Problem, incident and event management data analysis to evaluate the performance against the SLAs Management information review to assess that information technology service management (ITSM) effectively has the processes under control Periodic internal audits to verify process and people compliance Periodic business process maturity assessment against process activities to identify areas of concern or areas of improvement Adopt a kind of customer satisfaction measurement procedure like satisfaction survey The process of improvement of the services require an accurate planning, a consistence authority to supervise the activities and a sponsor that promote them at the management level. Improvement becomes a standard process performed on regular bases that support the other processes in an end to end approach and customer perspective. The CSI is a multiform process, there are many opportunity to improve current processes and services but the improvement do not stop at first step and like a cycle retraces many time the same cycle to achieve remarkable results. First of all the CSI has to understand high-level business objectives and align the IT strategy to them. Then is fundamental to draw an accurate picture of current situation in terms of business, competitors, organization, people, process and technology. Than focus on the to be situation and provides specific goals in a manageable timeframe. The next step is to traduce long run goals in a plan with specific tasks to achieve higher quality service provision according to current priorities. Is important to set some milestones and a reliable measurement methods to check the progress status. Once the improvement process is started the process owner should ensure that the changes process become embedded in the organization in a constant cycle. To avoid confusion is important to clarify some terms usually adopted to discuss about service improvement outcomes: 60

65 IS Management Improvements: is the percentage difference between a situation before the intervention and the state post-intervention. Could be a saving of resources or an increased outcomes. Benefits: are the monetary gains realized through the improvements, usually referred to the savings coming from productivity enhance. Return on Investment - ROI: is the percentage that express the benefits and the investment used to achieve the benefits. Value on Investment VOI: this quantity express the relation between investment and all long run benefits including non-monetary or hardly measurable outcomes that affect the overall business. In the overall evaluation of IT as a service provider ITIL framework identify two types of improvement drivers: business drivers and technology drivers. We cannot forget each one of this driver, because is true that business leaders ask more and more to IT department, not only to support a process but to enable it and guarantee constantly high levels of efficiency and competency to face the problems; but is true also that technology is became the core component of almost every areas of business operations. Pursuit business driver means that: IT is not only a support to existing operations but it is a change triggers IT governance is an integral component of corporate governance IT performance is responsible to avoid technical outages and care customer satisfaction IT department not only execute directives but plan strategies, draw service designs and improve performances IT department is subject to performance evaluation and considered in a competitive environment In addition to this business drivers, to have a comprehensive picture of the evolution of an IT department, we must adopt a different perspective that take into account the technology drivers. The technology drivers perspective focuses on the rapid technology developments in the competitive environment and points that IT department must: Maintains or improve the service quality during and after configuration or component changing Brings infrastructure and maintenances costs under control 61

66 Information System Management: The Reengineering of an ICT Department Facilitates technology renewal matching infrastructure cycle time with business window cycle time Monitors technological solution that can support operations in short and long term An interlude is needed to introduce the service measurement framework. Measurement methods have to be planned in an early stage in a cost effective manner and focused on the strategic business goals. Is essential to develop smart measurement tools that are accurate and reliable in the assessment of the relevant objectives. Also the measurement methods needs to be visible and agreed with people that carry key roles and responsibilities. Is advisable to do the first measurement effort to reveal the initial baseline. The baseline is the first document accepted throughout the organization that assess the starting point for further comparisons. From the baseline are taken the decision for service improvement and are set the strategic goals. The four main theoretic reason to perform measurements are: To justify that an action is needed To assess performance and monitor areas improvements or deterioration To validate previous decision or learn lessons from the wrong one To monitor live intervention and perform changes and corrective actions According to ITIL framework there are seven main step that beat the time of the continual service improvement process. 1. Define what needs to be measured. Is important to do not try do cover every single events because high amount of data can make confusion and mislead attention. The mains framework and best practice are clear: is important to keep it simple and focus on critical success factors, service level agreement, and corporate mission goals. 2. Define what you can actually measure. Compile a list of what can be measure with current tools, and try to cover the gap from what is needed in a cost effective manner. It is possible to require new tools to the IT management or to reconfigure the current tools. Anyway is important to avoid to include in the SLAs something that you cannot measure. 62

67 IS Management 3. Collect the data. Once that the monitoring system is working the data could be gathered. The process of data collecting has to be focus on the effectiveness of the service and identify whether an improvement to the existing level of service can be made. The collecting of regular performance reports can allowed exception identification, future incidents prevention and SLA performance calibration. Also CSI processes pursuit the service cost reduction through the identification of wasted resources. However CSI processes has to be ductile to adapt to the objectives measurement over time, in fact if new service are introduced or other changes affect the service design the monitoring activity must focus on new output. The three main types of metrics commonly used are: technology metrics: associated with components and application, process metrics: based on the CSFs and KPIs, service metrics: resulting from an end-to-end perspective. The importance of standardization in data is critical because a non-standard archive could bear items duplication, data forgetfulness, slowdown of trend analysis and impediments of CSI initiative. For the previous reason each tracking tools usage and record creation must be done carefully following the instruction. 4. Processing data. This step consist in process the data into information (i.e. create logical groupings that provide answer to questions) and express them into the require format. The information are print in different format according to the use, but usually the most revealing is the end-to-end perspective that permit to fathom whole process. The data processing is a sensible activity because you have to ask the right question to get the right answer, so who process the data has to be aware about the component impact on the system and if some data are more important than others. The elaboration could help to determine the health of the service management processes focusing on the following aspects: Compliance: monitor the respect of IT rules Quality: monitor the quality in an end-to-end perspective Performance: monitor efficiency in cycle time Value: monitor the effectiveness and the perceived value by the customer 63

68 Information System Management: The Reengineering of an ICT Department 5. Analyzing the data. Data analysis transform information into knowledge. This process is based on the interpretation of the trends and other data evidence by the service desk. High experience tasks are involved in data analysis: giving meanings to the trends, goals verifications, corrective action identification, structural problem unveiling, intervention budgeting, strategy alignment verification. This step work to combine multiple data previously collected to draw a picture of the current situation to identify whether the desired improvement in service quality has been achieved. Is important to keep track of the reaching of each significant stage or milestone, to monitor the implementation stage of the strategy. CSI share with change management the use of Post-Implementation Review (PIR) a process that bear awareness among staff of the status achieved against the original goals. 6. Using the information. This step consist in turn the knowledge into wisdom. To be adequately used the information needs to be presented in the right manner to the target audience. In fact to provide value to the organization the information needs to be presented in an understandable format that clearly points the occurring actions. Is also important to choose the right timeframe according if the issue analyzed is strategic, tactical, or operational. Regarding to the target of the communication we can identify three main auditors: Business stakeholder: they need to have a global picture of IT status, mainly focused on whether the IT services are correctly delivered or not. Senior IT management: this group is more interested to has a detailed situation focused around the result of CSFs and KPIs that can help to draw strategy and tactics Internal IT: this group is interested on local operational data that analyze specific activity metrics and helps to identify specific improvement opportunities. 64

69 IS Management 7. Implementing corrective actions. The knowledge gained analyzing the information can be used to optimize and correct services. Thus the CSI that is the last step of service lifecycle push the restart of the cycle. Time over time the gained wisdom helps the managers to develop a better strategy followed by a better design, transition and operation. Each phase of the service lifecycle could be potentially modified by new technology, modification of the services or of the management process, changes in the CSF of SLAs modification. The CSI is deeply embedded into the other processes throughout the all service lifecycle. Service Strategy is responsible to check the progress of the implemented strategies; Service Design gather the data associated with service management process intervention and also the effectiveness associated with CSFs and KPIs defined through business requirements. Service transition use monitoring tools during and after the implementation of the releases and service operation is responsible of the actual monitoring of services in the production environment. About reporting we can spend a few words telling that is important to have an actionable approach to reporting. In fact in not sufficient to simply describe the actual and past situation, but is necessary to adopt a critic interpretation of what is happened, what cause the actual trends, what have been the action undertaken, and what are the action plan to avoid that a problem will not affect any more the system. 65

70 Information System Management: The Reengineering of an ICT Department 2.2 Ambidexterity theory. Exploration and Exploitation, in the tradeoff between standardization and customization Introduction The ambidexterity theory describes the trade-off between exploration and exploitation processes and how the firms approach to it. The big challenge of a quick changing environment is the effective adaptation and continual reorganizing of the service delivery processes. The requests of service customization are not easily manageable in field of high innovation, but is exactly the customization the main skill that add value to customers business. How is possible to supply innovative services and coordinate the incoming and outgoing knowledge flow? The ambidexterity theory tell about the findings in this field and how modularity could be a possible solution Ambidexterity and Modularity We will go through an interesting approach that was adopted in the paper about the modularity theme performed by Cabigiosu et others (s.d.). The paper focus on two Third-party logistic providers (TPLs) that operate in north of Italy. Transport, warehousing and distribution were the main activities of the core business and could be match each other. These bundles of services can be considered like modules that the customer can combine together. Let s make a clear start and define some basic services that could be bundle together: transport, warehousing and distribution. Transport is the physical activity to move the goods from one place to another through some means of transport. Warehousing consist in stock, conserve and control products in adequate location for a span of time. Distribution is an information-based activity about planning the transport and warehousing in way to optimize the use of resource and minimize costs. 66

71 IS Management Figure. 2.5 ITO services typologies. Adapted from: Cabigiosu, Campagnolo, Furlan, Costa, Service customization and standardization through the use of modular architectures: the case of third-party logistics, 2011, page 15 The trade-off between service customization and standardization in an hot topic also in IT service provider field not only in the physical transport world. The ability to adapt to the market trends, learn from commercial relationship and to rapidly reuse the new competencies to offer competitive services is one of the most amazing abilities that a service provider could have. As referred in the paper often the logistic service providers offer a bundle of services like: packaging, quality controls, orders administration, forecasting and inventory management, delivery planning and management, track and trace information that the customer can combine as needed. This services are not directly linked to the transport but are acquired competences that were be learned from the relations with the customers. Usually the exploitation stage start to meet particular customer needs that are not commonly available in the market and boost the process of new service development. The conceptual extension to ITO and BPO come natural and the business structure can be overlie in several aspect. We well go deeper in the analysis of the transforming procedure of the IT industry and try to verify if the findings of TPLs can be applied to the 67

72 Information System Management: The Reengineering of an ICT Department ITO providers that adopt different customers relationship in order to explore new fringe of activities and exploit the knowledge acquired to extend the range of standard services. The service Architecture concept show that a modular approach can be effective in a knowledge intensive process. So the research explores the concepts of modularity and platform to discover why they are so important in the actual market, and why the ITO and BPO providers are adopting this strategy. The modularity concept even though started by Simon (1962) was used as design principle of product architecture since the late 1980s Henderson and Clark (1990) and Ulrich and Tung (1991) (as refferd by Campagnolo and Camuffo 2010). Modularity is a common attribute of complex system and can be measured in a continuum analyzing how the parts that compose the system interact. In fact every system has a degree of modularity if gives the opportunity to mix-and-match the sub standing parts. The degree of modularity is higher if the gains achievable through a modular structure are higher of the synergy benefits of the of the overall system. In a low modularity degree field we can appreciate the positive dependence of system specific component if the system provide greater functionality features. Modularity has positively influenced common product development and inter-organizational relationship. The IT industry is a paradigmatic example of modularization, and the different application of modularity where positively correlated among each other. The modularity in product design had positively influenced the use and maintenance for customer and this had other fallouts on the production (Sako 2003). The three main units of analysis can be identified as: 1. Product design modularity 2. Production system modularity 3. Organizational design modularity The study of Campagnolo and Camuffo analyses the use of the modularity concept in scientific papers in the period and finds the distribution showed in Figure

73 IS Management Figure. 2.6 The concept of modularity. Personal graphic representation from: Campagnolo, D., Arnaldo, C., (2010), page Figure. 2.7 Modularity concept diffusion. Data Source: Diego Campagnolo and Arnaldo Camuffo (2010), page

74 Information System Management: The Reengineering of an ICT Department Product design modularity The product design is the more technical concept and was analyzed from the main scholar under three main perspectives: 1. Functional perspective: A functional perspective is technically oriented: it looks at components, functions and interactions. It is centered on product architecture concept and studies the technical relationship between modules and the links between the physical components. The product architecture can be split in modular and integral structure. A modular architecture is characterized by one-to-one functional mapping so specific decoupling interfaces need to be used to connect physical components. Integral architecture is characterized by one-to-many mapping structure and different modules can be link with a complex coupling interface. The flexibility measurement looks at the ability to substitute different modules without having to redesign other components (Ulrich 1995). 2. Life-Cycle perspective: The adoption of a life-cycle perspective lead to a more complex modularity definition, in terms of objectives set that may change following the process phases: design/development, production, use/operation and retirement (Fixson 2003). According with this perspective interdependence degree of modules changes through the life-cycle. The optimum modular configuration lie on the firm s stressed objectives taking into account the technical constrains. Some examples of product design objective could be time-to-market reduction, outsourcing efficiency and optimize reparability process. 3. Mixed perspective Sako (2003) extents the concept of product design modularity to summarize both the previous perspectives. The summary takes into account a bundles of characteristics concerning interfaces, flexibility, integral view, component interaction mapping and hierarchies in product life-cycle phases. This perspective unlike others concentrate on developing a modularization methodology through architecture, interfaces and standards point. 70

75 IS Management Figure. 2.8 Product Architecture Matrix. Source: Adapted from Sako (2003) Production System Modularity The production system modularity investigate the relationship between product modules and knowledge partitioning across organizations. The main theory postulate the product architecture reflect his structure in the division of labor. The studies in this field goes in two direction, one investigate the outsourcing strategy related to modularization, the other focuses on position of inter-firms boundaries and the network coordination. Regard the task management we can identify three main sourcing strategy (Table X). The path acd sees the modular design adoption before outsourcing, the path abd describe a development of modular design after the outsourcing and the path ad sees the implementation of modular design simultaneously to the outsourcing. Some scholar find that there is a relation between the sourcing strategy path and the market maturity. The acd path is more common in a growing phase of the industry and firms try to impose 71

76 Information System Management: The Reengineering of an ICT Department his own architecture to the suppliers. Instead the abd path is likely related to firms that operate in a mature industry in which the standard modules are already set. Differently the third path ad may be signal of a cooperation with suppliers, process reengineering or competitive landscape turnaround (Utterback 1994). Some considerations about risk relation of the different strategic paths are due. In the first path acd the firm operate like an architect. Creating internally visible information the firms maintains and develops the capabilities regard process design and system integration (Prencipe 2003). Since in the other two path, especially in abd, the role of architect and modules makers is performed by the supplier, the risks associated, are lousing capabilities and process control with consequent difficulties to reverse the outsourcing process and bring it back inside the organization. Above the product architecture industry structure relationship there are many currents of tough, the direction of influence is not agreed above scholars and also the dimension frame. For instance in the semiconductor industry (Ernst 2005) the spread modularization has not help to drop the level of complexity and the high changing rate force firms to remain integrated. And again the direction of causality can be opposite from industry level to individual firm focus. At an industry level the shared product architecture can modify the supply chain, but inside the firms boundaries is more common that product architecture is adapted to exploit the best opportunities available (Fixson and Park 2008). Inquiring the modularity and networks relationship in many industries the supply chain use to come more fragmented over time with the major players focusing on the core processes with the higher value for the customer and benefiting from a global sourcing network (Gereffi, Humphret and Sturgeon, 2005). Anyway is proved a link between the modularization of the product design and the disintegration of the manufacture phase of the value chain, but no relations has been seen with secondary activities like IT services, HR, accounting and financial services (Gottfredson, Puryear, and Phillips, 2005). So the product system modularity influence in confined into the production process activity, this can have repercussion on the supply chain alignment both vertically and horizontally. 72

77 IS Management Organizational Design Modularity The organizational design modularity is a new concept that move from the product and take into account the organization structure. Was assumed by many theory that a the product architecture can determine the organizational architecture but the empirical results miss to confirm the theory. The assumption under the connection relies on the fact that the product architecture should provide an embedded coordination between development team, reducing the needs of managerial authority. The simplistic literature analysis of the situation divides the complexity of reality into ideal opposite category: modular and integral. This ideal view can be well described by a perfect market price system that regulate inter-modular relations, and intra firms relation ruled by an integral approach (Langlois 2002). This should eliminate the internal risk of opportunism because the information of different modules do not need to be shared but all the information could be included in the price. This simplistic view of discrete concept of modularization do not find many fundamentals on reality, the modularization can follow different life-cycle objective and albeit the growing standardization of interfaces, managerial coordination is anymore one of the more sensitive input. The organizational design modularity has been treated by the scholar in a number of different approaches not easily group together. However the main topic regard how design rules and design parameters solve integration problem among decentralized teams and units that perform linked activities (Baldwin and Clark 2003). The ability to redesign internal organization gives to the firm the necessary flexibility to explore the changing technologies and exploit the acquired knowledge quickly (Baldwin and Clark 1997). The scholar have spent more effort on identifying the effect of a modular organizational structure than not on describe it. In fact little has been write on interfaces. Some of this coordination mechanism that link different units are, integrators, hierarchy based system, managerial rotation, cross trainings and strategy planning. Instead the effects of modular organizational structure are cost efficiency and flexibility, quick adaptation to internal and external changes, resource multiplication trough a system of simultaneously knowledge codification and sharing. This can be ease by an ICT advanced system of codification of the process information and best practices that allows reutilization of the resources, skills sedimentation, capability restrain and a building of a company business experience. 73

78 Information System Management: The Reengineering of an ICT Department Figure. 2.9 Ambidexterity process. Personal graphic representation, concepts from: Cabigiosu, Campagnolo, Furlan, Costa, Service customization and standardization through the use of modular architectures: the case of third-party logistics, Some fringe of this topic are not yet been enough investigated and there are some missing empirical evidence. The assumption that a modular product is efficiently developed by a modular organization is a remarkable statement but still lack of empirical foundation. And more, will future studies will be able to discover what are the drivers of organizational modularization structure are? 74

79 3. CHAPTER 3 ICT DEPARTMENT CASE STUDY 3.1 Objectives In this chapter we will go through a case study to identify the theoretical relevancies illustrated in the previous chapter. We can reassume the theoretical foundation that we want to verify as: 1. The compliance benefit through the adoption of the ITIL protocol. 2. The ambidexterity theory and his application to an IT department. From that theoretical foundations we will further extract two objectives that we will identify in the lifecycle of the IT department of the case story narration. The purpose of the chapter is to identify specific patterns that could be taken as an empirical model of the theories and despite all the restriction of the case operate an abstraction to a general situation. We will go through the exploration and exploitation dynamics that take place in an IT service provider in the dialectic relation with customer and stakeholders. More in detail the objectives are: 1. Verify whether or not is possible to identify some benefits linked the introduction of a better compliance system through the implementation of the ITIL protocol. The restructuring of the service lifecycle in the stages of service strategy, service design, service transition, service operation and continual service improvement must provide better awareness of the organization health, increased

80 Information System Management: The Reengineering of an ICT Department control capacity on operations, improved performance, increased customer satisfaction, better strategy visibility. 2. Verify whether is possible to identify in the case story experiment some pattern or status referable to the ambidexterity theory. The natural evolution of a service provider department could likely show some typical theorized situation in the procedures and transforming resources usage methodology. The ability to learn from the customer expertize is a fundamental developing skill that can be proved by the adoption of methodologies, processes, best-practices previously explored in the relationship with former customers. The variables considered are information collected from the CRM database, the known error database (KEDB), and the inspection of problem management, incident management, change management and event management records. We will proceed to verify the previous research questions investigating the following variables: Customer Numbers: the number of customer is an indicator of an higher income. Number of employees/number of problem solved: the salary of mid management, consultants and technical personnel is one of the main source of costs. The average number of people involved in solving problems is an indicator of productivity, organization quality and skills level. Customer satisfaction: the meeting of customer expectations creates high customer satisfaction and eases the contractual relationship. Concerning the identification of ambidexterity patterns we will focus particularly on the following aspects: Number of incidents per customer: incidents per customer reveals the customer situation of the period, and may reveal important milestones in the service provider evolution. Number of employees: assuming equal workload the reduction of employees may be an indicator of higher competences. Customer lifecycle: the analysis of customer lifecycle, in terms of incidents distribution, contract lasting and customer number may permit the identification of different stages typical of the ambidexterity theory. 76

81 ICT Department Case Study 3.2 Case Story Narration The IT department that we analyze is an outsourcing service provider, a branch of a multinational software house that has been operating in the software industry since 1984, specialized in ERP, CRM, SCM and service automation with a total income of million dollars and 2100 employees (corporate website, data from 2006). The company was originally specialized in providing services to big companies but recently it has changed his orientation twoard SMEs. The positioning of the business is targeted to the particular segment of SMEs because of the particular needs of this kind of businesses. Some of the CSFs of the outsourcing service provider were: the possibility to provide a set of highly specialized IT services, rely on a constantly updated ERP system based on Microsoft Server platform, exploit the competencies of an international network of assistance. Indeed the IT outsourcing department was born in 2007 as detachment of a bigger support network to assist the bigger customers with particular needs and then extended its scope to an higher number of smaller customers. The offer is articulated to cover the following customer needs: Ensure regulatory compliance Improve service quality Reduce costs Manage/minimize risk Improve business agility Increase ability to focus on core competencies Offload non-strategic IT and business operations Align IT with business priorities, enable IT staff to focus on more strategic activities Centralize disparate operations Alleviate staffing issues Access to improved technology and highly experienced/specialized resources 77

82 Information System Management: The Reengineering of an ICT Department The CSFs of the company can been identified with the ability to provide high quality services, developed in big companies, to small and medium businesses that have not the possibility to develop internally such kind of services. In fact the outsourcing of the IT department is coming an increasingly popular practice because of a set of advantages achievable in this way. Some advantages are linked to the possibility to focus on the core business and receive constantly updated services at a fixed price without concern about long term investments. Thus a customer can achieve higher flexibility, increased compliance, better managerial and consulting services with the aid of a self-supporting department with the better knowledge available on the market. The services provided by the IT department are linked to the assistance, organization and maintenance of the ERP system and to all the processes considered out of standard guarantee. The services are purchasable at an extra price from a service portfolio and freely combinable with each other to create the desired mix. Once that the ERP system specifically customized to meet the customer needs is ready to work and properly tested and all the data of the previous system has been converted is the time for the go-live of the new system. The go-live represents the handover between development and support department and the IT services that are outsourced start to be delivered. The go-live is a tricky situation and all the missing of the previous phase can become concrete problems. The consultants responsible to the customer management usually advise about which services are more suitable for the customer, operate the desired customizations and bargain on the price. The service collection is: Application Management: Maintenance of any customers system either onpremise or in a hosted environment. Hosting: Design, create and maintain a customer s application infrastructure to run in our preferred data center providers. Environment System Monitoring: Maintain and monitor any server environment of the customer utilizing tools designed internally and specifically for the ERP. Disaster Recovery: Create disaster recovery provisions to help ensure business continuity appropriate to each and every customers specific needs. 78

83 ICT Department Case Study Temporary Training Environment: Providing the unique opportunity for customers to sign into the ERP training environment within just 24 hours of signing the sales order. The service department is split into three locations around the world according to the customer global localization and the time zones: one office cover north and south American time, another office European, and African middle east zones, and the third the pacific area. The three office collaborate together splitting the workload to meet global requirements and cover as good as possible the customer needs. The department objective are set in such a way to stimulate communication and overcome to drawbacks linked to work fragmentation; international meetings and transfers are also organized to discuss the main problems face to face. This location choice meet practical and economical requirements: thus the personnel is engaged in normal 8 hour working time and can deliver services 24 hours to worldwide customers. The First Line Officers (FLO), are the people in due to operate the first recognition of the incident. The activities performed in the first few minutes are aimed to guarantee quickest response time. Prioritization: assessment of impact and urgency Incident categorization, recording and documentation Information gathering and first support Coordination of internal support efforts, external supplier and escalation procedures An important preventive operation is the incident screening with tools like KEDB. If the problem has been already solved, or a workaround is available, the FLO follows the codified procedures to deliver the solution to the customer, or if the problem is known but have not an available solution the FLO informs the dedicated team of the new relevance and the customer on the progress status. Each customer has a dedicated team that are specialized on the customer environment but any consultant must know at least the basic feature of each environment to cover emergency situation. The incidents database has one record per each issue, and put together all the sensitive information of the problem. If different incident are related to the same problem they 79

84 Information System Management: The Reengineering of an ICT Department are bundled together to draw an overall picture. The main information collected in the incidents database are: Environment type Release number Caller name Incidents ID Issue category Priority Status Team in charge to work on it The record tool is developed to trace all the communication between the customer and the team that will take over of the problem solution. This will be incredibly useful for reconstructing the flow of event in the ex post analysis to identify procedure errors, assess responsibilities and prove contractual compliance. The recording tool is also useful to control the live situation, indeed one of the main information that it provides is the actual problem status. The status label could be set on: open, testing, waiting or closed, depending on whether the issue is assigned to a team that is working to solve the problem, or the team is testing a possible solution or waiting for customer intervention or again if the problem is already closed after the customer confirmation. The recording tool has also an integrated time counter to measure the solution performance against the SLAs. The time counter is working only when the status is set on an action that require team intervention. An incident call can be also triggered by an automatic monitoring tool that perform continuous control of the server environment. This kind of alerts needs a record creation and further investigation by a dedicated team. 3.3 Data Elaboration Our studied department uses a dated CRM software, the use of which is widespread from years in the whole organization for other uses, to trace incidents, events, changes, 80

85 ICT Department Case Study problems in the same database. The database feeds a web intranet page accessible by the customers in the private area to receive updates about open problems, recurrent incidents and related solutions. This solution provides a useful source of historical knowledge about the department work over time. Despite some discrepancies that where found regarding the recording methodologies and some missing data or duplicates, the database still provide revealing data. Analyzing the incident management we will focus on the main elements that characterize the historical path of the firm. First of all the incidents number is a metrics that give an idea of the overall department workload. Figure. 3.1 Incidents Number. Personal Data elaboration. The incidents number per month gives an overall picture of the service lifecycle since its foundation in the The total number of different customer served from the beginning is 66. In the graph is easily identifiable the skyrocket trend that start in the middle of 2008 an reach its maximum level in November The sharp decrease of incidents processed after November 2009 was mainly caused by the abandon of customers that withdrawal from contract. Let s go deeper in the incidents analysis to investigate the root causes of the turnaround and if the countermeasure to face the department crisis from 2010 had positive effects. 81

86 Information System Management: The Reengineering of an ICT Department Figure. 3.2 Active Customers. Personal Data elaboration. The number of active customer shows a constantly rising trend until the late 2010, then a small decrease and a stabilization between 30 and 35 customer from the second half of Figure. 3.3 Incidents per customer. Personal Data elaboration. The incidents per customer is a revealing data. In the graph is clear the abnormal increment of incidents probably located in some problematic customer. In fact a certain equilibrium was found only in 2010 with a level of incident per customer constantly under 40 per month. We can identify an starting phase until May 2008 characterized by the formation of the department, the learning phase from June 2008 until December 2009, 82

87 ICT Department Case Study and then a stabilization. The learning phase is characterized by an sharply rising number of customers that may implies calibration procedures, resources reallocations, personnel searching, and skills hunting. The reorganization in the managerial structure in the late 2009 has given a boost on the control procedure, and the right commitment for a good application of the ITIL protocol that where visible in the subsequent years. In fact the two following years, 2010 and 2011 the incident per customer keep under a manageable level. In 2012 a suspect rising trend should be further investigated to prevent other escalation out of control. Figure. 3.4 Customer lifecycle. Personal Data elaboration. In the graph 3.4 we can see the average number of incidents in a rising monthly timeline. We have realized this graph making an average of all the customer life-cycle in all the served period from the origin of the department until the last available data. Thus we obtain a representation of an ideal customer life-cycle. An analysis of this graph shows 5 stages: 1. Month 1 to 6: sharp rising. The incident management process takes time to initialize a new customer normal activities but the slope line testifies an exponential level of new incidents. This is due to the user number rising the increased exploitation of the information system features. 2. Month 7 to 21: high level 83

88 Information System Management: The Reengineering of an ICT Department Once the customer has learnt the main system usage, took full ownership of the system features and procedures the works of service provider comes harder. The incident management record a constantly high level of requests, from 40 to 60 range. 3. Month 22 to 31: decreasing The sharp drop on the incident number is due of the fact that the most problematic customer has left the service provider to find another solution probably unsatisfied by the service received. Also the natural 4. Month 32 to 49: stabilization low level. The company that decided to continues the services during the third years have reach a stable system with about 10 incidents per month. 5. Month 50 to end: finish of relationship Due to the recent formation stage of the service provider and the high rotation level the more loyal customers are been served for not more than 4 years. This picture is revealing that after the first two years of service the number of incidents decreased considerably. The main causes of this decreasing are the decreasing of the problematic events after an assessment period and the abandon rate of the more problematic customers. So the shape of the graph implies that long lasting customers drop the numbers of incidents after the first two years of service probably thanks to an improved communication and a better service. In fact good coordination of a business with its IT service provider is often not so easy and immediate like turn on switch but requires a variable adjustment time. The tough task of the continual improvement process is to reduce as much as possible this break-in period. 84

89 ICT Department Case Study Figure. 3.5 Relation incidents-customers. Personal Data elaboration. An interesting comparison is detectable by the overlap of two dimensions: incidents and customers number. The percentage relation between incidents and customers number shows that almost half of the customers do not last longer than the second stage and only the 20% of the customer reach the stabilization stage. This tell a lot about the high rate of customer turnover that hardly go over the two years. But the direction of the relation is not clear: may be the problematic customers that leave before the provider because of the dissatisfaction or may be the too short relation that cause impossibility to reach the incidents reduction. 85

90 Information System Management: The Reengineering of an ICT Department Figure. 3.6 Employees number over year. Personal Data elaboration. Another important aspect to analyze is the number of employees over years. Notably the salary is one of the more significant expenditure voice that affects the department costs. So we can assume that the salary cost is directly proportional to the number of employees. In 2007, that is a forming period, the number do not overlap the 25 units but in the following three years, from 2008 to 2010 the level jumps on 55 units and keep risings on a constant trend going over the 60 people to face the rocket number of new customers. Then in 2011 the trend was inverted and the number of employees shrank under the 40 units and has kept the reduction trend in Despite the number of customers served by our service provider, never want under 25, the employees reduction witnessed an increased performance and a better resource organization. 86

91 ICT Department Case Study Figure. 3.7 Employees Workload. Personal Data elaboration. Measure the employees workload is not a simple task. The most effective way to proceed was to adopt a proxy. The proxy chose was the average number of tickets assigned to an employee. A ticket represent a request for intervention from an ERP user. Each ticket requires a different amount of work according to its nature and the complexity. According to this simplification the employees average workload had a constant increasing trend from 2008 to 2009 until reach a likely overload in the lasts months of In 2010 le workload was lower (averagely around 12 tickets per employee per month) due to the rigidity of the labor force, that keeps rising from 2009, and the unexpected drop of incidents level. In 2011 and 1212 notwithstanding the low level of incidents, the reduction of personnel brings to an higher workload in annual tranches. Figure. 3.8 Priority over year. Priority ,23% 3,48% 1,12% 0,98% 0,57% 1,17% 2 19,91% 9,95% 2,89% 1,59% 4,20% 1,05% 3 79,17% 85,30% 92,76% 94,09% 94,79% 96,74% 4 0,69% 1,28% 3,23% 3,34% 0,43% 1,05% Personal Data elaboration. 87

92 Information System Management: The Reengineering of an ICT Department The tab 3.7 is a synthesis of the incidents priority composition over years. There are 4 classes of priority that are assigned immediately when the incident is recorded and they could be changed in case of escalation. The prioritization is performed according to urgency and impact weighing the contingents factors. The priority levels are characterize by the following features: Priority 1: High severity, significant operational impact, service interruption, total impossibility to access to core information, communication disruption or important reduction of system functionality for many users. Priority 2: Medium severity, manageable operational impact, non-core service interruption or restorable data corruption, problems restricted to few users, situation that may evolve in priority 1. Priority 3: Low severity, minimal or no operation impact, errors or incidents related to marginal or delayable operations, restricted slowdowns. Priority 4: Used mainly to indicate changing requests, information requests, system updating or scheduled interventions that are totally under control and represent limited or no risk. It seems that the main trend is the constant rising of priority 3 share against the others priority s categories reaching more of 95% in the firsts months of In fact the priority 3 is the default level for normal operative situation and represent the most common case. The priority 1 has a decreasing trend from 2008 to 2011 but inverts it in Priority 2 and 4 are used occasionally in uncertain situation or deferrable one or again priority 4 can be used to register particular events that do not enter on the other categories. 88

93 ICT Department Case Study Figure. 3.9 SLAs performance. Personal Data elaboration. The graph 3.9 is the visual representation of the performance referred to the ticket of the problem solution time from 2008 to May The data from 2007 are been excluded because they were not gained consistently and are totally misleading. The performance is measured according to the SLAs that sets three time boundaries. The time boundaries are linked to the priority assigned because higher priority problems needs to be solved faster than lower one. The violation of the minimum performance agreed may be linked to contractual penalties. The chart is structured as follow: Good: The issue that are closed within the first time boundary are considered satisfactory. The percentage of the tickets that must be solved into this timeframe is contractually set for the most part of the customers at 80%. Poor: This tickets are solved between the first and the second time boundary. The time used to solve this tickets is considered excessive compared to the priority assigned to the problem and the service is judged poor. The amount commonly allowed for that tickets is commonly set at 15% of the total. Delinquent: This tickets are unsolved or solved over the maximum time barrier. This tickets could be a big source of problems for the service provider reputation because reveal very bad service quality, unreliability, inefficient problem management and also may produce serious problem in the customer business. This 89

94 Information System Management: The Reengineering of an ICT Department quantity must be usually kept under 5% and in many businesses that pursue total quality projects are not admitted at all. Two survey were done to measure the customer satisfaction and quality perception. One take place in the third quarter of 2008 and one in the first quarter of Survey consists of 27 multiple choice questions and comment boxes that try to clarify the feeling about 9 hot issues. The survey was subjected to IT senior manager or to the CIO that have the overall picture of the IT function and an active role in information strategy. The question are structured to measure the perception of the customer of the overall service focused in topics like communication and value added that are focus point to determine the customer feeling. More in detail the 9 topics screened and the related sentence that the customer is called to judge are: 1. Value added. Service outsourcing add value to your business. Services delivered are valuable for your business. Service outsourcing help your company to reach and maintain a competitive advantage against competitors. 2. Expectation meeting. The service received completely meet your expectation. You are ex-post satisfied of your service provider choice. You do suggest to others to choose us like principle service provider. 3. Infrastructure cost reduction. You have observed a notable cost reduction compared with pre adoption period. You have save part of the annual budget for the IT department. The IT department has experimented a decrease in fixed cost. 4. Free resources. Some of the resources previously engaged in IT process are now exploited for other projects. You have notice unused IT resources after outsourcing. The workload of IT branch is considerably lighted after outsourcing. 5. Contractual renewal. 90

95 ICT Department Case Study In your strategy is planned to renew the outsourcing contract. If your company keep outsourcing status you will continue to choose our services. There is a positive feeling about our service delivery. 6. Communication satisfaction. You are satisfied about communication with service provider managers. The user of IT services are satisfied from the communication with service provider consultant. The escalation process are managed in a timely and transparent manner. 7. Flexibility. You are completely satisfied by the services available and the service portfolio mix. You think that the change management is properly deal under the agreed timeframe. You think that the service customization is properly managed by our consultant. 8. Interest in other services. Are you interest to expand your service request to meet the company next future needs. Are you interested to receive additional information on our services and/or try them in a temporary training environment. You are will to suggest the adoption of our services in other branches of your company. 9. Overall Satisfaction. You are completely satisfied by our service. IT outsourcing gives you peace of mind. Our service is an important contribute to reach your business goals. Survey conducted by the IT service department in 2008 report diffused dissatisfaction with small exception. The core problems underlined in the comment box were: Slow response to any changes in hosted environment Poor coordination with other service supplier 91

96 Information System Management: The Reengineering of an ICT Department Lack of communication and transparence Low confidence in problem resolution procedures The survey results in 2010 shows some problems that still keep afflicting some customers but is easily recognizable an overall improvement of the customer satisfaction. The bests improvements where performed in: value added, expectation meeting and contractual renewal field, instead the infrastructure cost reduction perception keeps a large number of neutral positions and moreover the interest in other services suffers a soft decrease. Figure Surveys Results, Comparison Personal Data elaboration. 92

WHITE PAPER Hitachi Data Systems Optimizes Storage Management Through ITIL-Based Consulting Services

WHITE PAPER Hitachi Data Systems Optimizes Storage Management Through ITIL-Based Consulting Services Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Hitachi Data Systems Optimizes Storage Management Through ITIL-Based Consulting Services

More information

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

ITIL: What is it? How does ITIL link to COBIT and ISO 17799? ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1 What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products,

More information

Frameworks for IT Management

Frameworks for IT Management Frameworks for IT Management Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net 18 ITIL - the IT Infrastructure

More information

Trustworthy Computing Spring 2006

Trustworthy Computing Spring 2006 Trustworthy Computing Spring 2006 Project Topic: Risk Management of Information Technology Outsourcing under ITIL ITSM framework By: (Mina) Szu-Chia Cheng 1 pages of 19 Table of Content Abstract...3 Why

More information

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface. iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management

More information

BUYER S GUIDE. flexible service delivery. Top 5 reasons for adopting SAP Managed Services. Remixing SLA s! Managing the post merger IT landscape

BUYER S GUIDE. flexible service delivery. Top 5 reasons for adopting SAP Managed Services. Remixing SLA s! Managing the post merger IT landscape BUYER S GUIDE IT Managed Services Buyer s Guide for SAP customers May 2012 flexible service delivery Moving to the beat of IT innovation with SAP Managed Services to control costs and harmonise IT landscapes.

More information

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,

More information

BADM 590 IT Governance, Information Trust, and Risk Management

BADM 590 IT Governance, Information Trust, and Risk Management BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng Abstract: This report is focusing on ITIL framework,

More information

_experience the commitment TM. Seek service, not just servers

_experience the commitment TM. Seek service, not just servers The complete cloud Creating and preserving cloud savings, security and service quality transition planning and service management ABOUT THIS PAPER Creating and preserving cloud infrastructure savings,

More information

SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND CONTENTS INTRODUCTION 3 EFFECTIVELY MANAGE THE SCOPE OF YOUR IMPLEMENTATION

More information

HP Service Manager software

HP Service Manager software HP Service Manager software The HP next generation IT Service Management solution is the industry leading consolidated IT service desk. Brochure HP Service Manager: Setting the standard for IT Service

More information

See what cloud can do for you.

See what cloud can do for you. See what cloud can do for you. Uncomplicating cloud business Table of contents Introduction 3 Why cloud is relevant for your business? 4 What is changing? 4 Why organizations are moving to cloud 5 What

More information

ITIL: What it is What it Can Do For You V2.1

ITIL: What it is What it Can Do For You V2.1 ITIL: What it is What it Can Do For You V2.1 Service Solution Company Facilitated by: Patrick Musto Agenda Answer the questions what? and how? Historical Background Fundamental Principles 5 Lifecycle Phases

More information

GO DEEPER. Transform business with IT DEPTH MAKES A DIFFERENCE

GO DEEPER. Transform business with IT DEPTH MAKES A DIFFERENCE GO DEEPER Transform business with IT TECHNOLOGY SERVICES DEPTH MAKES A DIFFERENCE Today, it is leadership going deeper with IT that ensures impact on business. We, at Sonata, complement this by bringing

More information

ITIL and Outsourcing Engagements

ITIL and Outsourcing Engagements ITIL and Outsourcing Engagements A Trestle Group Research Publication TABLE OF CONTENTS Executive Summary About the Author About Trestle Group Research What is ITIL? The Relationship between ITIL and Outsourcing

More information

Implementation of ITIL in a Moroccan company: the case of incident management process

Implementation of ITIL in a Moroccan company: the case of incident management process www.ijcsi.org 30 of ITIL in a Moroccan company: the case of incident management process Said Sebaaoui 1, Mohamed Lamrini 2 1 Quality Statistic Computing Laboratory, Faculty of Science Dhar el Mahraz, Fes,

More information

sponsored by White paper What can CRM bring to your business? A study of the benefits offered by CRM across all areas of the business

sponsored by White paper What can CRM bring to your business? A study of the benefits offered by CRM across all areas of the business sponsored by >> White paper What can CRM bring to your business? April 2011 A study of the benefits offered by CRM across all areas of the business Contents Executive summary p 3 The evolution of CRM p

More information

Global Strategic Sourcing Services

Global Strategic Sourcing Services where experience counts Global Strategic Sourcing Services Capabilities Overview Prepared For: Our Current and Future Valued Clients Our Strategic Sourcing Capabilities Sourcing Strategy Deciding whether

More information

Transform Your Bank in Measurable Steps

Transform Your Bank in Measurable Steps Banking Transformation Framework Transform Your Bank in Measurable Steps Table of Contents 2 Establish a Platform for Transformation 3 Transform Your Business 3 Use the Reference Architecture As a Foundation

More information

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................

More information

ITIL & The Service Oriented Approach. Vivek Shrivastava

ITIL & The Service Oriented Approach. Vivek Shrivastava Vivek Shrivastava Speaker Introduction Vivek Shrivastava Experienced in numerous aspects of IT during a 15 year career (Dev, QA, Bus Analysis, Project Management, Process Improvement, Service Management,

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

Outperform Financial Objectives and Enable Regulatory Compliance

Outperform Financial Objectives and Enable Regulatory Compliance SAP Brief Analytics s from SAP SAP s for Enterprise Performance Management Objectives Outperform Financial Objectives and Enable Regulatory Compliance Drive better decisions and streamline the close-to-disclose

More information

Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor. April 2014

Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor. April 2014 Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor April 2014 Sponsored by: - 1 - DMG Consulting LLC Table of Contents Introduction... 1 Cloud-Based Contact Center

More information

APPLICATION OF INFORMATION TECHNOLOGY SERVICE MANAGEMENT WITHIN SELECTED LOGISTICS AND TRANSPORT SERVICES

APPLICATION OF INFORMATION TECHNOLOGY SERVICE MANAGEMENT WITHIN SELECTED LOGISTICS AND TRANSPORT SERVICES Proceedings of the 13 th International Conference Reliability and Statistics in Transportation and Communication (RelStat 13), 16 19 October 2013, Riga, Latvia, p. 363 369. ISBN 978-9984-818-58-0 Transport

More information

Understanding ITIL Service Portfolio Management and the Service Catalog. An approach for implementing effective service lifecycle management

Understanding ITIL Service Portfolio Management and the Service Catalog. An approach for implementing effective service lifecycle management best practices WHITE PAPER Understanding ITIL Service Portfolio Management and the Service Catalog An approach for implementing effective service lifecycle management Table of Contents Executive Summary...1

More information

Quick Guide: Meeting ISO 55001 Requirements for Asset Management

Quick Guide: Meeting ISO 55001 Requirements for Asset Management Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get

More information

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive

More information

ISO20000: What it is and how it relates to ITIL v3

ISO20000: What it is and how it relates to ITIL v3 ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM) Objectives and Agenda To raise awareness, to inform and to enthuse

More information

White Paper. Managed Services. Part 2: True Value Creation Partnership. February 2013. ISO 9001 No. FS 28117

White Paper. Managed Services. Part 2: True Value Creation Partnership. February 2013. ISO 9001 No. FS 28117 White Paper Managed Services Part 2: True Value Creation Partnership February 2013 ISO 9001 No. FS 28117 Managed Services Preface 01 Introduction 01 Transition to Managed Services 05 Telecom domain knowhow

More information

Domenico Raguseo. IT Governance e Business Technology (approfondimenti su ITIL)

Domenico Raguseo. IT Governance e Business Technology (approfondimenti su ITIL) IT Governance e Business Technology (approfondimenti su ITIL) Domenico Raguseo Italy Client Technical Professional Manager SW Europe Service Management Solution Architect Leader http://www.linkedin.com/in/dragus

More information

B2B E-Commerce Solutions Empower Wholesale Distributors

B2B E-Commerce Solutions Empower Wholesale Distributors SAP Thought Leadership Paper Wholesale Distribution B2B E-Commerce Solutions Empower Wholesale Distributors Achieve Interaction Excellence with Outstanding Online Experiences and High-Quality Digital Content

More information

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...

More information

Introduction: ITIL Version 3 and the ITIL Process Map V3

Introduction: ITIL Version 3 and the ITIL Process Map V3 Introduction: ITIL Version 3 and the ITIL Process Map V3 IT Process Maps www.it-processmaps.com IT Process Know-How out of a Box IT Process Maps GbR, 2009-2 - Contents HISTORY OF ITIL... 4 The Beginnings...

More information

Core Banking Transformation using Oracle FLEXCUBE

Core Banking Transformation using Oracle FLEXCUBE in collaboration with Core Banking Transformation using Oracle FLEXCUBE Unlocking the power of FLEXCUBE with Capgemini Moving towards a packaged system transformation program Capgemini is an Oracle Diamond

More information

Maximize potential with services Efficient managed reconciliation service

Maximize potential with services Efficient managed reconciliation service RECONCILIATION IntelliMatch Operational Control services Optimize. PRODUCT SHEET Maximize potential with services Efficient managed reconciliation service Overview At its best, technology provides financial

More information

IT governance and business organization: some trends about the management of application portfolio

IT governance and business organization: some trends about the management of application portfolio IT governance and business organization: some trends about the management of application portfolio Roberto Candiotto, Silvia Gandini 1 1 Dipartimento di Studi per l Economia e l Impresa (Università del

More information

Development, Acquisition, Implementation, and Maintenance of Application Systems

Development, Acquisition, Implementation, and Maintenance of Application Systems Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of

More information

CDC UNIFIED PROCESS JOB AID

CDC UNIFIED PROCESS JOB AID CDC UNIFIED PROCESS JOB AID Independent Verification & Validation Activities Document Purpose This Job Aid is a brief document listing the items to be noted, checked, remembered, and delivered when completing

More information

An Overview of icims

An Overview of icims An Overview of icims January 2015 FORWARD LOOKING INFORMATION This document contains statements that constitute forward- looking statements, including but not limited to icims outlook for icims financial

More information

Operations Management Part 12 Purchasing and supplier management PROF. NAKO STEFANOV, DR. HABIL.

Operations Management Part 12 Purchasing and supplier management PROF. NAKO STEFANOV, DR. HABIL. Operations Management Part 12 Purchasing and supplier management PROF. NAKO STEFANOV, DR. HABIL. Introduction basic terms Supply management describes the methods and processes of modern corporate or institutional

More information

Maximize the synergies between ITIL and DevOps

Maximize the synergies between ITIL and DevOps BEST PRACTICES WHITE PAPER Maximize the synergies between ITIL and DevOps By Anthony Orr, Director of Service Management, Office of the CTO, BMC Software TABLE OF CONTENTS EXECUTIVE SUMMARY...............................................

More information

Mergers and Acquisitions: The Data Dimension

Mergers and Acquisitions: The Data Dimension Global Excellence Mergers and Acquisitions: The Dimension A White Paper by Dr Walid el Abed CEO Trusted Intelligence Contents Preamble...............................................................3 The

More information

ASL 2, An introduction

ASL 2, An introduction ASL 2, An introduction Machteld Meijer and Louk Peters - Introduction - Why ASL? - What is ASL? - ASL framework - What can you do with ASL? - ASL in relation to other frameworks - More Info Introduction

More information

An Overview of ISO/IEC 27000 family of Information Security Management System Standards

An Overview of ISO/IEC 27000 family of Information Security Management System Standards What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information

More information

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4

More information

ITIL V3 - The Future Is Here

ITIL V3 - The Future Is Here ITIL V3 - The Future Is Here Copyright Notice Copyright Axios Systems 2007. The information, which is contained in this document, is the property of Axios Systems. The contents of the document must not

More information

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution BEST PRACTICES WHITE PAPER The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution Nine Things to Look For in Your Next SaaS Service Desk Table of Contents Introduction...................................................

More information

Bridging the IT Business Gap The Role of an Enterprise Architect

Bridging the IT Business Gap The Role of an Enterprise Architect Whitepaper Bridging the IT Business Gap The Role of an Enterprise Architect Today s enterprises understand the value that Information Technology (IT) can bring to their business. IT supports day-to-day

More information

Technology. Accenture Infrastructure Outsourcing Services

Technology. Accenture Infrastructure Outsourcing Services Technology Accenture Infrastructure Outsourcing Services 2 Accenture Infrastructure Outsourcing Services enable organizations to create a more cost-effective and responsive IT infrastructure one that not

More information

The Business Case for Using Big Data in Healthcare

The Business Case for Using Big Data in Healthcare SAP Thought Leadership Paper Healthcare and Big Data The Business Case for Using Big Data in Healthcare Exploring How Big Data and Analytics Can Help You Achieve Quality, Value-Based Care Table of Contents

More information

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business

More information

The real value of corporate governance

The real value of corporate governance Volume 9 No. 1 The real value of corporate governance (c) Copyright 2007, The University of Auckland. Permission to make digital or hard copies of all or part of this work for personal or classroom use

More information

by David Hebert, Managing Director, Oracle Applications, Answerthink and Dr. David Oppenheim, Director, Delivery Services, Answerthink

by David Hebert, Managing Director, Oracle Applications, Answerthink and Dr. David Oppenheim, Director, Delivery Services, Answerthink Conflicts Between ERP Systems and Shared Services Can Inhibit Return on Investment The proliferation of ERP systems may not be a problem for individual business units, but it can represent a significant

More information

At the Heart of Connected Manufacturing

At the Heart of Connected Manufacturing www.niit-tech.com At the Heart of Connected Manufacturing Transforming Manufacturing Operations to Drive Agility and Profitability The success of the new manufacturing network hinges on the agility of

More information

BMC and ITIL: Continuing IT Service Evolution. Why adopting ITIL processes today can save your tomorrow

BMC and ITIL: Continuing IT Service Evolution. Why adopting ITIL processes today can save your tomorrow BMC and ITIL: Continuing IT Service Evolution Why adopting ITIL processes today can save your tomorrow What does it mean to adopt ITIL? Implementing ITIL? Don t. That s outdated thinking. Today s successful

More information

Successfully managing geographically distributed development

Successfully managing geographically distributed development IBM Rational SCM solutions for distributed development August 2004 Successfully managing geographically distributed development Karen Wade SCM Product Marketing Manager IBM Software Group Page 2 Contents

More information

Talent & Organization. Change Management. Driving successful change and creating a more agile organization

Talent & Organization. Change Management. Driving successful change and creating a more agile organization Talent & Organization Change Management Driving successful change and creating a more agile organization 2 Organizations in both the private and public sectors face unprecedented challenges in today s

More information

THE CORNERSTONE DIFFERENCE

THE CORNERSTONE DIFFERENCE THE CORNERSTONE DIFFERENCE INTRODUCTION In a market that has markedly shifted over the last few years towards large, generalist ERP suites and mixed delivery models, it has become quite clear that Cornerstone

More information

SAP Solution Manager: The IT Solution from SAP for IT Service Management and More

SAP Solution Manager: The IT Solution from SAP for IT Service Management and More SAP Solution Manager SAP Solution Manager: The IT Solution from SAP for IT Service Management and More Table of Contents 2 SAP Solution Manager A Fully Scalable IT Platform 3 Supporting 15 Certified ITIL

More information

ORDER-TO-CASH OUTSOURCING

ORDER-TO-CASH OUTSOURCING ORDER-TO-CASH OUTSOURCING Finance and Accounting BPO Buyers Moving Toward Process-Based OTC Outsourcing Kerrie Freeman, Director, ISG www.isg-one.com INTRODUCTION To date, the majority of order-to-cash

More information

The expression better, faster, cheaper THE BUSINESS CASE FOR PROJECT PORTFOLIO MANAGEMENT

The expression better, faster, cheaper THE BUSINESS CASE FOR PROJECT PORTFOLIO MANAGEMENT Cloud Solutions for IT Management WHITE PAPER THE BUSINESS CASE FOR PROJECT PORTFOLIO MANAGEMENT How Progressive IT Organizations Are Using Hosted Solutions To Deliver On Time, On Budget, On Quota and

More information

Is it Time to Purchase a Fashion Enterprise Solution?

Is it Time to Purchase a Fashion Enterprise Solution? Is it Time to Purchase a Fashion Enterprise Solution? Determining whether to replace an ERP, PLM or other system is a major decision for any apparel and fashion business. Fortunately, recent technology

More information

IBM Global Business Services Microsoft Dynamics CRM solutions from IBM

IBM Global Business Services Microsoft Dynamics CRM solutions from IBM IBM Global Business Services Microsoft Dynamics CRM solutions from IBM Power your productivity 2 Microsoft Dynamics CRM solutions from IBM Highlights Win more deals by spending more time on selling and

More information

EFFECTIVE VENDOR MANAGEMENT: REAPING LONG-TERM BENEFITS FROM YOUR VENDOR RELATIONSHIPS

EFFECTIVE VENDOR MANAGEMENT: REAPING LONG-TERM BENEFITS FROM YOUR VENDOR RELATIONSHIPS EFFECTIVE VENDOR MANAGEMENT: REAPING LONG-TERM BENEFITS FROM YOUR VENDOR RELATIONSHIPS TERRA FIRMA, AUGUST 2013 Leading organisations have understood for some time that active vendor management, as opposed

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business.

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business. White Paper: AlfaPeople ITSM 2013 This whitepaper discusses how ITIL 3.0 can benefit your business. Executive Summary Imagine trying to run a manufacturing business without a comprehensive and detailed

More information

Exceptional Customer Experience: The New Supply Chain Management Focus

Exceptional Customer Experience: The New Supply Chain Management Focus White Paper Exceptional Customer Experience: The New Supply Chain Management Focus Jonathan Gross Contents A Fresh Look at Supply Chain Management....2 Factors Driving the Integration of Supply Chain Management

More information

Chapter 1 - Introduction to Management Accounting

Chapter 1 - Introduction to Management Accounting Chapter 1 - Introduction to Management Accounting MULTIPLE CHOICE 1. is devoted to providing information for external users. a. Management accounting b. Financial accounting c. Internal accounting d. Cost

More information

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard Abstract: This white paper outlines the ITIL industry best practices methodology and discusses the methods in

More information

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Achieve Economic Synergies by Managing Your Human Capital In The Cloud Achieve Economic Synergies by Managing Your Human Capital In The Cloud By Orblogic, March 12, 2014 KEY POINTS TO CONSIDER C LOUD S OLUTIONS A RE P RACTICAL AND E ASY TO I MPLEMENT Time to market and rapid

More information

Banking Application Modernization and Portfolio Management

Banking Application Modernization and Portfolio Management Banking Application Modernization and Portfolio Management Key Challenges and Success Factors As part of their long-term strategic plans, banks are seeking to capitalize on their legacy applications. Acquired

More information

IT service management solutions Executive brief. Making ITIL actionable in an IT service management environment.

IT service management solutions Executive brief. Making ITIL actionable in an IT service management environment. IT service management solutions Executive brief Making ITIL actionable in an IT service management environment. 2 Making ITIL actionable in an IT service management environment. Contents 2 Executive summary

More information

Jabil builds momentum for business analytics

Jabil builds momentum for business analytics Jabil builds momentum for business analytics Transforming financial analysis with help from IBM and AlignAlytics Overview Business challenge As a global electronics manufacturer and supply chain specialist,

More information

UNLOCKING VALUE IN APPLICATION OUTSOURCING RELATIONSHIPS

UNLOCKING VALUE IN APPLICATION OUTSOURCING RELATIONSHIPS 2 0 1 2 An Outsourcing Center White Paper UNLOCKING VALUE IN APPLICATION OUTSOURCING RELATIONSHIPS By Patti Putnicki, Business Writer, Outsourcing Center W W W. O U T S O U R C I N G - C E N T E R. C O

More information

ITIL Managing Digital Information Assets

ITIL Managing Digital Information Assets ITIL Managing Digital Information Assets Shirley Lacy, ConnectSphere Frieda Midgley, Digital Continuity Project Judith Riley, Digital Continuity Project Nigel Williamson, Digital Continuity Project White

More information

An introduction to ITIL concepts

An introduction to ITIL concepts An introduction to ITIL concepts Written by Justin Murray October 2005 Introduction... 2 Objective... 2 The ITIL books and processes... 3 Service Management: a key part of ITIL... 4 Service Support...

More information

How we manage our business

How we manage our business How we manage our business Ericsson Operational Quality Manual Index Customer first Commitment This is how It s our responsibility! Quality Policy 1 2 3 4 5 6 7 8 9 10 Ericsson Group Management System

More information

Outsourcing. What is it and what are the options? LODESTAR

Outsourcing. What is it and what are the options? LODESTAR Outsourcing What is it and what are the options? LODESTAR Executive summary Since it first emerged as an option in the mid eighties, outsourcing has been one of the most hotly debated issues in IT. These

More information

The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.

The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner. 1. ITIL Defined The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom s Office Of Government Commerce (OGC). The guidance, documented in a set of

More information

Taking the Service Desk to the Next Level BEST PRACTICES WHITE PAPER

Taking the Service Desk to the Next Level BEST PRACTICES WHITE PAPER Taking the Service Desk to the Next Level BEST PRACTICES WHITE PAPER Table of Contents Executive Summary...1 The Service Desk Evolves...2 What s Next?...2 Enabling Innovations...3 > Configuration Management

More information

SERVICES. Designing, deploying and supporting world class communications solutions.

SERVICES. Designing, deploying and supporting world class communications solutions. Designing, deploying and supporting world class communications solutions. DESIGN Expertise, technologies, tools and ideas Business environments, regulation, expansion and obsolescence are drivers that

More information

WHITE PAPER. A Practical Guide to Choosing the Right Clouds Option and Storage Service Levels. www.earthlink.com

WHITE PAPER. A Practical Guide to Choosing the Right Clouds Option and Storage Service Levels. www.earthlink.com WHITE PAPER A Practical Guide to Choosing the Right Clouds Option and Storage Service Levels www.earthlink.com 1 Our job in IT is to provide technology frameworks and an operating model to facilitate but

More information

CFOs and CIOs: How do you know when to reach for the clouds?

CFOs and CIOs: How do you know when to reach for the clouds? CFOs and CIOs: How do you know when to reach for the clouds? I would like to have a way to allow many different users to have access to data and to have better analytic capabilities should we just move

More information

Portfolio Management 101:

Portfolio Management 101: THOUGHT LEADERSHIP WHITE PAPER In partnership with Portfolio Management 101: Moving from Just Project Management to True PPM A lot of organizations claim that they carry out project & portfolio management

More information

ITIL V3 Application Support Volume 1

ITIL V3 Application Support Volume 1 ITIL V3 Application Support Volume 1 Service Management For Application Support ITIL is a Registered Trade Mark and Community Trademark of the Office of Government and Commerce. This document may contain

More information

Managing relationship equilibrium in outsourcing

Managing relationship equilibrium in outsourcing Managing relationship equilibrium in outsourcing HP s relationship governance model and methodology Executive summary... 2 The governance balance... 3 HP s unique governance model... 5 Partner-based, collaborative

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

The support offering tailored to fit your individual needs

The support offering tailored to fit your individual needs EMPOLIS SERVICES Concentrate on your core business The support offering tailored to fit your individual needs In this fast-paced world, it is absolutely essential that you remain focused on your most important

More information

The Cloud for Insights

The Cloud for Insights The Cloud for Insights A Guide for Small and Medium Business As the volume of data grows, businesses are using the power of the cloud to gather, analyze, and visualize data from internal and external sources

More information

Tapping the benefits of business analytics and optimization

Tapping the benefits of business analytics and optimization IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping

More information

Functional Area Systems Lecture 5

Functional Area Systems Lecture 5 ACS-1803 Introduction to Information Systems Instructor: David Tenjo Functional Area Systems Lecture 5 1 1. ACCOUNTING TRANSACTION SYSTEMS 2 1 Business Transaction Cycles 3 Business Transaction Cycles

More information

At the Heart of Virtualizing Insurance

At the Heart of Virtualizing Insurance At the Heart of Virtualizing Insurance New Era in Property and Casualty (P&C) Insurance Cloud Computing Strategic Implementation of Cloud Computing Services Adds Effectiveness and Efficiency to the Insurance

More information

The ITIL Story White Paper

The ITIL Story White Paper The ITIL Story White Paper Produced By: Pink Elephant Version: 3.3 Date of Publication: September, 2004 Table of Contents 1. ITIL Defined... 3 2. Non-Proprietary... 4 3. Concepts Behind The Library...

More information

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL Time is running out for the traditional, monopolistic IT model now that users have so many alternatives readily available. Today s enterprises

More information

Lecture 8 About Quality and Quality Management Systems

Lecture 8 About Quality and Quality Management Systems Lecture 8 About Quality and Quality Management Systems Kari Systä 10.03.2014 10.03.2014 TIE-21100/21106; K.Systä 1 Content of today s lecture Two weeks ago we discussed about testing and inspections, that

More information

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

SaaS or On-Premise? How to Select the Right Paths for Your Enterprise. David Linthicum

SaaS or On-Premise? How to Select the Right Paths for Your Enterprise. David Linthicum SaaS or On-Premise? How to Select the Right Paths for Your Enterprise David Linthicum SaaS or On-Premise? How to Select the Right Paths for Your Enterprise 2 Executive Summary The growth of Software- as-

More information