ITIL v3 and Outsourcing How ITIL v3 Can Facilitate Outsourcing Initiatives

Transcription

1 Service Management White Paper ITIL v3 and Outsourcing How ITIL v3 Can Facilitate Outsourcing Initiatives Hypothesis The newly released Information Technology Infrastructure Library (ITIL) v3 processes well implemented and managed can significantly improve the probability of achieving success in an Information Technology Outsourcing (ITO) effort. The objective of this paper is to analyze ITIL v3 and outsourcing best practices to determine if this hypothesis is valid. Introduction The approach used to address the above hypothesis will be to first briefly review/level set the evolution of IT processes, specifically ITIL, do the same thing for ITO processes and then address the ITIL v3 to ITO relationship. The history of outsourcing can be traced back in time to the natural evolution of specialization of skills and the use of captured resources to perform labor intensive work. The highly skilled and labor intensive dichotomy continues to exist today. IT Outsourcing (ITO) obviously falls in the highly skilled category and has been in growing rapidly since taking root in the 1970 s. Today s telecommunications advances, the internet s ubiquity and availability of global technology resources have made ITO a huge world wide business. D a r e t o c h a l l e n g e

2 The primary reasons given for outsourcing are purportedly cost improvement, skill availability and core competency focus according to information from the International Association of Outsourcing Professionals (IAOP). IAOP s Outsourcing Professional Body of Knowledge (OPBOK) references a recent market study on outsourcing by Forrester Research which found that over 50% of the respondents reported outsourcing challenges due to (1) Poor project management skills, (2) Lack of an effective outsourcing process and (3) Inadequate or poor metrics and communication vehicles for measuring and monitoring performance. Gartner Research s often quoted statistic on unplanned down time that approximately 80 percent of unplanned downtime is caused by people and process issues, while the remainder is caused by technology is an assertion that easily can be extrapolated to ITO. From a technology standpoint, the growth path has not always been smooth or straight, but guidelines from bodies such as the International Standards Organization (ISO) and Institute of Electrical and Electronics Engineers, (IEEE) aided in keeping progress within reasonable parameters. Wireless network and computer language standards are the result of their work. From a skills or people standpoint, publications such as Carnegie Mellon University s People Capability Maturity Model (P-CMM) guides organizations in improving their processes for managing and developing their workforces. The Control Objectives for Information and related Technology (CobiT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). CobiT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. From an IT process standpoint, which will be the focus of this document, the de-facto standard for IT process has been the Information Technology Library (ITIL). The afore mentioned OPBOK along with Carnegie Mellon s esourcing Capability Models (escm) are becoming the most relevant Outsourcing Standards. Quint Wellington Redwood (Quint), the independent international IT process improvement consultancy, leverages, enhances and focuses both these standards to deliver world class IT Process Improvement Services and Sourcing Advisory Services. Quint s Implementation of Process-oriented Workflow (IPW TM ) and Seven-Phase Model for sourcing provide world class process guidance to ensure success in the ITO space. The remainder of this paper will be devoted to addressing: The Evolving ITIL Landscape The IT Process Framework, IPW TM Outsourcing s Body of Knowledge The Quint Model for Sourcing The ITIL v3 and ITO Relationship Conclusion Hypothesis Proof? 2 3

3 The Evolving ITIL Landscape Developed almost two decades ago, the Information Technology Infrastructure Library, ITIL is the industry standard for IT Service Management Processes. The second version, v2, of the best practices framework was first published in 2001, with the service Delivery and Support books being core of a seven book library represented graphically below. There are many differences between the Service Delivery and Support core books of ITIL v2 and five components in the ITIL v3 lifecycle Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. One difference in response to a top request from the hundreds of responses to surveys and inquiries was to address the outsourcing of services. It is that difference this paper will exclusively speak to. The graphic below depicts the lifecycle flow of v3 surrounded by complementary influencers. The Service Delivery volume includes the following IT process guidelines: Service Level Management Availability Management Capacity Management Financial Management for IT Services IT Service Continuity Management The Service Support Volume includes the following process guidelines and function: Service Desk Incident Management Problem Management Change Management Release Management Configuration Management Between 1999 and 2006 ITIL v2 became the de-facto best practice standard for IT Service Management. It was also realized by members of the IT Service Management community that much in the industry had changed since the late 1990 s and a refresh of ITIL v2 was in order. In November of 2004, the UK Office of Government Commerce (OGC) initiated a project that was the genesis of the development of a new more comprehensive version of ITIL Version 3. An extensive consultation and scoping process was completed in After the numerous iterations, the final product was released in May The concern of many was focused on the differences. The differences in reality should be considered additions, enhancements and innovations since all the processes and functions from ITIL v2 were carried forward into v3. The five core elements of the services lifecycle are: 1. Service Strategy (SS) - Understanding and translating business needs into strategies for the (IT) Service Organization. 2. Service Design (SD) - Providing guidance on production and maintenance of architecture studies and IT policies and on the development of services, including insourcing and outsourcing. 3. Service Transition (ST) - Creating transition strategies from service design to life environments, it provides a long term view on change and release management practices. 4. Service Operation (SO) - How to manage services in the live or production environment, it focuses on the delivery and support of services that enable steady state IT operations. 5. Continual Service Improvement (CSI) - Focuses on inputs and outputs needed for a good improvement (Plan-Do-Check-Act) cycle on existing services, including service retirement. Quint is a leader in providing ITIL v3 services including conducting the first North American ITIL 4 5

4 v3 Foundation course with associated exam. IT Process Framework, IPW TM Quint s IPW TM (Implementation of Process-oriented Workflow) has become a de facto standard for the implementation of ITIL processes in an IT organization. The IPW model is a process model for an IT organization that clearly sets out the relations between, amongst others, the IT Service Management processes. IPW TM leverages and is consistent with ITIL v2 and in reality was ahead of v3 in that it addressed a lifecycle approach years before v3 was conceived. A graphic representation of IPW TM is below. In addition to its success as an ITIL implementation vehicle, IPW TM provides a maturity framework. The IPW Maturity Model TM is a model that divides the IPW TM management processes, which form a superset of the processes from the ITIL library, into five process domains and defines a number of process activities and best practices for all of these processes. Most of the best practices are taken from the ITIL library. Other best practices have been added for fields not provided for by ITIL v2, but generally have been addressed in v3. The IPW Maturity Model is a model that can be used to assess the organizational maturity of the processes as identified in IPW within a company. The individual process maturity scores lead up to an overall organization maturity level. The maturity levels are described below: Over the past years, the model has evolved tremendously and proved to be extremely successful in transforming both large and small IT organizations from function, product and technologicallyoriented organizations to customer, process and service-oriented organizations. Using the experience and insight gained from the practical use of the model, it is continually improved by adding any missing elements. The success of IPW TM is based primarily on the fact that it is not a theoretical model, but a model originating from actual practice. In addition, the intensity level of applying IT organizations has continued to increase (because their customers made higher demands), so that extension of the model was in some cases a dire necessity. Through the years, Business IT Alignment, Shared Service Center Practices and the Sourcing Governance Framework (SGF ) have been added to the different versions of the model. Also when (parts of) the IT services are outsourced, IPW TM has proved to be of great practical use to both the outsourcing organization and the outsourcing partner in arriving at clearly defined services, dividing processes over several organizations, and in entering into agreements on matters such as communication, the execution of processes, and reporting. Level 0: Not performed. At this level, a process is not carried out at all, not even in an informal or implicit manner. Level 1: Not identified. At this level, the primary process activities are (partly) carried out, but people are not aware that the process is being carried out. The performance of the process takes place on an ad hoc basis, and has an implicit and informal character. The process is not described and there is no process registration. Level 2: Monitored. At this level, the process is not only carried out, but also recognized as such. Furthermore, the execution of the process is measured and recorded, but no corrective action is taken. The process is partly described, but not standardized yet. When the going gets tough, the process is often by-passed. Level 3: Controlled. At this level, the process is under control. This means that based on measurements and recordings, corrective action is taken during the course of the process, and the performance of the process is planned. Resources (people, means & technology) become available. All process actors have been given explicit roles. There are objectives and standards for the process, but these have been established internally. Furthermore, the process is geared to other related processes. 6 7

5 Level 4: Proactive. At this level, the process is tuned to the external (customer) environment, which means that external objectives have been set for the process. During the process, less surprises occur, because the planning has a prospective character and whenever possible, proactive initiatives are taken before something goes wrong. Level 5: Improving. At this level, the execution of the process is continuously adjusted based on planning, measurements, evaluation, audits, and reviews. This process improvement capability is embedded in the process itself. There is a so-called double-loop learning, which means that the process does not only correct itself, but also adapts itself to new circumstances (adaptive process). IPW TM and IPWMM TM are extremely powerful tools for structuring and shaping improvement projects in IT organizations in a non-authoritative manner. Outsourcing s Body of Knowledge IAOP was formed in early 2005 by a consortium of leading companies involved in outsourcing as customers, providers, and advisors. Today its global membership includes over 250 organizations from around the world representing a cross-section of industries and functional activities. In 2006 the Outsourcing Professional Body of Knowledge was completed by IAOP creating a standard framework of outsourcing processes. The following graphic depicts the 5-Stage Outsourcing Process that is a keystone of the IAOP OPBOK. APPROPRIATE REAL DEAL EXECUTE OPERATE Develop Concept High level ops review Identify Corp direction Perform Situation Analysis & Identify Outsourcing Opportunity Get Executive Sponsor Assign Steering Committee Idea Stage Assessment/ Planning Stage Analyze Current Processes & Functions Define Proposed Processes & Functions Define User Needs Perform Risk Analysis Develop Business Case (with plan) 5-Stage Outsourcing Process Implementation Stage Issue RFP Finalize Deal Structure & Terms Develop & Negotiate Contract Develop Human Resource and Asset Transfer Plan Develop Communications Plan Develop Governance Plan Transition Stage Detailed Transition Plan (with pilot) Implement New Organization Structure Transfer People, Assets, functions and/ or Processes Develop Training Plan Management Stage Perform Daily Management Activities Monitor Performance Implement Relationship Management Process Institute Change Management Process Carnegie Mellon has long been known for their technology capability maturity models. Capability Maturity Model for Software (SW-CMM), People Capability Maturity Model (P-CMM) and Capability Maturity Model Integration (CMMI) are the most noted models. Perhaps lesser known, Carnegie Mellon has produced seminal works in the sourcing arena. The esourcing Capability Models (escm) provide frameworks of best practices for providers or suppliers of sourcing services that have IT as a key element or enabler and clients that create the business demand for these sourcing services. Carnegie Mellon s IT Services Qualification Center (ITsqc) first published the esourcing Capability Model for Service Providers (escm-sp) in Version 2.01 was released in December of escm-sp documents 84 best practices that are organized according to four phases of the Sourcing Lifecycle, ten logical groupings of Capability Areas and five Capability or maturity Levels. The esourcing Capability Model for Clients (escm-cl) was just published in September of escm-cl documents 95 best practices that are organized according to five phases of the Sourcing Lifecycle, seventeen logical groupings of Capability Areas and five Capability or maturity Levels. Quint s Sourcing Model All sourcing projects go through a number of phases. Organizations that plan to conduct sourcing and shared services should be conscientious during these critical phases as the quality of the final sourcing relationship is greatly determined by how well these phases are completed. As an independent expert in sourcing and shared services, Quint guides and supports clients through the process of strategic, tactical and operational decision-making. Quint uses its proprietary Sourcing: Quint s Phased Approach, as the reference model when supervising sourcing projects. The model has been applied in practice extensively and has proven its value in supporting the management of a sourcing process. Sourcing: Quint s Phased Approach The OPBOK represents a cohesive and comprehensive outline of the commonly accepted practices and skills required to ensure outsourcing success. It is available exclusively to IAOP Professional Members and is also the foundation for the International Association of Outsourcing Professionals (IAOP) professional certification program, the Certified Outsourcing Professional (COP). 8 9

6 The model tracks, in a process-oriented way, the complete outsourcing lifecycle. Every phase recognizes specific targets and decision making moments for both business and IS management regarding the continuing outsourcing process. Going through all the logical, successive steps, results in a higher probability of a high quality predictable end result. To insure a complete understanding of the enterprise environment an outsourcing decision will be made in, an assessment of that environment is definitely warranted. It is an investment that can pay significant dividends, by identifying risks, highlighting opportunities and providing key decision making information. Quint performs these assessments from five perspectives ICT, Finance, Legal, Human Resources and Stakeholders. Business Demand Establishing sourcing governance is a complex task requiring coordination to regulate and support multiple service providers. Organizations are required to factor in many aspects of their business processes. This includes receiving business information services that continuously correspond to the business needs, at all levels, and to be delivered at the best prices and conditions. Factors to consider in setting sourcing governance encompass: Management methods and processes Organizational roles and responsibilities Service delivery rules and agreements Sourcing Governance Framework Suppliers Maturity of ICT Processes on behalf of Sourcing Governance Function Scope Sourcing Deal Information Policy Finance and HR Customer Management Customer Strategy Strategy Architecture LT IT Plan Compliance Financial Mgt HR Vendor Management Sourcing Strategy IT Strategy Finance and HR Human Competencies HR Measurements Social Protocol HRM Stakeholders ICT Services Business/ ICT Drivers ICT Governance Functional Innovation Functional Mgt and Business Support Service Portfolio Mgt Requirements Mgt Service Level Mgt Relation Mgt Control Innovation Program/Project Mgt Control Services Service Delivery Mgt Auditing Supply Portfolio Mgt Procurement Contract Mgt Cost Mgt Application Development and Infra-Innovation Application Maintenance and Infra-Management Finance Asset Value Cost Level (incl. depreciations) Justification Model Maturity of Financial Process Legal Contractual Blockades for Sourcing Legal Organizational Structure Current Legal Framework The outcome of the sourcing assessment is a score card that provides insight in strengths, weaknesses, organizational issues and governance issues. Once an outsourcing decision is made and implemented, integrating the new supplier of services into the overall service provision framework is critical. This service provision framework will most likely consist of internal suppliers and external suppliers that will need to be coordinated to insure the enterprise s demands for IT service are met. Throughout its 16 years of experience, Quint has developed a Sourcing Governance Framework (SFG) that provides the structure and guidance to successfully negotiate the rapidly changing IT supply and demand environment. In the new organizational/operational constructs of IT, desired outcomes and cost levels have to be achieved within the context of commercial supplier relations and contracts, instead of exerting direct control on IT operations. This introduces opportunities and risk, requires different competencies, a changed management capability and a new form of organization and control. Over 16 years of Quint s collective experience in managing outsourced services have resulted in the best practices in this field. These best practices are bundled and unlocked in the above model that help organizations build their own Sourcing Governance Function or also known as a Demand Supply Organization or (DSO) an intermediary function between internal customers and (external and/or internal) suppliers. The DSO concept provides new ways of effectively managing IT demand and IT supply. What s more, this new way of managing IT appears to be equally applicable to both situations of external sources of supply (outsourcing) and to situations of internal sources of supply. The DSO mission of providing the business with information services, which are actively aligned with their needs on both strategic and operational levels, and delivered against best prices and conditions has been accomplished by many of Quint s valued clients

7 The ITIL v3 and ITO Relationship From a macro stand point there are several key points that can be made about ITIL v3 and how it relates to ITO. The ITIL v3 five component Lifecycle approach to IT Service Management is consistent with and supportive of Quint s ITO Sourcing and IPW Models. The emphasis on business and IT alignment in ITIL v3 is parallel to the DSO mission as noted above. The ITIL v3 focus on identifying the optimum source of services to satisfy business demand is consistent with the SGF approach. ITIL v3 speaks to the Value Net, SGF addresses value from a comparable value chain approach. The surveys and comments received by the ITIL v3 development team revealed a substantial need to have outsourcing addressed in the next ITIL release. In studying the five core lifecycle elements as they relate to ITO, it is very evident that the development team took the expressed desire for more content addressing outsourcing to heart. Service Strategy The Service Strategy component of ITIL v3 establishes an initial foundation and framework for determining the optimum sources for IT services. Matrices and definitions are provided to assist in making strategic decisions on what, when and how to source IT Services. Sourcing options are defined by types: Type I Services are provided by internal staff; generally not standardized across the enterprise Type II Services provided by a centralized internal IT business unit that operates as a profit or cost recovery basis. Type III External outsourcing which may be onshore, near shore or offshore. A series of questions are provided to assist in identifying the best sourcing strategy. Questions address asset composition, customer requirements, performance monitoring as well as supplier selection criteria. Sourcing roles and responsibilities are described in general as are the risks that need to be considered in making strategic sourcing decisions. The involvement of an IT steering group is introduced as a key decision making body that will approve the sourcing strategies that the service design will be built upon. Detailed definitions of Insourcing, Outsourcing, Co-Sourcing, Partnership or Multi-Sourcing, Business Process Outsourcing, Application Service Provision and Knowledge Processing Outsourcing are provided as keystone input for design. Advantages and disadvantages of each of the possible design elements are listed in an easy to use matrix. Incorporating overall service improvement as well as business continuity management/disaster recovery as design factors in developing a service design that incorporates sourcing as a key element. The concept of a Supplier and Contract Database (SCD) is introduced as part of addressing control and governance of sourcing suppliers. The SCD will be linked to the configuration management system to insure a broad federated service design approach. Service Transition The Service Transition component of ITIL v3 from a sourcing perspective focuses on how change management processes function in a sourcing environment. Given that the Service Transition component goal is to successfully plan and manage service changes, introducing an external sourcing supplier can complicate this process significantly. Requests for Change (RFC), in a sourcing environment may provide additional challenges for the Change Advisory Board (CAB) including: Managing to existing supplier contracts Updating or revising agreements Accommodating restrictions of non owned assets The concept of a Service Knowledge Management System (SKMS) is introduced as a set of tools and databases that are used to manage service provisions through the entire service lifecycle. The configuration management system is a key component of this system. The SKMS would also incorporate the supplier and contract database. Examples of service transition steps in an outsourcing environment are provided along a plan, perform, review and close path. Service Design The Service Design component of ITIL v3 leverages off of Service Strategy and provides additional detail and specifics relating to sourcing. The Supplier Management process is addressed in very efficient detail in Service Design. Linking the management of suppliers of IT services to the creation of value for the business is defined as a primary goal. The policies, strategies, scope, activities, roles and key performance indicators of Supplier Management are described effectively. Service Operation The Service Operation component of ITIL v3 addresses more than just the day-to-day business as a usual arena of IT. Service Operation is all about balancing responsiveness, quality and cost all the while being responsible for delivering a value laden IT service end product to customers. This delivery point in the lifecycle can be the product of internal or external suppliers. The Service Operation component notes especially that regardless of what service strategy, design or transition is in effect, the ultimate organizational responsibility for delivering the service is IT. This is true whether insourcing, shared services or full outsourcing is in place to supply the IT services

8 An extensive description of service desk outsourcing considerations is provided including: Tool compatibility Communication quality Service level agreements Training Ownership of data Facilities management is another area of potential outsourcing activity that must be factored into the overall delivery of IT services. Continual Service Improvement The Continual Service Improvement (CSI) component of ITIL v3 is a much discussed but often not implemented element of the service management life cycle. In this volume of V3 there is little mention of outsourcing beyond the generality that service improvement should be a part of outsourcing contracting and budgeting and should be addressed at the out set of negotiations. Conclusion The hypothesis presented at the beginning of this paper that - The newly released Information Technology Infrastructure Library (ITIL) v3 processes well implemented and managed can significantly improve the probability of achieving success in an Information Technology Outsourcing (ITO) effort. It is clear that ITIL v3 provides a much richer outsourcing oriented service management framework than ITIL v2 and the probability of success in ITO operations can be substantially improved. There are however caveats that must be considered. First, ITIL v3 must be well implemented and managed. This means that IT staff will need to be trained in ITIL v3, have experience in an ITIL implementation at the v2 level and have experience in managing an ITIL service management based IT organization. Second, the ITO effort must be executed using sourcing best practices, by experienced staff and have the underlying ITIL service management framework noted above in place. It is unlikely that there are many, if any, IT organizations that currently have the capability to meet the above stipulations. While ITO can yield substantial value to an IT organization, it can be a very challenging undertaking. Taking on this challenge with a partner like Quint Wellington Redwood who is well versed in ITIL v3 and ITO best practices, cannot only effectively address the caveats above but increase the long run value ITIL and ITO can generate

9 Referenties: 1 Outsourcing Professional Body of Knowledge Version 6.1, International Association of Outsourcing Professionals 2 Herwaarden, C.J. van, The IPW Stages Model: IPWSM, IT Management Yearbook, Ten Hagen Stam, 1998 Note IPW is a trademark of Quint Wellington Redwood and KPN Telecom IPW Stages Model is a trademark of Quint Wellington Redwood Capability Maturity Model Integration (CMMI ) is a registered trademark of Carnegie Mellon University CMM is a trade and service mark of Carnegie Mellon University ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office COBIT is a registered trademark of ISACA Quint Wellington Redwood is a leading global independent consulting firm dedicated to resolving IT-related organizational challenges. Operating in more than 49 countries and across four continents, Quint provides strategy, sourcing and service management to leading organizations from all industries, creating and implementing best practices worldwide. Quint was founded to help organizations get more from IT, not by adding more or new technology, but by simply managing IT better. The firm s portfolio of services includes education, consulting and measurement, integrated across the domains of business and IT. Quint s Dare to Challenge mission challenges itself and its clients to implement changes that deliver true results, outperform the competition and create a measurable return on investment. Quint s vision is to reinvent not only its clients organizations, but also the consulting industry itself. Copyright 2008, Quint Wellington Redwood. All rights reserved. No part of this publication may be reproduced, transferred and/or shown to third parties without the written consent of The Quint Wellington Redwood Group. Q u i n t We l l i n g t o n Re d w o o d [email protected] QuintGroup.com