Demonstrating the business value of IT

Business leaders are expecting more from their IT departments in terms of scale, flexibility, cost and transparency, and companies are demanding that IT organisations demonstrate IT’s value to the business. Indeed, managing IT in a way that aligns it with business goals and practices is one of the most challenging assignments in any organisation. So how can taking an IT service management approach help? CXO spoke to a number of industry experts to find out…

Paul Rochester is President and CEO of PS’Soft, a global provider of IT asset and service lifecycle management applications. He is an accomplished technology executive with a broad operating experience including general management and sales in product and professional services companies.

Patrick Bolger is Sales Director at Hornbill Systems. A popular speaker on ITIL and IT service management at special interest groups and industry events worldwide, Patrick is also contributor to and author of many papers on the subject of best practice.

Steve Feeney, Sales Director for Northern Europe, joined FrontRange in 2001. His current goal is to drive revenues and consolidate the company’s position as market leader in the important mid-enterprise market.

Hugh Lang is Director of UK Operations for Acumen Solutions UK Ltd. He has over 25 years experience in the design, development and project management of IT solutions and processes, and is a regular speaker on ITSM, project management, security and data centre design and operation.

ITSM tools and strategies have been around for quite some time, yet they seem to have attracted unprecedented attention recently. What would you say are the drivers behind the recent rise of IT service management?

HL. As the technology we use becomes more integrated into our business lives, the more we depend on it and the greater the impact to the business when a failure occurs. This has resulted in a greater understanding from the business that when a failure occurs it is not just an IT problem, but has an impact on the organisation as a whole. It is now understood that IT services are critical to the business operation and can provide significant competitive advantages if managed correctly.

Similarly, the days of giving the IT department whatever capital it requires to provide a service are now long gone. This has led IT managers to manage the department with far greater control, focusing on ROI and efficiency savings. This new breed of IT manager understands that in the same way as the business as a whole is accountable to its customers, the IT department must perceive the business as its internal customer and provide efficient services accordingly. IT service management provides a set of guidelines and best practices to effectively manage these services and ultimately make the IT department’s life easier.

PB. There’s always a latest fad in the crossover between IT and business. Although it’s been around for a couple of decades, ITSM started to gain a real following in the last five years or so. Early adopters sought to introduce uniform process methodology across all of IT to comply with best practice; only in the last couple of years can we now distinguish between the rise in noise around ITSM and the real drivers to its successful adoption. Factors such as corporate governance and IT accountability may have forced adoption, but in fact they also make the benefits of ITIL more apparent by providing visibility of the business value of effective IT service provision.

Adopters now better understand the framework and look to implement it successfully. As a result, process-based tools are capturing market interest. With ITIL, realisation of the size of the task at hand quickly becomes apparent, working with flexible software solutions means the methodologies can realistically be adopted. At Hornbill we have responded to the gap between the will and the way forward, providing tools founded on a structured approach, rather than paying lip service to practicality.

SF. The drivers are both varied and pressing. Issues around regulation – from national legislation to Sarbanes-Oxley and ISO standards – are driving organisations to review their IT service management strategies. At the same time, they are under continuing pressure to square the need to improve performance with the need to cut costs. In trying to achieve this, it has become increasingly clear that IT can no longer stand in splendid isolation: rather, it must be integrated into the broader business environment in order to create real competitive advantage.

PR. I see three major drivers: economic pressure on IT, compliance and IT governance initiatives, and the convergence of technology with IT frameworks such as ITIL. Fifteen years ago, our customers were mostly reactive and focused on tracking IT assets. Today, they have a much more proactive attitude and deploy asset management as the core around which they can create a complete ITSM project. They want us to push the envelope on managing IT services with a business focus: if the project cannot clearly demonstrate business value – lower costs, improve visibility, provide data to support business decisions and increase service levels – forget it.

For example, a European customer recently told me that their entire IT organisation is shifting towards delivering client services: the ‘IT director’ is now a ‘client services director’, and our technology became the foundation for the technical staff, administrators, managers and users to share data and interact. The bottom line is that organisations now have the bandwidth, the knowledge and the structure to deliver IT services that the business units can leverage as a competitive weapon.

Why are best practices important in helping to manage IT services? How can the guidance provided in the IT Infrastructure Library help?

PB. You can’t knock best practice – after all, it’s the opportunity to learn from the mistakes of others! However, everyone should be aware of its scope and limitations – depending solely on best practice means you can lose sight of context, which is the most important and potentially limiting factor in terms of success. Remember that best practice is written for every circumstance, but is not applicable to all situations. With that in mind, it is useful in terms of understanding the issues to hand, but expecting it to be helpful in terms of delivery is a common mistake.

ITIL can help organisations learn what’s possible; however, guidance for its practical adoption requires the competency of software vendors like Hornbill. We have the experience of a huge number of ITIL implementations. With a framework and templates for implementation built into our products we help address common knowledge and experience gaps, like translating IT into business language. This can reduce the ‘what-ifs’.

PR. Best practices help in many different ways: reducing risk, ensuring repeatability and predictability and reducing deployment costs. As software vendors, we see best practices as one way to build economies-of-scale into our solutions: we can provide content and applications to our customers, not just a platform or toolkit. Leveraging best practices also allows us to reduce the amount of services required for a deployment. The project team can talk the same language from day one, and pool industry knowledge to speed up implementation.

ITIL is a well-accepted framework, especially if you use it for what it is: a set of best practices for IT infrastructure optimisation. In the 1990s, when we started helping our customers with service management automation, many organisations did not necessarily have such a framework in mind and we had to help fill the gap and provide a lot of the expertise and the best practices that our customers were looking for. Today, ITIL gives us a baseline, allowing us to raise our expertise to higher levels of complexity and value, like simulating the business impact of IT changes, addressing complex compliance issues and detailed financial reporting.

SF. By implementing best practice, organisations can be confident of avoiding the earlier mistakes of their peers. Equally, they can be sure of taking full advantage of the best ways that have evolved to address problems around the delivery of effective service management. A warning, however: best practices such as ITIL should be treated as a guide and not as a bible or set of rules to be followed slavishly and inflexibly. The key to best practice implementation, therefore, is to look at how they can be incorporated within – and so enhance – the organisation’s existing business practices. As ever, it’s a balance. Best practice is important as offering a proven way to optimise your service management processes. However, don’t roll out ITIL, or its equivalent, just for the sake of it: it has to work in the context of the broader business.

HL. Best practices are important as it saves companies having to ‘re-invent the wheel’ in terms of management of IT services, and ITIL has emerged as the preferred set of guidelines across a range of industries. There are a number of contributing factors to this position. Firstly, the success of ITIL is due in part to the provision of a common set of terminology that can be utilised across a wide variety of enterprises, regardless of business focus or industry sector. This allows the business to understand the services that IT provide whilst steering away from specific technical jargon that can put off the business users. Secondly, the primary focus of ITIL being on the management of services rather than the control based focus of other methodologies, such as COBIT, also makes it easier for the business users to accept the necessary change in procedures and possibly technologies that are required to successfully implement ITIL-based service improvement. Finally, ITIL represents a set of processes that are centred around the IT department whereas many other methodologies encompass the whole business. The adoption of ITIL, whilst being a business wide adoption, allows the focus to remain on IT without expanding the scope of the adoption beyond manageable levels.

Some have claimed that ITSM is as much a cultural change at it is a technological one. To what extent do you agree with this assessment, and why?

SF. I agree one hundred percent: the migration from a helpdesk to a service desk mentality has to be driven from the top-down and involves the whole organisation – from executive to street-level. Many businesses still fail to recognise this and, as a result, those at an operational-level fail to understand why senior executives are trying to impose new strategies and structures, and so fail to implement them properly. Senior staff can similarly fail to grasp why the IT team are seeking to change existing processes and practices to meet the demands of a true service culture.

Change cannot by achieved by technology alone: equally, the days when the IT department made decisions without considering the broader business impact are long-gone. The bottom line is that IT and the business must be fully aligned to achieve the cultural shift required.

HL. Without an understanding of the purpose of efficient IT service management across the business, there are only limited advantages to the implementation of any supporting technologies. There are examples in most business communities where a substantial investment in IT to meet a stated business need has not achieved the intended outcome. Our experience tends to indicate that when this occurs it is because the relevant parts of the business have not ‘bought in’ to the necessary changes or analysed fully the impact these changes will have on each department’s working practices.

When organisations rely on technological solutions to solve business problems, the focus often tends to be on the IT department to find the solution. This is where the majority of issues begin, as the IT department may not understand the full business impact of a given problem and therefore may not identify and implement an appropriate solution. The adoption of ITSM as a cultural change ensures that both the IT department and the business are more closely aligned and have a common ground on which to identify and specify problems – and thus identify the right solutions.

PR. For many organisations, it is definitely a big cultural change. In every successful ITSM deployment that we have seen, the deployment was focused on delivering business value. It means establishing early on the business metrics that will measure success, like cost savings or response time, and aligning requirements and processes with these metrics. The change is also about being proactive and thinking long-term: ITSM deployments are often phased and a long-term vision is a critical success factor.

When we started PS’Soft in the early 1990s, the requirements were simpler: track these assets, tell me where they are and what financial value they have. Now every project we touch is approached from a business perspective: financial, quality or compliance. Even when organisations start with a small project such as license compliance, they have the bigger picture in mind and envision the next three phases of cost savings or service improvement.

Companies had to change their own business practice in the past decade, while IT was becoming a core competitive factor. It was very logical for IT to act like a business itself, and most CIOs see that as a very positive change. Some are ahead of the curve, some behind, but for everyone this change is a good change.

PB. Let’s not forget why we’re doing this: change is a means to an end. ITSM certainly introduces cultural change, but we’d think about it more as an essential evolution. IT is there to support the business. It no longer exists for its own sake – that model died a death several years ago. IT knows it needs to think in service provision terms to prove its value to business; ITSM done properly will demonstrate benefits to the business and mask the technology behind it, so software needs to reflect this and help provide that IT-business translation. Communication between IT and the business is key, yet can prove a vast cultural challenge due to the legacy mindset divide. IT and business have to work together and determine what is important for IT service provision, but traditionally IT people are generally pretty poor at communicating in business terms.

While originally thought to involve finance departments only, the demands of regulations such as SOX have made their way to desks of CIO’s charged with the task of supporting compliance initiatives with technology. How can ITSM help support, drive and manage compliance and security requirements?

PR. ITSM can help in many ways, and indeed is a key weapon in the CIO’s arsenal to respond to compliance and security requirements. Firstly, ITSM enables process management and enforcement: for example, you can use ITSM to track assets throughout their lifecycle without leakage, or to enforce approval rules for ordering new equipment and software. Secondly, using the asset repository and CMDB, you can trace changes to the environment and trace them back to the requester, the approver and the implementer. Thirdly, ITSM provides a reporting infrastructure to extract asset and service-related data. Now that you have accurate data in the system, you can run your compliance reports without guesswork and performing tedious manual reconciliations.

It sounds simple, but most companies never had that environment before, where you can get data accuracy, process enforcement and traceability. Compliance is also very much in the mind of our customers. In the last few months I have met with a number of organisations and it’s a theme that is consistently repeated. A few years ago it was the CFO that was the most concerned with compliance, but today it is the CIO who has the mandate to make the adopted policies a day-to-day reality. Many are doing it in a smart way: not just solving the problem, but doing it while improving the entire IT service delivery chain.

HL. The key to compliance initiatives is management control. This does not mean prevention of change to an organisation infrastructure, but purely the understanding of auditing requirements. The use of ITSM, particularly ITIL best practice guidelines, can provide this control through the use of the relevant processes to track the assets of an organisation from initial procurement through to eventual disposal.

The critical starting point for this is the development of a configuration management database (CMDB) and appropriate change management processes to govern its use. When correctly implemented, the use of a CMDB can provide all the information required to adhere to IT compliance regulations. Effective adoption of other ITIL disciplines, such as incident and problem management, can also help in the development of the full audit trail of an asset, or configuration item throughout its lifecycle in the business.

PB. If ITSM is approached in the correct manner – to support business goals – then compliance will be a by-product. IT management shouldn’t just think about the here-and-now and the latest compliance requirement. They can drive the adoption of ITSM principles to establish a framework to mitigate risk and ensure business service continuity objectives are met.

If the key to successful adoption of ITSM is the seamless translation of business goals via IT delivery, then the benefit lies in founding solid processes that reduce the risk associated with business operations. The value that software from a vendor like Hornbill can bring lies in providing the structure to help that translation. Skills like risk management are normally found outside of the IT domain, but ITSM adoption bridges that gap between IT and business functions.

SF. Security, integrity and availability of data are at the very top of today’s CEO and CIO agendas. And, though an ITSM implementation will not in itself guarantee SOX compliance, for example, the proper management of data according to a recognised set of best practice principles will ensure that the IT infrastructure is capable of supporting a SOX implementation.

How can companies quantify the business benefits of ITSM? Is it easy for them to measure ROI on such initiatives?

PB. Everyone does ITSM – it’s just a question of how well they do it. Following best practice simply sets the bar at a particular level. It’s difficult to determine ROI as a bottom line measurement, particularly in the short term, but everyone should have a return as a target. If ITSM goals are determined as they should be with line of business managers, then business goals must be the prime objective and service availability and user satisfaction are key measurements. Clarity of business goals is paramount, otherwise we’re back in the domain of technology for technology’s sake: IT rules instead of ITSM. Collaboration between IT and business is required from the outset – otherwise it is simply another IT project with little perceived business benefit.

HL. There are a number of ways to quantify the business benefits of ITSM and they will largely depend on the aims of the business. For example, ITSM has typically been introduced to reduce support costs, increase customer satisfaction, reduce the impact of changes or more accurately predict trends to ensure that adequate capacity provisioning is achieved prior to demand. In most cases, it is likely to be a combination of these drivers that lead to the introduction of ITSM processes by the business. It is important therefore to identify appropriate KPIs for each of these outcomes and set realistic and achievable targets.

SF. Every business views ROI differently, so there is no single way to ‘prove’ the value of an ITSM investment that will satisfy every end-user. However, a successful and efficient ITSM implementation can deliver measurable gains on several fronts across the business. By introducing a streamlined set of incident and problem management protocols, for example, the front-line burden can be reduced almost immediately, with quantifiable savings in terms of reduced escalations and numbers of staff required at each level.

Prior to adopting ITIL, many organisations do not have a holistic view of change: consequently, different departments manage change differently and fail to address the negative impact it may have elsewhere in the organisation. Effective change management processes avoid this, by assessing - and taking into account - how change will impact elsewhere in the business.

Similarly, best practice release management ensures that the benefits of new software releases are fully realised and any negative impact minimised. An example: a business may have many thousands of employees using a wide variety of desktop PCs and laptops, some of which have insufficient memory to accommodate a new software release. By adopting a proper change management philosophy incorporating the relevant best practices – together with an effective inventory management and discovery tool – you can ensure upfront that there is sufficient bandwidth and capacity to run the new software. This also means that the IT team will take hours, rather than weeks, to ensure that a software release has been effectively managed.

PR. Well, there are many ways to quantify and prove an ROI, and most of our customers do not start a project unless they know exactly what the ROI will be. They often start with cost-cutting measures. For example, a major consumer goods manufacturer in the US recently did an analysis that showed investment pay-off in less than 12 months based on measurable cost savings such as redeployment of unused licenses and reduced software and hardware maintenance contracts. We are talking about more than US$1.5 million savings a year, and that’s before intangibles like the time saved in preparing for an audit, the reduction in legal exposure, the faster response to security violation and the general benefit of being able to prove compliance.

It’s no coincidence that many of the applications that we have brought to market in recent years have clear ROI impact. Take service level agreement management, IT self-service and chargeback applications: they all have measurable, positive impact. Our efforts reflect a clear trend with our customers worldwide: projects need to show a clear return, and help us align IT with the business units it is serving so that we do not deploy solutions in a vacuum.