In This Chapter
Considering IT governance in context
Striking a balance with business requirements
Measuring performance
Governing with best practices
You can't implement effective service management unless IT takes a holistic approach to automation, oversight, and comprehensive asset management across the organization. How can you do this? We recommend establishing a strong IT governance program that can provide the framework to make this happen.
IT governance in service management requires carefully combining rules for IT and business processes. You need governance rules for everything from IT security to general policies about service levels. In essence, think of a life cycle of business processes that focuses on the goal of improving service quality and business agility. Governance from a service management perspective requires that your organization apply sound business and technical judgment. You have to make trade-offs. At times, you need to allow one service to degrade in favor of a more-business-critical service.
This chapter describes the importance of monitoring and measuring service performance, and discusses why IT governance requires companies to take a composite view of all the components of service management.
IT manages a complex infrastructure of hardware, data, storage, and software environments. The data center (some of the largest organizations have many data centers) is designed to use all assets efficiently while guaranteeing a certain level of service to the customer or end user. A data center has teams of people responsible for managing everything from the overall facility, workloads, hardware, data, software, and network infrastructure.
Tip
To understand some of the complexities of service management from a data center perspective, we recommend reading Chapter 11.
In addition to the data center itself, your organization may have remote facilities with technology that depends on the data center. IT management has long-established processes for managing and monitoring individual IT components, which is good. What's been a problem for many organizations is finding a way to monitor performance across all components in a way that reflects the overall impact of IT performance on the business.
You should direct IT governance at individual IT infrastructure components within the context of the larger challenges and goals, as well as within the company's overall performance objectives.
Note
IT governance is intended to help you meet the company's overall performance indicators.
IT governance is supported in two ways:
Understanding the compliance and risk measures the business must follow: What does your business require to meet IT, corporate, industry, and government requirements? IT can support these requirements through technical controls; automation; and strict governance of processes, data, and workflows.
Understanding the performance goals of the business: You may measure your business performance in terms of sales revenue, profitability, stock price, quality of product or service provided, and time to delivery. Your IT performance measurements should focus on delivering IT services consistently and accurately so that the company gets to optimize its business performance.
What's one of the key benefits of taking a holistic approach to IT governance? When you have a comprehensive view, you can manage and deliver IT services more proactively. Imagine a chief information officer (CIO) who is frustrated by urgent calls from the company's retail stores when terminals are slow or credit machines are unresponsive. The urgent calls always seem to come at the worst times, such as in the middle of a sale. Installing a remote service management system, however, would allow the CIO to do the following:
Monitor the performance of all IT services in the retail environment
Understand the relationships among those services
Notice service degradations so that problems could be fixed before stores had to make emergency calls
In this example, the remote monitoring system enables IT to create a more balanced approach to delivering services based on business objectives and regulatory requirements. The CIO can develop a better understanding of the priorities involved when he makes decisions about service management issues for the retail stores. Many companies have started using an overall business service management strategy as a technique for managing services from a unified business perspective.
We give you a lot more detail on business service management in Chapter 17.
Each industry has a set of governance principles based on its regulatory and competitive environment. The most important governance requirement in retail, for example, is for the sales process to be both efficient and accurate. What can happen in retail that becomes an IT governance challenge? Consider another example: Store operations management would like the data center to promise 100 percent uptime supported by fully redundant servers to protect against any service slowdown, but the CIO has cost restraints.
The CIO compromises with the business. Business management and IT management agree that customers shouldn't wait more than three minutes to complete a transaction and that the sales kiosks must be up 96 percent of the time. In addition, they agree that all customer data must be fully encrypted and protected against unauthorized access by anyone at any time.
If the CIO later discovers that performance slows so dramatically that customers leave stores without buying anything, IT governance has failed. If consistently slow credit machines cause sales clerks to make credit card sales without using the automatic credit check, the business is put at risk, and IT governance has failed. On the other hand, if performance is excellent but customer data isn't protected − you got it − IT governance failed again.
An integral part of IT governance is juggling various tasks: meeting customer expectations, optimizing business goals, recognizing resource constraints, and adhering to rules and requirements. We discuss this balancing act in more detail in the following section.
IT governance is a combination of the following:
Policy
Process
Controls
Consistent data about IT services
The means to control those services
The role of IT governance is to do the following with service management:
Implement
Maintain
Continuously improve
IT governance, therefore, has to include the techniques and policies that measure and control how IT systems are managed.
Defining your IT governance strategy is a balancing act. On one hand, it must focus on the key performance indicators of the business. On the other hand, it must balance all the components of the IT environment. You have to look at the relationships among IT and business components to fully appreciate the level of risk to your company.
Although at first glance, IT governance may seem to be a contained approach to providing oversight of IT resources, the range of issues that you must manage and plan is actually much broader. IT governance must be tightly woven with business goals and policies to ensure that services are optimized for customer expectations. As we point out in Chapter 1, however, everything in your business is really a service. Therefore, it isn't surprising that we urge you to look at IT governance from a holistic business perspective.
Note
Effective service management requires constant vigilance and intricate choreography to ensure a balance among business priorities, customer expectations, available resources, and limitations on cost. IT is responsible for giving all internal and external customers and partners the resources they need, when they need them, without overstepping certain boundaries of resource and cost limitations. This focus has to be within the context of corporate governance requirements and an organization's key performance indicators (KPIs). A philosophy focused on continuous improvement in service management will help you optimize your IT infrastructure and business performance under the overarching umbrella of governance.
Measuring performance as a means to help improve performance is a concept that is well understood by competitive athletes. Imagine the countless hours spent during training measuring, recording, and monitoring changes in time and distance. But what if the runner were taking steroids? Was she in compliance? Clearly, even if all other measurements were positive, breaking the rules changes everything.
How does this example apply to IT governance? The principle really is the same.
Warning
Although measuring and monitoring may help you improve performance, that performance is irrelevant if you don't follow the company's governance rules.
You can measure business performance by comparing production, sales, revenue, stock price, and customer satisfaction with your goals. You can measure IT performance by comparing server, application, and network uptime; service resolution time; budgets; and project completion dates with your goals. Businesses use all these measures to rate their performance compared with that of competitors and the expectations of customers, partners, and shareholders. But how can you measure the impact of IT performance on business results? It takes some fact-finding and true collaboration between IT and the business to settle on performance measures that support governance in service management.
A governance committee should answer the following types of questions to get started:
How can IT performance measures support the business?
What should management measure and monitor to ensure successful IT governance?
Are customers able to get responses to requests in the expected amount of time?
Is customer transaction data safe from unauthorized access?
Can management get the right information at the right time?
Can you demonstrate to business management that your organization can recover from anticipated outages without damaging customer loyalty?
Are you able to monitor systems proactively so that you can make repairs before faulty services affect rules and regulations?
Can you justify your IT investments to business management?
Writing down key performance measurements is easy, but achieving them is complicated. Ironically, when IT manages services successfully from a business perspective, the business doesn't even notice. This outcome is like an old joke we like to tell:
Johnny was a quiet kid who never talked to his parents. One day he said, "This food is terrible!" His parents were shocked to hear his voice. "How come you never spoke before?" they asked. Johnny replied, "Up until now, everything was perfect."
What's Johnny trying to tell you? Maintain a clear dialogue with business management to understand what the business needs. When IT services are in perfect harmony with business objectives, you may never hear a word. But you certainly will hear many words loud and clear when a service failure leads to business disruptions. A much better policy is to take a proactive approach to demonstrate that IT management is paying attention. Good IT governance doesn't happen by accident.
Having a lot of oversight and collaboration with the business is important, but it won't be enough if you can't meet your goals. You need to measure results by monitoring IT goals based on business goals, such as whether customer complaints went down by 10 percent or the company increased sales by installing customer kiosks at all its stores.
In this book, we don't focus on how well your servers are performing in your data center. The reality is that management cares about the business results and making sure that the supporting characters, such as the data center, do their parts.
Don't get too comfortable, though: It isn't enough to monitor performance in isolation. In the corporate world, many organizations advance performance and achieve compliance by increasing automation, but automating everything makes it easy to lose sight of the human element in managing service the right way.
Warning
Standardization and automation help remove some risk and potential for error, but not all of it, because employees and other businesses stakeholders make decisions every day that put companies at risk. No amount of control in the health care industry, for example, ensures that patients will be given the correct medicines 100 percent of the time. The human element plays a big role in all governance issues.
Making governance work requires a combination of the following:
Automation
Optimization of processes
Focus on KPIs
Attention to the human element
This work sounds hard − and it is − but leveraging standards and best practices can help, as we discuss in the following section.
Note
People and groups have countless opportunities to make mistakes − deliberate or unintentional − that interfere with adherence to corporate, industry, and government rules and policies. No company can expect technology to correct for or protect against all instances of human error or fraud. Increasing use of IT service management in combination with increased standardization and automation of workflows, however, can help organizations govern with confidence.
Putting IT governance into action by following industry best practices helps you manage IT services with greater control and consistency. To put IT governance into action, your company should develop its own best practices, such as the following:
Define the process flows. The process must do these two things:
Involve both business and IT professionals at three levels: corporate, departmental, and IT.
Measure how effectively each service delivers business value. This measurement helps you answer questions about meeting service-level agreements (SLAs), such as whether IT understands the business process well enough to set up SLAs that make sense and whether it can meet SLAs in such areas as mean time to repair.
Identify the roles and responsibilities of everyone involved. Companies typically establish best practices by learning from mistakes. False starts in service management strategies are likely to be associated with inappropriate plans for change. You should know how you will implement a consistent change management process with tighter communication among all parties who need to know about the change. In addition, you should be proactive about change, such as requiring submission of notice about a service change early enough to decrease incidents associated with the change.
Tip
For more insight into the service management and IT governance strategies of real companies, we suggest that you read the case studies in Part V of this book.
The following sections discuss several important IT governance best practices.
Note
It's important for IT to understand two things: the objectives of the business and the effect of service disruptions or outages on these objectives.
Creating a governance board consisting of representatives of corporate, departmental, and IT management will help encourage communication − the kind necessary to link IT service management and the business.
This governing body should be an ongoing concern that has authority across the enterprise and that has a mechanism for communicating business-objectives changes to the IT folks who manage the services.
Many companies implement a service dashboard, which holds the different services and shows how your performance measures up to your goals. In addition to leveraging the governance board (refer to the preceding section), your team can use the dashboard to answer the following types of questions:
How are we performing according to our established KPIs?
How does our performance now compare with last week's or last year's?
What are the goals of our KPIs?
What are we aiming for?
Are rules and processes implemented correctly?
Does each service meet technical standards?
Many organizations use a service catalog as a record of IT services. The catalog can include information like the following:
Whom to contact about a service
Who has authority to change the service
Which critical applications are related to the service
Outages or other incidents related to the service
Information about the relationships among services
Documentation of all agreements between IT and the customer or user of the service
A banking institution's service catalog, for example, may contain information about the company's online banking service, the KPIs for that service, and the SLAs between IT and the online banking business. If an outage occurs, the bank's IT service management team can read the service catalog to locate the root cause of problems with the service.