ITIL Goes Strategic

ITIL is an acronym that some CIOs don’t understand well. If they’re aware of the IT Infrastructure Library, it’s in the context of two of the library’s books that provide guidance on improving help desk services (such as handling support requests) and on improving IT operations (such as managing software changes within the data center).

In other words, ITIL is something that the operations staff uses. But the IT Infrastructure Library—the set of practices and service approaches outlined in a series of guides and supported by a host of toolkits, certifications, consultancies and user groups—can do more than serve as a best-practices framework for solving specific operational needs.

A growing number of CIOs are using ITIL to achieve better business alignment. For them, ITIL helps create operational consistency across multiple departments and locations, as well as with contractors and suppliers. It helps IT focus on delivering service to business units and customers, not just delivering technology. “The old model is that success is fulfilling a requirement or delivering on schedule. ITIL says success is based on whether the business value is where it needs to be,” says Jo Lee Hayes, vice president of enterprise technologies at SLM, the mortgage lender known as Sallie Mae.

As Rudy Wedenjoa, director of enterprise operations management at General Motors, puts it, “ITIL cares about how to organize the chaos of operations.” GM saw the use of ITIL as critical to ensure both operational consistency and a focus on service delivery when the company sought to move from a single IT contractor model (involving its former EDS subsidiary) to a global, multiple-supplier outsourcing model to handle its IT needs. GM realized that the various suppliers, as well as GM’s own IT staff, would need a common language and viewpoint to deliver consistently, Wedenjoa says.

To date, however, ITIL has come under some fire for telling IT departments what to change but not how. And its independent volumes have caused many organizations to apply ITIL only to a few operational areas, missing the larger benefits possible. An updated version, due by June, promises more real-world examples, best-practice models and metrics—and emphasizes the entire IT lifecycle and ROI issues, as opposed to narrow operational issues. CIOs say the change is welcome.

Get Out of Reactive Mode The current version of ITIL, version 2, consists of eight books, each offering a framework for a specific IT operational process. Most organizations use just two—the Service Support and Service Delivery books—in a tactical way, to improve their help desk operations through better incident and problem management.

Some organizations also use the books to improve their change-management efforts, notes Ed Holub, a Gartner research director. Although these are natural areas for IT to try to fix, especially organizations mired in constant fire fighting, something more substantial has to happen before IT can become a business enabler rather than a back-office support organization, says John Sansbury, head of practice for service management at the Compass consultancy. IT organizations should prevent the problems from occurring in the first place, Sansbury says: “About 70 percent of incidents [problem reports] are caused by poorly controlled change. ITIL helps create the control.”

Independent ITIL consultant Malcolm Fry agrees: “Looking for root causes is now important—you just can’t keep fixing things.” That’s why Rich Taliani, vice president of IT at Guardian Life Insurance, has promoted the use of ITIL. “We’re trying to get out of the reactive mode.” He notes that ITIL helps create a consistent level of process across the organization by creating a standard methodology to apply within IT (including language). However, many organizations have missed or ignored ITIL’s other aspects, such as financial management (such as determining the cost of implementing a change), capacity management, software asset management, lifecycle configuration management and license change management, says Fred Broussard, a research manager at IDC, a sister company to CIO’s publisher. One reason: The current ITIL presentation, says Fry, is “more focused on projects than on the lifecycle.”

Recognizing that many organizations view ITIL tactically, in a limited fashion and often at a lower organizational level than the CIO office, the U.K. Office of Government Commerce (ITIL’s creator) has revamped ITIL. The updated version, composed of five core books, integrates more material and presents a more IT lifecycle–oriented framework that further emphasizes ROI and other business values. It should make ITIL’s broad applicability more obvious.

But organizations already have to view technology from a lifecycle perspective to make the connection, notes SLM’s Hayes. “If you don’t have horizontal thinking, you will have a very difficult time adopting ITIL,” she says.

The new library will also have more real-world examples and best-practice models, as well as metrics. These changes should help overcome previous ITIL books’ general guidance, which many companies found difficult to translate to their specific needs, says Compass’s Sansbury.

“The current ITIL tells you what but not how, which is pretty important,” notes IDC’s Broussard. “It lacks a lot of detail; it’s very descriptive but not prescriptive,” says Hayes.

And the new version will cover how to apply ITIL principles in outsourced operations, something the current version gives scant attention to, Sansbury adds. That’s critical for companies like GM that outsource much of their IT operations, and for companies that rely on vendors to develop key processes in their applications rather than do this work in-house.

Make IT Service-Minded

One hope for the new version is that it will speak more to the CIO and other senior IT executives so that they see ITIL’s utility and begin promoting its approaches and even demanding them across their organizations, says consultant Fry. “The CIO can pick up a book to better understand the operations specifically for, say, change management, an area that he may have no experience with,” he says.

“You can’t take for granted that if the IT managers are taking care of the operations you don’t have to worry about it as CIO,” says David Wheeldon, director of service management at Hewlett-Packard Education EMEA, UK, and coauthor of the new ITIL book on Service Operations.

But that doesn’t mean the CIO should become the hands-on manager for that issue. “I’ll read the new ITIL, but I won’t figure out how to modify my systems for it,” notes Hayes. “But I will aggressively ask how my vendors are going to modify their systems for it,” she adds. Similarly, a CIO should push IT operations managers on how they’re using it.

Overall, a CIO should use the new ITIL books to set the goals for being a service-oriented organization, develop the metrics to assess whether the operational goals are being met and help develop or buy the processes that help the IT organization make the shift, Fry recommends.

“ITIL drives the strategic direction that IT is about services,” says George Spalding, a vice president at the consultancy Pink Elephant and coauthor of the new ITIL book on Continual Service Improvement. “And it provides a definition of success,” he adds.

This shift to service orientation is particularly critical for companies constantly fighting technology fires, which causes executive management to question the CIO’s abilities and prevents a view of IT as a business enabler from taking root.

“No one cares about the CIO’s strategic vision,” if the help desk stinks, Spalding says. And as more and more customer-facing processes become automated, tolerance for poor service plummets. “CIOs don’t have room for error any more,” Fry says. Using ITIL, a CIO can “ask a pile of questions for real change,” he notes. For example, you might ask whether an IT effort changes capacity requirements, has a recovery strategy built into it and has realistic service-level agreements—all lifecycle issues often neglected if you’re focused on delivering technology.

Improve the Big Picture A CIO also can integrate ITIL approaches as part of a cohesive services effort, Fry notes. For example, the Control Objectives for Information and related Technology (Cobit) standard provides a complementary framework for developing policies around service requirements and controls, Six Sigma focuses on repeatable processes, and Capability Maturity Model Integration (CMMI) focuses on improving technical and managerial maturity. Using all of these could help the IT organization succeed as a business enabler across the board. Using ITIL in a vacuum, IT might improve operations but let poor controls continue and miss chances to generate new business, consultants say.

Conversely, says Fry, an organization pursuing these other approaches but not ITIL risks having an operational foundation that can’t support the maturity achieved elsewhere. You don’t have to use all these methodologies to succeed, but an organization tackling improvement holistically should do better than one that treats these as one-off efforts, he says.

An understanding of ITIL will also help a CIO deal with a request from IT operations managers for a configuration management database (CMDB), meant to track both the components and the relationships among them for the software, hardware and other aspects of IT systems. The goal of a CMDB: help IT identify up front the implications of proposed changes—from new hardware to a software patch—on the entire system, then resolve the issues before implementing the changes.

The CMDB concept is coming into vogue both because vendors are offering CMDB tools and because it’s a natural next step in the ITIL process after an organization has resolved incident and support management problems. However, a CMDB is a big investment that involves significant process change, technically and politically. Understanding how a CMDB fits into the operational improvement that ITIL promotes will let the CIO assess whether the organization is actually ready to implement a CMDB, or whether work is needed to provide the right process and cultural foundations.

That’s a calculation that Guardian’s Taliani is now making. Guardian split its ITIL efforts into two phases, the second of which will require a CMDB—but before committing, Taliani wants to ensure it will be used effectively. So he’ll make sure ITIL adoption is deep before deciding. (With shallow adoption, IT people could revert to old practices as demands increase, he points out.) If the ITIL adoption takes root at Guardian, he expects to commit to at least a basic CMDB effort.