ITIL is an acronym that some CIOs don\u2019t understand well. If they\u2019re aware of the IT Infrastructure Library, it\u2019s in the context of two of the library\u2019s books that provide guidance on improving help desk services (such as handling support requests) and on improving IT operations (such as managing software changes within the data center).\n\nIn other words, ITIL is something that the operations staff uses. But the IT Infrastructure Library\u2014the set of practices and service approaches outlined in a series of guides and supported by a host of toolkits, certifications, consultancies and user groups\u2014can do more than serve as a best-practices framework for solving specific operational needs.A growing number of CIOs are using ITIL to achieve better business alignment. For them, ITIL helps create operational consistency across multiple departments and locations, as well as with contractors and suppliers. It helps IT focus on delivering service to business units and customers, not just delivering technology. \u201cThe old model is that success is fulfilling a requirement or delivering on schedule. ITIL says success is based on whether the business value is where it needs to be,\u201d says Jo Lee Hayes, vice president of enterprise technologies at SLM, the mortgage lender known as Sallie Mae.As Rudy Wedenjoa, director of enterprise operations management at General Motors, puts it, \u201cITIL cares about how to organize the chaos of operations.\u201d GM saw the use of ITIL as critical to ensure both operational consistency and a focus on service delivery when the company sought to move from a single IT contractor model (involving its former EDS subsidiary) to a global, multiple-supplier outsourcing model to handle its IT needs. GM realized that the various suppliers, as well as GM\u2019s own IT staff, would need a common language and viewpoint to deliver consistently, Wedenjoa says.To date, however, ITIL has come under some fire for telling IT departments what to change but not how. And its independent volumes have caused many organizations to apply ITIL only to a few operational areas, missing the larger benefits possible. An updated version, due by June, promises more real-world examples, best-practice models and metrics\u2014and emphasizes the entire IT lifecycle and ROI issues, as opposed to narrow operational issues. CIOs say the change is welcome.\n\nGet Out of Reactive Mode\n The current version of ITIL, version 2, consists of eight books, each offering a framework for a specific IT operational process. Most organizations use just two\u2014the Service Support and Service Delivery books\u2014in a tactical way, to improve their help desk operations through better incident and problem management.\n\nSome organizations also use the books to improve their change-management efforts, notes Ed Holub, a Gartner research director. Although these are natural areas for IT to try to fix, especially organizations mired in constant fire fighting, something more substantial has to happen before IT can become a business enabler rather than a back-office support organization, says John Sansbury, head of practice for service management at the Compass consultancy. IT organizations should prevent the problems from occurring in the first place, Sansbury says: \u201cAbout 70 percent of incidents [problem reports] are caused by poorly controlled change. ITIL helps create the control.\u201dIndependent ITIL consultant Malcolm Fry agrees: \u201cLooking for root causes is now important\u2014you just can\u2019t keep fixing things.\u201d That\u2019s why Rich Taliani, vice president of IT at Guardian Life Insurance, has promoted the use of ITIL. \u201cWe\u2019re trying to get out of the reactive mode.\u201d He notes that ITIL helps create a consistent level of process across the organization by creating a standard methodology to apply within IT (including language). However, many organizations have missed or ignored ITIL\u2019s other aspects, such as financial management (such as determining the cost of implementing a change), capacity management, software asset management, lifecycle configuration management and license change management, says Fred Broussard, a research manager at IDC, a sister company to CIO\u2019s publisher. One reason: The current ITIL presentation, says Fry, is \u201cmore focused on projects than on the lifecycle.\u201dRecognizing that many organizations view ITIL tactically, in a limited fashion and often at a lower organizational level than the CIO office, the U.K. Office of Government Commerce (ITIL\u2019s creator) has revamped ITIL. The updated version, composed of five core books, integrates more material and presents a more IT lifecycle\u2013oriented framework that further emphasizes ROI and other business values. It should make ITIL\u2019s broad applicability more obvious.But organizations already have to view technology from a lifecycle perspective to make the connection, notes SLM\u2019s Hayes. \u201cIf you don\u2019t have horizontal thinking, you will have a very difficult time adopting ITIL,\u201d she says.The new library will also have more real-world examples and best-practice models, as well as metrics. These changes should help overcome previous ITIL books\u2019 general guidance, which many companies found difficult to translate to their specific needs, says Compass\u2019s Sansbury.\u201cThe current ITIL tells you what but not how, which is pretty important,\u201d notes IDC\u2019s Broussard. \u201cIt lacks a lot of detail; it\u2019s very descriptive but not prescriptive,\u201d says Hayes.And the new version will cover how to apply ITIL principles in outsourced operations, something the current version gives scant attention to, Sansbury adds. That\u2019s critical for companies like GM that outsource much of their IT operations, and for companies that rely on vendors to develop key processes in their applications rather than do this work in-house.\n\nMake IT Service-Minded\nOne hope for the new version is that it will speak more to the CIO and other senior IT executives so that they see ITIL\u2019s utility and begin promoting its approaches and even demanding them across their organizations, says consultant Fry. \u201cThe CIO can pick up a book to better understand the operations specifically for, say, change management, an area that he may have no experience with,\u201d he says.\u201cYou can\u2019t take for granted that if the IT managers are taking care of the operations you don\u2019t have to worry about it as CIO,\u201d says David Wheeldon, director of service management at Hewlett-Packard Education EMEA, UK, and coauthor of the new ITIL book on Service Operations.But that doesn\u2019t mean the CIO should become the hands-on manager for that issue. \u201cI\u2019ll read the new ITIL, but I won\u2019t figure out how to modify my systems for it,\u201d notes Hayes. \u201cBut I will aggressively ask how my vendors are going to modify their systems for it,\u201d she adds. Similarly, a CIO should push IT operations managers on how they\u2019re using it.Overall, a CIO should use the new ITIL books to set the goals for being a service-oriented organization, develop the metrics to assess whether the operational goals are being met and help develop or buy the processes that help the IT organization make the shift, Fry recommends.\u201cITIL drives the strategic direction that IT is about services,\u201d says George Spalding, a vice president at the consultancy Pink Elephant and coauthor of the new ITIL book on Continual Service Improvement. \u201cAnd it provides a definition of success,\u201d he adds.This shift to service orientation is particularly critical for companies constantly fighting technology fires, which causes executive management to question the CIO\u2019s abilities and prevents a view of IT as a business enabler from taking root.\u201cNo one cares about the CIO\u2019s strategic vision,\u201d if the help desk stinks, Spalding says. And as more and more customer-facing processes become automated, tolerance for poor service plummets. \u201cCIOs don\u2019t have room for error any more,\u201d Fry says. Using ITIL, a CIO can \u201cask a pile of questions for real change,\u201d he notes. For example, you might ask whether an IT effort changes capacity requirements, has a recovery strategy built into it and has realistic service-level agreements\u2014all lifecycle issues often neglected if you\u2019re focused on delivering technology.\n\nImprove the Big Picture\n A CIO also can integrate ITIL approaches as part of a cohesive services effort, Fry notes. For example, the Control Objectives for Information and related Technology (Cobit) standard provides a complementary framework for developing policies around service requirements and controls, Six Sigma focuses on repeatable processes, and Capability Maturity Model Integration (CMMI) focuses on improving technical and managerial maturity. Using all of these could help the IT organization succeed as a business enabler across the board. Using ITIL in a vacuum, IT might improve operations but let poor controls continue and miss chances to generate new business, consultants say.\n\nConversely, says Fry, an organization pursuing these other approaches but not ITIL risks having an operational foundation that can\u2019t support the maturity achieved elsewhere. You don\u2019t have to use all these methodologies to succeed, but an organization tackling improvement holistically should do better than one that treats these as one-off efforts, he says.An understanding of ITIL will also help a CIO deal with a request from IT operations managers for a configuration management database (CMDB), meant to track both the components and the relationships among them for the software, hardware and other aspects of IT systems. The goal of a CMDB: help IT identify up front the implications of proposed changes\u2014from new hardware to a software patch\u2014on the entire system, then resolve the issues before implementing the changes.The CMDB concept is coming into vogue both because vendors are offering CMDB tools and because it\u2019s a natural next step in the ITIL process after an organization has resolved incident and support management problems. However, a CMDB is a big investment that involves significant process change, technically and politically. Understanding how a CMDB fits into the operational improvement that ITIL promotes will let the CIO assess whether the organization is actually ready to implement a CMDB, or whether work is needed to provide the right process and cultural foundations.That\u2019s a calculation that Guardian\u2019s Taliani is now making. Guardian split its ITIL efforts into two phases, the second of which will require a CMDB\u2014but before committing, Taliani wants to ensure it will be used effectively. So he\u2019ll make sure ITIL adoption is deep before deciding. (With shallow adoption, IT people could revert to old practices as demands increase, he points out.) If the ITIL adoption takes root at Guardian, he expects to commit to at least a basic CMDB effort.