IT governance has always been a challenge for corporate technology organisations and best practice frameworks such as the process-focused COBIT or service level-oriented ITIL can deliver much-needed operational rigour.
But not always.
IT benchmarking and analytics firm Compass recently analysed 15 client engagements over the past two years and found that while some IT organisations had pockets of maturity, by and large the process improvement tools embraced by CIOs to improve IT efficiency often yield limited and potentially negative results.
Compass found that it was often an external IT service provider implementing the ITIL and COBIT practices. "It's typically the outsourcers who have the process expertise," says Chris Pfauser, principal consultant with Compass. "Service providers push process improvement initiatives because it allows them to drive repeatability and standardisation across multiple clients, and thereby deliver services more efficiently. Mature, repeatable processes are also often an area where clients really struggle and outsourcing can be a path to mature and even transform their processes internally and with the business."
Don't do ITIL for the sake of it
Unfortunately, most of the time these process improvement efforts are implemented in isolation from the business simply for the sake of certification or compliance, says Pfauser. As a result, the business is not sufficiently engaged for the governance initiative to succeed. "Clients will bring a service provider in and ask them to 'implement ITIL,' and then assume their job is don," Pfauser says. "But if the changes are imposed by a third party, there's little incentive for the client-and especially the business-to be compliant. The initiative becomes a set of bothersome rules and procedures to follow with no apparent benefit.
Even worse, Pfauser says he's seen many cases were "process improvement" was limited to defining rules and guidelines. "This can lead to a 'hot potato' culture that focuses on documenting activity, following the rules, and passing tasks down the line, rather than on getting things done," he says. "True enterprise-wide process maturity is characterized by clear activities, functions, roles and responsibilities, which enable the IT organisation to quickly address performance issues, identify root causes and prevent recurring problems."
And while these process improvement efforts on paper enable the outsourcing provider to standardise and rationalise service delivery across multiple customers efficiently and cost effectively, that ROI may never materialise. "If you don't have that client buy-in, what typically happens is that the service provider ends up having to circumvent the process rules in order to get things done, resulting in duplication of effort and increased costs."
IT has to drive process improvement
Process improvement initiatives can work in an outsourced environment, says Pfauser, but the customer has to take the wheel. "The client-retained organisation must drive the change with the service provider and establish effective controls and governance to make it successful." The must also focus on the big picture rather than simply defining rules and reporting results. "Top-performing organisations are refining their metrics and key performance indicators to measure the end-to-end process and improve results rather than simply track activity. "
Mature IT governance processes are more important than ever, Pfauser added. Process discipline is required effective demand management in an era of cloud computing and utility pricing models. A clearly defined service catalogue that lays out the cost and composition of each unit of IT service allows the business to see what's being consumed and enables IT to see what's being delivered-and manage their IT usage accordingly, says Pfauser.