The good news about adopting best practices is that organisations aren’t limited to one method. The bad news is that companies will most likely need to adopt more than one best-practice framework — or at least parts of many — if they want a complete, effective set of management process guidelines.
A related concern is that when network managers realise that multiple standards may be required to achieve their goals, they may become overwhelmed trying to discern the differences among popular frameworks.
Best-practice frameworks such as IT Infrastructure Library (ITIL) and Control Objectives for Information and related Technology (COBIT) have been around for years. For the most part, these frameworks should bring consistency and efficiency to the various aspects of IT, such as application development, helpdesk, network operations, security, service delivery and service support.
Other gains are the cost cuts and labour reductions that result when an IT shop deploys processes to which all staff members adhere. Best-practice nirvana occurs when IT is able to align with business by helping network managers translate their services into business terms and assign a business-relevant priority to their tasks.
According to Forrester Research, best-practice frameworks will see broad adoption in 2006. The firm suggests that in many cases, ITIL and COBIT — along with the Capability Maturity Model (CMM) and ISO 17799 — should be adopted in concert. ITIL addresses service delivery and support, COBIT covers the broadest spectrum of IT governance and CMM, which is used frequently by application developers, shows how IT shops rate in terms of maturity compared with best-known processes. ISO 17799 proposes security management measures.
“Most of these frameworks are not mutually exclusive and are most effective when used in combination with one another,” says Forrester analyst Craig Symons. “The road to a comprehensive IT governance framework involves understanding the differences between the frameworks and when to apply each framework.”
Which frameworks an organisation starts with depends on its goals. Many industry experts say even though ITIL is quickest to deliver incremental results, COBIT is a good place to start. COBIT can help IT shops prove they are performing the processes laid out in the other frameworks and is a common tool for auditors.
“COBIT is focused on governance, and if you are a higher-level IT manager concerned with overall corporate governance, this is the best place to start,” says John Worthington, an independent ITIL consultant. “If you are purely focused on IT and have a specific area to control, you may start with ITIL, but it’s likely the two initiatives would come together eventually.”
Brian Childers, an independent IT service management consultant and a board member with the US-based IT Service Management Forum (which supports ITIL standards), adopted COBIT reluctantly during an IT process implementation at Earthlink, where he used to work. A big supporter of ITIL’s tenets, Childers didn’t want to explore the possibility of linking his process plans with those of COBIT. “I was adamant that I didn’t want COBIT,” he says. “But there was a gap in our plans to roll out two ITIL processes — change and release management — and COBIT addressed the hole because it provided specific audit guidelines that mapped directly to what auditors want.”
He says Earthlink was able to sign off on its Sarbanes-Oxley compliance in September 2004, a few months ahead of the December 2004 deadline, because the combination of ITIL and COBIT helped its IT staff to better define and then prove their processes were in place.
Lenny Monsour, product management director at SunGard, reports a similar scenario, in which the use of one framework — ITIL — led him to get certified in another, ISO 9001, which defines the requirements for a quality-management system. Monsour started to put ITIL’s change management processes in place about 18 months ago and found that by also rolling out an automation platform he could achieve ISO compliance as well.
Two years ago Kent Joshi had an external consulting firm advise him to put best practices in place to govern IT operations at Washington Mutual Bank. Joshi, the bank’s IT vice president, soon realised the suggested processes, which laid out many fundamentals Joshi deems critical, still lacked the specific processes he would need to synchronise IT services with business demands. “We realised that without a strong service-level management [SLM] process in place, we weren’t instilling practices that addressed IT’s interaction with our customers,” he says.
Joshi says that before exploring the SLM guidelines, which ITIL lays out at a high level, his organisation would have multiple IT staff contacting customers and suggesting fixes for their problems. But without well-defined processes, the IT staff would provide only a piece of the necessary service and in a manner that couldn’t be measured. The business unit would be left unsatisfied and the IT staff would be left “scratching their heads” as to why their efforts didn’t achieve the goal, he says.
“ITIL’s SLM [process] places itself between the two areas: [It expresses] customer requirements in terms the business understands and in IT terms for my staff,” he says. “And it helps you to figure out a measurable way to prove you delivered the services.”
Despite the known benefits of frameworks, network managers should be wary of falling victim to “standards slavery”, says Jon Vromat, a best-practice consultant with Hewlett-Packard in Detroit.
“IT organisations often think they have to take it all on at once, and then [they] fail. Adopting frameworks is more like eating an elephant; to be successful, you have to do it in digestible chunks,” he says.