Service management, as defined by the Information Technology Infrastructure Library (ITIL®) is a complex topic that takes individuals years to master. While individuals may have difficulty mastering all aspects of the ITIL framework, much less the more esoteric parts, organizations often have significant difficulty understanding how the ITIL best practices fit into their environment. ITIL consists of five core books, with each book focusing on a specific stage of the lifecycle approach to service management. The five core books are very detailed, complex, and at times difficult to understand. It is easy for both individuals and organizations to become overwhelmed with all of the detail provided in the ITIL books.
As a result of these challenges, individuals often experience difficulty in effectively understanding and applying the various ITIL best practices, and organizations often fail to realize an acceptable return on investment from their service management initiatives. One thing that can help both individuals and organizations is approaching ITIL with a simple, clear understanding of the best practices utilizing a common theme.
One simple way to understand ITIL by utilizing a common theme is called the "ABCs of ITIL." The ABCs stand for:
ITIL provides numerous best practices that help organizations establish, manage, and maintain accountability, boundaries, and consistency in an organization, resulting in increased quality and cost-effectiveness.
This white paper will describe the concepts of accountability, boundaries, and consistency (the ABCs); discuss how ITIL helps establish, manage, and maintain the ABCs; how the ABCs relate to quality and cost-effectiveness; and how individuals and organizations can communicate ITIL in a simple way using the ABCs.
Accountability refers to the assumption of liability, answerability, and responsibility for personal and organizational actions, policies, decisions, and behaviors. With respect to service management, accountability includes the explicit agreement to understand, describe, and be liable for personal and/or organizational outcomes, regardless of whether the outcomes are desired or unacceptable.
For example, an organization's service desk receives a call from a user notifying them of an interruption to service. A user is unable to perform critical reporting functionality in a key business application. The service desk agent receiving the call, following the organization's policy, opens an incident on behalf of the user in the company's service management ticketing system. The service desk agent attempts some basic troubleshooting with the user on the phone, to no avail. The service desk agent informs the user that their incident will be escalated to the next level of support for investigation and resolution. The service desk agent then concludes the call with the user, and moves on to other work.
In this simple example, who is accountable for restoration of service to this user? Is it the user, the service desk agent, or the person at the next level of support that takes the escalation?
Ideally, accountability should be clearly defined, and handled according to a specific set of rules in all situations. In this case, the single point of contact for reporting incidents should be accountable for the incident from open to close. In other words, the user should feel assured that once they've reported the incident to the service desk, the interruption in service has been documented and will be handled according to the organization's prioritization policies. Organizations that fail to leave their customers and users with that level of assurance are making the enterprise less efficient.
Furthermore, the simple example above illustrates an important concept in the world of service management. That concept is that accountability and responsibility, where it makes sense, are often handled by different people. In the case of incidents, particularly those that the service desk cannot directly resolve, it is the job of the service desk to marshal the necessary resources to resolve the incident and restore service, and to be accountable for the overall handling of an incident that may in fact involve many different people and groups. This is different from some aspects of responsibility, such as the escalation to the next level of support, whom we can presume are performing activities to restore service to this user.
It is very important that the user in this case has a single point of accountability that can provide information about the status of the incident, as it affects working behavior of that user, and consequently impacts business objectives. The most common-sense single point of accountability in this case is the service desk, which is what ITIL recommends; however, that single point of accountability might not be responsible for any of the work resulting in restoration of service. The typical service desk is busy handling many calls and requests, and has to be adept at engaging the correct resources when needed to restore service, rather than necessarily being good at resolving all incidents themselves.
Accountability is something that shows up in everyday life, as does the separation of accountability and responsibility. For example, I am accountable for my child's education, however, he is responsible for completing his schoolwork.
A boundary refers to a dividing line or something that separates two or more discrete objects. Amongst many other types of boundaries, ITIL encourages an organization to view its information technology (IT) in the form of a "service."
According to ITIL, a service is "a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks." Services are defined by the specific utility, or functionality, they offer, as well as the specific warranty, or quality of service, provided. Only when the utility of a service is fit for purpose and the warranty of a service is fit for use does a service provide value.
Services then, are boundaries which are defined based on the specific type of functionality they offer, as well as the specific levels of quality constraints against which that functionality is provided.
Individuals and organizations often face various challenges when the services they offer are not well bounded. A well-bounded service is one that is clearly defined; has clear and achievable service level targets and measurements; and lets the customer focus on the value provided, while the service provider manages and supports the underpinning technical details.
An organization with poorly defined boundaries, in the form of services, will often experience difficulty with exactly what level of support is provided for which specific activities, measuring important service-related activities, and managing the financial aspects associated with a specific set of organizational functionality.
For example, many organizations provide "desktop support" as a service throughout the enterprise. Organizations that clearly define the service-related aspects of a desktop support service, and clearly communicate these aspects to customers and user, often are better able to control the costs and quality of the service compared to other organizations with weaker service boundaries.
In the absence of effective boundaries, organizations can find themselves supporting things that they're not equipped to manage; managing services with less budget than required; or worse, being replaced with a service provider that provides effective boundaries and a means of engagement with customers and users.
Some boundaries exist in common sense and practical use. For example, in a parking lot, lines are typically marked which help guide drivers when parking their vehicles. ITIL helps an organization understand, establish, manage, and maintain many of these common sense boundaries, as well as boundaries that might seem more esoteric to those not directly involved in IT activities. Furthermore, the effective establishment, management, and maintenance of various boundaries is a hallmark of many best practice bodies of knowledge, including project management, development, and other activities important to organizations.
Consistency refers to doing an activity the same way every time it's performed. ITIL encourages organizations to take a process-based approach to managing IT services, because following a defined, predictable, repeatable process, leads to defined, predictable, and repeatable results, at a defined, predictable, and repeatable level of cost. Consistency leads to the ability to automate some repetitive activities, which is one way that organizations can control cost.
For example, an organization has a process called "server provisioning," which results in a new server being deployed in a datacenter for business use. Currently, the server provisioning process takes 112 days to deploy a new server. Obviously, this is too long for the business to wait for a new server, and so the business decides to use its own budget to buy and support its own servers. In the best case, this means that the organization now has two, completely different service provisioning processes that are producing different results at different levels of cost and supportability. In this situation it is only a matter of time before something dramatic happens that significantly impacts a vital business function in this organization.
Consistency is the delivery of predictable, repeatable results, following predictable and repeatable sets of activities. It's often difficult for an organization to move very far beyond the startup stage without some level of consistency based on a predictable set of repeatable processes. World-class organizations have figured out how to harness the power of consistency in many things they regularly do, from normal daily handling of incidents and request, to how new employees are trained for specific roles.
Organizations that regularly attend to accountability, boundaries, and consistency experience two basic benefits that encompass the types of benefits that most organizations are interested in achieving. The two basic benefits are cost-effectiveness and quality.
Cost-effectiveness refers to wisely spending money to achieve organizational objectives. This is not to be confused with arbitrary cost-cutting. Being cost-effective entails weighing options and making wise choices with an organization's limited financial and other resources. Organizations that properly establish, manage, and maintain accountability, boundaries, and consistency throughout their organizational activities tend to be more costeffective than organizations that have less control over their limited resources.
Quality refers to conformance to requirements. When something, such as a service, conforms to requirements, it will be perceived by customers as having a high level of quality. Quality directly contributes to the outcomes that an organization, and that organization's customers, are able to achieve. Organizations that properly establish, manage, and maintain accountability, boundaries, and consistency tend to produce higher-quality results more in line with customer expectations.
Some organizations, and leaders within organizations, are often unable to carefully define the benefits they expect to receive from their service management initiatives and investments. At their highest level, benefits can be categorized as either been related to cost-effectiveness, quality, or both. More specifically, the ITIL books help organizations to understand the specific benefits that can be gained through following the best practices in specific lifecycle stages and process areas. ITIL goes to great lengths to document "value to the business" throughout the core books.
First, all organizations have limited resources, both financial and otherwise, and must make wise choices about how to allocate those resources. Defining clear rules promoting accountability, establishing boundaries, and encouraging consistency tends to help organizations effectively allocate those limited resources in ways that result in higher return on investment. The failure to recognize, and take action around effectively managing limited resources is one of the main reasons my many service management initiatives and other projects fail (often called "scope-creep" in the world of project management).
Second, in the absence of clearly defined accountability, diffusion of responsibility occurs. Diffusion of responsibility is a well-researched social psychological phenomenon whereby an individual is less likely to take action in a given situation when others are present. Naturally, people "assume" that someone else is taking the action. For example, if a person witnesses a car accident, the ideal thing to do is to notify emergency services; however, research has shown that in such a situation people will often take no action, and assume that someone else is notifying emergency service. This is important for IT organizations because many of the processes used to support services are complex, and those processes can fail due to handoffs not happening properly or because individuals are not clear about who is accountable for what. In the absence of clear accountability, individuals tend to attribute ownership to others.
Third, organizations that are inconsistent are confusing to customers and users. When customers and users are confused, their satisfaction is diminished, and when satisfaction is diminished, other available alternatives could be taken. Imagine a utility company such as an electrical provider being inconsistent in its delivery of power. This is something we don't often worry about in the West, but many parts of the world do. In the West, a utility company that provided irregular delivery would, in the absence of government protections, be very quickly be competed out of the market.
There are multiple ways that the ITIL best practices help organizations establish, manage, and maintain accountability in an organization. In this section, we will present three of the more common aspects of accountability described by the ITIL best practices.
First, ITIL encourages the clear definition of ownership of things that are significant to the organization, with the role of "owner" typically holding accountability. For example, ITIL describe the role of process owner for every process, which includes being accountable that a process produces the outputs that it's intended to produce, and that it's being carried out according to the agreements established within the organization. Additionally, ITIL encourages that services should have service owners. Service owners hold overall accountability for one or more specific services, and are accountable for the delivery of services under their purview. Accountability, as defined by ITIL, is always singular, because asking two people to be accountable for the same thing typically results in finger pointing and blame.
Second, ITIL helps organizations improve the handling of the risk associated with change by resting the authorization for change in clearly defined change authorities. According to ITIL, a change authority can be a person, a specific role, or a group of people who are empowered to authorize a specific category of change. In fact, ITIL provides an excellent breakdown of how as the risk of a change increases, the level of authority to authorize that change increases as well. Organizations that are able to effectively empower change authorities tend to produce higher volumes of successful change.
Third, ITIL is very clear in the Service Operation book that the service desk is accountable for all incidents throughout their lifecycle in that incident ownership remains with the service desk at all times. Organizations that clearly rest incident ownership with their service desk tend to experience reduced cost associated with handling incidents as well as higher customer and user satisfaction by not losing track of incidents because of unclear accountability.
ITIL provides numerous best practices and guidelines that help organizations effectively configure, establish, and manage boundaries. In this section, we will discuss three ways that ITIL promotes the definition of boundaries.
First, ITIL encourages organizations to think about their IT in the form of services. Services are a way of describing a boundary between the enjoyment of the value produced by a service, and the technical aspects of providing a service that are done by a service provider. An effective service clearly defines how a customer engages with a service; what the costs are, if any; and how the service is measured, amongst other aspects. The boundary of a service describes how a customer interacts with that service in terms of inputs provided, as well as the outputs the customer receives from the service.
Second, ITIL promotes the definition and assignment of clear roles. Roles are ways of allocating various activities, responsibilities, and accountabilities in organizations. For example, the role of process manager involves responsibility for the operational management of a specific process. In the absence of such as role, organizations can become inefficient when customers and others in the organization don't know who is doing what, or who is supposed to be doing which activities. ITIL promotes using the RACI tools as a way of allocating how specific roles are involved in various important activities in an organization, resulting in clearly defined boundaries with respect to what a role does and does not do.
Third, ITIL encourages organizations to view services from a standpoint of return on investment in the form of a service portfolio. A service portfolio contains three components: the service pipeline, the service catalog, and retired services. Each of these components has separate boundaries, which respectively define the future, present, and past of services in the organization. A service portfolio can be thought of as a way of putting a boundary around what an organization has under development, what it currently offers to its customers and users, and what services were once offered but have become obsolete. The boundary of a service portfolio is important so that organizations focus their limited resources on those services that provide the most acceptable return on investment, while continuing to invest in the development of new services such that the organization remains aligned with overall enterprise goals and objectives.
The primary method that ITIL uses to encourage consistency is through the definition and management of processes for various service management activities. The purpose of a process is to define a series of repeatable steps that can be performed consistently, at a predictable level of cost, in order to produce a consistent and predictable result. There are several specific methods that ITIL uses to encourage a consistent approach to managing IT services.
First, ITIL encourages the definition of various models for common, well-understood, repeatable activities. For example, change models can be defined when the organization is aware of a specific type of change, and has a good understanding of the steps that regularly occur to perform that specific change. Additionally, ITIL encourages organizations to define request models for commonly offered requests, incident models for common and well-understood incident, and problem models that define specific actions for handling problems. These models are intended to ensure a consistent approach to handling those specific activities when they are encountered.
Second, ITIL encourages automation of repetitive activities where it makes sense. For example, request fulfillment often involves repetitive, well-understood activities that can be built into an automation platform and performed with intervention from the service provider. Consistency in this case is a way that organization can expand their breadth of covered of customer and user interactions without dramatically increasing their IT budget.
Third, ITIL defines orderly sets of activities for various service management processes. Take, for example, the incident management process. The incident management process as defined by ITIL is very mature, and specifies a series of steps used to ensure that service is restored as quickly as possible. Best practice indicates that when an organization follows the consistent set of steps given by ITIL when handling incidents, organizational objectives are likely to be met and business value generated.
Organizations that effectively establish, manage, and maintain the ABCs, tend to experience higher levels of quality and cost-effectiveness. Clear definition and effective management of accountability means less confusion about who is doing what, and who is answerable for various organizational activities and objectives. Organizations that define specific boundaries understand the things they support and do not support, and among other things are able to adequately prioritize their limited resources in support of organizational goals and objectives. Managing boundaries means controlling scope, and controlling scope often leads to success. Being consistent means that the organization is performing common activities the same way, and at the same level of cost every time they're done. Each of these factors has a significant impact on the quality of an organization's outputs, as well as how cost-effectively the organization provides and supports those outputs.
As previously mentioned, while an organization might find much of what ITIL promotes useful, one of the shortcomings of ITIL is that it can be very complex, very comprehensive, and difficult to effectively understand and communication. Communicating a common theme about ITIL, such as the ABCs, is important because it is one way that the leadership in the organization can get everyone aligned to the same level of understanding.
When communicating a theme like the ABCs of ITIL, it is best to do so using stories that everyone throughout the organization can relate to. Ideally, the story should illustrate some real situation that happened at some point in the organization.
For example, a good way to illustrate the ABCs of ITIL might be to describe a time when the organization experienced an IT outage and the financial and other impacts caused by that outage. Then, using the ABCs as a guide, communicate as part of the story aspects of accountability, boundaries, and consistency that were missing and how that affected the event and the organization. Furthermore, the story can be made stronger by describing how following ITIL best practices would have prevented or diminished the business impact that was caused.
When using this technique to communicate the ABCs of ITIL, one of the key aspects of effective communication is paramount—know your audience. It is useful to determine the various audiences in the organization, and to communicate the story in a way that is tailored to that specific audience. In some organizations it might be necessary to have multiple, different real-world examples to effective illustrate the ABCs of ITIL.
This white paper discussed a simple way to understand ITIL, in terms of what ITIL is good at; which is the establishment, management, and maintenance of accountability, boundaries, and consistency in support of customer outcomes. This white paper provided several examples of accountability, boundaries and consistency, and discussed ways that ITIL helps achieve the ABCs. Finally, this paper concluded with a brief discussion of an effective way to communicate the ABCs of ITIL using real-world examples relevant to a specific organization.
Michael Scarborough has worked in information technology since the late 1980s in various roles including direct hands-on operation of IT systems, leadership of complex projects, establishing multi-platform automation, management of information security projects, and adoption of service management best practices. He has helped numerous organizations in various industries adopt ITIL best practices and is an ITIL v2 Service Manager, an ITIL Expert, a PMP, and a CISSP. Michael currently helps large and small organizations make significant improvements through adoption of ITIL best practices and regularly delivers ITIL training at all levels on behalf of, and is the ITIL Portfolio Course Director for Global Knowledge.