Who's taking the ITIL bait?

In an industry known for its hype, it's understandably difficult for many managers to make heads or tails of new technology trends. In the case of ITIL (IT Infrastructure Library), however, a growing body of success stories confirms that this is one trend you should definitely be on top of.

Essentially a large how-to manual for getting your IT operations in order, ITIL has in recent years become a rallying cry for companies eager to convey their strong governance capabilities to auditors. Because the ITIL specification offers a broad range of both technology-dependent and technology-agnostic guidelines, careful adherence to its dictates offers as good a roadmap as any to helping businesses finally align their IT and business strategies.

This promise has proved more than enough to attract the interest of the world's largest companies -- and many of their smaller counterparts. The recent itSMF conference in Brisbane saw 528 attendees -- a 70 percent increase over last year and ten times the attendance at the first conference just four years ago. All are looking for a way to clarify the roles and responsibilities of their IT organisations, putting a broom through years of entrenched inefficiency and staff confusion about their proper roles and responsibilities.

Case studies highlighting the benefits of ITIL are starting to pile up: Victoria's widely watched State Revenue Office, for one, became fully ITIL compliant in August 2005 and cited the project as a major factor in slashing its IT budget from AU$12m to AU$10m a year while improving its overall capabilities and clarifying its IT vision.

In this feature, we highlight the experiences of four Australian organisations at various stages along their ITIL vision. Western Australia's St John of God Healthcare, for one, blew past its internal rate of return projections after using ITIL to standardise service delivery across 11 hospitals.

A New Zealand integrator used ITIL to begin the service improvement exercise that it believes will improve its service offering for customers on three continents. Deakin University has nearly tripled its IT support volumes without adding additional staff, while the Victorian Department of Education and Training has found ITIL to be a major part of its overall IT governance efforts.

Such benefits show the potential success awaiting companies that embrace ITIL and all that it stands for -- and things are about to get better still. The current ITIL v2, widely embraced and criticised at the same time for functional breadth but lack of specifics, is being reworked into a more comprehensive ITIL v3 that will effectively provide separate business and IT-focused manuals designed to ease ITIL implementation.

Although it's still an optional service strategy, ITIL's growing legitimacy means few organisations can afford to ignore it. -There's going to come a point where, unless you're an internal service provider, you're going to be outsourced," says Brian Johnson, ITIL practice manager with CA and a key player in the evolution of the ITIL standard.

-[ITIL] is very important in the self-preservation of internal IT organisations. People will tell you that ITIL tells you everything you need, but as a business and IT alignment framework it's much easier to draw everything together using ITIL as the middle piece of the jigsaw puzzle. Version 3 will provide more emphasis on depth, providing more how-you-do-it so it will be much more obvious about what companies should do next."

As companies continue to wake up to ITIL's possibilities, the market is certain to see a flood of experts eager to cash in on ITIL's newfound popularity. In fact, the biggest challenge facing most companies interested in ITIL may well lie in sorting the wheat from the chaff to find a consultant capable of effecting meaningful ITIL-led change. With the right combination of people, business motivation and real desire for change, however, ITIL continues to offer unprecedented opportunity to finally get IT functioning like a well-oiled machine.

ITIL a learning experience for Deakin

Providing technology support in a large university can be a real nightmare, with demanding users -- and a huge number of them -- typically forcing IT organisations into a constant struggle to keep putting out fires. At Victoria's Deakin University, however, a three-year ITIL effort has brought consistency to a smorgasbord of service offerings -- and allowed support staff to handle nearly three time as many support calls as in the past.

With 33,000 students and 4,000 staff spread across five campuses and hundreds of kilometres, Deakin's sheer geographic reach has proved a constant challenge for the 160-strong IT team, which provides tech support from 7am to midnight during the week and 8am to 8pm on weekends.

-We did some strategic planning and saw that to really have a good organisation, we needed good people, good products and good processes," explains operational services provisional manager Craig Warren. -We had very good people, and a good range of product offerings and quality -- but we just weren't surrounding them with as good a process as we could have. After initial consulting work with an ITIL company, it made sense that implementing those processes would improve the process performance of our division, and therefore provide better quality services to our customers."

Rough lessons
Over the past three years, Deakin's IT organisation has been embroiled in the midst of a long, protracted and ultimately successful ITIL project that has forced it to reconcile its product suite, improve problem tracking, standardise its service delivery -- and, in so doing, dramatically improve service quality.

A recent follow-up assessment scored the university's service capability at around 3.5 on the same scale, and the volume of service calls being handled every year has increased to 60,000.

Getting to that point, however, has been far from simple. -It hasn't been an easy ride," Warren concedes. -Sometimes it has been a case of two steps forward and one step back."

With such a large organisation to cater for, deciding which steps to take was a consuming issue for Deakin. Early on, a major round of ITIL training seemed a reasonable enough way to kick off the project -- yet the training also heightened those employees' expectations, leading to quick frustration when things didn't improve overnight. -They probably expected to see instant results, and I'd say they had to wait to see the benefits as we matured the processes," Warren says.

More immediate challenges also made the ITIL project relatively complicated. Following the process's guidelines to the letter, for example, university IT staff sat down and documented what Warren says was -a very complex" incident management process.

-After a year, folks were finding it difficult to follow," he recalls. -[The problem was] that we weren't working to try and mature those processes" to match ITIL best practice. In turn, staff were frustrated when the real situation at Deakin didn't match with the guidelines of the ITIL documentation.

Such experiences were a wakeup call for the university, reinforcing the idea that more significant process change was necessary to reap the benefits of ITIL. After some unsuccessful efforts to introduce this change, it also became painfully clear that many of the university's problems could have been avoided by choosing and committing to the organisation's tool set earlier in the game. This would have allowed Deakin to drive process and technology change together, rather than trying to retrofit the tools to processes defined in isolation.

The right tools, the right information
Deakin's tool set -- built around HP OpenView and related service desk, configuration management database (CMDB), incident and problem management, testing and standard operating environment (SOE) provisioning -- proved to be a powerful force in helping the ITIL initiative regain its momentum.

By tailoring its processes to the tools, rather than the other way around, the university was able to see significant improvements in the way trouble tickets and other regular support transactions were handled.

For example, because each and every support request is tracked through the system from inception to closure, it's impossible for customers to be forgotten; if a service request doesn't get acted upon, it is automatically escalated throughout the support hierarchy. -We now know when things are slipping through the cracks," Warren says.

Centralised logging of all service requests has paid off in other ways: namely, by matching service requests against the information in the CMDB, Deakin is able to produce regular reports highlighting the biggest trouble spots -- for example, a printer that seems to get more paper jams than others of a similar model -- across the expansive university. This helps the IT team focus its resources where they're needed the most, reducing overall support expenses and increasing efficiency.

Introduction of a formal change management process -- mandated within the ITIL framework and enforced using the HP platform's change and release capabilities -- has reduced the chance that undocumented configuration changes can cause unexpected problems.

In a similar vein, better tracking of equipment's exact configuration has allowed Deakin to consolidate what used to be multiple operating system patches per month into a single, better managed update process. -We've implemented that for all of our applications," says Warren. -We have big days of change, but we have much more effort put into those big days of change and a much better backout plan."

The productised support team
Overall improvements in Deakin's support capabilities may have increased its readiness rating in the audits, but Warren says the organisation's goal isn't to get top scores in every category; rather, capabilities are being regularly assessed against benchmarks to ensure they're meeting customers' needs.

Because it knows where the university's problem spots are, the IT department has been able to publish long-term schedules of change, outlining planned system upgrades and new services up to six months before they happen.

The team has also been able to produce a comprehensive service catalogue, improving service and customer expectations by standardising the types of services available through the IT department across Deakin's various campuses; available services previously varied between sites depending on the capabilities and inclination of local staff.

-There's a great deal more consistency in how we handle incidents, and customers get much better turnaround time for standard services," says Warren. -And we have a problem management function that is getting rid of some repeatable incidents that were a bit of a bugbear in the past."

Three years on, the cultural change within Deakin's IT department is still continuing -- but the group's determination to succeed has helped it leave behind the inconsistencies of the past and concentrate on capitalising on its newfound process efficiency.

-It was a big cultural change for us because we're used to putting the needs of the business ahead of our own needs," Warren says. -This was one instance where IT actually had to spend some money on itself -- but by doing so, we have helped our customers significantly. Spending time on our processes has made us a much more rounded organisation, and improved the total quality of the IT service offering to the university."

ITIL drives better governance for Victoria DET

It may offer invaluable guidance for the creation of service management strategies, but at the Victorian Department of Education and Training (DET), ITIL (IT Infrastructure Library) has been not an end in itself -- but a means to a much bigger end as the department worked to introduce an effective IT governance framework.

With more than 579,000 users, 194,000 networked PCs and 40,000 notebook PCs spread across 2000 schools from one end of Victoria to the other, scale has long been the natural enemy of order at DET. This equipment and user base is supported by a complex back-end IT ecosystem with 300 central servers and 4TB of central storage, compounded by 3280 school servers with 131TB of local storage and 9500 wireless LAN access points providing wireless coverage in every school.

Needless to say, consistent provision of IT management services had traditionally been extremely difficult despite the AU$250 million annual IT budget. Chronic problems with the delivery of IT support services had led to a lack of IT development control, no clear priorities or consistency, poor visibility across business and IT requirements, and almost no forward IT planning.

Recognising that a formal governance infrastructure would be invaluable in remedying these problems, DET recently embarked upon a project to review its IT operations and standardise its processes.

The effort met an early hiccup as early guidance from outside consultants produced a complex definition of governance that failed to resonate with the department's business processes. DET reworked the definition internally, but the involvement of a number of non-IT areas ended up muddying the governance definition even more.

-Good governance is enormous," says Tudor Owen, ICT governance manager with DET. -It's not about documentation, and not about compliance. If you can't see and prove to the business the benefits of IT governance, don't bother. You have to understand why you're doing it -- and what we [ultimately] said was that it defines the rules and regulations by which you manage your investments and relationships."

Down to business
Having a clear definition to work with, DET began working through the much more complex task of introducing a governance framework that would both standardise its IT support processes, and allow it to enforce broader governance controls on its IT organisation.

The department's plan was to launch a mass education campaign among its staff, introduce a manual portfolio management process, review its processes, and then -- within two years -- implement a portfolio management tool to automate its processes.

ITIL, recognised as the de facto standard for IT service management, was chosen as the framework to follow for the service management part of the project, while introduction of an established development methodology such as PRINCE2 would bring consistency to that part of the business. Both methodologies would be wrapped into a broader IT governance policy framework that would be managed using the purpose-built tool.

DET intentionally put off the tool purchase until the final phase because, says Owen, it's critical to get the earlier process-related phases right before tools can even be contemplated. Early employee education about the plans for governance, for example, proved to be difficult enough without throwing in the specifics of application training.

-Some people are [so] busy at the coal face they can't see any benefits of doing governance," he explains. -You're potentially adding more work, and [for them] it's just more paperwork. Many people just don't react well to change because you're taking them out of their comfort zones, and making the work they do visible and therefore accountable."

Not only were those employees going to be held accountable, but their responsibilities were likely to change as new process structures came into place. For example, introduction of a consistent project scoring methodology was designed to standardise the evaluation and approval of new projects according to business value; this method becomes easy to enforce with a centralised process model in place, but it also requires changes to existing processes including a certain lack of autonomy for many employees.

Autonomy also becomes an issue because, with centralised management monitoring ITIL-driven service quality and overall project progress, developers become far more responsible for justifying their existence, so to speak, than in the past.

In DET's new structure, every IT project, no matter how small, is tied to a specific individual responsible for monitoring its project and justifying its continued existence to management. -This way it's not an IT person who can say yes, the project can keep going," Owen explains. -It's a business person who has accepted that risk."

Return to form
With revised structure for project responsibility in place, DET faced the challenge of finding the right tools to model and enforce its governance policies.

After evaluating several possibilities, Mercury IT Governance (Mercury was recently purchased by HP) was implemented across the organisation to tie the service management rigour of ITIL with the ongoing project management rigour of DET's new hierarchical development approach. Because DET did so much groundwork up front and had 80 percent of its processes documented, implementing the Mercury tool only took two weeks.

That didn't mean things improved overnight, however: a quick implementation couldn't change the fact that much of the guidance that ITIL (and related process standards) offers is simply a reworked version of processes that were widespread in the past. The use of gate documents, for example, offers an easy way to ensure process requirements are met -- but have long been accepted parts of proper project management discipline.

-ITIL is often bandied about as being something very new, but I would say that 95 percent of everything that's in ITIL, we were doing years ago in mainframes," Owen explains. -The discipline and rules haven't changed -- and now we can control governance using these very simple gate documents where you [assess] the project up to a certain point."

The difference: by pairing ITIL with a clear governance framework, IT projects only progress past these gates with the review and explicit approval of the business managers responsible for them. Each project is scored according to five categories of business value: alignment to strategic goals, ROI, operational efficiency, educator value and value to students.

-We've been able to get agreement that the score constitutes where you are on the priority list," says Owen. -It all depends on how you define quality."

DET's approach has paid off significantly by forcing closer teamwork between business and IT stakeholders, allowing projects to be put in the context of DET's overall work rather than letting them run forever on their own steam. Centralised visibility of all projects allows redundant efforts to be identified and terminated before money, time and bother are all wasted.

The organisation's process transition isn't yet complete, but continued adherence to its evolving governance structure -- reinforced by the newfound rigour of its ITIL-backed service delivery approach -- is delivering benefits.

Yet while ITIL has provided crucial guidance as DET worked to improve its service delivery processes, Owen cautions that ITIL-driven change doesn't happen overnight: -ITIL contains the rules and regulations around running your IT business, and puts service into production," he says. -But you can't suddenly expect to be able to do things like governance in a few months; it's going to take years to do it right."

A service health boost for St John of God

Organic growth may be good for business but, as Perth-based St John of God Health Care (SJOG) found out a few years ago, it makes consistent IT management nigh unto impossible. A few years down the track, however, an extensive ITIL (IT Infrastructure Library) based service project has helped SJOG completely redefine its help desk services and process management.

The change came about after a series of acquisitions had grown the organisation to the point where it was operating 11 hospitals in Western Australia and Victoria, making it Australia's third largest private hospital operator and fourth-largest pathology service provider. SJOG now manages 1666 beds in acute, rehabilitation and psychiatric facilities, with over 6600 caregivers.

-There was an appreciation that people in IT were delivering to the best of their ability, but we weren't realising any economies of scale. If we had a problem across 11 hospitals we might solve the same problem 11 times, and if we were going to deploy a new piece of software we might go through that deployment process 11 times. With all this duplication of time and effort, it really diluted the services delivered in the end."

Filling the ITIL script
Searching for a more consistent approach, the SJOG team hit upon ITIL, whose design and scope meshed well with the more consistent service that the organisation was trying to provide. Its broad worldwide acceptance and zero cost also helped it stand out above alternative methodologies, says McCarren.

Wary of dropping massive organisational change onto the organisation, SJOG recognised early on that user education was going to be a major part of the ITIL exercise. A large number of staff were pushed through an ITIL foundations training exercise, while a smaller number buckled down and completed the intensive ITIL Master certification.

With employees up to speed with the basics of ITIL, the project team developed an IT service management (ITSM) structure that would address IT support across the entire organisation. All but one ITIL process -- financial management, which will be addressed eventually but was left out of the initial project scope -- was evaluated and organised, supported by the organisation's CA Unicenter Service Desk system.

Although ITIL clearly stated what capabilities SJOG needed to introduce, it was far less clear on the specifics of how that was to happen. This made for some interesting conversations, says McCarren, noting that -implementation of ITIL is actually quite difficult".

Step by step, however, the team mapped and implemented the policies it would need to make ITIL a reality. First off the bat was the service desk and incident management solution, which was well understood conceptually and relatively clear to implement. Phone numbers for the centralised service desk were published across the organisation, with employees advised to ring the newly centralised service desk rather than raising any problems with their local hospital staff.

Better service, every time
Consolidating help calls not only made it easier for the centralised IT staff to serve all employee enquiries, but also allowed for far better tracking of service calls and visibility of service trends.

-This ability to capture and see all the way through the end of an incident or customer request is a fantastic benefit that's much better than the old hand on the shoulder or catching an IT guy in the corridor to ask for help," says McCarren.

-And, because we have statistics such as the number of incidents per station per hospital, we can spot anomalies and spikes -- and take note of when major processes change -- to understand why they happened." For example, a spike in calls after a new application is rolled out could indicate the need for extra training within a specific group.

Continued reinforcement of the ITIL-driven change has produced significant results for SJOG. With a more consistent, efficient way of handling support calls -- and extended operating hours to cater for the two time zones in which it operates -- SJOG has noticed an overall improvement in the group's four front-line support workers' ability to handle support calls. The team is handling around 600 jobs per service desk person per month -- -well over Gartner recognised benchmarks", McCarren adds.

Equally significant: since the ITIL initiative began, continued expansion within the SJOG network has increased the number of networked devices being managed from 1015 to 1600 workstations -- without having to add more support employees.

Tools of the trade
Although process improvements have been a major part of the ITIL implementation, McCarren points out the importance of having a robust tool set to support the rollout. SJOG's CA Unicenter environment provides an integrated network monitoring environment that allows staff to watch and act upon equipment configuration and other issues from the central support desk.

Tools such as remote access, paired with the information stored within the group's CMDB (configuration management database), have proved invaluable in meeting ITSM objectives. The CMDB, however, proved to be a major sticking point throughout the ITIL rollout: although around 95 percent of equipment details are now loaded in the system, with the benefit of hindsight McCarren says he would prefer to have populated the CMDB completely before the system went live.

-We put the processes in place, but didn't have the data in place, and that makes it tough," he explains. -People assume populating the CMDB is easy, but if you really want to manage one of your routers or switches you need to be able to go collect the utilisation data from the device -- then store the data somewhere meaningful, and create relationships between the software that's installed and the workstations it's installed on. The richness of the information comes from the relationships."

Maintaining those relationships has required the establishment of strict policies for handling support requests. For example, employees can't request a change configuration request without having the change in question tagged in the CMDB.

That's a big improvement from the past, says McCarren, when -change has happened without us being precisely aware of the configuration items affected by that change. Understanding the impact of things on what people do is a continuous communications and training exercise."

Richer information about installed assets is proving particularly valuable as SJOG embarks on a comprehensive upgrade of its standard operating environment. As with IT support, process changes can be developed once and rolled across all 11 sites without wasting time on repetition.

ITSM also helped the company immensely when it recently went to negotiate an outsourcing arrangement with an outside provider. Whereas such agreements normally require a significant effort to decide the scope of the contract and key performance indicators (KPIs), SJOG already had those KPIs in its system -- so was able to negotiate with the outsourcer from a much stronger position.

Several years down the track with ITIL, SJOG went about weighing up its progress so far. A comprehensive ITSM benefits realisation report, designed to compare actual versus expected performance, found significant improvements across the organisation's operations: the 22 percent internal rate of return, upon which the ITIL business case was approved, had actually blown past expectations to reach 143 percent.

-The driver for that was that during the implementation of ITSM and the toolset, we acquired more businesses but didn't have any growth in IT support staff numbers," says McCarren. -Before you implement the process, however, you need to have a clear understanding, and be able to define, what it is that you're going to measure -- and have something to measure with -- or you'll just get caught up in following the ritual without actually making improvements. If you don't have a service that's at least as good as what you had before, don't bother; users will just go back to what they had before."

Synergy finds competitive advantage in ITSM

Better IT service management (ITSM) may dramatically improve internal support efficiencies, but it's not just about helping people fix their broken desktop computers faster. For service providers and other companies keen to demonstrate their competence, ITIL and its ilk are also becoming major selling points in discussions with potential customers.

For New Zealand payment systems developer Synergy, the push to formalise its service commitment came after new CEO Jim Donovan last year drove the company to revisit its operations and strategic plan. Known as a developer of software but not so much as a full service provider, the 250-strong company was working to expand its portfolio and reputation in New Zealand as well as subsidiaries in Singapore and the UK.

The company realised that -one of the things we really needed to look at was how to move forward as an organisation," says Gary Collins, general manager for managed services with Synergy, citing a growing expectation in many industries that suppliers be able to demonstrate their service management credentials.

-For the business to be successful, we had to make sure we had industrial strength, secure, reliable systems," Collins continues, -and that's at a business level as well as the technological level. For that to work, you need to have the right processes and standards in place."

Stage 1, based on ITIL, would get the entire organisation up to speed with a common service management vocabulary and process definition. The second stage, built around the new ISO 20000 service management standard, would take the initiative even further by guiding the formation of a complete integrated ITSM culture.

-On the one hand, Synergy could have continued putting out forest fires and running on a blind budget," says Pattison. -On the other, full prescriptive ITIL would make everyone a manager and turn IT into a set of silos and kingdoms. Synergy chose the middle ground, taking operational frameworks for implementing and auditing, and standards for organisational certification, and implemented them all in parallel."

Language lessons
To speed the project, Synergy applied an agile project management methodology in which progress towards long-term goals is regularly measured using short-term milestones. This approach turned up the heat on the project team, which broke the ITIL effort into four parallel streams: management buy-in, tool selection, process design and process training.

With management buy-in achieved, the team evaluated potential tools to support the implementation and ultimately settled on a number of offerings from BMC Software including the Business Service Management and BMC Atrium configuration management database (CMDB), as well as other tools to support the ITIL project.

Each of the four stages has been managed with its own key performance indicators (KPIs), ensuring that any problems during the implementation were identified and resolved as quickly as possible. Staff needing training in ITIL or the 13-step ISO 20000 standard were streamed into appropriate educational programs to ensure everyone across the organisation was on the same page.

-The whole issue around culture and language, and being able to talk a service language, has been really fundamental in moving forward," says Collins. -The key really is making sure everyone in the organisation understands that language."

Judging from the company's experience so far, employees have been more than willing to pick up the new service vocabulary. Whereas broad user buy-in is often difficult to achieve during major IT-related projects, the enthusiasm of the Synergy executives, and employees' recognition of the company's efforts to improve, saw many employees approaching the implementation team asking for ITIL training of their own accord.

-From the leadership down to the operational teams, they can all see the tremendous value in this initiative because they're able to offer a full suite of services, and they know they can do that consistently and repeatedly," Collins explains. -Overcoming scepticism at the beginning is key -- and communicating that the changes aren't going to make peoples' jobs harder, but that they're going to make their jobs better."

The new Synergy
Synergy's service management project is still underway, but the strong executive and user response to the initiative has demonstrated the recognised importance of consistent service management in continuing to grow the business.

Having decided to go with both ITIL and then ISO 20000, Synergy is confident the two service management methodologies will complement each other, with ITIL providing the foundation and ISO 20000 the refinement of its new processes.

Return on investment for the project is still unclear -- but there is no doubt there will be one, although Collins concedes most of it will be intangible.

-You're only as strong as your weakest link, and the return will be that we can really maximise our profits and revenues from providing these services," he explains. -Everyone with a touchpoint to IT service management should have a basic understanding of what it is and how it can help them do the job."

With standards in hand and all of its employees riding the ITSM bandwagon, the company expects its strengthening brand in service management will pave the way for considerable growth in the future.

Furthermore, says Collins, this growth will come with more efficiency and at a lower cost than was previously possible, since a standardised service menu and vocabulary will ensure Synergy's predominantly financial services customers can engage with the company's various employees in a consistent way.

-By adopting the standards, we can more constantly offer the services that have become our bread and butter," he explains. -This opens up a whole new world of services that we can offer to clients in a very targeted way, and give us very good market coverage across things like enterprise management. We can take our business into new geographic regions in a way that allows us to provide a consistent business interface wherever we are. Ultimately, our goal to deliver a good business service becomes a way of doing business as usual."