|4.17 STEP||4.2REPORTING||4.3MEASUREMENT||4.4ROI for CSI||4.5QUESTIONS||4.6SLM|
On the other side is what an organization can gain in a return. These returns are often hard to define. In order to be able to compute these items it is important to know the following:
These are only some of the things that have to be considered when creating a ROI statement.
There are different approaches to measuring and reporting on the availability. Availability is a good measure to understand the cost of lost productivity, the cost of not being able to complete a business transaction, or the true cost of downtime.
A good way to look at the impact by lost minutes is to create a component failure impact analysis table that identifies the number of users impacted when a component fails. Understanding the number of users impacted allows you to calculate the cost of their non productivity. Table 4.13 is an example only.
|Component Description||Number of users impacted|
|Table 4.13 Component Failure Impact Analysis|
When you have a failure you can determine the duration of the failure, how many people were impacted and using an allocated cost model for employees, define the cost of their non-productivity. Granted not all of them will try to access the application during the failure but remember you are creating a scenario that is based on what could happen. As an example, let's say there is an application failure that impacts 7,364 employees. The application was down for 39 minutes.
Calculation: number of users multiplied by 39 minutes divided by 60 (to convert to hours) multiplied by $45 equals $215,397.
The next question is what is the investment cost to improve availability of the overall service?
The method chosen should be influenced by the nature of the business operations and business processes.
One of the keys for measuring and reporting is to be able to define improvement opportunities that will create a Return on Investment for the business. If your business is insurance and you cannot write policies than this can translate into lost revenue. This is especially true for those companies who sell their products and services via the internet. An organization's competition is only a couple of clicks away when a service is not available.
That is why it is so important to understand the cost of downtime. Defining the cost to downtime is an exercise that IT and the business should conduct. It is important to have agreement on what the financial impact is to the business when a service is not available for whatever reason.
Let's say that your organization truly knows the cost of downtime. This is often measured based on the type of service being provided. In Table 4.14 we have defined three different levels of service. The mission-critical services have a higher downtime cost than the other services. Based on the hourly cost of downtime and with an investment of $300,000 to improve services you can see that the return is quick on the first two services.
Another option if the business and IT cannot agree to the cost of downtime or the cost of non-productive employees, is to take the annual cost of a service that the business pays and divide by the number of service hours for the year. This will provide a monetary cost the business is paying for each hour of service.
|Type of service Cost||per hour of downtime|
|Investment information||Financial investment|
|Investment to make improvements to reduce the amount of downtime||$300,000|
|Number of minutes of downtime avoided needed to cover the investment||Return in minutes/hours|
|Mission-critical service||90 minutes|
|Critical service||200 minutes or 3.33 hours|
|Non-critical service||1,556 minutes or 26 hours|
|Table 4.14 Downtime costs of different services and investment information|
In developing a Business Case, the focus should not be limited to ROI but also on the business value that service improvement brings to the organization and its customers (VOI). That's because ROI alone does not capture the real value of service improvement. Should an organization choose to focus solely on ROI, much of the potential benefit achievable will not be disclosed nor reviewed after the fact. This could in turn result in worthwhile initiatives not being approved, or a review of the initiative revealing apparent failure, when it was actually successful.
Not surprisingly, most business and IT executives expect a return on their investment. It is important to recognize that an investment in CSI, and realizing its benefits, can vary depending on the customer base, size of IT and the maturity of the ITIL process implemented. Also benefits will cross existing organizational boundaries and true benefits can only be captured in collaboration with the users/customers and ITIL process owners. The focus is therefore to work with the stakeholders to develop business and IT specific indicators that link business value measures with IT's contributions. In other words, how does ITIL process improvement add value to the organization?
Examples of business value measures are:
IT's contribution can be captured as follows:
IT should begin by defining the types of business values that each improvement will contribute to.
|People||Operating in silos, no common language, focus and no seamless hand-offs between groups.||Common language, integrated matrix approach and common focus.|
|Process||Lacks common processes, not consistent and repeatable.||Seamless process framework, end-to-end service delivery, consistent and repeatable.|
|Technology||Multiple redundant tools, no tools, domain-based tools, not integrated with people and processes||Integrated suite of tools which enable IT service modelling, process integration and shared data access.|
|Table 4.15 A balanced focus - people, process and technology|
As an example, the US Sarbanes-Oxley legislation as well as other international laws require that the business processes be certified to produce financial reports in addition to certifying the reports themselves. Sarbanes-Oxley is about improving transparency and accountability in business processes and corporate accounting to restore confidence in public markets. It regulates processes and business practices. Therefore having a higher level of ITIL maturity will enable regulatory compliance. Without a mature process framework it is natural for organizations to take an ad hoc approach to compliance. They address requirements as they emerge, through a series of one-offs, just-in-time projects. Since compliance affects a lot of ongoing business activity, this is disruptive, increases the required effort and becomes time-consuming and very expensive. If an investment is well conceived, solid and delivers results, it can lead to cost savings in the long run. Therefore it is important to choose the right investment and make sure they deliver. When presenting a Business Case for an ITIL process improvement project, it is important to help executives understand the business value of the ITIL process framework. The tendency for most IT executives is to overemphasize technology and tools. Technology is a means to an end. The benefits are realized from the business changes. It is really important to address how people and processes will change: i.e. 'as is' to the 'to be' state.
The 'AS=IS' stage can be defined as a baseline. Capturing the baseline of the performance measurements affected by the proposed implementation is paramount to the Business Case. The careful preparation of the baseline will facilitate meaningful business information and level setting about relevant business issues; allowing strategic alignment to take place. Focus should be to develop cause-and-effect metrics to link the benefits against the measurements selected along with the impact on other areas of the enterprise. The metrics should be monitored before, during and after the ITIL implementation to determine how the projected values are being delivered.
Another aspect to consider in Business Case development is situations where value will be lost by not undertaking process improvement activities. There will be situations where failure to take action will severely impact the business and IT - the value of process improvement may, in fact, not be value added, but value retained.
As a final note, care should be taken in developing the Business Case to ensure that the success criteria are clearly defined, how they are to be measured, and also when they are going to be measured.
Find one or two compelling reasons why the organization should spend so much time and money.
Determine the current or anticipated concern of the organization with respect to IT. Estimate the cost if the status quo were to remain and subsequently estimate the savings that could be realized if the ITSM processes were put in place or improved upon. Examples include new lines of business overseas, poor response time or time taken to handle incidents/problems, or number of incidents in the organization.
An approach that circumvents this situation is to gain approval to establish basic measurement capabilities, as a means of gathering consistent data. This may be as simple as ensuring that all IT staff record data in a consistent fashion, or start measuring activities or outcomes that are not currently captured. After an agreed period of data capture, some evidence will exist to support (or perhaps not support) a process improvement initiative.
Another approach is to undertake a process maturity assessment of current processes, to identify which processes are most divergent from ITIL practices. It should, however, be noted that this activity will only identify the absence of process and/or data. A process maturity assessment will not in itself provide the data to justify how much to spend on improving process.
ExampleXYZ Limited has grown rapidly from a single site to a multi-site environment and now employs 1,500 people, up from 250 people two years ago. The IT group has struggled to match the business growth with growth in process consistency and service delivery. The business is demanding that the IT group do things better as the shortcomings in IT service are now impacting the business bottom-line.
The IT manager identifies that lack of consistent process and business focus are the roadblock to delivering better service to the business. She realizes that the staff are working very hard, but are often doing re-work or repairing self-inflicted errors. While good technicians, they are averse to documenting activities or outcomes.
Data and measurement are currently inconsistent. While she knows average business and IT staff salary costs, the costs of service outage etc. are not known nor can they be calculated using current data.
Rather than requesting funding to undertake process improvements, the IT manager requests funding for a pilot project to establish a rudimentary measurement framework to start capturing data in a standard fashion, using more-orless existing processes. This pilot initiative after three months provides clear evidence that the true failure rate of changes is much higher than previously expected, and is a key contributor to business and IT loss of productivity.
Armed with this evidence, the IT manager prepares a Business Case detailing some of the current deficiencies and expected benefits/returns to be delivered from properly quantifying process gaps and undertaking appropriate process improvement. Where organizations do establish a basic measurement and monitoring capability, some caution should be exercised regarding the quality of this data: be aware of limitations of new data. Even if the data doesn't make any sense, this is reason enough to explore the opportunity for improvements.
It is important that once the decision to start capturing and reporting on data is made, that an initial baseline is created so that improvements can be measured against it.
A further consideration in the measurement of benefits is that data quality and measurement precision pre- and post-improvement could be different, thus giving rise to the direct comparison not being valid. If this is the case, the data will need to be normalized before validating benefits.
In 2006, the state of North Carolina implemented some improvements based on the ITIL framework. The improvements took place in a span of less than three months. ITS is the name of their IT department. These are the results of tactical quick-win efforts targeted in tandem with the training programme and the state's awareness campaign. This information is reproduced with permission:
The first two processes to be developed and implemented were Incident and Change Management. As with most organizations they already had an existing change and incident process. This organization started showing immediate improvement before any formal improvement programme was implemented simply by identifying and communicating the key metrics that were going to be reviewed by senior management. Staff began following their existing process simply because they knew reporting against certain performance measures had started and that these performance measures were discussed among senior managers. Not only were these discussions held but there was clear guidance that the performance measures had to improve.
|Figure 4.18 Business perspective improvement model|