IS Process Improvement: Making Sense of Available Models

Transcription

1 Decision Framework, C.Young,S.Mingay Research Note 11 July 2003 IS Process Improvement: Making Sense of Available Models Improving IS results and credibility through continuous process improvement and quality initiatives has become a mainstream goal. IS organizations seeking best-practice methods face a bewildering array of choices. Core Topics Enterprise Management: IT Service and Support Business Management of IT: Service Management Strategies Key Issues What strategies and best practices promote effective IT service and support? What are the best practices for creating and executing cost-effective, customer-centric IT service management strategies? In adopting process-based service management principles, IS organizations face a variety of choices for developing continuous-improvement competencies and managing a transformation to a process-oriented culture. There are frameworks, models, standards, methods, practices and tools each of which has been considered at one time or another to be the panacea that will bring predictable performance, guaranteed service levels and demonstrable cost optimization to the IS organization. The truth is that none of them offer an end-to-end solution to help the IS organization institutionalize and systemize process management disciplines for delivering quality service. Given this situation, two questions immediately come to mind: Question No. 1: How relevant are these popular techniques to an IS organization, and what can they actually deliver? To answer this question, one must understand the choices and the performance domains they address. Figure 1 identifies nine popular options for achieving some degree of process and quality orientation. These options are positioned based on their degree of IT specificity (that is, their native relevance to the IS organization) and their level of abstraction (that is, the degree to which they are prescriptive). The models in the upper left were developed for IS organizations, and are intended to address the specific issues of IS service, process, quality or cost optimization. The models in the lower right are not specific to the IS organization; they offer a variety of generic approaches to setting and achieving quality goals without necessarily being concerned about the specific processes being acted on. Gartner Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

2 Specific TCO Figure 1 Process Model Selection Framework ITIL CMM CobiT IS/IT General Relevance Holistic Miscellaneous Maturity and Capability Models (such as People CMM) Six Sigma ISO 9000 National Awards (such as Malcolm Baldrige Award) Scorecards CMM = Capability Maturity Model CobiT = Control Objectives for Information and Related Technology ITIL =IT Information Library TCO =total cost of ownership Low Source: Gartner Research (June 2003) Moderate Level of Abstraction High Total Cost of Ownership (TCO): A Gartner cost optimization and investment justification model that captures the true cost of sustaining an IT asset throughout its useful life. The TCO product/service suite includes a financial model, a methodology, consulting services, best practices and software tools for understanding not only the initial acquisition cost, but the support, maintenance and disposal costs of an asset as it ages. TCO is particularly useful for managing obsolescence, optimizing asset utilization, justifying reinvestment in infrastructure, and finding hidden costs embedded in non-is-organizational units. Information Technology Infrastructure Library (ITIL): A wellestablished, easily accessible, affordable process model for IT service management that is built around a set of best practices. ITIL bundles IS core process definitions into integrated, published sets. ITIL's structure enables incremental adoption, which facilitates continuous improvement. A well-established service and consulting industry has been built around ITIL, especially in Europe. ITIL is better known for its back-office operational process definitions than for its application management processes. Capability Maturity Model (CMM): An IS process and performance improvement framework that has emerged as a de facto standard for application development and maintenance processes. The CMM is highly prescriptive because it provides diagnostics for assessing an organization's performance on a maturity scale, and it defines objective criteria for reaching 11 July

3 subsequent maturity levels. It also captures the processes and process outcomes that are relevant to those maturity levels. However, it does not provide "how to" information. That is, it helps IS organizations identify where they are and what their next goals should be, but does not address how to get there. Control Objectives for Information and Related Technology (CobiT): A standardized set of guidelines establishing which formal IS processes, practices and controls should be in place, and the minimum results they should predictably deliver. CobiT is used predominantly by independent auditors to authenticate the integrity, reliability and security of IT systems and data. Its orientation is risk mitigation. To achieve this, it presents a comprehensive checklist of all IS processes and controls, and establishes guidelines for acceptable performance. CobiT is useful for understanding the universe of IS processes and establishing initial performance targets, but it does nothing to support the goals of continuous improvement or IS service optimization, and the cost of achieving the prescribed level of risk mitigation can potentially exceed the benefit. Six Sigma: A philosophy and method for improving process outcomes by establishing acceptable levels for defects and modifying processes until the defect level is achieved. Six Sigma is "process-agnostic"; it does not matter which processes are being modified or which outcomes are being monitored. Six Sigma is a generic technique for understanding how to conduct and achieve process improvement while keeping an eye on quality outcomes. As such, it is fairly pragmatic and potentially relevant to the execution of process improvement goals. However, because Six Sigma originated in the manufacturing sector, there is an ongoing debate concerning its relevance to service industries and organizations. IS organizations that adopt Six Sigma will likely need to modify it. ISO 9000: A standard for achieving predictability and repeatability in processes. ISO 9000 is generic and essentially assumes that predictable results mean good results. An organization can be ISO 9000-compliant if it adheres to its documented practices, even though those practices may not produce results that are consistent with even-baseline peer group performance, let alone best-practice performance levels. ISO 9000 introduces discipline and rigor into an environment, but does not support continuous improvement goals or guarantee acceptable levels of performance. National Awards (such as the Malcolm Baldrige Award): Selfassessment programs for performance improvement sponsored by different countries. These national awards for performance excellence are granted based on criteria such as leadership, 11 July

4 process management and business results. These provide a consistent framework for defining quality and assessing improvements across a holistic set of drivers (not just process), but they do not provide guidelines on how to achieve quality objectives and improvements. Scorecards: Reporting and monitoring tools designed to provide a focused, balanced insight into performance by measuring the variables that directly affect required outcomes. Scorecards are generally articulated in business terms by using easily understood measures, such as financial results or customer satisfaction. However, they lack a universal, formally defined structure, content or definition. This absence of standards often means that scorecards are employed to monitor and report things that sound important without ultimate objectives or causal relationships being defined or understood. This renders them impractical for external comparison, and sometimes limits their roles to reliable communication tools, rather than devices that produce desired outcomes. Question No. 2: If no model provides a complete solution, how can they be combined to create a holistic approach to process-based IS service and operations management? Figure 1 answers this question from two perspectives. First, it provides clues as to which approach is most appropriate for a specific organization. The models in the upper right are extremely relevant to the IS organization, and can be powerful tools for improving performance, but the tools themselves will have little meaning to anyone outside the IS organization. The models in the lower right have achieved high degrees of credibility with business people, so the IS organization that can employ them successfully will earn credibility. However, the models themselves are significantly less helpful in determining what the IS organization must do to improve performance. The answer concerning which approach to take that is, highly specific and prescriptive, or generic and abstract will depend on a variety of cultural factors, including: Enterprise Predilection for Following the Proven Path or Charting an Independent Course: If the enterprise usually pursues proven methods, the models in the upper left will be a better cultural fit; if it is more adventurous, the models in the lower right will be more appropriate. Power, Influence and Role of Champion: If performance improvement is mandated by the CEO, a national quality program approach might be the most appropriate; if a COO has issued the directive, ISO 9000 is usually the best choice; if a quality or process owner is in charge, Six Sigma is a good approach; if a CIO issues the mandate, CMM, CobiT or 11 July

5 ITIL should be used; if a CFO is leading the way, TCO may be the best model. By design, each model will appeal to specific internal interests; as such, political realities should factor into model adoption decisions. Governance Maturity: Enterprises characterized by high levels of trust between the IS organization and business leadership, with well-functioning governance mechanisms for determining shared objectives and managing them holistically, will benefit more from a generic model, because such a model is more accessible to a wide audience and sets common objectives across the entire enterprise. IS organizations that are isolated and regarded with suspicion have limited spheres of influence, and must focus on factors they can control, building credibility incrementally through continuous, observable performance improvements. These organizations should use a specific, prescriptive model. Organizational Vision: If enterprise leadership has a transformational view of the future and radical designs for reinventing the enterprise, generic models are a better fit. If enterprise leadership is more operationally focused, ISspecific, highly prescriptive, pragmatic models may be more appropriate. Figure 1 is also useful in understanding how to integrate different models, because it presents them along a continuum. Models that are likely to integrate well are closer together on the matrix than those that are not, so proximity can be used as a rough indication of which choices can be more easily bundled into a holistic approach for achieving process and quality excellence. This does not mean that models from different quadrants cannot work well together, only that integration efforts will require more care. The farther apart the models are, the less relevant they are to each other. For example, Gartner clients have successfully combined ITIL, CMM and Six Sigma. However, a successful improvement initiative based exclusively on TCO and a Baldrige quality campaign would be rare, because the models are too dissimilar in scope, goals and approach. No "best practice bundle" of approaches will work for every enterprise or IS organization. Cultural predisposition and the goals and objectives of the process or quality initiative must be considered when choosing a model. However, selecting the appropriate models and knowing how to integrate them can be made simpler by understanding each approach's specific objective, and its relative position in the process model selection framework. 11 July

6 Acronym Key CMM Capability Maturity Model CobiT Control Objectives for Information and Related Technology ITIL Information Technology Information Library TCO total cost of ownership Bottom Line: The place to start in selecting a set of process improvement models is to honestly assess: 1) the organizational scope of the improvement initiative for example, whether it covers the IS organization or the entire enterprise; and 2) the ultimate goal: operational process improvement or business transformation. This awareness, combined with a solid understanding of the models their purposes, strengths, weaknesses, philosophical orientations and shared attributes will make it much easier to select and integrate the appropriate models to achieve the desired results. 11 July