ITSM Guide Complete

INNOTRAIN IT

IT Service Management

QUICK – SIMPLE - CLEAR

Preview

2011

IT-Service-Management Contents

I

Authors

Dr. Mariusz Grabowski, Cracow University of Economics

Dr. Claus Hoffmann, Beatrix Lang GmbH

Philipp Küller, University of Heilbronn

Elena-Teodora Miron, University of Vienna

Dr. Dariusz Put, Cracow University of Economics

Dr. Piotr Soja, Cracow University of Economics

Dr. Janusz Stal, Cracow University of Economics

Marcus Vogt, University of Heilbronn

Dr. Eng. Tadeusz Wilusz, Cracow University of Economics

Dr. Agnieszka Zając, Cracow University of Economics

IT-Service-Management Contents

II

Contents

CONTENTS II

1 INTRODUCTION 1

2 IT SERVICE MANAGEMENT: INTRODUCTION & PHILOSOPHY 4

2.1 IT Service Management philosophy 4 2.2 IT Service Management basics 6 2.3 IT Service Management frameworks 7

3 IT SERVICE MANAGEMENT: FAST, EASY & CLEAR 9

3.1 Strategic planning 10 3.2 Service operations 23 3.3 Monitoring, improvement & change 35

4 ITSM IMPLEMENTATION IN SMES 52

4.1 Step I – Preparation, vision, evaluation and planning 56 4.2 Step II – Defining the strategy 59 4.3 Step III – Implementing the basic modules 60 4.4 Step IV – Implementing the advanced modules 64 4.5 Step V – Optimising the implementation 65

5 MANAGING ORGANIZATIONAL CHANGES 66

5.1 Challenges of change management 66 5.2 Factors of change processes 68 5.3 Dealing with emotions constructively 75 5.4 Communication in change processes 87

6 INNOVATION MANAGEMENT 91

6.1 Blue Ocean Strategy: idea and concept 91 6.2 Blue Ocean Strategy: Value curve method 92 6.3 Blue Ocean Strategy: Six Paths Framework 94 6.4 Blue Ocean Strategy: Control methods 98

INDEX CIII

BIBLIOGRAPHY CIV

IT-Service-Management

III

IT-Service-Management

IV

IT-Service-Management Introduction

1

1 Introduction

As a manager of a small or medium-sized enterprise (SME), you have surely asked yourself:

Does my IT provide added value that contributes to my business success?

Does my IT fit my business processes?

Is my IT infrastructure being maintained properly?

Am I paying too much for my IT support?

Why are IT management methods so complex? Can't it be done in a way that is more

understandable?

What are the benefits of IT management for me as an SME?

To find the answers to these questions, read on. If you have never asked yourself these things,

follow the explanations provided below. If these key questions about your company's IT

management are never asked, unused potential of its employees and resources will go untapped

or be wasted frivolously. If you have already found satisfactory answers to some of these

questions, INNOTRAIN IT can help you to close potential gaps, find motivation for innovation and

improve existing IT management.

Despite the fact that small and medium-sized enterprises (SMEs) make up the majority of the

economic structures in the European Union, rarely are they in the focus of research, IT providers,

or ITSM developments. The objective of INNOTRAIN IT is to convey knowledge related to IT

management to small and medium-sized enterprises in an understandable and time-saving way.

With INNOTRAIN IT, you can manage your company more efficiently and effectively in the very

near future, whether it is a bakery, carpentry shop, hotel, or auto repair shop. In today's world,

information technology has become a firmly entrenched part of everyday business. It accompanies

all business workflows, from the simplest to complete processes. Even the smallest one-person

company uses a computer, if only to write up an invoice. In any case, the importance of IT is

evident as soon as the technology malfunctions and the computer will not work. When this

happens, the one-person company may fall back on the neighbour's computer and thus has,

without even being aware of it, applied IT management methods successfully and created a

fallback plan ("business continuity plan").

This simple example illustrates one possible meaning of IT management. However, it only

scratches the surface of a more complex issue. Those who own or work for SMEs should ask

themselves: What aspects does IT Service Management include and what does it mean for me as

an employee or owner of an SME?


2

IT management has existed almost as long as the first computer. Over time, however, it has

evolved from technology-oriented management to service management. Unlike the early years, the

focus is no longer on the technological way of looking at things, but rather on IT services, which are

enabled by using computers and other technologies (e.g. networks, Internet, mobile phones) and

which are now a fixed part of our business processes. One result of the increasing service

orientation has been IT Service Management (ITSM).

ITSM took its first baby steps in 1989 when it was developed by a government agency in the United

Kingdom, the "Office for Government Commerce" (OGC). The agency considered classic IT

management methods to be inadequate, as they all were concerned almost exclusively with

technological management. A connection between the technology and support of the business

processes was lacking. Therefore, they developed the Information Technology Infrastructure

Library (ITIL), the current de facto standard for ITSM. Today, the ITIL is still being maintained by

the IT Service Management Foundation (itSMF), but the current version spans a total of five books,

each spanning several hundred pages. In addition, other institutions and companies developed still

other standards (e.g. MOF, COBIT, CMMI) that discuss other aspects of IT Service Management,

but are nearly as voluminous and complex as ITIL. These frameworks are, as a first step, too

complex for an average small or medium-sized enterprise.

Figure 1 - INNOTRAIN IT approach

The INNOTRAIN IT approach is not to develop and teach a "new" ITSM standard. Rather,

INNOTRAIN IT unites the concepts of the various ITSM standards that are truly relevant for SMEs

and makes them available in a greatly simplified version. Moreover, the content is taught in training

courses and web-based training units in a way that is specially tailored to ITSM beginners from

business and IT. In doing so, the fundamental principle is reducing the complexity of existing

frameworks and methods, largely refraining from English technical terms and instead using an

easy-to-understand presentation. As is nicely illustrated in Figure 1, there remains an upward


3

compatibility to existing frameworks: If a company grows and needs more extensive ITSM

processes, it can build on the existing processes and comprehensive standards (e.g. ITILv3).

What goals can you reach by applying ITSM methods?

Less IT downtime

Structured processes for troubleshooting

An optimised cost-benefit ratio for IT investments

A sustainable IT infrastructure

Long-term cost and time savings

Resources (personnel, financial and material resources) are freed up for innovative projects

Regardless of the many benefits, changes and innovations encounter resistance. That is only

human. This book helps you understand and apply the structure of successful IT Service

Management quickly. The first part provides an overview of the ITSM philosophy and basics of

service management. Chapter 3 outlines strategies and processes of service management. It

provides an overview of which aspects are to be considered and how individual modules can be set

up. In addition, it explains important technical terms from the ITSM environment in a simple

manner. The following Chapters 4 and 5 are intended to help you bypass stumbling blocks in the

introduction, be well prepared for discussion and ensure that all employees are on board. If you

stand behind your new IT Service Management as the initiator, all the conditions are right for you to

awaken the enthusiasm of others and introduce and implement ITSM successfully in your

company. Accordingly, we begin by outlining the introduction path in Chapter 4 as a blueprint of

sorts, but expand it in Chapter 5 by adding the human component. Last but not least, Chapter 6

provides a brief introduction to the subject of managing innovations, making use of the familiar Blue

Ocean Strategy.

IT-Service-Management IT Service Management: Introduction & philosophy

4

2 IT Service Management: Introduction & philosophy

IT Service Management (ITSM) is more than just a management tool. To understand and use it

correctly, it is important to comprehend ITSM as an all-inclusive concept, internalise it and integrate

it into everyday work. We might compare it to the process of learning how to drive a car: at the

beginning, concentrating on traffic and learning the controls of the vehicle demand a great deal of

attention. After a while, the driver has memorised all of the motion sequences and remembers to

look around; he or she carries out these actions without having to think about it.

In practice, those responsible for IT frequently spend their time on maintenance and provisioning

tasks. That ties up financial and personnel resources. The objective is to use ITSM to quickly attain

small successes which together enable reliable, target and cost-effective provisioning of IT.

Reserves that are freed up can be used for new innovations.

2.1 IT Service Management philosophy

Large companies are increasingly learning that the resource of information is one of the most

important strategic goods for setting oneself apart from the competition. Companies without an

information management plan will have difficulties in the market over the long term. The success of

all strategic and operational initiatives stands and falls with having the right information at the right

time. This principle does not apply only to large companies; SMEs can also benefit from good

information management. The basis for collecting, analysing, producing and distributing relevant

information is the quality of information technology (IT) or IT services.

The service philosophy is the greatest difference between ITSM and classic IT management. When

talking about ITSM, we do not talk primarily about bits, bytes, megahertz and gigaflops. Technical

jargon confuses the majority of employees. ITSM, on the other hand, tries to connect business

processes with information technology by defining IT-based services that support the operational

business process.

A critical factor for ITSM is that IT services (such as saving documents or creating invoices) are

viewed as business process-critical and thus require enough investment to provide optimal support

to the business process without wasting resources (known as IT/business alignment, see below).

The challenge for each SME is to always bring business processes and IT into alignment and to

define IT services that reflect an optimum relationship between the costs, benefits and risks. In

ITSM, this is attained by user-oriented service definitions.

The foremost goal of ITSM is to align IT services and the associated technologies

(hardware/software) to the business process and to guarantee the best possible support of


5

financial processes by the IT organization. IT Service Management describes the conversion of the

information technology to customer and service orientation. Conversely, innovative information

technologies can affect the business model and the underlying processes. Therefore, IT should not

be seen as a supporting function, but as a means for preparing the way that enables the SME to

open up new business areas.

By introducing simple ITSM principles, an SME can manage its IT processes and IT services

efficiently and effectively and thus provide users with an optimal IT landscape that is less

susceptible to interruption and thus also more cost-effective over the long term.

A simplified ITSM method as presented in this book can support an SME in the following points:

Making it clear what value is contributed by IT. In many cases, IT is viewed only as a cost

factor; therefore, SMEs often cut costs in the wrong places. However, if the added value of IT

is clearly evident, the investment decision is on a different basis.

Planning the IT / business strategy. Precisely for SMEs, planning ahead is important.

Therefore, the IT landscape should be structured so that it can respond flexibly to changing

requirements of the business processes. The objective is to integrate and align IT so that it

provides optimum support to business objectives (business alignment).

Legal assurance (IT compliance). SMEs are subject to an increasing number of legal

regulations related to data and IT (e.g. Data Protection act); when granting credit, a

company's IT landscape also plays an increasingly important role (see Basel II). If SMEs

follow the ITSM philosophy, they will be in conformity with many of these regulations and be

able to recognize the corresponding gaps.i

Monitoring IT effectiveness and efficiency based on clear performance indicators. You

can't manage what you can't measure. Therefore, for SMEs, it is important to define

corresponding performance indicators and operating figures (known as Key Performance

Indicators – KPI) to verify the quality of IT services and take appropriate measures.

Introducing an IT optimisation process (Continual Service Improvement). Business

process changes and new technologies are reviewed continually. Things that seem "optimal"

today can already be out of date tomorrow.

Improved change management. We are all familiar with the situation: soon after a new

computer or software program is purchased, it no longer works the way it should. ITSM

processes help SMEs identify these kinds of problems before they occur and eliminate them

directly.

Better outsourcing, insourcing and smart sourcing options. An SME cannot and should

not deal with all IT questions on its own, as comprehensive management ties up too many


6

resources. ITSM gives SMEs a way to easily identify which IT services should be outsourced.

It also helps to manage external service providers so that there is neither too much nor too

little capacity.

2.2 IT Service Management basics

To understand how ITSM works, we need to know what an IT service is. An IT service is provided

for one or more external customers (companies) and/or internal customers (internal departments).

It provides the customer with added value by supporting, optimising or simplifying the use of

information technologies. In the process, the underlying aspects and capabilities are abstracted for

the customer perspective, i.e. the customer does not have to worry about detailed questions of the

implementation.

Therefore, the customer (such as the internal department) is not responsible for provisioning and

operating the IT service unless he or she takes on multiple roles in the SME. Very small companies

are the exception. In a one-person operation, the customer serves simultaneously as the CEO, IT

director and user. However, even if he or she is not aware of it, he or she takes on different

functions in each of these roles and has different tasks and priorities as a result. The following

example, based on our INNOTRAIN IT sample company, illustrates what we mean when we talk

about an IT service that puts the customer in the focus of its considerations.

Example: online registration and online reservation in Charly's service shop:

Charly inherited an auto repair shop from his uncle. As a business student, he is not very

mechanically inclined, but has the great idea to rent the spaces in the shop to people who fix up

cars as a hobby. This allows handy folks who do not have their own workshop to repair their own

cars at a reasonable price. Charly's "do-It-yourself" workshop is born.

After an initial boom, however, Charly notices a drop in the number of rentals. An online registration

and reservation remedy this situation. Now, Charly's service shop can be reached round the clock,

even outside usual business hours (private customers can make contact even after closing time).

Each customer can register online for Charly's workshop and then receives a username and

password that enables him or her to reserve a space in the shop in just seconds. Charly's new

website allows users to see at a glance which spaces are already reserved on which day. For the

IT service, this means: a website with clearly arranged content that can process data quickly and

bring it to up-to-date, and which runs 24 hours a day while remaining stable.

As this example shows, it is possible to define an IT service from the customer point of view with

just a few items of information. From the specifications provided by users, an IT director can derive

technical specifications that serve as the basis for purchasing IT applications. Therefore, service

management, which controls the IT services, can be seen as a collection of tried-and-tested


7

methods (called "best practices"). These methods, in turn, are based on predefined roles, functions

and processes.

Best practices

Best practices are tried-and-tested, optimal and/or exemplary activities, methods, practices or

processes, the use of which has been proved to be successful in multiple organisations.

Good practices

If best practices are used selectively and adapted to the situation for one's own company, this is

called a good practice.

Role

A role can be described roughly as a "behaviour pattern." Roles define properties, tasks and

permissions. Roles are independent of persons and job titles; as a result, one person or position

may have multiple roles, and one role may be taken on by multiple persons or job titles. Typical

roles include, for example, process owner, transmitter, decision-maker, human resources officer.

Job title

A job title is defined by the roles it can take on. A classic job title is, for example, IT Manager, CEO

or clerk. All of these job titles can take on different roles; for example, the clerk is not necessarily

the "human resources officer," but can act as a "middleman".

Process

A process is a series of activities with a defined beginning and end. Processes are initiated by

certain results ("triggers") and end with a defined result. In doing so, each process consumes

resources (money, labour, goods etc.). The result of a process can be the trigger for another

process.

2.3 IT Service Management frameworks

Frameworks such as COBIT, ITIL or CMMI can help to implement good practices into existing

business practices and to realise the added value described above. These frameworks provide

companies with a structured method for applying ITSM. If we compare the function of a framework

with the workflow of automakers, we can come up with the following analogy: The manufacturer

only provides one frame (chassis) for the vehicle, but the customer himself or herself can vary his

or her features within a range from the minimum equipment to the complete package. It is similar

with the framework. Based on the best practices, each IT service can define its own processes

based on the framework. However, the existing frameworks, such as COBIT or ITIL are fairly

complex due to the wide variety of aspects they take into account. Accordingly, it takes a certain

amount of time to adapt them to the requirements of an SME.


8

In most cases, introducing a framework requires highly time-consuming projects and corresponding

adaptations in the company. The simplified ITSM method of the INNOTRAIN IT project addresses

precisely these hurdles and describes the procedure for fast and successful implementation of

ITSM in SMEs. Despite being simplified, this ITSM method is still based on existing frameworks

and standards. Some of these we should mention are:

ISO 20000 – ISO standard for IT Service Management

ISO 27000 – ISO standard for IT Security

ISO 38500 – ISO standard for IT Governance

IT Infrastructure Library (ITIL) – Framework for IT Service Management

Control Objectives for Information and Related Technology (COBIT) – Framework for IT

Governance

Capability Maturity Model Integration (CMMI) – Framework for process optimisation

Val-IT / Risk-IT – Framework for investment and risk management

Microsoft Office Framework (MOF), Hewlett Packard‘s ITSM Reference Model (HPITSM) and

IBM‘s Process Reference Model for IT (PRM-IT) – ITSM frameworks from commercial

providers that are very similar to ITIL

Enhanced Telecom Operations Map (eTOM) – Framework of the telecommunications industry

IT-Service-Management IT Service Management: Fast, easy & clear

9

3 IT Service Management: Fast, easy & clear

There will be much to discover in the following quick tour through the various areas of IT Service

Management. The chapter is intended as an introduction to the subject. Surely, we all know that it

is not possible to discuss management of an entire IT organization, including the great variety of

versions for different companies, comprehensively in just a few pages. The following text is

intended as an entry point, providing an overview of the subject.

Figure 2 - Overview of the subject areas within IT Service Management

This chapter is divided into three sections that reflect the levels of the INNOTRAIN IT method (see

Figure 1):

Strategic planning, the top horizontal level combines both strategic and tactical aspects of IT

Service Management. The distinctive feature of the activities is the relatively long time horizon they

take into account. They provide the framework in which the operational activities can take place.

For more information on this topic, refer to the very next Chapter, 3.1.

The bottom horizontal level describes the operation of the services and thus the everyday

business of IT. How do you deal with problems? How do you ensure that the right servers are

available at the right time? How do you procure new hardware? All of these questions are

answered in Chapter 3.2.

The conclusion is the chapter Monitoring, improvement and change. Shown vertically on the

map of the ITSM modules, this chapter discusses the across-the-board issues that involve both


10

strategy and tactics as well as operational effectiveness. As examples of these issues, we could

cite compliance, change management and project management, as listed in Chapter 3.3.

3.1 Strategic planning

Each company should define its strategic goals clearly in order to remain a successful player in the

market in the future. These goals and requirements should be aligned with an overarching vision

and mission. In defining strategic goals, we can apply the SMART principles. According to these

principles, objectives should be:

Specific,

Measurable,

Achievable,

Realistic and

Time related.

To evaluate the business objectives with regard to these five criteria, factors such as market

metrics (e.g. market share, brand, corporate image, sales figures), financial metrics (e.g. revenues,

return on investment/ROI, cash flow, profitability) or operational metrics (e.g. capacity, lead time,

inventory levels) are used.

Strategic planning consists of two main steps:

Strategy formation

Strategy evaluation


11

Strategy formation starts with analysing the existing situation (internal and external), continues with

specifying goals and finally results in a strategic plan. Strategy evaluation means reviewing

strategic options based on three central criteria for successii:

Suitability (will it work?)

Feasibility (can it actually be implemented?)

Acceptance (will it be accepted?)

Information technology (IT) offers numerous options for attaining the strategic objectives and

targets. However, IT must already be taken into account at a very early phase of strategic planning.

3.1.1 Aligning the IT strategy with the corporate strategy

When aligning the IT strategy for small and medium-sized enterprises (SMEs), the focus is on

practical benefits of IT and associated concepts. However, even for SMEs, the interaction of

business strategy, IT strategy, IT architecture and business architecture has to be taken into

account. The following figure explain these relationships.

Figure 3 - Overview of strategies and architectures

The business strategy describes which medium to long-term financial goals the company is

pursuing. To stick with our example of Charly's service shop, one of Charly's financial strategy

objectives is to reach more customers to ensure optimal utilisation of his shop.

The IT strategy is derived from the business strategy. Charly's IT strategy might be increasing his

online marketing presence to reach more customers and thus better utilise his shop. Conversely,

however, an IT strategy can have implications for the business strategy. New technologies

evaluated as part of the IT strategy can enable new products or services and thus have an impact

on the future business strategy. In our sample company, Charly expands his business by not only

offering a reservation system, but also by successfully setting up a spare parts marketplace.


12

The IT architecture, in turn, results from the IT strategy. To improve his online presence, Charly

has to provide and manage new hardware and software. As in the architecture of buildings,

essential considerations include function, extensibility and structural stability (in the case of IT,

however, we are more likely to talk about data security and availability). Thus the IT architecture

describes the dynamic interaction of all IT components to support the IT strategy. Of course, an IT

architecture also has an effect on the IT strategy. Let's stay with our example of building

architecture: it is very difficult to take a building originally designed as a residence and turn it into a

hotel/restaurant. Similarly, great effort is required to centralise a decentralised IT architecture. In

other words: an IT architecture should be as flexible as possible in order to provide the best

possible support to changes of IT strategy.

The business architecture defines the business processes and how they interact to support the

corporate strategy. Optimisation of these business processes can be attained with changes in the

IT architecture. On the other hand, technical limitations can be an obstacle to this optimisation.

In terms of supporting the business strategy with IT-related investments, the value contribution of

IT is of central importance for the company.

To gain a complete understanding of the value contribution of IT, we must first consider the subject

from various perspectives. First, we have to consider whether using IT brings optimal results with a

defined effort and/or expense. Secondly, we have to consider whether companies are able to

create competitive advantages using IT and attain higher profits with IT investments. Thirdly, the

effect of the company on its customers must be considered, and we have to ask to what extent the

benefits are passed on to the customers or demanded by the customers.

To align IT with business goals and/or the existing business processes, management should

concentrate on the following areas:

Strategic alignment – with the primary goal of ensuring the correct link between business

plans and IT plans. To do so, the additional value created by IT must be defined, safeguarded

for the long term and reviewed. In addition, IT workflows and operational workflows must be

attuned to each other.

Value delivery – here, the focus is on practical use of the additional value created. This

guarantees that the IT actually delivers the promised strategic benefits, chief among them

cost optimisation.

Resource management – with the primary goal of optimising investments in IT-related

resources and/or management of these resources. These include applications, information,

infrastructure and employees. This focuses in particular on optimising knowledge and

infrastructure.

Risk management – here, the focus is on creating risk awareness throughout the

organisation, from top management down to the last employee. In this context, it is necessary


13

to understand compliance requirements and assign responsibility for risk management within

the company.

Performance measurement – this involves tracking and monitoring a variety of tasks and

projects related to implementing strategies, utilising resources and provisioning services.

Various tools, such as balanced scorecards, can be used to ensure that strategic

requirements are implemented in measurable targets.

The alignment of business and IT begins at the top level of management during the strategy

formation process. In doing so, multiple requirements should be taken into accountiii:

The alignment must make quantifiable improvements to a business plan—each proposed

project should contain financial metrics related to the associated costs and revenues (e.g.

discounted cash flow, expected financial earnings). Those who are proposing the project

should be responsible for its documentation. In addition, the results should be reviewed on a

regular basis.

The alignment must always be kept up to date based on business trends and developments:

All changes within the company and in its surroundings have an effect on the actual project.

Provision should already be made for changing circumstances in the project, and this should

be taken into account in the project's scheduling and budgeting. Information must be

exchanged between the IT department and the rest of the company, as otherwise

"technologists will drift away from the business and misalignment will prevail."

During implementation, obstacles to alignment have to be overcome. The discrepancy

between project design and reality are not visible until execution. Initial project plans should

be based on the objectives that can be attained during execution. All problems that arise

should be documented and reviewed from the perspective of the overall project.

The alignment has to be planned—the original project plan requires documented agreements

for all changes in order to remain up-to-date. During the execution phase, the project plan

must be updated continuously in terms of scheduling, budgeting, scope, processes etc. This

plan should be the central source of knowledge pertaining to the progress of the project and

any changes to it.

For IT projects, the focus has to be on requirements of the users; this has to take into account

the benefits for users and for the company. IT cannot solve any of a company's problems on

its own. From a financial perspective, IT mostly means costs, but positive effects on business

can justify the outlay for IT. The topic of "How much should we spend on IT?" is not so much

a question as an answer to: What benefits does IT provide?


14

To measure the alignment of IT with the business, and thus to determine how well the areas

work together for technical and business processes in the company, we should take into account

the following factors and associated questionsiv:

Maturity of communication – how well do employees in the technical and business areas get

along? Is communication frequent and problem-free? Does your company communicate

effectively with consultants, suppliers and partners? Is value placed on conveying knowledge

internally?

Maturity of competence/value measurement – how well does the company measure its own

performance and the value of its own projects? After projects are closed out, does it evaluate

what went well and what not so well? Does it improve its internal processes so that the next

project can go better?

Maturity of governance – how well does the company bring its business strategy into line with

priorities with regard to IT, technical planning and budgeting? Are the current projects based

on an understanding of the business strategy? Do they support this strategy?

Maturity of partnership – to what extent do the business and IT departments have a genuine

partnership based on mutual trust and are ready and willing to share the risks and rewards?

Maturity of the scope and architecture – to what extent has the technology evolved to deliver

more than simply supporting business processes? How has this contributed to the company's

growth, competitiveness and profits?

Maturity of competence – do the employees have the competencies they need to work

effectively? How well do the technology employees understand the central factors that have

an impact on the business, and how familiar are they with corporate business processes?

How do the employees of the business departments understand the relevant technology

concepts?

IT-related investments require careful financial management to attain the planned benefits. In

addition, the priorities in terms of the scope of the IT projects must be defined appropriately. For

the specific activities for managing IT investment, these are:v:

Framework for financial management – required the for managing and maintaining the IT

investments and costs of IT facilities and services. This should be done with consideration of

the portfolio that includes the IT-related investments, business scenarios and IT budgets.

Setting priorities within the IT budget – a decision-making process is required in order to set

priorities when allocating IT resources. The resource allocation is necessary for workflows,

projects and maintenance. The objective of this process should be to attain the maximum


15

possible return on investment from the company's portfolio of IT-related investment programs

and IT services.

IT budgeting – the budget must be created based on priorities specified by the portfolio of IT-

based investment programs. The budgeting process should include costs for operating and

maintaining the current infrastructure. The budget workflows should enable a company to

develop the overall IT budget and budgets for individual programs. In doing so, the ability to

continuously review, refine and approve all types of budgets should be provided.

Cost management – each company should implement a process for cost management that

compares the actual costs with the allocated budget amounts. There should be a way to

monitor the costs and create reports. Any deviations should be identified at an early stage,

including a review of their effect on the programs. This would enable the company to take

suitable countermeasures and, if necessary, update the business scenario for the program.

Benefit management—a process for monitoring the benefits provided by provisioning and

maintaining the IT capabilities—should be implemented. The company should determine and

document the contribution of IT to the business. This can be based on the direct effect on the

IT-based investment programs or on the indirect contribution as a part of support of regular

business workflows. The reports should be monitored and reviewed so that the company can

make suitable changes to improve the contribution made by IT, either with IT investments or

associated programs.

3.1.2 Information Technology strategy

As described above, the IT strategy has a mutual interaction with the corporate strategy and IT

architecture. The following chapter describes in greater detail a couple of the most important

aspects for developing the IT strategy and the associated IT architecture. This involves:

1. IT portfolio management

2. Requirements management

3. Defining the information architecture

4. Determining the technological orientation

5. Reviewing and evaluating IT risks

1. IT portfolio management (investment portfolio)


16

Portfolio management, in the context of the IT strategy, describes the step between the business

strategy and the technological implementation. As described in the previous chapter, for the

purposes of the IT/business alignment, the IT investments have to be evaluated based on financial

and added-value creation criteria. However, because only limited financial and personnel resources

are available in a company, these IT investments compete with each other. As a result, it is

necessary to ask which of the IT investments are to be implemented with the available resources.

Portfolio management helps the company prioritise these IT investments. In doing so, an attempt

should be made to balance the portfolio of planned IT investments with regard to the risks,

opportunities, implementation time frame and costs. The following figure describes the process of

portfolio management and its interface to the IT strategy.

Figure 4 - IT portfolio management life cycle (based on Gadatschvi)

The second figure shows an example of a two-dimensional portfolio analysis based on return on

investment (ROI) and support of corporate strategy. However, it is important to note that for a

comprehensive portfolio analysis and associated prioritisation of IT investments, other dimensions

should be taken into account (e.g. implementation risk, implementation time frame, etc.).


17

Figure 5 - Prioritisation of projects (based on an Gadatschvi)

2. Demand management

Demand management is a critical process within the life cycle phase of the IT service strategy.

Demand management describes the business requirements that result from the business strategy

and the existing business processes and thus defines the necessary capacity and flexibility of the

IT architecture. To stick with our example of Charly's service shop: Charly's business strategy is to

reach more customers, so he expands his marketing presence on the Internet (this objective

corresponds to the definition of the IT strategy). One of the business requirements for successfully

expanding the Internet presence is uninterrupted operation, 24 hours a day on all 365 days of the

business year. This requirement must be supported by the IT architecture. The server and software

must be designed for uninterrupted operation. Demand management is a central activity within

service management that has to continuously pursue a balance between the utilisation and

provisioning of services.

Demand management is associated with various processes and activities for strategic planning. In

particular, it relates to the strategic plan for IT, IT portfolio management, customer focus and the

definition of services.

3. Information architecture

The definition of information architecture is an important task when developing a corporate IT

strategy. This process pertains to creating and updating a business information model and defining

suitable systems for optimising information use. This integrates the applications seamlessly into the

business process.


18

The process for defining an information architecture improves the quality of decision-making at the

management level, as the presence of consistent and secure information is ensured. This process

also enables management of resources of the information systems for taking into account business

strategies. In addition, the definition of the information architecture helps to strengthen

responsibility for the integrity and security of data within the company and improve effectiveness of

data exchange across applications.

The correct definition of the information architecture helps to attain a number of goals in

conjunction with the company's IT and corporate strategy. Most of all, it helps to optimise the use of

information and make IT more flexible. It ensures the integration of applications into the business

processes.

For example, if Charly wants to sell spare parts over the Internet in the future, his architecture has

to be flexible enough to integrate the data of the online store into his application software.

4. Determining the technological orientation

The IT strategy of a company determines the technological direction for supporting the business.

The technological orientation should be based on the company's business requirements. It needs

stable, cost-effective, integrated and standardised application systems, resources and

competencies in order to fulfil present and future business requirements. This process requires

defining and implementing a technology infrastructure plan as well as architecture and standards

that allow the possibilities of the technology to be identified and used optimally.

The purpose of the technology infrastructure plan is to specify and manage clear and realistic

expectations for what technology can deliver in terms of products, services and provisioning

mechanisms. The plan should be updated on a regular basis and cover topics related to the system

architecture, technological orientation, procurement plans, standards, migration strategies and

possible exceptional situations. This gives the company the ability to react to changes in the

competitive situation in a timely manner and improve the interaction of platforms and applications.

The correct determination of the technological direction should help the company obtain and

update integrated and standardised application systems. It should promote the optimisation of IT

infrastructure, IT resources and competencies of IT. If, for example, the ERP system in Charly's

company were based on Java, it would be logical to also procure other applications based on this

technology. Thus maintenance can be carried out by the same developers. Moreover, knowledge

of Java is widely available on the marketplace and, as a result, additional employees can be hired

quickly.

For additional information about drafting, planning, implementation and maintenance of IT and

corporate architectures, refer to the TOGAF framework.


19

5. Reviewing and evaluating risks

To implement a good IT strategy, the company has to review and manage the IT risks. The

purpose of this process is to analyse IT risks and their potential effects on business processes and

objectives and to provide notification of the corresponding results.

The review of risks should be expressed in terms of the associated costs so that decision-makers

are equipped to find an acceptable level of tolerated risks (see portfolio analysis). This also proves

beneficial for recommending and communicating action plans conceived as a response to the risk.

Thus for Charly's company, it would surely not make any sense to operate an earthquake-proof

data centre. However, it is certainly reasonable to back up the data, store it offsite and create a

disaster recovery plan in case of a serious environmental event.

An appropriate review of IT risks and their management helps the company take into account and

protect all IT facilities. This can help to ensure that IT specifications are met and provide clarity with

regard to the business impact of risks on IT specifications and IT resources.

3.1.3 IT service - definition & agreement

The following section discusses important points

for defining IT services and managing them

within the company. These include service

catalogue management as well as defining and

managing service levels.

Of central importance for the company is

effective communication between IT

management and business customers with

regard to necessary services. To meet this

requirement, the company has to define, agree

on and document IT services and service levels.

Within IT Service Management, service

catalogue management is responsible for

administration of the services within the service

portfolio and the service catalogue. As part of creating services, the service portfolio depends on

the investment portfolio (refer also to Chapter 3.1.2), which defines and prioritises the investments.

Figure 6 - Structure of the service portfolio


20

A service portfolio of this kind should be a central repository of the basic definitions of the IT

services, which includes service features and business requirements. The process of service

catalogue management is responsible for creating and updating the service catalogue. This

process should ensure that the service portfolio contains precise information about all services that

relate to operating workflows or are in a close relationship with these.

A suitable definition and management of the services should help the company react better to

business requirements in co-ordination with the business strategy. This should also ensure that the

end users are satisfied with the services offered and service levels. In addition, this can provide

greater transparency with better understanding of the IT costs, IT benefits and IT strategy.

As part of service level management (SLM), suitable IT service objectives are negotiated, agreed

and documented with the business departments. Afterwards, the provided service is monitored and

associated reports are created. SLM should ensure continuous orientation towards business

requirements and priorities. SLM should make it easier to bring customers and service providers

into harmony.

Service Level Management is inseparable with the concepts of Service Level Agreements (SLA),

Operating Level Agreements (OLA) and Underpinning Contracts (UC). This process not only

agrees on SLAs, but also ensures compliance with them. Generally, SLM is responsible for

ensuring that all processes of IT Service Management and underpinning contracts (SLA, OLA, UC)

are designed for the agreed goals.

SLAs should be defined and agreed for all critical IT services, based on customer requests and IT

capabilities. Many areas of co-ordination exist that should be covered by SLAs. The most important

points pertain to obligations towards the customer, service support requirements, financing and

business agreements, as well as roles and responsibilities within SLA monitoring.

3.1.4 IT-based innovation management

A structured processes based on best practices are not only logical, but also making the working

life noticeably easier. Studies - carried out as part of the INNOTRAIN IT project in 6 countries -

have proven that in companies using ITSM an IT employee can support a significantly greater

number of workstations. In other words, the utilization of ITSM can provide a reduction of workload

in the lower double-digit percentage range. Of course, people who are focused on maximising

profits can save costs here and widen the profit margin. However, as a forward-looking measure, it

would make more sense to optimise profits over the long term by investing the newly freed

resources into the innovative ability of the company.

The INNOTRAIN project focuses on precisely this question: How can free resources based on

ITSM be used to foster innovations in the organisation? Of course, this kind of development is not


21

an instantaneous change. Taking the first step requires a certain level of motivation and strenuous

efforts. However, if the decision is made to go ahead, the development could look like this:

Figure 7 - Developing the innovation potential based on ITSM

1. Phase 1 illustrates the situation before introducing ITSM. Expressed as a ratio, 100% of

the time is used for original tasks.

2. The efficiency of IT increases by using best practices. The workload from the original IT

activities is reduced over the medium term. Sustained optimisation and expansion of the

use of ITSM can attain a further reduction of the load and open up corresponding potential

for innovations. For the basic knowledge and procedure, refer to Chapters 3 and 4.

3. In the third step, the innovation potential is set free. Other changes must be made to the

way of thinking and acting. Using technology stabilises the use of innovation potential. For

more information, refer to Chapters 5 and 6.

4. In the final state (for the time being), the workload is reduced and the resources thus freed

up are used to create innovation.

But what are innovations, anyway? Innovation can be defined as follows: Inventions or adaptations

that result in new methods for redesigning the production system. Thus an innovation of this kind

could involve ideas, products, methods or services that are perceived by the company or business


22

area as new and that are adopted in everyday life ("internal market launch"). A flea market where

you can browse online and anyone can buy and sell—without even having to leave home? Fifteen

years ago, this idea of Pierre Omidyar's still seemed utopian. However, he turned his idea into

reality and founded Internet auction site eBay.

Based on the innovation spiral presented below, we can define three levels of innovation based on

the principles of IT Service Management.

Figure 8 - INNOTRAIN IT innovation spiral

Layer 1 – Management of IT infrastructure services: Innovations in this level pertain to the

company's IT infrastructure. In the example of Charly's service shop provided here, extensive

growth of the company and a resulting change in printer management could lead the company to

outsource non-business critical printer maintenance to the manufacturer or a service provider,

paying only the actual printing costs ("pay-per -click") and shifting the risk (printer malfunctions,

etc.) to this other party.

Level 2 – Innovation of business processes: Today, IT is frequently cited as an enabler of

business processes. Therefore, this level offers a great potential for improvements. Charly, for

example, can establish an additional sales channel by adding the use of a spare part marketplace,

while fundamentally changing the business process.

Level 3 – Innovation of products and services: The level that is surely most demanding

considers innovations on the product and service level. The most prominent example today are the

countless smart phone apps provided as product supplements. Automakers couple these with their

vehicles, thus changing the product.


23

The field of responsibility of the IT-based innovation management module includes identifying

areas of potential, engaging in dialogue with the business, and initiating and supporting

innovations. Because the innovation process takes place in several steps, the complexity of the

associated problems increases. Therefore, introducing IT-based innovations is a complex process

that can bring about a radical change in corporate business process. Accordingly, Chapter 6 deals

with the topic of innovation management exclusively and thus begins with this subject. This is

supplemented by Chapter 5, which talks about dealing with changes and thereby supports the

organisation's change process.

3.2 Service operations

3.2.1 Service and infrastructure operations

"Help, my screen went black!" - We are all familiar with this call from users. Every day, we

encounter a wide variety of these incidents in system operation, i.e. deviations from the plans. This

chapter explains how to handle these incidents in a structured manner.

But first, let's briefly explain the relevant terminology: The service desk is the central contact for all

inquiries from users, according to the principle of "one face to the customer." This provides the

customer with a single point of contact for all IT-related inquiries (e.g. hotline, ticket system). In a

few cases, companies even expand their service desk to handle other inquiries (such as event

management). The purpose of this single point of contact is to handle service requests, create an

incident or to submit a request for change. The service desk can be understood as a kind of funnel

that collects all messages and then steers them to the correct processes. Initially, enquiries of all

types are treated as incidents.

Service desk

The service desk is the central function of ITSM. It is the link between the IT service and business

operations. This function is used to transact all enquiries from, and support provided to, employees.

The incident is an unplanned interruption (such as a workstation computer that won't work) or

reduction of the quality of a service (like a slow Internet connection). Failures of elements of the


24

configuration (Configuration Items) can be treated as an incident without a direct effect on the

service. In this case, one example would be the failure of a mirrored hard drive, where the server is

still up and running. In contrast, Service Requests are enquiries from users (with regard to

information, consultation, standard changes, access) that do not have an effect on the service.

They are one way to satisfy customers' needs. One example is a request for more printer toner

when the printer indicates that it will run out soon.

Disruption or incident?

An incident is defined as an IT disruption or IT service enquiry. Examples of an incident could be:

"My Excel is crashing" or "I need to create a PDF from Excel. How do I do that?". All incidents

should be processed by the central service desk and the status updated to enable later evaluation.

The process for managing and processing incidents is usually known as incident management. It

passes through various phases:

1. Entering and classifying the incident

2. Diagnosing the incident

3. Escalating the incident

4. Closing out the incident

The current Version 3 of the IT Infrastructure Library (ITIL) provides a sample process as a best

practice. This can provide the basis for a company to develop its own processes, as the

requirements differ enormously from company to company. For smaller companies, it is surely

good enough to just pick up the phone without any overarching workflow, but in medium to large

enterprises, this results in repeated interruptions of employees' core tasks. In this case, it is

worthwhile to take the more formal route.

In both cases, however, it makes sense to document the incidents and analyse them as part of an

improvement process. Ideally, the incidents should be entered into a ticket system, but a simple list

might be good enough at the beginning.

ITIL recommends the following procedure:


25

Figure 9 - Incident process based on ITIL V3


26

Phase I - Identifying, entering and categorising the disruption

The identification of incidents normally shared equally by the large number of users. Most

deviations can be identified easily, and because of the high relevance for users, they gladly accept

the effort required to report these incidents.

In many cases, however, a proactive configuration is responsible for identifying an incident or

imminent incident. For example, deviations can be identified on the hardware level (such as the

failure of a hard drive in a RAID array) and reported. On a system level, the use of monitoring

solutions has become widespread. This allows, for example, the function of an e-mail server to be

checked by having the monitoring application send an e-mail and measuring how long it takes to

receive a response. If a threshold value is exceeded during this process, this is designated as an

event and an alarm is triggered.

Depending on the systems used and the corporate culture in place, actually entering the disruption

could be the responsibility of the user (in a ticket system, for example) or the service desk agent

(for phone calls or e-mails). In large companies, correctly categorising the ticket ensures that it will

be forwarded to exactly the right specialist. However, even in small companies, it provides the

ability—beginning at a critical mass of disruptions—to identify weak points and areas for

improvement. For example, if a particularly large number of problems with an office application are

reported, it may be worthwhile to provide the users with better training or replace the application.

Like the entry of the disruption, its categorisation can also be carried out by the user or an IT

employee. Based on the collected data, a decision can be made as to whether the entry pertains to

a disruption or service request, which triggers a separate process.

Phase II - Prioritising

The priority assigned to an incident specifies

how the incident is handled by the employees

and tools of the service desk. The prioritising

process often holds a large potential for conflict

between users and services providers, as by

nature users will always assign top priority to

their own incidents. Experience has shown that

in many cases in which users determine the

priority themselves, the priority differs

significantly from reality. Therefore, it is better

to have the incident classified by the service

desk employee, as only he or she has the

necessary overview of the current situation in the company. The definition of the priority is based

on the effect on the supported business processes and the urgency until this effect takes hold.

Figure 10 – Example of prioritising incidents


27

Based on the priority assigned to the incident, response times (time until troubleshooting begins)

and solution times (time until regular operation) can be defined.

Phase 3 – Diagnosing and possible escalating

The objective of the initial diagnostics is to gather all relevant facts (environment data, symptoms

etc.). In many cases, this takes place in direct communication between the service desk employee

and user. If the problem is simple or known, the employee will try to resolve it immediately. If this is

not possible because there is not enough time or the necessary detailed technical knowledge is

lacking, the incident has to be escalated for further handling. It can be distinguished between two

types of escalation:

Functional escalation is passing it on to another authority (person or team) with greater

experience. The forwarding can be either internal (to in-house IT employees) or external (e.g. to a

vendor's support staff). Nowadays, this is often referred to as ―second-level support‖.

Hierarchical escalation refers to notifying and involving higher management levels to support the

escalation. In this process, the higher-level manager is called upon to overcome organisation

hurdles or mobilise additional resources to solve the problem in a timely manner.

The appropriate specialists now have to create the diagnosis or escalate it further until the final

diagnosis is reached. Regardless of the escalation level, the service desk is responsible for the

incident, co-ordinates the activities and provides users with regular updates about the progress of

their incidents.

Phase 4 – Remedying the disruption

Once a diagnosis for the disruption has been identified, it can be remedied and the normal state

restored. The solutions should always undergo corresponding testing. For example, printing a test

page after removing a paper jam can provide immediate information as to whether other problems

exist. When applications are adapted in what are known as hot fixes or patches, the possible

interactions should be examined before making them available on a large scale.

After a successful resolution and restore, the incident can be closed out. In doing so, the service

desk should ensure that the user is satisfied with the solution. In many cases, this is implemented

by the system in that the service desk changes the status of the incident to resolved, but the user

can close out the incident. In many cases, the next step is a brief survey with a few questions (3-5)

to evaluate the quality of the service desk.

Problem Management

Incident resolved – is that all there is to it? Of course not. In many cases, though the incident is

resolved quickly using the process we just described, but the cause is not eliminated and may


28

result in further problems. For example, if paper jams occur frequently in a certain type of printer,

this type could have a manufacturing defect or be incompatible with the paper being used.

Problem management is concerned with just these kinds of root causes.

Problem

A problem exists when multiple incidents indicate a pattern. Central management of the incidents

by the Help Desk allows recurring problems to be identified (e.g. Excel always crashes for user XY

whenever he or she has Word open at the same time) and long-term solutions can be found.

A problem, i.e. a root cause of one or more incidents, is handled by the problem management

process in multiple steps. Again ITIL provides an adequate reference process:

1. Identifying the problem; this is done by the employees of the service desk, technical

support team or event management.

2. Entering the problem, providing links to the corresponding malfunctions, including a

categorisation for later reporting and the prioritisation of the problem, in a way similar to

incident management.

3. Diagnosing the problem with the objective of identifying the root cause. If the cause has

been identified but no solution is yet available, a workaround (e.g. restart printer) has to

be defined. This is entered as a known error and made available to the service desk so

that it can remedy the corresponding disruption more quickly.

4. Finding a solution with the objective of implementing it as quickly as possible. However, if

a change is necessary for final resolution, this should be done using the procedure defined

in the change management system. This structured procedure reduces and acts as a

check on the possible effects (for more information, refer to Chapter 5Fehler!

Verweisquelle konnte nicht gefunden werden.).

Both incident management and problem management are based on identical concepts with regard

to personnel and tools. In larger organisations, it is recommended to establish a separate team that

runs the service desk function. These organisations can consider concepts such as the centralised

or decentralised service desk, virtual service desk (e.g. in collaboration with a supplier) or even

corresponding time zone concepts for international companies (follow-the-sun principle). In small IT

organisations, the function can also be entrusted to an employee who is responsible for the service

desk and is supported by his or her colleagues. Ideally, this should implement the concept of "one

face to the customer" or, in other words, one contact person for the user in all matters. It makes it

easier for users to communicate with IT, intercepts trivial enquiries directly and enables the

remaining employees (e.g. developers or administrators) to concentrate on their core topics.


29

On the tool side, numerous commercial and open source solutions are available today. Ideally, the

service desk should have the following applications available, which are integrated into one

solution or linked to each other via logical interfaces:

1. Ticket system that manages and documents a disruption or problem over its entire life

cycle. It should also enable communication with the user (e.g. via a Web interface or by e-

mail).

2. Database for collecting known errors and solutions (known error database, KEDB). This

does not always need to be a lofty solution. For smaller organisations, a simple list is

usually sufficient.

3. A configuration management database (CMDB) is a tool that supports many areas. The

database supplies data and information about the entire IT landscape and thus helps to

identify the context and identify problems more easily. For example, you can read which

employee uses which type of printer at his or her workstation. For more information on this

topic, refer to Chapter 4.

3.2.1 Systems & outsourced services

Hands on the keyboard: is the heart of your IT still beating? This chapter is all about the heart of

information technology – the applications, systems, networks and hardware. However, a wide

variety of activities are required in order to set up, maintain and operate this complex configuration.

Have you already outsourced everything? Even if you have, this chapter provides valuable

information.

Before we really get down to business, let's stick with the subject of management for a bit. Many IT

folks consider managing availability and capacity to be a strategic or tactical task. In smaller IT

organisations, however, the usual scenario is that the specialist knows his or her systems in detail

while also providing them with conceptual support; both topics are shifted to the operational level.

Availability management is responsible for all aspects that pertain to the availability of a service.

Generally speaking: when required by the customer, a service provides the needed and planned

function as set forth in the SLA [Service Level Agreement]. Concretely put: when the user wants to

retrieve his or her e-mail, the corresponding e-mail server has to be working. Therefore, availability

management serves as a monitor to ensure adherence to the objectives defined in the SLA and

provides the necessary and possible improvements in terms of availability. In doing so, availability

management can make use of reactive and proactive means:


30

Re-active Pro-active

Monitoring, measuring, analysing,

reporting and verifying the availability

Examining the non-availability

Risk assessment and management

Implementing cost-appropriate

countermeasures

Planning, designing and testing new or

changed services

Testing the availability and failure

mechanisms

Service providers often attempt to attract customers by promising 99% availability of the service.

This availability in percent is calculated by dividing the actual availability of the service by the

agreed service time:

( ) ( )

At first glance, the value of 99 percent availability seems very high. However, let's convert this to

minutes and days and see what the results are. Relative to one day, 99-percent availability means

less than 15 minutes of downtime. Calculated over the entire year, these 15-minute periods add up

to 3.5 days. On this basis, a decision can be made as to whether 99 percent is a realistic level or

not. In retrospect, it is worthwhile to check that the promise has actually been kept.

Another critical point for orientation is service availability (regardless of whether in-house or

outsourced) from provision of the service to its consumption (end-to-end). For example, if we

measure provision of a business application based on server uptime, other circumstances (e.g.

failure of the network) between server and user can cause a downtime, which, however, is not

taken into consideration. Accordingly, the measurement should be carried out as close to the

receiver as possible in order to take all eventualities into account.

If a failure occurs despite all preventive measures, availability management provides two additional

metrics:

Response time – Time between the report of a disruption and the beginning of

troubleshooting.

Restore time – Time between the report of an incident and restoration of the service.

If service management is outsourced, the most important aspect to be considered when selecting

the service provider is the restore time. Otherwise, the following case can occur: After a hardware

defect, the provider already responds after a few minutes and initiates the order of the spare part.


31

However, if the spare part is not available and a week passes until delivery, the service cannot be

offered again for a few days.

Another management topic is managing the available capacity and the needed capacity in the

future (capacity management). The Capacity Manager acts as the "fortune teller" of corporate IT.

He or she does not look into a crystal ball, but instead analyses the current demand, monitors the

company's development and, based on the corporate strategy, derives the future demand for

services and the underlying infrastructure. He or she must ensure that the needed capacity is

available in the planned quality at all times.

Capacity management consists of three subareas:

Business capacity management includes all activities intended to identify future business

requirements and reflect them in the capacity plan.

Service Capacity Management refers to the activities that provide insight as to the

capacities of the IT services required in the future.

Component Capacity Management includes all activities that monitor the capacity,

performance and utilisation of the individual configuration elements (e.g. PC, printer,

telephone, server).

We can put it most simply by saying that the future requirements of business for the services, and

the demand of the services for the resources, have to be taken into account and reflected in the

capacity planning. Based on this plan, actions are possible to ensure that the goals of the SLA are

also met in the future. For example, the growth of the amount of disk space needed can be

documented, a forecast derived from this and additional disk space purchased in a timely manner.

This ensures that a cost-appropriate IT capacity can be maintained.

Up to this point, we have only talked about management of IT and IT services. However, we must

not forget the specialists who install and maintain the applications and systems. Depending on the

size of the company, these technical operations are divided into various teams and responsibilities.

The common differentiation is between responsibility for systems and applications.

System support, the company's administrators are concerned with all hardware-related topics. In

the ITSM environment, this task is often given the title IT operations management and includes

management of the physical IT infrastructure (typically in data centres or computer rooms). The

foremost goal is safeguarding and optimising the current, stable condition of the infrastructure.

Examples of the tasks of IT operations management include:

System administration and running operational activities and events

Console management and job scheduling of the servers


32

Backup and restore

Print management

Performance measurement and optimisation

Maintenance activities

IT facility management (climate control system, power supply etc.)

Application management, on the other hand, is responsible for designing, developing, testing and

improving business applications. The areas of responsibility can vary greatly from company to

company. If the software is developed in-house, the range of application management

responsibilities widens. The other option is to outsource application development. Of course, there

are many increments between these two solutions (e.g. standard software with in-house

adaptations). The tasks of application management are defined as follows:

Supporting the company's applications

In some cases, designing, developing, testing and improving applications

Supporting IT operations management

Training employees

3.2.2 IT procurement

The rapid development of information technology poses constant challenges to the IT departments

of small and medium-sized enterprises: there are new kinds of technologies, changed services and

innovative products. Do these have the potential to add value to the business or are they merely

self-serving? Many calculation options are available for answering this question:

Total cost of ownership (TCO)

Total benefits of ownership (TBO) / Total value of ownership (TVO)

Static or dynamic investment calculation

Return on investment (ROI)

It is, in fact, true that these options provide the company with correct results in subareas. Viewed

separately, however, they do not provide valid results in the majority of cases. For example, there

is no correct comparison of all costs and benefits, or only purely monetary variables are used.

Ultimately, it is necessary to clarify whether the total benefit (TBO/TVO) to be expected justifies the

total costs (TCO) to be expected over the service life or even creates a profit situation. In other


33

words: a return on investment consideration, which is not limited to the investment costs and the

monetary benefits, but considers all costs and benefits.

Once the investment decision has been made, "all" that is left is to purchase the new IT

components. All too frequently, however, this plan proves to be extremely complex.

Not without reason, as IT procurement processes affect multiple areas of an organization –

including those outside IT – and include services of external providers, such as suppliers.

Accordingly, close co-operation should be pursued and open communication maintained.

Supplier management within the IT organization has the following objective:

Regularly observing the procurement market and monitoring trends and innovations

Selecting suppliers, taking into account the strategic significance for the company's business

processes

Negotiating contracts and agreeing on a fixed scope of services with the suppliers

Ensuring and continuously increasing the quality of the purchased service

Managing relationships with suppliers

Documenting all suppliers, contracts and relationships

In many cases, the tasks are also divided up

between the purchasing department as such and

the IT organization. In doing so, IT co-ordinates

all technical aspects in the cycle, while

purchasing handles structuring the contracts and

pricing.

The greater a supplier's strategic significance for

the company, the more long-term the business

relationships should be. The significance can be

defined based on two variables:

Value contribution and importance

Risk and influence

In most cases, a long-term, close-knit co-operation pays off. For example, blanket purchase

agreements often allow more favourable terms and conditions when buying components (e.g. for

the expected quantity of desktop computers in one year, while also allowing optimisations and

relieving workload in the procurement process. Over the medium term, consistent standardisation

can achieve additional effects of scale.

Diagram 11 - Classifying suppliers


34

Is IT procurement not a relevant topic to companies that have outsourced all services? Even when

full outsourcing is used, it is important for there to be a responsible contact person in the company;

here, too, the customer–supplier relationship has to be maintained, quality monitored and the

market observed regularly.

3.2.3 Security and environment

"Sony says sorry - the Playstation manufacturer has apologised for the massive data theft in its

networks and promised free games as compensation and better security measures. (…)―. These or

similar words were used by many daily newspapers to relate the story in spring 2011. Criminality in

the IT environment is nothing new. As a small company, one could surely ask: who could profit

from my data anyway? However, the topic of IT security is more varied than one might think, and

certainly also relevant for smaller companies:

First names, car marques, birthdays or the favourite football club—many people use easy-to-

remember terms to recall a password. Is a corresponding guideline in place in the company?

Is the company's administrator password securely stored with the administrator's supervisor in

case the admin is absent?

Are virus scanners installed and are they updated on a regular basis?

Are hard drives securely deleted (wiped) before being disposed of?

Are important servers stored where they are safe from water or heat damage?

What happens to e-mails when an employee is on vacation?

Who is permitted to use his or her personal mobile phone in the company?

Numerous statistics prove that approximately half of security-related incidents are triggered not by

external parties, but by the company's own employees. In almost all cases, this is accidental,

usually out of ignorance, a lack of training or carelessness. Accordingly, SMEs should also analyse

the possible hazards and take countermeasures.

In doing so, all possible risks should be taken into account:

Protecting the information from unauthorised access and malware (e.g. viruses, hacker

attacks, espionage)

Provisioning the information to authorised persons (Access Management)

Securing the infrastructure against influences from the area surrounding the IT (e.g.

overvoltage in the power supply network or power failure, flood, heat or even fire)


35

The measures taken (e.g. providing a firewall, using a climate control system) are to be considered

preventive. The measures taken should be in proportion to the possible harm. Operating a server in

the supply closet next to chemicals and moist rags is surely negligent. However, an autonomous,

earthquake-proof data centre is surely also not the right choice for a small company. One hundred

percent protection is possible in rare cases only or associated with high costs that are justified in

only a few application areas. However, the possible risks should be specified accordingly and the

measures planned in case the risks do occur. This is done in what is known as an IT recovery plan

for various scenarios. The objective is to restore normal operation of the disrupted service(s) as

quickly as possible. If, for example, the servers have to be shut down during a long-term power

failure, the recovery plan should describe the systematic procedure at the start so that all

dependencies between the systems are taken into account and no further delay or even damage

occurs.

3.3 Monitoring, improvement & change

3.3.1 Control and audit

Every ITSM guideline needs a section that describes the rules and mechanisms responsible for

monitoring and controlling all IT-related tasks and activities. Auditing and controlling information

systems are part of the internal auditing and controlling functions of organisations.


36

The Institute of Internal Auditors (IIA) has defined Internal auditing asvii

: an independent objective

assurance and consulting activity designed to add value and improve an organization's operations.

It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to

evaluate and improve the effectiveness of risk management, control, and governance processes.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has defined

Internal control as:viii

: broadly defined as a process, effected by an entity's board of directors,

management and other personnel, designed to provide reasonable assurance regarding the

achievement of objectives in the following categories: (1) Effectiveness and efficiency of

operations; (2) Reliability of financial reporting (3) Compliance with applicable laws and

regulations."

Audit and control are closely related to each other and are frequently mentioned and described

together. Both processes are intended to provide assurance with regard to the achievement of

business objectives. However, there is a clear distinction between the terms:

Control takes place via self-assessment, i.e. it is carried out by the employees who are

responsible for certain tasks. In the IT area, for example, this can pertain to the system

administrator, who checks systematically to ensure that the tasks he or she carries out are

fulfilled properly.

In contrast, an audit must be carried out by an independent entity (i.e., without the

involvement of the entity that reports to the manager, who is responsible for an audited unit)

and is concentrated on the effectiveness of control mechanisms. An audit is intended to verify

that the control system is efficient. This, in turn, is expressed in its potential to discover errors

and irregularities that get in the way of attaining business objectives.

Control activities play the most important role in the case of SMEs, which is due to the structure of

the process participants and the corporate structure (see below). For this reason, the name of this

section (3.3.1) has been changed to "Audit and control" instead of "Control and audit," which is

used most frequently in the literature.

Generally speaking, all audit and control activities are concerned with systematically monitoring

multiple defined control objectives. This process determines whether these are met and estimates

the extent to which they are met.

With regard to audit and control of information systems, numerous guidelines and standards are

available. However, there is one generally acknowledged standard that describes how an IT-

related audit and control function is to be run within the company. This standard is COBIT: Control

Objectives for Information and Related Technologyix. There is also a limited version of this standard

called "COBIT Quickstart,"x which has been designed specially for SMEs and is customised to their

special features. These standards can be used as reference models if concrete audit and control

processes are implemented in a company.


37

Large companies have their own well-organised audit departments with corresponding processes,

while SMEs do not approach this subject in such an organised and systematic manner. This is due

to the fact that SMEs are structurally much smaller than large companies and usually do not

formulate long-term strategies.

Which level is appropriate for audit and control in an average SME? This question has to be

answered in detail by the management of the respective company. However, we can narrow it

down to four specific processes:

1. Providing IT governance

2. Monitoring and evaluating the IT service

3. Ensuring compliance with external requirements

4. Monitoring and evaluating the internal control

Processes 1-3 are solely control processes, as they are carried out in their entirety by employees

who are entrusted with the daily tasks in the areas of the company's business processes and

corporate IT. Process 4, on the other hand, is an audit process and should be carried out by an

external company.

Generally speaking, each process of an audit and control function is to be carried out in the

following steps:

1. Defining the suitable management processes

2. Reviewing the maturity level of the process

3. Defining the responsibilities in the company

4. Defining the most important measures (metrics) used for process monitoring

When it comes to defining management processes, a company has to set up and elaborate certain

patterns for desired procedures that fulfil the ITSM specifications identified when formulating

business and IT strategies. The desired procedures could, for example, include the following: (1)

Setting up regular reporting about the IT activities for review by corporate management; (2)

Defining a method for discussing the limited quantity of relevant and measurable results and

operating figures for IT that are monitored continuously; (3) Making a review of the method with

which other companies in the industry approach IT topics and important IT decisions or (4)

Identifying the requirements that result with regard to compliance with external regulations. All

management practices are process-dependent. Therefore, they have to be set up separately for

each individual process. With regard to the SME, the number of management practices should be

limited to a reasonable figure of no more than 3 per process.

The maturity level of a certain process can be reviewed by comparing the current and desired state

of the specific process within the company with the objective of the company and the average

value in the industry. This can be done by carrying out the following steps:

1. Defining the current position of the process within the company.


38

2. Defining the desired position of the process within the company. To carry out this step, an

average position in the industry can be used as reference.

3. Determining the gap between the current and desired position.

4. Defining the change process for getting from the current to the desired position.

5. Defining the integrated implementation program for governance.

The tool for carrying out this task is the maturity model. This concept is taken over from the CMMI

(Capability Maturity Model Integration) method, which is defined by the SEI (Software Engineering

Institute). It consists of 5 levels:xi

1. Initial – the process arises from the situation and is chaotic.

2. Managed – the process is planned and executed in accordance with corporate guidelines.

3. Defined – the process is described and understood well and characterised with respect to

standards, procedures, tools and methods.

4. Quantitatively managed – performance and quality of the process are managed by

quantitative objectives.

5. Optimising – the process is continuously improved using quantitative insights into the

respective business requirements and performance requirements.

The concrete ITSM standards can contain modified versions of the maturity model. Though the

change can involve a different designation and number of levels, the basic philosophy remains the

same: The workflow goes from the lowest to the highest level, were the maturity of the model

increases with each level.

Each process is carried out by persons. Therefore, a company has to define the responsibilities of

the individual roles and verify each management procedure with the suitable corporate role and the

type of responsibility. In the ITSM, this is also called the RASCI (or RACI) diagram:

Responsible – responsible for the actual implementation. Is interpreted as responsibility in the

disciplinary sense.

Accountable (cost responsibility), responsible in the sense of "approve," "authorise" or "sign." The

person with responsibility in the legal or commercial sense of the word.

Supportive . The person can play a supporting role or make operating resources available.

Consulted – specialised responsibility. A person whose advice is solicited. Is also interpreted as

responsibility from a specialised point of view.

Informed – right of information. A person who receives information about the course/the result of

the activity or as the right to obtain information.

In the case of SMEs, the corporate roles can include business owner, managing director, IT

manager, various department heads, head of accounting etc. These roles must be assigned


39

carefully and adapted to the corporate framework and scope of activities. Using the example of the

auto repair shop, a RASCI matrix could be set up like this:

Figure 12 - Example of a RASCI matrix

Each ITSM method is constructed properly when its effectiveness and efficiency are measured.

Generally speaking, effectiveness pertains to "carrying out the correct actions," while efficiency is

"carrying out the actions correctly." There are two types of metrics with which the above goals can

be measured. From the total number of metrics available, the most important ones are selected

and defined as the primary metric. They are used for reporting and are intended to ensure

efficiency, effectiveness and profitability. These are defined in ITIL as Key Goal Indicators (KGIs)

for measuring effectiveness and Key Performance Indicators (KPIs) for measuring efficiency;

COBIT uses Lag Indicator and Lead Indicator, respectively, as synonyms for these terms.

Key Goal Indicator (KGI) or Lag Indicator

Metrics that show management whether an IT process has fulfilled business requirements. The

number of incidents could be one example of a KGI.

Key Performance Indicator or Lead Indicator

Metrics that determine the performance level of IT processes in terms of supporting target

achievement. They are early indicators of whether or not a target is likely to be attained. Examples

of KPIs include response time or the first-call resolution rate of incidents.

As mentioned previously in this chapter, COBIT Quickstart is a practically oriented

recommendation that can be used as a reference model for setting up control and audit procedures

within SMEs. This recommendation can and should be adapted to the specific features and

structure of the company. The adaptation can, for example, take the form or reducing the number

of corporate units in the RASCI diagram, reducing or expanding the levels for the process maturity

or any other changes. A detailed description is provided in the current COBIT Quickstart from the

IT Governance Institute.


40

3.3.2 Compliance

In industry jargon, the term compliance is used to refer to fulfilment of national, European and

international laws and directives (e.g. German Federal Data Protection Act, Basel II, Sarbanes-

Oxley Act), as well as voluntary codes of conduct in the company. Compliance also includes a few

IT-related regulations such as security (protection of personal data), health, ergonomics,

confidentiality, legal and regulatory requirements, intellectual property, arrangements for e-

Commerce, insurance contracts and a few industry-specific regulations and procedures such as

the obligation to store recordings for tachographs.

The objective of IT compliance is comprehensive and consistent observance of compliance

requirements. In addition to safeguarding against legal consequences, this provides benefits for the

valuation of the company as well as higher IT security. The core task lies in documenting and

making corresponding adaptations to IT resources when rules and regulations change. In addition,

potential problems or hazards could be evaluated regularly (refer also to Chapter 3.2.3)

All areas of compliance have to be examined with the greatest possible care, as the number of

these regulations increases continuously. In the event of violations of these rules and regulations,

in some countries, executives and board members can be made liable for adherence to the legal

regulations. Failure to comply with these regulations can incur civil and criminal penalties. For

example, the German Federal Data Protection Act (BDSG) provides for violations to be punished

by imprisonment of up to 2 years or fines. Basel II has prescribed extensive verification measures

for financial institutions. As a result, all companies have had to take action to implement IT

compliance, if they had not done so already.

For additional detailed information and examples of processes related to compliance, refer to

current COBIT publications.

3.3.3 Managing changes

Have you ever installed a software update, only to find that nothing works afterwards? If the effects

are limited to your own workstation, it may not be so bad. However, if we imagine the

consequences when updating all of a company's computers, an administrator will quickly learn not

to be careless and check everything twice in future. Change management, which is often

considered too bureaucratic, can be a useful tool for preventing disruptions. It offers interfaces to

other processes, specifically the continuous improvement process or problem management. For

example, within problem management, potential problems are identified, analysed and a solution

defined. If the solution necessitates a change of the current situation, the needed changes are

handed over to the change process via a change request. This defines a structured procedure in

which an element (e.g. workstation computer, server hardware, but also services or processes) are


41

to be brought from a current state into a desired future state by modifying, adding or removing. The

objective of change management is to facilitate a worthwhile change with minimal interruption of

the IT service.

Change

The word "change" refers to any and all modifications to the existing IT landscape. For example,

identifying a problem (e.g. the spreadsheet software always crashes when the e-mail client is open

at the same time) can cause a change when a solution has been found. The answer to the problem

mentioned here could be increasing the memory in the computers. This is also referred to as a

change.

In addition to the "hard" changes such as the technological changes described above, there are the

"soft" or organizational changes. The massive involvement of the human factor means that a

special procedure has to be followed here; accordingly, a separate chapter (Chapter 5) is

dedicated to this complex topic.

Changes to the information technology of today are, in many cases, a similarly complex task due to

the highly dynamic nature and number of the various elements and their dependencies on each

other. These changes can have multi-layered and far-reaching consequences. For example, if a

new operating system is introduced, after which the printers used and the business management

application systems are not compatible, the consequences can be very far-reaching indeed.

Accordingly, the foremost objective of change management is minimizing risk. By making changes

in a controlled manner, one can also monitor the potential risks that changes incur.

The following can indicate room for improvement in a company's own change management:

Frequent unplanned service outages

A low success rate when carrying out changes

A high rate of emergency changes or unauthorised changes

If these reasons apply, it is worthwhile to think about this topic. However, in addition to minimising

risk, professional change management can provide additional added value for IT and customers:

Highly qualified processing of changes as well as better planning of times, quality and costs

Cost reduction over the medium term provided by standardised procedures

Increase of productive service time by reducing service downtimes

Combined view of business and IT aspects of a change for identifying areas with room for

improvement


42

To attain a certain level of transparency, a reasonable data platform for making decisions and,

finally, documentation, desired changes are compiled in a Request for Change. For this reason, a

very practical way to enter a request of this nature is in a ticket via the service desk or as a

document template that has to be filled in. However, it is important to define which form is used for

which change type and to ensure that the corresponding variants are available if necessary. In

practice, the changes seem to fall into three categories:

Standard changes

Changes for which a standardised procedure has already been defined in advance and that usually

have only minor effects. Due to their general planning, they do not require a release procedure.

Examples of a change of this nature include setting up a new e-mail account, resetting a password

or setting up a regular workstation.

Normal changes

Changes that are relatively time-uncritical and cannot be treated as a standard change. An

example of such a change could be installing a patch in the ERP system.

Emergency changes

In the event of an incident, it may be necessary to make quick changes. In this case, the normal

procedure is too slow and complex. Accordingly, in this case, changes can be made according to

defined requirements, but much more quickly. This makes a difference, for example, when a

hardware failure has an impact on the services.

Finally, we have to clarify the activities of change management. As usual in the IT Service

Management, this has been defined as a process. The following illustration shows the process.

First, let's explain the two roles of change manager and authority: As the name implies, the change

manager role is in charge of administration for the change. It can be filled by multiple persons. In

many cases, the service desk employee is also responsible for the initial steps of change

management. The person(s) filling the role can be defined according to the needs of the company.

The role of authority is frequently filled by what is called a Change Advisory Board. It consists of

representatives of all IT areas, the business areas and any possible third parties (e.g. external

suppliers). In smaller companies, however, the Change Advisory Board can also be replaced by a

regular team meeting.


43

Figure 13 - Change process based on ITIL


44

1. Creating the change request

The change is always requested by the request of an initiator (e.g. employee, organisational unit

and employee of the service desk) with a change request. A change request can be recorded and

documented in different ways (such as paper, e-mail, online form). The degree of detail depends

on the scope and effects of the change. The ideal scenario is to use an integrated service

management tool that documents all data and can map all dependencies (e.g. to configuration

items). Based on the change request, a change record is created that documents all activities.

2. Verifying the change request

In the initial verification, the change request is checked by the change manager to ensure that it

makes sense and is categorised correctly. For example, standard changes are forwarded directly

for processing. On the other hand, enquiries that are not practical, filled in incompletely or have

already been evaluated are filtered out and the initiator is subsequently notified of the rejection of

the application along with a reason. In this process, the person submitting the application should be

given the right to object.

3. Evaluating the change

To make a decision about a change, the following parameters have to be entered. ITIL designates

these parameters as the "seven R‗s of change management."

1. Who RAISED the change?

2. What is the REASON for the change?

3. What is the required RETURN?

4. What are the RISKS?

5. What RESOURCES are required?

6. Who is RESPONSIBLE for required activities like implementation and test?

7. What is the RELATIONSHIP between this change and other changes?

The information determined can be used to determine the correct level of authorization, to identify

the areas of interest ("Who is affected?") or to define the business case, effects, costs, benefits and

risks.

4. Authorising the change

Authorization ensures that all those affected by the change have been notified of it and dealt with it.

The transparency this creates reduces the risks and allows the effects to be checked. Depending

on the type, scope and risk of the change, different stages of authorisation may be most useful. For

example, replacing a tape drive, which has very minor effects, will be discussed and coordinated

only within the IT department. Release changes of the ERP system will surely also be discussed all


45

the way up to the management level of the company. Depending on the decision made by the

committee, the result is communicated to all those involved, particularly the person applying for the

change.

5. Planning the change

When changing the software, it often makes sense to combine all changes into what are known as

releases and then to make them available in a single step. Here, the advantages (e.g. improved

planning, better implementation rate) are examined compared to the disadvantages (e.g. time

delay). In addition, the actual implementation should be planned and co-ordinated. This must take

into account that active services are affected as little as possible. The result of this is to be clearly

defined work packages.

6. Implementing the change

The authorised changes are forwarded (formally) as work packages to the corresponding

employees or teams. These carry out the actual implementation. However, change management is

responsible for co-ordinating the activities and their on-time completion.

7. Checking and closing out the change

In a last step, the change is again reviewed and closed out. This happens with the following

activities:

Compiling the documentation for the change

Reviewing the change and its documentation

Closing out the change document (after completing all activities)

Reporting the close-out to all participants and presenting it for acceptance

If referenced faults or problems exist, these can likewise be reviewed and closed out

If a change is very time-critical (e.g. failure of a server), we refer to it as an emergency change. In

this case, we should follow a similar procedure, but individual steps can be shortened. For

example, the evaluation and planning phases are greatly shortened and his comprehensive

documentation. In this case, the authorization also takes place by the relevant participants who are

available at the time (this is also called an Emergency Change Advisory Board (CAB)). Tests are

reduced or, in an extreme case, are omitted entirely. As a rule, the emergency change takes place

retroactively. This is intended to ensure that the change follows a reasonable workflow, despite the

time pressure.


46

3.3.4 Continual service improvement

Continual service improvement (CSI) is part of ITSM. In doing so, methods from quality

management are used to learn from past successes and failures and, in this way, develop solutions

that continually improve the effectiveness and efficiency of IT services and processes. CSI has to

prove its value to the company in order to justify its continued existence. A clearly defined purpose

with clear and unambiguous benefits that impact the entire company must be present. CSI, as

defined by ITIL, consists of four process:

Service Evaluation – Process Objective: To evaluate service quality on a regular basis. This

includes identifying areas where the targeted service levels are not reached, and holding

regular talks with business to make sure that the agreed service levels are still in line with

business needs.

Process Evaluation − Process Objective: To evaluate processes on a regular basis. This

includes identifying areas where the targeted process metrics are not reached, and holding

regular benchmarkings, audits, maturity assessments and reviews.

Definition of CSI Initiatives − Process Objective: To define specific initiatives aimed at

improving services and processes, based on the results of service and process evaluation.

Process Objective: To verify if improvement initiatives are proceeding according to plan, and

to introduce corrective measures where necessary.

CSI monitoring − Process Objective: To verify if improvement initiatives are proceeding

according to plan. In addition, correction measures are carried out.

The CSI process requires three actors. The first actor, the CSI manager, is responsible for

managing the improvements to ITSM processes and IT services. The CSI manager measures the

service provider's performance continually and designs improvements to changes, services and

infrastructure in order to increase efficiency, effectiveness and profitability. The second actor, the

process manager, is responsible for planning and co-ordinating all process management activities.

He or she supports all actors involved in managing and improving processes, which also includes

the process owners. This role also co-ordinates all changes to processes, thus ensuring that all

processes work together seamlessly. The third actor, the process owner, is responsible for

ensuring that a process is suitable for its purpose. The responsibilities of the role include

supporting, designing and continually improving the process and its metrics.

Companies that want to improve services have to be clear about the effect of trends in the

business and market area on the IT area. To justify any and all improvements, the company should

compare costs and earnings (or savings). The difficulty lies in the fact that though the costs can be

measured relatively easily, it is more difficult to express in figures the increase in earnings as a

direct result of the Service Improvement Plan (SIP). The SIP is a formal plan for implementing


47

improvements to services and IT processes. The SIP is used to manage and log improvement

initiatives triggered by CSI. Improvement initiatives are either of the following:

Internal initiatives tracked by the service provider, for example for improving processes or to

better utilise resources

Initiatives required for working together with the customer, for example improving services

The following information are typically included in the SIP for each defined initiative for process or

service improvement:

1. Affected process or service

2. Person responsible for the process (process owner) or service (service owner)

3. Initiative owner (person responsible for the initiative, frequently roles in service

management such as Service Level Manager, capacity manager, availability manager,

process owner, service owner)

4. Approval by upper management

5. Description of the initiative

6. Source of the measure (e.g. service review, process audit)

7. Business scenario (expected result of the initiative, cost estimate, specific desired result of

the initiative, e.g. a certain cost reduction when provisioning a service)

8. Schedule and status of the implementation (target date, current status)

CSI is a part of every successful service management implementation. CSI ensures that the IT

services grow along with the business and adapt to it, and enables continuous improvement of

service stability, performance and functionality. CSI projects can be implemented in many different

forms: simplified request of services by customers, fewer required documents and shorter wait

times for service enquiries, creating an outstanding service catalogue by means of better

understanding etc.

The purpose of CSI is to continually align the IT services with changing business requirements. For

this purpose, improvements to IT services that support business processes are identified and

implemented. The objectives of CSI are the following:

Reviewing, analysing and drafting suggestions for the service strategy, concept, transition and

procedures

Reviewing and analysing the results when the service level is attained

Identifying and implementing individual activities to improve the IT service quality

Improving profitability when providing IT services without negative effects on customer

satisfaction

Ensuring that suitable methods of quality management can be used to support continuous

improvement activities


48

Figure 14 - CSI model based on ITIL

According to the CSI model (Figure 14), the process for improving services is a constant cycle that

consists of the following steps.

Understanding the business mission, objective and requirements in order to create a vision for

improvements based on this vision (What is the vision?)

Reviewing the current situation in terms of business, company, employees, processes and

technology in order to obtain an accurate snapshot of the current state of the company

(Where are we now?)

Understanding priorities for improvements and making corresponding agreements based on a

development of the principles from the vision (Where do we want to be?)

Drawing up a detailed CSI plan for attaining a higher level of quality of the provided services

by implementing ITSM process (How do we get there?)

Reviewing measurements and metrics if they ensure that the milestones are reached, the

compliance of the processes is high and business objectives and priorities are attained by the

service level (Did we get there?)


49

3.3.5 IT project management

A project is a limited-time initiative for developing a specific product or a certain service, such as a

building or a new computer system. Each product extends from the start to close-out and can take

days, weeks, months or even years. For Charly's company, introducing an online store would be a

project, but running the online store is part of everyday business operations.

Project

A project has limited time and monetary resources and is undertaken to create a one-of-a-kind

product, service or result. It has clear goals, requirements and quality specifications. A project can

also take on the form of a temporary organisation.

Project management is described as a series of principles, practical workflows and techniques that

are used to check the project schedule as well as costs and performance. It consists of a series of

tasks with which a project is run from beginning to end in order to attain the goals determined

earlier. Relative to this definition, IT project management can be understood as a sub-area in which

information technology projects are planned, monitored and controlled. In this regard, it is important

to pay due attention to the broad spectrum of tasks. The new areas of knowledge of the PMBOK

(Figure 15) provide an insight into the various subject areas that are to be considered within project

management.

Figure 15 - Areas of knowledge of project management according to the PMBOK

Regardless of type, all projects are carried out and implemented within the framework of certain

constraints. The three constraints of time, costs and scope are frequently referred to as the

"magical" Project Management Triangle. The time

constraint refers to the time available for

completing a project. The cost constraint

describes the budget available for a project. The

last constraint, cost, specifies which activities

have to be carried out to reach a goal. For a

Figure 16 - Project Management Triangle


50

project to be successful, these three constraints have to be in balance.

Various approaches can be taken into account in project management. Two important ways of

looking at it are:

Traditional approach: Identifying a sequence of steps that have to be carried out

Agile approach: The project as a series of relatively small tasks (not a complete process).

Traditional project management requires highly disciplined planning and control methods. In this

approach, we can distinguish between five phases in the development of a project. Each phase

contains processes with which the project is advanced from idea to implementation. The individual

phases include:

1. Project initiation phase

2. Project planning and design phase

3. Project execution and implementation phase

4. Project monitoring and control systems

5. Project completion

The traditional approach assumes that it is possible to foresee the effects of certain results on the

project. For this reason, all tasks have to be carried out one after the other, in the correct

sequence.

In contrast to the traditional approach, agile project management is based on the principle that

interaction between the individuals should be in the centre of the management. The project is

viewed as a series of relatively small tasks that have to be adapted according to the respective

situation and not designed and implemented as part of a process planned entirely in advance.

A number of project management methods are used to formally define how the project is managed.

For example, the following sections explain Project Management Body of Knowledge (PMBOK),

Projects in Controlled Environments (PRINCE) or SCRUM as an agile method for software or

product development. The objective of each of the three techniques is to standardise the workflows

of the development team in order to make it more predictable and manageable.

Project Management Body of Knowledge (PMBOK)

PMBOK is a guide for project management that compiles standard technology (IEEE, ANSI) that

provides the basics of project management and their application to a wide variety of projects. The

first version of the PMBOK guideline was published by the Project Management Institute in 1987. It

is concerned with applying knowledge, skills, tools and techniques to fulfil project requirements. A


51

project is implemented by integrating the project management processes. A project team is active

in nine areas of knowledge: Integration, scope, time, costs, quality, human resources,

communication, risks, procurement. These define a series of basic processes and describe them in

terms of input, tools, techniques and output. The project manager is responsible for the project

goals for creating the defined end product. In this regard, the constraints of project scope, time,

costs and the required quality have to be observed.

Project in Controlled Environments (PRINCE2)

PRINCE2 is a product-based approach for project management developed by the UK government

and used internationally, especially in IT environments. As a scalable method for managing IT and

other business projects, PRINCE2 defines forty different activities and structures these into seven

processes: (1) Starting up a project, (2) Initiating a project, (3) Directing a project, (4) Controlling a

stage, (5) Managing stage boundaries, (6) Managing product delivery and (7) Closing a project.

The method specifies each process with central inputs and outputs as well as certain objectives

and activities that have to be carried out. This enables automatic control of any and all deviations

from the plan. The method is broken down into manageable phases and enables efficient control of

resources. Based on close monitoring the project can be executed in a controlled and organised

manner. PRINCE2 is a flexible method and can be used on all types of projects.

SCRUM

In today's global economy, software developers are under pressure to deliver the right products

faster. As a framework concept for executing projects based on the principles and values of agile

project management, SCRUM can be used for managing and controlling complex software product

developments with repetitive, incremental procedures. It is necessary to take into account that this

method was originally planned for projects in the software development area, but can be used for

both simple and complex innovation projects.

As with the other methods derived from the agile method, SCRUM does not attempt to define

everything at the beginning of a project. Rather, SCRUM uses an empirical approach in which the

entire project is split up to sprints, i.e. time increments of typically two to four weeks. At the end of

each sprints, the team members hold meetings to discuss the progress of a project and discuss the

next steps.

IT-Service-Management ITSM Implementation in SMEs

52

4 ITSM Implementation in SMEs

IT Service Management can be introduced in companies in different ways. Depending on the

maturity level and experience in the company, different processes can take priority. In addition to

incident and problem management, change management is frequently the first step of an ITSM

implementation. The change management scheme should be developed at the earliest possible

stage, as it is the core of continuous service improvement.

ITSM implementation is not only a technical, but primarily an organizational change process.

People in organisations have to change their behaviour. However, resistance to change is a trait

many people share. However, it is people who decide whether or not ITSM introductions are

successful. A few ITSM projects are specifically devoted to the capacity for change and willingness

to change of IT or service desk employees and pose these questions:

Can the employees who have worked according to the same pattern for years internalise the

philosophy of ITSM in a short time and change their work processes?

Do the employees have the capabilities required to bring a service organisation to life?

Are the expectations with regard to the time and personnel outlay required for implementing

ITSM even realistic?

In practice, the greatest obstacle for IT Service Management is personnel-related, cultural and

organisational resistance to change. Change management measures should be planned at an

early stage during ITSM implementation. The aspects and methods of change management in

ITSM projects are described in detail in Chapter 5.

Real-world business experiences show that it is usually impossible to implement five to ten ITSM

processes in six months. The primary success factor is when the ITSM philosophy is conveyed

successfully and a corporate culture exists that is open to the change and promotes effective

introduction of ITSM. Many companies that claim not to have IT Service Management have already

dealt with the issue of disruptions in the operating workflow and frequently used existing

standardised procedures. These companies have then adapted IT Infrastructure Library (ITIL), for

example, to suit their needs ideally, but without understanding the philosophy. Therefore, they have

put the second step before the first. In other words: they have put up the walls without laying the

foundation. This chapter is intended to prevent exactly that. An example of a blueprint is provided

to introduce IT Service Management in the company. Each company and each IT department have

their unique characteristics. Therefore, this plan serves only as a rough guide that can be adapted

to the company's own needs and circumstances and has to be elaborated in detail. The following

information is focused on the essential steps of the ITSM implementation project that small and

medium-sized companies typically have to go through.


53

Based on the diverse requirements of the different types of companies, the following pages will

present a draft for a modular plan. It takes into account two concepts: Modularisation and

prioritisation.

Modularisation

In Chapter 3, we presented the INNOTRAIN IT method, and already made use of the

concept of modularisation there. Individual processes and functions have been compiled into

modules and can be but together like building blocks according to specific needs. This

principle is carried over into the introduction. In doing so, modules can be implemented in the

manner deemed most suitable.

Prioritisation

By prioritising the modules mentioned above and taking into account certain dependencies

between the modules, an individual flow chart for the company can be derived.

The following Figure 17 shows the implementation of these concepts. As mentioned earlier, the

modularisation has already been explained in Chapter 3; therefore, this aspect of the graphic is

also identical. The prioritisation is highly pragmatic and, in this case, contains only the distinction

between mandatory (shown in dark shades) and optional modules (shown in light shades). We

assume that individual companies have carried out a complete outsourcing of their IT. However,

implementing the mandatory modules is useful even in these cases.

Figure 17 - Overview and classification of the ITSM modules


54

The mandatory modules provide the basis for successful use of ITSM. The optional modules

supplement them. To utilise all the added value that can be provided by using ITSM, all modules

should be introduced. The selection of modules depends to a great extent on the company and its

facets, the strategy and requirements.

The following graphic shows an example of a blueprint shown as a introductory path. As mentioned

earlier, the defined steps reflect all basic modules. These have been arranged into a sequence

according to their dependencies and are expanded by adding relevant activities.

The subsequent paragraphs explain all five steps of the introduction process in detail:

1. Preparation, vision, evaluation and planning

2. Defining the strategy

3. Implementing the basic modules

4. Implementing the advanced modules

5. Optimising the implementation


55

Figure 18 - Relationship between project phases and the INNOTRAIN IT five-step implementation model


56

4.1 Step I – Preparation, vision, evaluation and planning

When introducing IT Service Management, the IT organisation faces the challenge of developing

and offering IT services for supporting the business processes. In many cases, this change

succeeds only after a delay, as the mission and philosophy of the IT organisation have to change

first. Just as the entire business has to face the changes, the IT organisation also has to undergo a

fundamental change from a technology provider to a service organisation. This new role evaluation

helps the IT organization to define and implement its new function as a supplier of IT services,

while also increasing is effectiveness.

At the beginning of an ITSM implementation, the benefits and necessity of IT Service Management

should be identified and discussed with corporate managers and executives. Management has to

be shown that the ITSM implementation is a change program and not just a technical solution or

technical project.

To identify the significance of the ITSM plans for the company and obtain the buy-in of executives,

a workshop should be held for them. This can be organised as part of the initialisation phase of an

ITSM change programme.

4.1.1 Vision

Defining a vision for the project is an important step towards implementing IT Service Management

successfully. The vision sets the direction for the project stakeholders and gives them orientation. It

helps to place a shared goal before the various groups of stakeholders. Implementing IT Service

Management requires vision, goals and resources. Moreover, the vision has to take into account

people, processes, cultures and technologies for all areas involved. The vision serves the following

purposes:

Giving everyone a clear idea of where the plan is headed

Motivating employees so that they act in the direction that has been agreed

Co-ordinating all activities of the participating persons

Bringing into agreement different perspectives in the company, such as between executive

management, the IT department, specialised departments and the employees

The vision is the central starting point for turning an ITSM plan into reality. In doing so, an important

element is exchanging and communicating with all IT stakeholders in the company, meaning all

those who are participate directly in the project or are affected by it. Typically, their interest

depends on the extent to which they are affected. The urgency of the plan (What happens if we do

nothing?) and the vision are the basis for communicating with IT stakeholders. This information is

intended to provide motivation, inspiration and support for implementation. In addition, it is


57

important to live out the philosophy of IT Service Management. Objections have to be discussed,

priorities agreed and decisions made jointly.

4.1.2 Preparation

Nowadays frequently referred to as the "enabler" of the company, IT is dependent on customers'

processes in a wide variety of forms. For this reason, after the project is approved by top

management, it is important to measure and analyse the environmental variables of IT. In many

cases, a corporate strategy is defined and processes are documented. If this is not the case, these

preparatory measures ought to be carried out. After going through the steps, an IT strategy, exact

requirements and required services are to be derived. The two relevant measures here are:

Defining and documenting the corporate strategy

Documenting the relevant business processes with the methods of business process

management

4.1.3 Evaluation

Measurements are indispensable for good management and the implementation of ITSM. Every

improvement programme with the objective of optimising IT services must have the current status

as a reference value. This is also an important starting point for attaining a quality standard and

meeting governance or compliance requirements.

A needs-based analysis of the existing IT processes and IT services is the basis for a successful

ITSM change project. For this purpose, there are various assessment forms for measuring

variables such as process maturity. In this process, it is important to keep an overall image in mind

so that employees, technology, processes and structures are matched to each other. From the

individual processes via the maturity level of an IT organization to the tools used, an inventory

should be carried out, recommendations and risk assessments carried out and the results

presented as part of a management workshop.

With the help of an IT Governance Maturity Assessment, the processes, control mechanisms and

responsibilities of an IT organization can be analysed, for example based on COBIT. Today,

statutory regulations such as the Sarbanes-Oxley Act, the Corporate Governance Codex or Basel II

require, from a business management and technical standpoint, corresponding accountability

reports for the efficiency and effectiveness of management and control of IT processes. The

objective is to create transparency in IT Service Management and reduce operational risks

significantly.


58

The full benefits of ITSM processes in fulfilling business requirements while simultaneously

maintaining the Service Level Agreement that has been reached are obtained only with co-

ordinated interaction of people, processes, structures and technology. In doing so, ITSM tools can

ensure efficient control of flows of information between the IT processes and provide the basis for

an ongoing identification of optimisation potential. It is necessary to check whether the ITSM tools

will meet present and future requirements and whether they provide optimum support to the IT

processes.

Optimising an IT service organisation involves not only technical matters, but also soft factors.

Therefore, the corporate and organisational culture is another important aspect of a successful

business/IT alignment. A service culture analysis that surveys employees about the behaviours

they expect directly or indirectly can be used to identify deficiencies.

4.1.4 Planning

The planning phase is used for concrete development and implementation of an ITSM solution. It is

based on results of the vision and evaluation phase. Typically, a program for implementing or

improving service management consists of multiple projects that are focused on certain processes,

functions or regions of the overall programme. The strategic vision illustrates the desired future

status to be attained. The evaluation allows the organisation to determine where it currently is and

what is required for the progress. The planning phase provides the answer to the question "How do

we reach our goal?".

It is important that there is unanimity about the role and properties of the IT organisation, both in IT

and with executive management. With regard to a uniform understanding of the future role of IT, it

is not only important to understand the ITSM processes; rather, for implementation, it is also

relevant to determine the extent to which the employees have already gathered experiences with

the processes. Therefore, it is necessary to clarify which process activities and the required

capabilities of employees are most urgently necessary in order to fill the required role and thus to

provide the results expected of the implementation.

To justify the introduction of ITSM, the costs have to be compared to the savings and revenue. The

costs can be determined relatively easier, but revenues or savings are often more difficult.

Based on the gap analysis and progress review, a roadmap can be developed to close the

identified gaps. The multi-layered nature of the gaps means that a single measure is usually not

sufficient. Therefore, ideally, a roadmap is developed that matches the processes, technology and

employees to each other optimally. For each programme module, a detailed project plan with

expenses, deliverables and deadlines is required in order to thus create the basis for target-

oriented control of the programme


59

4.2 Step II – Defining the strategy

"The slowest person who never loses sight of his goal is still faster than someone who dashes

about without one." If we apply these words of wisdom from Gotthold Ephraim Lessing to IT, even

smaller organisations will be on the right path as long as they pursue the right goals. Accordingly,

the ITSM introduction also begins by defining the vision, strategy and goals of the IT organisation.

In many cases, people already act strategically without even realising it. In the simplest case, they

take a big sheet of paper, sit down with the colleagues involved, write down the strategy and the

goals derived from it and hang up the strategy paper in a readily visible location. This allows

everyone to align his or her everyday decisions with the strategy. It soon becomes evident that this

pragmatic strategy development is not a science one needs to be afraid of, but rather a tool.

So that all aspects relevant for IT are covered, it is useful to define two parts of the strategy:

Aligning the IT strategy with the corporate strategy

IT must not be an end in itself, but must provide ideal support to business processes. Therefore,

the first part is deriving the IT strategy from the corporate strategy. What has to be done for the

company to be successful and how can IT support the company? This is the central question, and

should be discussed between the responsible persons and the most important groups of

stakeholders. Many IT strategy documents are concerned with how to provide IT services efficiently

and effectively. However, that is only one side of the coin. The actual glue between the specialised

departments and IT lies in answering the following questions:

What are the company's goals?

What are the success factors in the individual specialised department?

How can IT help to influence these success factors and reach the goals that have been set?

Even if, in many cases, the specialised departments do not have a documented strategy and the

question "What makes us successful?" provokes only general answers, the questions listed above

may be helpful in steering the discussion. Providing IT services effectively and efficiently that are

not even needed by the specialised departments is an error that should be avoided. According to

the philosophy: It went very well—but unfortunately towards the wrong goal…

IT strategy for SMEs

The actual IT strategy is an extension of the derived strategy and expands it by adding

technological and organisational aspects. The IT strategy can also define architectural aspects. For

example, consolidating the servers by virtualisation may be one goal of a company's IT strategy.

However, the IT strategy can also include that the company uses open source where possible and

useful, prefers a certain programming language or uses only one hardware manufacturer. In

summary, the IT strategy can address the following topics:

Principles and guidelines of the use of IT


60

Financing model and organisation of IT

Application and system architectures

IT infrastructure as required basis

IT service and performance processes

Internally and externally necessary implementation resources

Risks in the implementation process

For additional information and details on the topic of strategy definition, refer to Chapters 3.1.1 and

3.1.2.

4.3 Step III – Implementing the basic modules

After the future strategies are defined and the IT is aligned accordingly, the actual implementation

can begin. The following process map provides an overview of the required steps within the basic

implementation. For some companies, the conclusion of the process is also the end of the

introduction project. If the advanced modules are not absolutely necessary, at least the

optimisation in Step V should be considered.

4.3.1 Creating an ITSM plan

In close co-ordination with business, key suppliers and managers, an advance plan should be

created that defines tasks, schedules and responsibilities. This provides the basis for a continuous

improvement process and establishes the guideline for a mature ITSM organisation. Continuous

improvement of the ITSM organisation should provide an ideal level of support to the business and

meet the requirements for stability, availability and security at optimal cost. An ITSM plan should be

drafted defining the concrete goals for the coming business year for individual management

activities such as process reviews, customer satisfaction surveys, budget planning or Change

Advisory Boards.


61

4.3.2 Developing an ITSM process design

Ideally, the process design for the ITSM process implementation is drafted in workshops. In

particular, this involves configuring the individual processes and developing a target concept that

serves as input for customising the ITSM tools and

training the involved employees. Here, considering a

company's individual starting position is of special

importance. The objective is to implement ITSM

processes in the organisation. In doing so, one should

concentrate on the essentials, ideally directly and in

everyday practice without generating great additional

expenses.

4.3.3 Providing the relevant tools

At the beginning, Step III includes providing the relevant

tools. A brief requirements analysis pays off at this point,

as following ITIL best practices in a strict manner, for

example, would require a great number of different tools.

The purpose of most of these tools is managing

knowledge. In many cases, the response is: "But our

Administrator already knows all that." What happens if, for

whatever reason, the admin is no longer available? This is

only one of the reasons why basic and thorough

documentation can be of vital importance to an

organisation's survival. However, the principle of

pragmatism applies here also. Therefore, as part of

implementing the basic modules, only a small selection of

available tools is helpful and useful, even for very small companies.

Configuration Management Database

In the ITSM community, the important-sounding term "Configuration Management Database"

(CMDB) can refer to nothing more elaborate than a list of all elements of the IT landscape. The

objective being pursued is a consistent collection of all so-called "Configuration Items" (CI). CIs

include, for example, the servers, printers, and network components, as well as software licenses

and contracts—in short, everything that deserves to be managed. The granularity and types of CIs

can be defined according to one's own needs. The information to be managed also has to be

defined and updated accordingly. Logical additions and links are then added to this list, such as a

change log, a collection of known errors and incident and problem messages. The tool support can

vary greatly: In an extreme case, a CMDB can be either a physical file folder in which all

Figure 19 - Process of implementing the

basic modules


62

configuration items are maintained and updated manually or a tool costing millions of dollars that

requires dedicated administrators to keep it running. Clearly, each company has to find its ideal

middle ground. In doing so, the CMDB should always be structured so that it is complete for the

corresponding services, without being so large as to cause problems for configuration

management. One of the most important foundations for the success of ITSM in an organisation is

a functioning configuration management database that can be used, administered and monitored

efficiently by the employees. Therefore, it should always be co-ordinated, developed and optimised

to match the present needs of IT and business.

Ticket system

As the single point of contact, the service desk plays a central role in communication between

service provider and customer. A ticket system supports this exchange in a wide variety of ways,

including:

Entering various enquiries (incidents, problems, service requests etc.)

Documenting the individual activities in the lifecycle of a system

Distributing the enquiries among employees

Defining and supporting the escalation process of tickets (1st, 2nd, 3rd Level)

Optional communication channels (e.g. Web interface, e-mail)

To be sure, the simplest version is setting up a central e-mail address for all enquires. However,

this is effective only if the IT department consists of just a very few employees. Thus the "e-mail"

version lacks obvious features of a ticket system such as structured entry of the data,

categorisation and prioritisation options, reservation of tickets and reporting functions. Ticket

systems, frequently based on Web technologies, are available in a great number of different

versions, both as a commercial and Open Source solution.

Service catalogue & service portfolio

To "sell" a service, you have to publicise your services. Setting up a structured service portfolio

management system answers questions about service benefits, quality and price structure as well

as about the strengths, weaknesses and risks of the IT services offered. In doing so, service

portfolio management system documents all planned services (in the service pipeline), all currently

offered services and all withdrawn services. The service catalogue is a sub-product of the service

portfolio and contains only the currently offered services. The appearance of the portfolio and the

catalogue can be extremely different, including everything from a simple document that is

forwarded, to databases in the intranet to small online stores in which the customer can "order"

services directly. Here, too, a pragmatic approach that suits the company can be selected.


63

4.3.4 Introducing a central service desk

Introducing a central service desk not only is an easily attained intermediate goal (known as a

"Quick Win"), it also addresses the uncomfortable topic of user support within IT and thus creates

acceptance within the IT department. Thirdly, it provides the basis for many modules that require

the service desk as a central communication unit. In this regard, the service desk does not

necessarily mean more work, but rather a different organisation of the work and a structured

procedure. For example, if we implement a ticket system with Web interface and understandable

categorisation, the customer's enquiry will be routed to the correct employee rather than also

needlessly adding to the workload of employees who are not involved. In addition, the employee

can concentrate on his or her regular activities and work on the service desk in a targeted manner.

However, in this labour-divisional version, it has also proven helpful to define a service desk

manager who takes over responsibility for the entire service desk and can delegate enquiries if

necessary.

The following three steps can be introduced simultaneously. All three steps can be implemented in

various ways in practice:

Iteratively and simultaneously with the regular activities

Broken up into portions

On a one-time basis

4.3.5 IT service portfolio and catalogue

Earlier, we described the "shell" of the service portfolio. Now, we'll bring this shell to life. We enter

the critical information for each service:

All information that the customer needs (prices, conditions, service level agreements etc.)

All information the service provider needs (costs, priorities, risks, business case, terms and

condition for support, escalation mechanisms etc.)

Guidelines, objectives and responsibilities

Then, the service catalogue can be derived by selecting the current services from the service

portfolio and published for the customer. For additional information on this topic, refer to Chapter

3.1.3.


64

4.3.6 Systems and outsourced services

This area means relatively minor changes, as it describes the regular activities of IT. Accordingly,

this module is usually present in this form even before the ITSM introduction. However, the

instructions from Chapter 3.2.1 should be observed.

4.3.7 Documenting the infrastructure

The configuration management database (CMDB) is the vital information source of IT Service

Management. It also requires an initial filling with data via the configuration items. As described

above, this can be carried out iteratively or eruptively (eruptive is preferred). The company can use

inventory tools that scan the network and associated configuration items and obtain a thorough

database automatically.

4.3.8 Continuous improvement

At an early stage, the objective is to define operational objectives and metrics on three levels:

expectations of the business areas for IT, output of the IT processes and performance capacity

within the process flow. The defined metrics should have a good balance between the effort they

require and the amount of information they provide, be comparable internally and externally and

easy to measure. The objective is long-term anchoring of continuous improvement on all levels. In

addition, an IT governance report (or dashboard) with the most important metrics can provide an

overview of the service quality provided, the status of the control measures and thus the respective

current compliance situation. The service, process and activity goals help to identify areas where

there is potential for improvement. Accordingly, the continuous improvement process is one of the

basic modules of the implementation. In the first step, the improvement process does not

necessarily require a complex deployment of tools or employees; rather, the way of thinking has to

be internalised and all modules, processes, functions and tools checked regularly for areas where

they may be room for improvement. For more information, refer to Chapter 0.

4.4 Step IV – Implementing the advanced modules

Experience has shown that only very few companies implement all functions and processes

suggested in the relevant frameworks. Accordingly, after the implementation of the basis in Step IV,

the advanced modules (in Figure 17 green, with a dashed outline) can be implemented. According

to the building block principle, IT departments can equip themselves with modules to fit their own

needs. Therefore, before selecting one or more blocks, the requirements should be analysed. Once

the needs have been identified, the corresponding module can be introduced.


65

4.5 Step V – Optimising the implementation

The modularisation practised as part of the implementation provides many advantages. However, it

also requires regular verification and optimisation: Does the selection and composition of the

modules still meet the requirements of IT? The continuous improvement process (CSI), introduced

in Chapter 3.3.4, is responsible for improving the services and processes. However, it is also useful

to optimise the actual ITSM. Potential for improvement exists, for example, with regard to the

selection of the modules or the tools used.

To implement continuous improvement in a successful and lasting manner, it is important to

understand the various activities that can be applied for this process. The following activities

support the continuous improvement plan:

Reviewing management information and trends to ensure that the output of the ITSM

processes reaches the goals that have been set.

Periodically carrying out internal audits to verify that employees are complying with

processes.

Carrying out periodic customer satisfaction analyses.

Carrying out internal and external service reviews to identify areas where there is room for

improvement.

IT-Service-Management Managing organizational changes

66

5 Managing organizational changes

5.1 Challenges of change management

Today's IT organisations face the challenge of becoming better aligned with business

requirements. This requires a fundamental change in the corporate and IT culture. ITSM and IT

innovations require IT to interact with specialised departments, participants and stakeholders in the

company. In doing so, IT evolves from a purely supportive organisation to a service and innovation

partner that is aligned with business requirements. This is not easy, as it requires real change on

the part of IT: from a reactive provider of systems and applications to a partner for implementing

business strategies and developing innovations.

Increasingly, corporate management expects from IT managers that IT will be used to improve

business processes, cut costs and make work more efficient. In many cases, companies see the

role of IT as providing the innovations which, in coordination with the respective processes, enable

an entirely new level of efficiency for increasing productivity and, ultimately, profitability. The

consequence might even be a change of the business model.

Organisations are always changing. Change is a universal principle and an unavoidable fact of life.

Change management goes beyond pure project management by collecting tasks, measures and

activities intended to provide a comprehensive change with far-reaching content for implementing

new strategies, structures, systems, processes or behaviours in an organisation. Each change

project should initiate typical change phases. As defined by Kurt Lewin, these phases are

unfreezing, changing and refreezing.

1. Unfreezing: Preparations are made for the change. In this phase, plans are

communicated, those affected by the change are brought into the discussion, resources for

help and support are developed and discrepancy experiences are generated in order to

clearly establish the need for the change measures. In general, time is allowed to prepare

for the change.

2. Changing: The change is carried out. The introduction is reinforced by direct intervention

of those responsible and by training, and the process is controlled. The objective is to

involve employees to the greatest extent possible. This should never be done on a merely

"pro forma" basis. If employees do not feel that they are being taken seriously, they will

inwardly withdraw for a long time and not contribute actively to the project.

3. Refreezing: The purpose of the last phase is to change the habits of the group. The new

process must settle in completely. This is ensured by continuing to monitor, even beyond


67

the introductory phase, whether the process works and is being upheld. The stabilising

phase involves fine-tuning and verifying compatibility with the corporate culture and the

support of employees.

For all three phases, this guiding principle applies: It is not IT alone that changes the company and

produces innovations, but ultimately people. People have to be won over. Therefore, when

implementing IT Service Management and introducing IT-based innovations in small and medium-

sized companies, conscious handling of the necessary changes and the reactions of the

employees is important for success. If employees are not prepared for changes correctly and in a

timely manner, there is a possibility of rejection or slow implementation. Conversations about

reservations and fears can provide clarity. Above all, the participants must be aware of the

personal benefits of the change and their own organisation or corporate success. Within the

context of the employee meetings, the managers have primary responsibility, where they fulfil a

wide variety of critical tasks. Successful implementation of the changes depends above all on their

ability.

Managing changes, such as with the introduction of ITSM, has to take numerous aspects into

account: the technological aspect, the aspect of processes, the aspect of organisation and, above

all, the aspect of the corporate culture and the personnel. The balance of these 4 factors is the key

to success. To attain an actual change, the following components of change management are

central:

The first and most basic is the vision or at least a concretely described objective: What do you

want to reach with the introduction of ITSM? What is the reason for introducing ITSM? What

benefits does this provide for the company and employee?

Based on this, a custom-tailored communication strategy that is defined in writing is required.

This is independent of the actual size of the change process.

The capabilities of employees should also be assessed realistically. In many cases, fear of

and resistance to change is based on the feeling of not being able to do what is required.

Wherever possible, each employee should come to the realization that the project is valuable

and effective. Unfortunately, this will not happen with all of them.

Many projects fail due to lack of resources: no time, no money, no support. It is essential to

clarify these in advance and to make them transparent and available.

Each change project should provide incentive to the employees: either via extrinsic motivation

(external incentives such as a bonus) or intrinsic motivation (inner incentives such as greater

responsibility).

The change process should be structured well. If employees perceive a change as chaotic,

they will have little motivation to help make it reality.


68

5.2 Factors of change processes

The best new technology is of no benefit if it is not used. Therefore, ITSM projects must not be

implemented in a solely technology-driven manner. The development of the personnel and the

organisation are of central importance.

Companies are social organisations that pursue a clearly defined purpose, have structures and are

demarcated clearly from their environment. Each technological change necessarily has effects on

structural and personnel resources that have to be adapted in order to handle new technologies

optimally.

Therefore, viewing the introduction of ITSM or an innovation in companies from a technical

standpoint only is short-sighted and will, of necessity, fail in practice. After all, companies are

complex social systems that reflect the "messiness" of life: they bring together people with different

values and standards, individual biographies, a wide variety of interests, and different abilities and

resources. Organisations are the setting for power struggles, secret trickery and games of intrigue

with changing players, strategies, rules and fronts.

Companies are only human—in many cases, to a greater extent than they are aware of or

comfortable with. From this organisational perspective, it is only natural that to be successful, an

ITSM introduction must also have the organisation and people in focus. In this social perspective,

as opposed to the purely technical understanding of organisations, communication plays a central

role. In particular, employees' emotions are a central factor in change processes such as the

introduction of ITSM, deciding the success or failure of the integration and use of the new medium.

Basically, the personnel and organisational development has to take into account three levels that

are connected to each other in practice: the organisation, the group and the individual. The

following illustration shows the relationships.


69

Figure 20 - Organisational and personnel development

Personnel and organisational development are long-term, comprehensive change processes of

organisations and the people who work in them. The processes are based on the learning process

of all those involved with direct participation and hands-on experience. Objectives lie in

simultaneous improvement of the performance capability of the organisation, such as the

effectiveness, flexibility or ability to innovate, and the quality of working life, which is expressed in

aspects such as personal expression, humanity and self-development.

Thus change processes involve much more than technical and structural matters. What is called

emotion management has developed into a critical success factor in change management, as

numerous studies have proven. Involving employees and their needs and sensitivities from the

beginning and continuously over the entire introduction and development process is extremely

important—even long after this period of time.

The introduction of ITSM and IT innovations means new tasks for the employees. At the same

time, existing work processes can be changed and made more effective. A challenge that, in

practice, is undertaken consciously only in rare cases is changing organizational structures and

processes.

From an organisational perspective, responsibilities and areas of competence have to be clarified

in addition to the tasks. New competences must be assigned to fill the new tasks, particularly in

order to manage a new or expanded budget.


70

The organisational changes must be reflected in the formal structure and process organisation. As

part of the organisational structure, job descriptions and organisational charts must be adapted.

Work processes must be reconfigured during the process organisation. The sequence of the

fundamental work, information and communication processes in the company must be defined.

In addition, the management tools used in the company must be adapted. When targets are agreed

with employees, this must involve aspects such as the use of ITSM. Statements must be made

about the use of ITSM, but also about incentives for employees. This allows the dedication of the

employee to be evaluated and possibly reflected in raises.

The people who work in the company are the pillars that support the introduction and use of ITSM.

Without their active participation, the project will become drawn out, putting its success in jeopardy.

However, not only is an appropriate level of willingness to change and motivation required on the

part of the project participants, managers and employees, but also a high level of requirements-

based personnel development to prepare the employees to handle ITSM properly.

The basis for each change process is the acceptance of a change. This is composed of two areas:

Willingness to change and capacity for change (shown in the following illustration). This means that

project members, managers and employees have to both want to and be able to.

Figure 21: Acceptance of ITSM

The capacity for change can be influenced by the use of well-chosen communication tools

(information, communication, special activities) that give employees the ability to have the

information they need about changes. Qualification tools (specialised competence, methodical

competence, social competence, personal competence) are also required in order to put the

employees in a position to deal with the required change.

The willingness to change can be formed using motivational tools (intrinsic and extrinsic motivation,

win-win situations) that will ideally express a high level of esteem towards the employees and

convey the message: "We need you!" Organisational tools (project organisation, promoters,


71

participation, accompaniment) must also be tailored to fit the change process exactly, so that

optimum involvement can be obtained from employees, ensuring their buy-in and ultimately

resulting in the pride of "owning" the change.

The project team, managers and employees need a wide variety of competences according to their

specific task in order to carry out the change project smoothly and successfully and establish it for

the long term. The following illustration lists typical fields of action competences of project

participants.

Figure 22 - Action competence of project participants

Specialised competence: Specialised competence means that the project participants have

mastered their area of responsibility and possess the necessary technical skills and abilities. Their

individual background and experience should also be able to be used for new tasks. If they lack the

relevant skill and knowledge, they should be able to obtain it in qualification measures.

Social competence: Social competence is the ability to work with other persons constructively and

to tackle tasks and master them together. The prerequisite for this is the willingness to get to know

other people with their unique quirks, specific background, standards and values and to accept

them the way they are. Another critical aspect is the ability to put oneself in other people's shoes

and adapt to them.

Methodical competence: Methodical competence includes the willingness and ability to apply

various methodological approaches in a way that is appropriate to the situation and persons

involved in order to reach a goal effectively. Examples of typical methods include conflict

resolution, conversation and negotiation, brainstorming, presentation, moderation and problem

solving.


72

Personal competence: Personal competence is the ability to know oneself and to develop as a

person. People with a high degree of personal competence have an inner independence and draw

power and motivation from the stimulus of the tasks. They place value on developing their

personality and give and solicit feedback. They have a high degree of emotional competence and

are aware and in control of their actions, thoughts and feelings.

Successful project management requires that the entire project team have the necessary

competences. In particular, the project manager, as the key figure in the change project, should

have the following skills and experience:

Specialised competence

Possessing adequate knowledge and experience in project management and expertise in

group dynamics

Being used to working in a systematic manner

Being able to structure workflows and procedures in a logical manner

Consistently reviewing the status of the ITSM or innovation project and initiating measures

where applicable

Passing on information quickly and in an understandable manner

Giving project team members regular and constructive feedback

Social competence

Putting into practice in the project what he or she expects of the project team

Setting up rules and agreements for the collaboration and following them himself or herself

Ensuring a constructive and open atmosphere for conversations

Recognising conflicts at an early stage and applying conflict resolution techniques

Dealing with other opinions and criticism in a constructive manner

Ensuring shared attainment of team results

Building confidence and trust

Being able to motivate the team, particularly when there are difficulties within it

Methodical competence

Techniques of moderation, presentation and rhetoric


73

Methods of project and time management

Conflict resolution techniques

Problem-solving and creativity techniques

Discussion and negotiation techniques

Conference and meeting techniques

Personal competence

Knowing his or her project management style and reflecting on it where necessary

Being enthusiastic about the ITSM project and innovation and having the ability to awaken the

enthusiasm of others for it

Showing dedication and taking responsibility

Having the flexibility to change course when the old ways no longer work

Being able to listen

To fulfil the task, the project team, work groups and possible promoters need to have the

corresponding specialised competence, social competence, methodical competence and personal

competence. The project manager has to check whether a sufficient level of these competences is

present and, where applicable, draw up a training plan to meet the needs. In many cases,

investments in teaching competences are not made because there is an assumption that those

involved will simply "pull together" on their own.

However, teamwork is no easy task. It does not come out of a vacuum. Teams evolve and pass

through different phases. Precisely at the beginning of a project, therefore, a team-building

measure can be a great help. Groups always evolve in phases, and all teams go through these.

Sometimes the phases overlap, and sometimes there are loopbacks—especially when an attempt

is made to artificially bypass or accelerate phases. An experienced project manager should be

familiar with the various phases and provide constructive support to his or her team in the process.

We can distinguish between the following phases:

Test phase (Forming): The group gets together, undertakes its task and envisions the

objective.

"Hand-to-hand combat" phase (Storming): Different interests and ways of thinking and

acting lead to confrontation and conflict.


74

Organisation phase (Norming): People work constructively on the basis of good

collaboration. Consensus is found. The rules and guidelines pursue the goal of the task.

Performing: The prerequisites for the content of the work phase are created. All of the

energy is put into in collaboration (synergy) and problem-solving and solution-oriented

behaviour are in focus.

The various phases can be illustrated in what is called a "team development clock" (shown in the

illustration below).

Figure 23 - The team development clock

In addition to a management and project team, the company's managers are also important

promoters and stakeholders in the introduction of ITSM and innovation. Their willingness to support

the project is often more important than assumed. They are the examples for their employee. The

employees observe and register exactly the behaviour of the managers, which is reflected, for

example, in the following actions:

Do the managers behave more sceptically, or are they excited by the ITSM project and IT

innovations?

How do they talk about the ITSM project? Are they "passionate apologists" or simply

"sceptical implementers" of top management, with their slogan something like: "What will

those guys on the top floor think of next?"

What priority does management give the ITSM project?


75

What time resources do managers give the employees for the project?

To what extent do the managers play a role in helping to create business processes and IT

services?

Do the managers prepare and advocate for it actively, or do they do only the bare minimum?

Change projects need the support and enthusiasm of middle management. They are the pillars that

support the change process and provide orientation for the employees. Therefore, there is an

urgent need to make the ITSM project a top priority at the highest levels and obtain a commitment

from each individual manager. Manager training courses should explicitly:

Establish the necessity of active promotion

Agree on a uniform procedure for providing information and communication about the project

Promoting the active participation of the managers

Clearly communicating the importance of adjusting the IT and business strategy in order to

ensure the company's competitiveness

Develop aids to argumentation for using IT innovations

Explain to managers the course and development of change phases and convey to them how

they can provide help in these phases

Time should be allowed for discussion opportunities

All managers should be clearly aware that emotions play a great role in changes such as the

introduction of ITSM or IT innovations in companies. Technical training programs on their own are

not enough. Employees need help and support and in change processes. Managers must have the

competence and willingness to offer this professional support to their employees.

5.3 Dealing with emotions constructively

5.3.1 Individual behaviour patterns and emotional intelligence

Many change agents speak positively of changes while criticising unwillingness to change among

their fellows, colleagues or employees. This is particularly true of the introduction of ITSM.

Sometimes, however, change agents are not familiar with their own ability to change and

willingness to change. It should be a matter of course for each change agent to reflect on his or her

own behaviour and solicit feedback regularly. Each personality is distinguished by different

characteristics; the individual behaviour patterns when dealing with changes are correspondingly

varied.

Successful implementation of changes depends on the ability of the change agents and, above all,

on their emotional intelligence. The term "emotional intelligence" was coined by John Mayer of the


76

University of New Hampshire and Peter Salovey of Yale University to describe the ability to

perceive, understand and influence one's own emotions and those of others. In many cases,

changes are very emotional processes and emotional intelligence is thus an important success

factor. Mayer, Salovey and Caruso have developed a test to measure emotional intelligence that

follows the pattern of conventional achievement tests and can be greatly helpful for change

managers in change projects. The MSCEIT (Mayer-Salovey-Caruso Emotional Intelligence Test)

measures emotional intelligence in four areas. These are perceiving, using, understanding and

managing emotions.

The first area, perceiving emotions, includes the ability to perceive emotions in other people's facial

expressions, gestures, body language and voice. The second area, using emotions as a resource

for support, includes knowledge about the relationships between emotions and thoughts (one's

own and those of others) that is used for problem-solving, for example. Understanding emotions

reflects the ability to analyse emotions, assess the changeability of one's own emotions and those

of others and understand the consequences of these emotions. Influencing emotions takes place

on the basis of objectives, self-image and social awareness of the individual and includes, for

example, the ability to avoid feelings or correct evaluations based on feelings.

5.3.2 Emotional stages in change projects: the change curve

Feelings determine our thoughts and actions. Depending on the basic mood we are currently in

(interest, fear, anger, sadness, joy), we think in a logic that is specific to this mood. As brain

research has now proven beyond a doubt, there is no such thing as purely objective thinking—

even if time and again, people like to assume that there is.

The emotional curve of a typical organisational change process illustrates the change curve (see

following illustration).

Figure 24 - Change curve


77

The change curve is a phase model that describes seven segments of time. Each change goes

through typical segments with characteristic behavioural and emotional patterns. These phases are

similar for all people and all changes. Some people remain in one or the other phase for a long

time. Sometimes they also go in circles, passing through phases several times. By taking these

phases into account, helpful support can be provided to change processes and, above all, the

employees affected by organisational change. We can distinguish between the following phases:

Phase 1: Foreboding – concern

The initial signs of the change start to appear. People notice that something is afoot and that things

are happening around them. Employees in the company have heard that "something new" is to be

introduced. Some may be familiar with the terms ITSM or ITIL and have heard negative things

about them. Others have the feeling that they cannot keep up with all of the IT regulations and

business processes; now there is even more that they have to apply. Still others may even be

enthused about the discussions in the specialised departments and the new technical platform. The

employees know that how they use IT will change, but they do not yet know what that means on an

individual level. The possible risks that can be incurred by a change are perceived. Employees see

a threat to the existing status quo. There are rumours, disquiet and turbulence. People experience

a "loss of control" because they have the impression that they cannot influence what is happening.

Worry is a typical and adequate reaction in this phase.

Actions we recommend:

Communicate openly, clearly and directly, for example in person by managers or by means of

articles in the employee magazine.

Provide information about vision and objectives of the ITSM introduction.

Tell the truth about the situation: What decisions are already set in stone?

Make the structure of the project process public to the greatest extent possible.

Tell the employees how their cooperation is being requested and what opportunities are being

provided to this end.

Put a damper on office gossip with your own active communication measures.

Phase 2: Shock - uncertainty

When the need for the change is made public, all fears and premonitions become real at once. In

this fear phase, the affected employees tend to feel confused and take more of a "wait-and-see"

approach. They can neither adopt enthusiastic visions of the future nor take part actively in the


78

change at this point. This is the phase in which many project participants experience frustration

because employees do not immediately share the enthusiasm for ITSM and IT innovations. They

behave more passively, thinking: "This too shall pass." However, this is precisely the point at which

it is important to push forward with illustrating the benefits ITSM means for employees.


Introduce questions to the communication to bring about a change in perspective: "What

would happen if nothing changes and if we do not introduce ITSM?"

Work not on solving the problem, but on employees' resistance to change. This means calling

as many resources as possible into action and showing the employees what support options

they will have during the ITSM introduction.

Two-way communication: Repeatedly explain to the employees what the change is about and

what goals are being pursued.

"Telling": The important thing is not only that the employees understand the planned change

intellectually, but also that they feel valued and do not believe themselves to be an interfering

factor.

Push phase: The introduction of ITSM should be advanced in a well-organised manner.

Phase 3: Defence – anger

The initial fear phase is followed by resistance to the change. The affected persons attempt to deny

the necessary extent of the change. "Who needs ITSM, anyway? Everything was fine up until now",

is a typical statement in this phase. This can result in a brief sprint of heightened activity and

performance. People try to do "more of the same." For example, typists who had to change their

style of work with the advent of the PC increased their number of keystrokes on the typewriter by a

massive amount during this phase, attempting to prove that the computer was not necessary. In

the resistance phase, employees frequently get angry about upper management, which in their

opinion decides the fate of the "little people.". They say that "the bosses can't do that to us." Many

doubt the real benefit of ITSM and also express anger about it. In this phase, employees frequently

curse everyone and everything.


Anger needs time and space to be vented: the project members, steering team and managers

have to deal with the emotional objections again and again—even when they themselves

can't stand to hear it any more.

Offer personal communication: Do not take attacks (too) personally.


79

Remove distortions of the truth with constant follow-up questions and support a change of

perspective.

Make pending changes more tangible by explaining in detail the concrete changes and

possibilities that result for the employee from ITSM and IT innovations.

Phase 4: Rational acceptance – frustration

After unsuccessful resistance, the employees finally realise that something in the company has to

change in order for it to remain successful. They try—usually still half-heartedly—to agree to small-

scale changes. However, these often do not provide the expected success. Employees understand

rationally that the company's IT benefits from a service management concept and that an

introduction is necessary. However, they hope that the introduction will be over quickly and that

they themselves will be affected by it only little or not at all. The employees feel like they have to

resign themselves to an unavoidable situation and are frustrated. Statements like "We don't have a

chance anyway if the people at the top want to do it" are in peoples' heads and make the rounds.

The affected employees think of avoidance strategies in order to be affected by the ITSM

introduction as little as possible.


Relate the changes clearly and break them down to individual persons.

Stop talking about "one" or "the organisation" or "in general".

"Selling": Present the benefits for the organisation and the individual employee.

Phase 5: Emotional acceptance – grief

When the employees finally realise that there is no way back, they cross the emotional low point.

What was still in the "head" in the fourth phase now sinks one level lower into the "heart". The

affected persons feel depressed and beaten down. They notice that the established repertoire of

actions is exhausted and it is necessary to say goodbye to old behaviours. The thoughts focus on

what is lost: the lost sense of security and familiarity. Those affected by the ITSM introduction feel

powerless and discouraged. This "valley of tears" is one of the most difficult stages of every

change. The activity is at its lowest point and the employees feel like they will not be able to deliver

what is required of them for the change. In many cases, they feel overwhelmed and do not see the

value of the ITSM introduction. It is the critical threshold for reorientation. In this phase, it is

precisely older employees who are in danger of giving up and not moving to the next phase. Even if

the initiators or project participants think ITSM is a small step and cannot understand what all the

brouhaha is about, they have to deal with employees' emotions and take them seriously. The


80

employees will need to manage business processes optimally and support them with IT services.

Their acceptance is critical for the success of the ITSM project.


Slow down the pace of change somewhat and do not fall into the trap of doing things merely

for the sake of doing things. Sadness and negative emotions on the part of those affected

need space and need to be heard.

Feelings have to be verbalised.

Give the past its due (what was good about the old way?) and consciously depart from it by

initiating farewell and separation rituals.

Phase 6: Opening – confidence

Once the sadness phase is finished, the path is clear for a fundamental reorientation. Employees

become more curious about expanding the horizons of their experience. They start showing

interest in the new and unknown. New action strategies are tried out and help and information is

solicited to master the new challenges. Statements are heard such as "Surely I can do this." or

"That can't be so difficult. After all, I have mastered completely different things before.". Confidence

grows, but setbacks are still encountered and mistakes are made in this phase. The employees

show an increasing interest in IT services. They seek out information about all the things they can

do with it and how they can take advantage of it. They discuss the benefits and show each other

what's new.


Create a fault-tolerant culture and promote experimenting.

Offer information sources and fields of experimentation, for example in events, seminars and

training sessions.

Offer concrete opportunities to make contributions, for example as part of a continuous

improvement process or discussion in creative groups.

Provide opportunities for mutual dialogue and learning.

Phase 7: Integration – self-confidence

The continuous learning successes in handling ITSM expand the employee's entire patterns of

perception, thought and action. One success after the other is made with ITSM. The affected

persons start getting along better all the time in the "new world," with which they are almost as


81

familiar as the old one. The new tasks are experienced as challenges. The employees use ITSM

and IT innovations in the company. They value the benefits and wonder how they ever got along

without it. The ITSM philosophy is integrated into everyday work and is lived out. Employees show

interest in actively cooperating and provide information and knowledge ever more frequently.


Go through feedback loops: What was good during the ITSM introduction? What can be

carried over to future change processes? What can be done better in the next process? How

did the affected persons feel about the change? What rules supported the change? Which

additional competences were gained, and which are still required?

Festive completion of the active change phase: Shared celebration and recognition of all

those who participated and were affected.

5.3.3 Dealing with resistance and conflicts constructively

Not everyone likes to change. Giving up accustomed ways of behaving and learning new ones

causes many employees to react at first with resistance and individual conflicts. However,

resistance is an everyday by-product of the work process. There is no change, no development

and no learning without resistance. Change and resistance are two sides of the same coin. Despite

this, many project teams and initiators of change processes consider resistance and conflicts as

burdensome, intolerable, annoying and unacceptable. They wonder why the employees do not

understand the necessity of introducing ITSM. However, understanding is only one element of

change processes. The critical factor for success is handling the emotions of those affected,

particularly their fears and reservations. These emotions cannot be neutralised with rational

explanations.

The most important factor in change processes such as introducing ITSM is dealing with conflicts

and resistance constructively. Ignoring or simply bypassing these can put the success of the entire

project at risk. Projects pushed through forcefully can cause serious delays and exploding costs

and result in employees putting up serious roadblocks. In addition, the employees remember

exactly how they were treated during the change process. The negative experiences will continue

to circulate in the company as "horror stories" for a long time. In a worst-case scenario, the

employees will approach the next change process with a high degree of mistrust and not give any

credence to the project participants.

How does resistance come about?

Resistance is a behaviour that seeks to maintain the status quo of a situation in the presence of

pressure to change it. Whether the change is necessary and logical is not important. Due to


82

subjective perceptions, people react emotionally with reservations that cannot be explained

immediately, diffuse rejection or passive resistance. Four major reasons lead to resistance in

change projects such as the introduction of ITSM:

Information deficit: The affected employees have not understood why ITSM is to be introduced.

They have not understood the triggering factors, the background, the objectives and the personal

benefits.

Qualification deficit: Employees do not feel up to the task of the new technology. They doubt that

they will make it through the switch. They may also be afraid of exposing a vulnerability in dealing

with ITSM. They cannot go along with the change. However, these reservations are seldom voiced

directly.

Organisation deficit: The ITSM project is not planned well. The employees cannot follow the course

of the project or find it too hectic or chaotic. It is given inadequate support by those in charge and

the employees feel that they are receiving too little support. The project may, in some cases, not be

promoted clearly enough by top management or other managers.

Motivation deficit: The affected persons understand the need for introducing ITSM in the company

and even believe the information being passed along by those responsible for the project.

However, they do not want to go along with the change, as they do not expect any positive

individual effects. Instead, they expect to be put at a personal disadvantage, for example with extra

work. A major factor for the lack of motivation is that the affected persons do not have a stake in

the change. The employees feel bypassed, though it is precisely they who are to use IT and are not

motivated to deal with the new technical solutions.

How is resistance expressed?

Resistance to a ITSM project is not always obvious right away. In many cases, employees shy

away from direct confrontation and try to maintain their individual situation by not using the new

medium. In practice, the challenge is to identify and uncover areas of resistance. Resistance is

characterised by three behaviours that are oriented on the classic biological patterns: attack

("fight"), escape ("flight") or playing dead. The following are a few specific examples of boycott

strategies and resistance.

Attack

Some employees follow the maxim "The best defence is a good offence". Confrontational

statements are often made in an attempt to avoid changes and discredit the project plans, such as

"That may all be true in theory, but it doesn't work that way in reality or in our company." In many

cases, the reaction is highly emotional and polemical: "We have to justify the cost of every little

pencil, but there's enough money to introduce this expensive gewgaw that no one needs."


83

Sometimes, threats are voiced openly: "If we introduce ITSM, I'll simply stop passing on

information." In many cases, people resort to rhetorical attacks to avoid arguments: "Can you tell

me exactly how much ITSM saves us in dollars and cents?" or "ITSM is already old hat. If we make

an investment, it should be in something really state-of-the-art." It is especially important to

consider resistance that leads to intrigues and the formation of cliques in the company. These can

easily bring about a high degree of disquiet, conflict and rumours and divide the employees.

Flight

For some employees, initially withdrawing and fleeing is the best option for dealing with changes

for some employees. It is a good way to find out whether the change will be lasting or the efforts

are unnecessary. They want to go to any length to avoid pre-emptive obedience and do only what

is absolutely necessary in the change process in order not to attract attention. "I'm just doing my

job here" is a frequently heard statement of those who want to accomplish the maximum with the

least possible effort. They support the introduction of ITSM, but only on "low flame". "I'm not paid to

think, I'm paid to work" is another argument from employees who perceive work as an unpleasant

burden and associate only negative things with it. This statement is not compatible with the age of

the knowledge society, but is more widespread in the company than one might think.

Playing dead

As much as people differ, so too do they react differently to change. Some people withdraw, shut

themselves off, say nothing more and wait. They go into a kind of inner emigration, get sick or are

absent from important informational events or training sessions. Another form of the "playing dead"

reflex is sitting out. It is a highly effective method that presents great difficulties to even

experienced project managers and project agents. People who "sit out" change agree with and say

yes to everything, but do nothing, or do it only after being asked several times.

Which types of resistance exist?

Employees display different types of behaviour when resisting. Come common types of resistance

include:

Those who pay lip service: They find innovations "right, important, good, long overdue etc." They

are the typical yes men and women who, in reality, do nothing and do not participate. They practice

a mild form of resistance.

Harmonisers: They gloss over problems and have an attitude of: "Everything is going great" or "we

got along fine until now." They are the typical maintainers of the status quo.

Indifferent: They are difficult to win over for changes. Characteristic statements include: "I have

been through so much here" or "This too shall pass."


84

Principled opponents: They fight. They are concerned with the principle of the matter itself, not with

privileges. They often have very good arguments. Their resistance is very helpful for implementing

ITSM in the company optimally. These resistors often think of dangers one might have overlooked.

Emigrants: They no longer cooperate. They have inwardly resigned from the company. They say

nothing at all any more, but at most shake their head in thought. In those situations, it may be

useful to determine the reason for the resignation. It may be possible to restore the trust.

Schemers: They use each informal opportunity to convince others of that ITSM does not make any

sense and are also referred to as coffee break celebrities. Theirs is often the most dangerous

version of resistance, because it is not noticed or registered. However, it has a high degree of

influence on other employees, as many fears and reservations are brought to light, and in some

cases false rumours are started maliciously. These resistors have to be identified and given a

serious talking-to about their behaviour.

Dealing with resistance constructively

Resistance is not a secret phenomenon that appears out of nowhere for some hidden reason. No

substantial change ever occurs without resistance. It is not the occurrence of resistance, but the

lack of resistance in the company that should be cause of concerned. However, resistance to

change is entirely rational, as maintaining the current situation can have individual advantages for

certain employees. However, the reasons for the change are usually emotional. Therefore,

resistance always includes a hidden emotional message. Therefore, sufficient effort should be put

into watching for resistance to the ITSM introduction and taking into account. It is precisely the

failure to give heed to resistance that cause the affected employees to stonewall and possibly also

cause boomerang effects.

Some possible responses to and ways of dealing with resistance include:

Build in time to think, engage in dialogue, and discuss.

Respond to the resistance and do not attack it.

Remove the pressure: Give enough space and time for articulating concerns.

Search out the reasons and reach agreements.

It is possible to deal constructively with resistance if we know the background from which it comes

and respond to any bad feelings and development errors that may occur at an early stage. Earlier,

we already discussed the most common reasons for resistance. They are the starting point for

managing looming conflicts. The following is a list of a few tried-and-tested strategies.


85

Passing on information and engaging in trusting communication

Communicate the reasons for the change clearly: People change and let go of their resistance

if they understand that the change makes sense from their perspective. It is necessary to

communicate clearly to the employees what benefits ITSM means for them personally.

Pass on information in a timely manner: In many cases, project managers or other

management wait until the information is final and complete before passing it on. However

well-intentioned this approach often is, it frequently results in rumours and resistance in the

company and causes the right time to provide the information to be missed. When it is finally

spread, the information follows on the heels of rumours and informal communication. The

chance to take over leadership in forming people's opinions is squandered. In practice,

therefore, it may make more sense to distribute information even if it is not complete, while at

the same time providing information faster and more often. However, it is important to

emphasise in such cases that the information is not yet complete and/or finalised in the

company. Employees usually prefer the continuous flow of information, even if it is

incomplete. This makes them feel valued, involved and well informed.

Communicate regularly and over the long term: An important aspect in dealing with resistance

is continuous communication with employees. The top and middle management levels and

the project team must never tire of talking about the planned changes involved in ITSM, no

matter how many times they have to do so. Changes always mean a great need for

information that has to be met.

Speak the right language with the right media. Employees who are affected by change

processes will usually not be persuaded with glossy brochures or marketing presentations.

They see through the attempt to avoid involving them in a serious manner and simply to

persuade them of the need for ITSM. Therefore, selecting the right communication media is

critical for communication and avoiding resistance. However, this must be supplemented by

the correct address and a suitable communication style. Merely conveying information

according to the slogan "Just the facts, Ma'am" is not enough to overcome resistance in the

company. Approximately 80% of every interpersonal relationship is played out on the

relationship level, with emotions as the central element. This 80% must be used to win over

employees for ITSM in the company. Communication measures in the language of the

affected employees that consciously take into account emotions can reach the employees

and cause them to rethink their opinion.

Qualification programs

Take away employees' fear of failing: In many cases, situations such as the introduction of

ITSM cause employees to be afraid that they will not understand the philosophy, the complex

body of rules and regulations or the application of new IT solutions. They often have no

feeling for what specifically is in store for them, what they will have to learn and what they will


86

need to do differently in future. Therefore, employees find it to be a great relief when they find

out that it is "not so hard after all." For this reason, qualification programs also have to

address employees' fears. This can be done, for example by inviting a company that is

already using ITSM successfully to come and talk about their experiences. In some cases,

another way to reduce fears and resistance is to offer a test phase without obligation and then

to introduce ITSM in a binding manner later, after the employees give their consent.

Make organisation structures transparent

Give the process structure: A possible organisation deficit can be prevented in the earliest

stages of project management with careful planning. If employees find an ITSM project to be

chaotic, they will very quickly try to escape and work as "brakes." Despite the ever-increasing

quality of project management tools, the quality of project planning and execution has not

increased substantially. The human factor and time factor are often neglected too much, and

thus develop their own dynamic that becomes almost uncontrollable, overwhelming project

members. A way to avoid this trap is to create a realistic schedule at an early stage and

monitor the project continuously.

Increase motivation

Turn the affected persons into active participants: Only motivated employees can implement

change projects such as ITSM introduction in a fast and lasting manner. A principle which, in

many cases, cannot be mentioned too often is "turning those affected into active participants".

The employees have to build and develop "their" performance process. They should be

involved in planning from the beginning and be allowed to play a part in creating it.

Find out hidden fears: In many cases, employee's fears are not readily apparent, and thus

have to be brought to light in conversations. Leading questions to get to the bottom of hidden

fears might include:

Are the employees worried about job security or are they afraid of a necessary

change?

Are the employees concerned about whether they are ready for a new challenge?

Do the employees fear that their independence or existing freedom of action will be

curtailed?

Do the employees have concerns with regard to their individual career

development prospects?

Do the employees fear losing income or suffering other financial disadvantages?


87

5.4 Communication in change processes

5.4.1 Tools of change communication

When introducing ITSM, intensive communication with the employees should take place. They

should notice that their opinion is wanted and taken into account, both in mediated communication

using the intranet or other media such as discussion forums as well as in direct face-to-face

communication with supervisors, colleagues or promoters. Companies can use different

communication arenas when introducing ITSM:

Individual communication: The introduction of ITSM can be explained in personal

conversations between supervisors and managers, particularly if tasks change due to ITSM or

new tasks are added, such as updating service catalogues. Beyond purely conveying

information, this can build trust and credibility for the ITSM philosophy. The effort made by the

supervisor to provide information and communicate and his or her willingness to be available

for conversations and questions has a lasting effect on the success of all employee

communication measures.

Communication in teams/work groups: Team meetings and workplace discussions can be

used as forum for discussing the introduction of ITSM. The manager of the ITSM project or

others in charge of the project or IT organisation can be specifically invited to meetings to talk

directly to employees and work teams about ITSM. Another option could be special events

devoted to the subject of ITSM.

Communicating in large groups: Large groups allow many employees to be addressed at

the same time. Usually, management will report on the ITSM project and give employees the

opportunity to provide feedback. In particular, large-group communication can integrate

different interest in the company and present the project's vision as well as its values and

standards. They do not focus on concrete tasks of employees with regard to ITSM.

The introduction of ITSM must be communicated widely in the company. To do so, a wide variety of

communication media are available, which should be selected carefully so as to take full advantage

of their particular features when conveying messages. Precisely in change processes, the media

mix should focus on two-way communication. One-sided pieces of information have to be directed

towards employees in order to update them about the project. However, it is only conversations

between the employees and their managers, the project team or management that can create

lasting acceptance and effect change. Managers, in particular, should be prepared for this in a

targeted manner and make themselves available to meet the need for discussion. The following

illustration shows an example of the range of available, established and special communication

media in the company.


88

Figure 25 - Communication media in the company

5.4.2 Communicating the change process

All affected employees should be provided with information about the ITSM project. The important

thing is to then create a uniform status of information in the company and acceptance for ITSM. Not

all employees can be heard and incorporated directly when developing the ITSM project.

Therefore, the objective of employee information is to not only spread necessary knowledge about

ITSM, but also to foster good long-term relationships in the company with an information policy that

is based on trust. The challenge of internal information consists in demonstrating the concrete

benefits of ITSM for the employees and speaking the right language for the target group.

In many cases, the opportunity is missed to make it clear to employees that ITSM is a new

philosophy in dealing with IT. Of central importance in this phase is to win over the hearts of

employees and spread a shared spirit, rather than handing out glossy brochures with technical

details. Only then will they participate actively in the dialogue and use ITSM to manage their tasks.

In the information phase, the media mix used has to be defined exactly. However, it is also

necessary to clarify the following points:

Information objectives: What concrete information objectives for the introduction of ITSM

are to be reached? For example, are there emotional objectives in addition to the objective

ones? What changes do the employees want for themselves, such as a higher level of

knowledge or a positive attitude towards ITSM?


89

Target groups: What target groups within the company are the information measures

intended to reach in the first place? What topical interest do the target groups have with

regard to ITSM? Are there company stakeholders that have to be informed?

Statements and core messages: What benefits does ITSM offer the target groups? What

central statements about the ITSM introduction can be derived from that? Which core

messages should be spread in the first place, and which messages are to be avoided? What

is the tone of the statements? Is the tenor of the address factual or emotional? Which

perspective is chosen: is it that of the ITSM users or that of upper management or IT

managers?

Media mix: Which internal media are to be used to provide information to the employees?

Monitoring success: What is the best way to measure and monitor the success and

effectiveness of the information measures?

The employees can be addressed using informational brochures and flyers that tell them

everything they need to know in a clearly arranged and attractive manner. The address should

ensure that the employees feel that their emotions are being taken into account. Technical details

and sprawling descriptions are to be avoided. More important is to name and thank the employees

involved in development and design. In particular, the informal change agents – the promoters –

play a central role here in creating acceptance and motivation. Printed and e-mail newsletters can

also be a vehicle for reaching a large number of employees in a short time. Here, too, the focus

should be on a marketing-type approach, presenting the benefits the individual employee has from

using ITSM. Only if the employees see a clear benefit will they use ITSM. Conscious use should

also be made of providing information in purpose in face-to-face situations to reach employees on

the personal relationship level.

The following are requirements for successful employee information concept.

Credibility and trust: The target groups addressed have to trust the communication

department and have respect for their expertise in the subject. Credibility determines whether

the employees will listen to a message at all.

Context: Successful employee information has to fit into the context of all measures. It should

reinforce the message, not contradict it.

Content: The message about ITSM has to include benefit and meaning for the target group. It

must be compatible with the value system of the employees and the company.

Clarity: The messages have to be simple and clearly formulated. The chosen words should

mean the same thing to the recipient that they do to the sender. Specifically, complex

technical details have to broken down into simple statements. The more widely a message

will be spread, the clearer and more understandable it has to be. All project participants and


90

upper management have to speak with a single voice, as otherwise employees will become

confused and the measures will be ineffective.

Continuity: To attain a desired result among the employees, multiple points of information

contact are required. Accordingly, messages should be repeated, but it is important to ensure

that the statements remain the same.

Information channels: Existing channels should be used to spread the message first, such

as the employee magazine, newsletter or bulletin board, as employees are already familiar

with them. In addition, an intranet can be used as a powerful information medium in the

company.

In practice, the following tips for communication have proven useful:

Less is more: Messages, subjects and amount of text should be kept to a minimum and target

groups have to be selected carefully.

The core messages have to be defined, focal points determined and an intensive effort should

be made to distribute this information throughout the company.

Specific, targeted address or groups of persons and internal stakeholders: Internal interest

groups, formal and informal opinion leaders and key communicators have to be identified.

Cross-media information: Multiple media have to be used in order to spread messages

effectively. In-person measures must be used in a targeted manner to maintain relationships.

A positive image of ITSM must be conveyed. Avoid giving the impression that ITSM is

"difficult," "complicated" or "removed from reality." Rather, ITSM should be portrayed, for

example, as "future-oriented," "lively" and "exciting."

IT-Service-Management Innovation management

91

6 Innovation management

The INNOTRAIN IT innovation method not only allows medium-sized enterprises to optimise

business processes, it also creates the basis for new products and services by freeing up company

resources. But how can new business ideas be developed pragmatically and in a targeted way for

SMEs? We already introduced the topic of "IT-based innovation management" in Chapter 3. The

following chapters build on this, showing how freed-up resources can be used and provide the

framework for what is known as the blue ocean strategy, which systematically sketches out the

most important steps of innovation management. As a practical example, let's now leave Charly's

world and devote our attention to Apple‗s iPhone as a real-world instance of one of the best-known

innovations of recent years.

6.1 Blue Ocean Strategy: idea and concept

As mentioned briefly in Chapter 3, the term "innovation" - in contrast to "invention" - means that a

company is capable of implementing its ideas in such a way that they are marketable (e.g. as a

product, service etc.). The success of innovators is based partly on solid partnerships in the area of

technical development, skilful selection of innovative ideas while taking into account the potential

market size and financial opportunities, powerful and routine procedures for time and budget

planning and one-of-a-kind products that stand apart from what the competitors offer.

The INSEAD Business School in Fontainebleau, France came to this realisation when investigating

150 successful companies of the last century. Based on that, INSEAD developed a method of

innovation in which many existing innovation methods were integrated in a novel way. The

objective of this approach consists in distinguishing oneself from the competition with the products

and services offered and thereby finding mass markets that still have not been developed. These

as yet untouched mass markets were called "Blue Oceans," and the associated innovation strategy

was labelled accordingly as the "Blue Ocean Strategy" (BOS, see also

http://www.blueoceanstrategy.com). A large advantage of this approach consists in the use of a

consistent method from the time the technical product development begins until the new ideas are

implemented in the organisation structures of companies. The BOS innovation process consists of

three main steps:


92

Figure 26 – BOS innovation process

1. A value curve analysis based on customer opinion of a current, average product concept in

a certain sector compared to a product concept planned for the future

2. A creative method, which is helpful when researching new markets and adapting product

concepts and is called the "Six Paths Framework"

3. A control method, in which the following is checked:

Customer benefit

Pricing structure

Costs

Implementation effort

In SMEs, upper management usually controls the development of new product/market

combinations. However, IT managers should also be familiar with the bases of innovation

management, since they can make valuable contributions in the innovation process owing to their

knowledge and experience. The following chapters provide a basic introduction to the BOS

method.

6.2 Blue Ocean Strategy: Value curve method

The basic idea of the value curve method within the BOS consists in making the limitations and

opportunities of the existing and future product concepts transparent. In the following, application of

this method is described using the example of the Apple iPhone.


93

Figure 27 – Product offer vs. expectations of smart phone users

When Apple entered the market for mobile phones in 2007, the value curve of the sector looked as

it does in Figure 27 – . On the one hand, there were inexpensive telephones which were frequently

sold via discount supermarket chains like Aldi or Lidl. They had only telephone functions and a

simple user interface and were offered at a favourable price to less affluent consumers almost

without any marketing expenses. On the other hand, at that time there were already premium-class

smart phones such as the Nokia Communicator and RIM Blackberry. These slowly began to

replace the still existing PDAs (Personal Digital Assistants), which were used in addition to

conventional mobile phones in order to be able to achieve a minimum of office work while on the

road. Thus there was a separation between the private and business use of the mobile phone. At

the same time this meant that it was not particularly attractive for personal telephone users to

decide on a phone for the business area, and vice versa. For this reason, in addition to using their

phones for business, most business users used MP3 players (usually an iPod) or digital cameras

for personal purposes on their business trips.

From the BOS perspective, Apple's development department considered which functions they

could eliminate, reduce, raise or create (ERRC method): to achieve innovation with the overall

product concept and market (refer to Figure 28). Apple increased the value of a central function:

the user interface of smart phones, which was a weak point at that time. In 2007, most phones

used for business had a mechanical keyboard, which was usually too small for normal-sized

fingers. In those cases where the keyboard was large enough, the size and weight of the phone

increased to such an extent that no one wanted to carry it around for very long. Aside from this, the

mechanical keyboards offered only static functions and thereby limited the use of the mobile

phones.


94

Figure 28 – Product offer vs. expectations of smart phone users vs. iPhone offer

With the obvious idea of transferring the software-based user interface of the iPod to the phone,

Apple achieved a genuine breakthrough with the radical reconfiguration of the smart phone world.

In addition to the software-simulated keyboard, Apple also greatly enhanced the phone with an

MP3 player function. The iPod software was transferred to the iPhone for this purpose and enabled

access to the world's largest online music store, iTunes. 70 % of the software that runs on an

iPhone was taken over from the iPod. However, Apple also created completely new value for

customers within the framework of the product concept. This included, for example, applications

(apps) for consumers with which the iPhone—in conjunction with the software-based user

interface—can be used with great flexibility. Together with the App Store, a counterpart to iTunes

for applications, Apple introduced a powerful platform with which the possibilities for using the

iPhone have been continuously expanded. With this system-oriented approach, Apple also

addressed new types of customers, for example programmers of apps and individual

telecommunication companies, which received the exclusive marketing and sales rights for the

iPhone. This also contributed to Apple being able to reduce its own marketing costs, while

nonetheless reaching a large number of end customers.

But how could all of these ideas for creating values (functions highlighted in blue on the x-axis of

the second figure) be implemented? The BOS makes available a method with which such solutions

can be systematically achieved: the "Six Paths Framework."

6.3 Blue Ocean Strategy: Six Paths Framework

What kind of innovations can IT managers provide to change the value curve of a product or

service? New IT services can be developed which significantly reduce the effort and/or expense for


95

providing a product with additional value. For example, product marketing can be supported by

hosting a social network, using viral marketing methods instead of traditional channels of

advertising, such as radio or TV commercials. In terms of the product being advertised, this IT

service reduces the costs of the existing advertising function while also making it possible for the

customers to give interactive feedback. A similar effect can be achieved, for example, by devising

new navigation and scheduling systems to reduce the costs for companies with large sales

departments.

The Six Paths Framework can be regarded as a creative way of thinking, which supports the

product developer in drafting innovative product ideas and solutions. Ultimately there are six

questions to ask in order to find the right "paths" in the context of this framework:

Path 1: Can the product concept be placed in another sector?

Taking Apple into consideration, you can see that this company was able to transfer the product

concept of the iPod. This consisted of a software-based user interface and a music store and was

taken over in the smart phone area with a similar user interface and an app store. Even the pricing

model in which the music industry has to pay 30% for each unit sold was transferred into the world

of the application programmers.

Path 2: Are there strategically important user groups in the market that still have not been taken

into account, for example people who do not use the product?

Level 1: Future customers who will soon enter the market.

Business customers who were persuaded by the possibility of being able to use entertainment

functions even on their business trips, and who already used an iPod.

Level 2: Neglected customers who decided not to enter the market. The availability of millions of

applications used to solve everyday problems (navigation in unfamiliar cities, workflow solutions for

standardised business processes in companies, such as travel applications etc.) produces

pressure to use these environments.

Level 3: Inexperienced non-customers who appear as consumers in various markets.

Customers who previously used MP3 players and webcams separately, but were not in a position

to use, or saw no additional benefit to using, a phone designed for the business user. Today they

use the iPhone environment as a kind of integrated platform for personal use and entertainment.

In addition to the consumers, Apple found other customer groups that were ready to pay for the

products. They also contributed to the business success of Apple in this way:

Application developers have to pay 30% of their revenue in the App Store to Apple. On the

other hand, Apple makes a high-quality development environment available to them. This


96

makes it possible to transfer the code very easily to other Apple platforms, such as MacBook

and iPad. In 2011 Apple projected revenues of 15 billion US dollars from programmers of

apps.

Telecommunication companies: Owing to Apple's strategy of having only a single provider sell

the iPhone in the initial years, telecommunication providers with the exclusive sales rights

have to pay Apple 30% of their earnings from the contracts.

Path 3: Can I change the chain of buyers in order to change my own profit margin?

With the App Store and the strategy of allowing only one provider exclusive rights, Apple was able

to change the profit margin of the chain of buyers and the chain of buyers itself.

Path 4: Can I change my product portfolio by adding product objects from different sectors?

Apple, for example, added access to iTunes to the iPhone. This increased the degree of utility for

consumers in market segments.

Path 5: Can I change the value of a product for the customer by changing the proportion of

functions to emotions?

With the specific Apple design and the typical presentation of the iPhone by Steve Jobs, the iPhone

brought the familiar Apple philosophy to the smart phone sector. Therefore, no other product in this

sector could compete with the emotional factor of the iPhone. The design and philosophy of user-

friendliness that defines the entire product concept could be considered a real unique selling

proposition on the part of Apple.

Path 6: How will the value dimension of the ERRC grids change in future? Can I assess the

change?

Apple determined that along with the increasing success of the iPhone, the significance of the App

Store would also increase, having a lasting impact on the area of commercial applications.

Therefore, Apple began by introducing the applications from ERP systems from SAP or Oracle that

support top management in their work and ultimately, also in purchasing decisions.

What types of innovations can an IT manager provide starting with the Six Paths Framework? If the

value curve analysis focuses on the quality of a product function and the question of whether it is to

be eliminated, increased or reduced, new solutions and strategies can be developed, for example

using IT services. The following examples from traditional companies demonstrate the strengths of

the questions asked by the Six Paths Framework.

Are there strategically important user groups in the market that still have not been taken into

account, for example people who do not use the product? (Path 2)


97

A network of tradespeople from different trades could specialise in particular complete services,

such as renovating balconies. Earlier, if a household customer wanted to obtain these services, he

or she had to hire a blacksmith, a bricklayer and a painter and co-ordinate the various providers

himself or herself. However, because it was a small job, the tradespeople did not have any

particularly great interest in it. After weeks of waiting, many customers withdrew their request for

quotation to take over the renovation themselves. The network of tradespeople was conscious of

this situation and developed a standardised service that included their respective individual

abilities, specific products and processes. To publicise and co-ordinate this solution, the network's

IT experts developed a platform that combined an online store, product configurator and CRM

function. This platform not only advertised the service offer under the network's brand name, but

also took care of all project co-ordination between the customer and the various tradespeople

electronically. Moreover, the network developed a number of additional services that were not of

specific benefit for the individual company, but for standardising and professionalizing these

services. In this way, the business model showed excellent growth, with each tradesperson seeing

an annual increase in profit of 30% due to the services provided by the network. With their specific

services, they succeeded in winning over non-customers as new customers who had previously

carried out this work themselves, even if often in poor quality.

Can one change the chain of buyers in order to change one's own profit margin? (Path 3)

A company of the INNOTRAIN IT analysis sold its products via a personnel-intensive direct sales

channel and via middlemen who offered the products to the end customer. After the analysing the

actual situation of the process for transacting orders, the company reached the realisation that the

sales costs were twice as high as production costs of the product. To survive in this market with

truly standardised products, the customer implemented an online store, as a survey of customers

found that they were willing to make use of a substantially more convenient method of ordering

products via the Internet. After implementing the online store, the company because one of the

most profitable companies in this sector, as the middlemen were no longer necessary and a portion

of the sales staff could be moved to other product groups, significantly increasing their productivity

in sales.

Can I change my product portfolio by adding product objects from different sectors? (Path 4)

A good example for a change of this type is the network of tradespeople described above who

combine services from various sectors to offer the customer a new type of service. Another

example is the combination of a machine tool manufacturer's tools with a special software program

that improves the features of the machine or the service quality. Today, many manufacturers offer

IT server and network solutions that link their machines to other ones in process chains. These, in

turn, can be controlled and adapted using the tool manufacturer's software. In addition, the

machines have an internal memory with a telematics function which, if necessary, transmits alarm

messages about required maintenance measures. As soon as an alarm is received, a service

technician can access the machine remotely via the Internet to determine the level of urgency. If


98

necessary, he or she can drive the required spare parts directly to the customer's facility to remedy

any imminent problems, even before they occur. This provides the customer with a high degree of

value, as the desired level of availability of his or her production resources is ensured. Thus

information systems, software and consulting services complement each other optimally to provide

customers with a high degree of additional value. This means that the entire hybrid product of the

availability of the network and the server services and a good version management of the control

software.

6.4 Blue Ocean Strategy: Control methods

After the Six Paths Framework has been used for developing new product and market ideas, the

BOS offers a number of control methods to check the customer benefit and advantages for the

company. The methods include four different analysis tools, which are described in the following

chapter.

Figure 29 - Analysis tools of the Blue Ocean Strategy

Analysing the customer benefit

The customer benefit of a product concept can be analysed by looking more closely at the following

criteria.

Product focus: The product provides customer benefit if it is focused. This means that the product

costs should be low and the business plans for the product should be simple.

Product differentiation: A product is one-of-a-kind if:

Its value curve differs significantly from the average in the respective sector

The product strategy differs significantly from a "Me too" strategy

The product concept is positioned outside existing markets


99

It offers exceptional customer benefit

To ensure that exceptional customer benefit is being offered, the "Buyer Utility Map" method can

be used. The idea is to reconcile the criterion of a product's customer benefit with the buyer's

experiences over the entire lifecycle, from the purchase of the product to its disposal.

Figure 30 - Six utility levels

The six utility levels allow you to check your product for the various phases with the following

questions:

Does my product have the ability to increase buyers' productivity?

Can my product be used as easily as possible?

Does my product increase users' comfort?

Can my product decrease buyers' level of risk?

Can my product have a positive impact on the buyers' fun and image factor?

Is my product environmentally friendly enough so that buyers can use it with a good

conscience and no additional costs for disposal are incurred?

How can the IT department assess its contribution to the exceptional customer benefit? This

question, which arises of each of the company's functions, can, of course, also be directed with

regard to their IT service by the IT department. The example described earlier of the company that

uses an online shop for selling its largely standardised product in the cell with number 2. This is

due to the fact that business customers find it more convenient to order to products as needed with

just a few mouse clicks instead of having to wait for the next visit from the salesperson and fill out

order forms.


100

Figure 31 - Six utility levels, example

In the cell with number 1, we discover that an online store and simple configurator make it

significantly easier for the customer of the tradesperson network to convey more detailed

information about the renovation work (square metres, colours of the balcony, length of the

baluster, type of damage to the floor covering) and placing the order compared to co-ordinating the

three different companies. In the cell with number 3, the contribution of the IT service which has

been engaged after the sales services and reduces the customer's risk of failure of the production

line. However, the Buyer Utility Map provides a unique contribution when specifying and designing

IT services, which not only have a positive effect on the customer's business, but also ensure

additional benefit for the product shipped by the company.

If we deal with pricing and cost model of a new product concept, IT services can provide a

significant reduction of both factors. Many innovations in the pricing structure can be introduced by

strategic purchasing of IT services. If we return to our example of selling standardised products

using a web shop, this reduces the process costs for the sale of goods dramatically—while

providing complete flexibility with regard to who hosts the application and service. However, if the

company's in-house IT employees are inexperienced or their number is insufficient, outsourcing

may be useful. In this case, the online store service is leased from a strong partner and integrated

into the network of their partners if the company is in a position to control and manage the service.


101

Analysing the pricing

Figure 32 – Analysing the pricing

"Blue oceans" have to be capable of winning over mass markets. Therefore, the price should be

affordable for customers on the mass market. Innovations are frequently targeted only to niche

customers, which means a high price for customer in the market niche. In this case, Settlers can

use techniques from the "me too" companies to make investments in the development of pioneers.

Analysing the costs

The cost analysis of the product concepts in BOS is specified first and foremost by the price that

the customer is willing to pay for a revolutionary product. This price can sometimes differ

significantly from prices for comparable products in the entry-level market. The desired profit is

subtracted from this price to determine the target costs. To implement this cost structure, cost

reduction initiatives can be used, for example to make corporate processes less expensive. It is

worth a try to select new materials or service suppliers with whom the price structure can be newly

negotiated.


102

Figure 33 - Analysing the costs

Analysing the implementation effort

To implement the changes and turn the development into an innovation, a good method of change

management is required (for more detailed information, refer to Chapter 5).

IT-Service-Management Index

CIII

Index

Action competences .................................................. 71

Analysis methods ....................................................... 98

Application support ................................................... 32

Audit .......................................................................... 35

Availability management ........................................... 29

Best practices ............................................................... 7

Blue Ocean Strategy ................................................... 91

Business strategy ....................................................... 11

Capacity management ............................................... 31

Change communication ............................................. 87

Change management ......................................28, 40, 66

Change processes ...................................................... 68

Compliance ................................................................ 40

Configuration items ................................................... 24

Continual service improvement ................................. 46

Controlling ................................................................. 35

Demand management ............................................... 17

Emotions .................................................................... 75

Framework ................................................................... 7

Good practices ............................................................. 7

Incident ...................................................................... 24

Information architecture ........................................... 17

Innovation ............................................................ 21, 91

Innovation management ........................................... 91

Investment portfolio .................................................. 16

IT architecture ............................................................ 12

IT disruption ............................................................... 24

IT investments............................................................ 16

IT procurement .......................................................... 32

IT risks ........................................................................ 19

IT security................................................................... 34

IT strategy .................................................................. 15

ITSM implementation ................................................ 52

Job title ........................................................................ 7

Key Goal Indicator ..................................................... 39

Key Performance Indicator ........................................ 39

Known error ............................................................... 28

Lag Indicator .............................................................. 39

Lead Indicator ............................................................ 39

Operating Level Agreements ..................................... 20

PMBOK ....................................................................... 50

Portfolio management............................................... 16

PRINCE2 ..................................................................... 51

Problem ..................................................................... 28

Problem Management ............................................... 28

Process ......................................................................... 7

Project ....................................................................... 49

Project management ................................................. 49

RASCI matrix .............................................................. 39

Resistance .................................................................. 81

Role .............................................................................. 7

SCRUM ....................................................................... 51

Service availability ..................................................... 30

Service catalogue ....................................................... 19

Service desk ............................................................... 23

Service Level Agreements .......................................... 20

Service portfolio ........................................................ 19

Service Request ......................................................... 24

Six Paths Framework ................................................. 94

Strategic planning ...................................................... 10

Supplier management ............................................... 33

Teamwork .................................................................. 73

Technological orientation .......................................... 18

Underpinning Contracts............................................. 20

Value contribution ..................................................... 12

Value curve method .................................................. 92

IT-Service-Management Bibliography

CIV

Bibliography

i Cartlige et al., "An Introductory Overview of ITIL® V3", itSMF, 2007.

ii Johnson, G., Scholes, K., Whittington, R., (2008). Exploring Corporate Strategy, 8th edition, FT Prentice Hall:

Essex.

iii Strassmann, P. (1997) What is Alignment? Alignment is the Delivery of the Required Results. The

Squandered Computer, The Information Economics Press, 1997 [taken from:

http://www.strassmann.com/pubs/alignment/].

iv Luftman, N.J. (2003) Measure Your Business-IT Alignment". Optimize: Business Execution for CIOs

Magazine. Issue 26, December.

v IT Governance Institute (2007a) Control Objectives for Information and Related Technology (CobiT) 4.1. IT

Governance Institute, Rolling Meadows, IL, http://www.isaca.org/Knowledge-

Center/Research/ResearchDeliverables/Pages/COBIT-4-1.aspx (retrieved on 2011-03-15).

vi

vii http://www.theiia.org/theiia/about-the-profession/internal-audit-faqs/?i=1077 (retrieved on 2011-03-15).

viii http://coso.org/IC-IntegratedFramework-summary.htm (retrieved on: 15.03.2011).

ix IT Governance Institute (2007a) Control Objectives for Information and Related Technology (COBIT) 4.1, IT

Governance Institute, Rolling Meadows, IL, http://www.isaca.org/Knowledge-

Center/Research/ResearchDeliverables/Pages/COBIT-4-1.aspx (retrieved on 2011-03-15).

x IT Governance Institute (2007b) COBIT Quickstart, 2

nd Edition, IT Governance Institute, Rolling Meadows, IL

http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/COBIT-Quickstart-2nd-

Edition.aspx (retrieved on: 15.03.2011).

xi Software Engineering Institute (2010) CMMI for Development, Version 1.3, Carnegie Mellon University

Software Engineering Institute, TECHNICAL REPORT CMU/SEI-2010-TR-033, ESC-TR-2010-033,

November, http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm (retrieved on: 9.05.2011).

Documents

ITSM Guide Complete