The IT SERVICE MANAGEMENT (ITSM) OASIS: Planning and Conducting an Initial IT Service Management Assessment

There are many types of IT Service Management (ITSM) assessments that can be conducted. They could range from quick and inexpensive self-assessments to complex, detailed and expensive investigations led by ITSM consultants or experts. They can also be also classified as a compliance-based assessment or a maturity-based assessment or combination of both.

Compliance-based assessments are aimed at evaluating whether an organization meets some type of external or internal criteria. Examples of external criteria are ISO 20000 standard or some proprietary ITSM frameworks like HP ITSM Reference Model or Microsoft's MOF. Internal criteria could be the organisation's policies or documented procedural requirements. Compliance-based assessments are usually conducted by organisation that has already some degree of ITSM implementation.

Maturity-based assessments evaluate where an organization is located on a journey from one state or level to another. The areas being assessed are usually scored between maturity level of 0 and 5. Maturity level of zero means nothing is in place and maturity level of 5 means everything that needs to be done is in place and is working perfectly and there are mechanisms in place for adaptations to changes and continual improvement. Each level of maturity contains a list of criteria for each of the five levels above. The criteria could include vision and leadership, process, people, tools and overall environment factors or culture.

Most organisations would not be aiming to reach the highest level of maturity but would instead focused on defining what level of maturity is needed to meet their business goals and determining which level of maturity they are currently at and what they must do to progress to the next level. Maturity-based assessments are useful for creating a known starting point for the planning and implementation team.

The following further describes what would need to be assessed:

Vision and Leadership

Prior to the start of the ITSM assessment, the assessors would need to understand the business goals, IT goals, vision and mission and IT strategy. This is normally done through looking at documented IT strategy and plans and also interviews with the project sponsor and key executives.

Processes

Since IT Service Management is a process-based approach it is important to determine which processes are defined, documented and how much of it is in being practiced or followed currently. That is where best practice guidelines like ITIL, standards like ISO 20000, ISO 27001 or even proprietary frameworks like Microsoft's MOF and HP's ITSM Reference Model comes in handy as a reference or basis for comparison. Questionnaires or checklists to determine adequacy of the existing processes are usually derived from them and used.

Although external references are used for comparison, it is important to keep in mind that the assessment is not an audit. It aims to reveal which processes are in place or defined rather than to determine the degree of compliancy of existing processes to ITIL or ISO 20000. The assessment is usually focused on determining process maturity and gaps so that the findings can be used for service or process improvement planning.

Organization and People

Managing changes in organisation and people is the most difficult part of an ITSM implementation. The focus includes assessing organisation and people on areas that can help in planning the ITSM project and management of change activities later on. It should also identify what the constraints are so that the project can be more successful.

The assessment should check that roles and responsibilities are defined (e.g. RACI charts) for each process activity. It should also covers people’s understanding of their roles, how they contribute to the organization’s objectives and how they are measured and rewarded.

It is good to check on the availability of existing HR processes for performance management and development planning. The assessment could helps to identify the availability of skills and competency to perform the required tasks, the skills and experience required for the project as well as who has them.

The organisation charts will provide information of organisation structure, decision-making structure and authority levels that would be useful for project planning. It also identifies key stakeholders and potential supporters and resistors to change.

Technology

Technology is also a key factor in the project’s success. When planning and implementing an ITSM strategy and defining end-to-end processes, technology and tools would play an important role. Tools are needed to support and enable the processes as well as for monitoring of the IT infrastructure and reporting. The aim is to determine what tools are needed to support the existing and future processes and infrastructure.

A good initial ITSM assessment should also take into account several technology factors, such as:

Which processes and functionalities can be effectively supported now and more importantly, for the future.
The level of process integration that should be available in the tool (e.g. the ability to link incidents to problems records, the availability of event monitoring tools and the ability of he event monitoring tools to automatically log specifically defined events as incidents).
Need for a tool that supports easy knowledge capture, storage, searching, sharing, presenting and reviewing of knowledge and information.
Need for a tool that supports easy data analysis, reporting and circulation of reports

The aim of an initial ITSM assessment is to understand gaps and key issues and top priority areas which need to be addressed first and foremost to improve IT Service effectiveness and business value. Hence an initial ITSM assessment would usually be a maturity-based assessment, with a little of compliance-based assessment included as needed, especially in areas or processes that is found to be already in placed or matured to some degree. It is also usually done at a fairly detailed level.

For organisations new to ITSM, it should be conducted or led by experienced ITSM consultants. The ITSM consultants should have the aid of ready-made assessment tools with well-specified criteria and reporting features and would be expected to add value by suggesting viable solution approaches, possible project scope, estimated timeline and costs, products and services to address what needs to be done at each step of the ITSM project.