subscribe: Daily Newsletter

 

The real goal of IT service governance

0 comments

Kathy Gibson reports from SMEXA 2015 – IT service management is not about whether you implement ITIL of CoBit – it’s about integrating people, processes and technology to increase business value and effective governance.

Marval’s Edward Carbutt points out that service governance is a subset of IT governance, which is itself an extension of corporate governance.

Service governance supports business processes by freeing reusable enterprise class services and monitoring their deployment,” he says. “The effort involved in getting this to work is what governance is about.”

One of the biggest pitfalls in any service implementation is lack of ownership and, where there are project owners, they don’t necessarily understand their roles, Carbutt says.

“And the service definitions need to set the boundaries for service ownership and appoint service owners.”

Carbutt adds that people expect service delivery to match their own standards. “Customer expect to get the right value form our services.

“We need to consider this in our service delivery framework. And we can’t do so if there isn’t a clear service framework.”

By using standards and good practices we get the evidence that adequate service governance control, risk management audit evidence is in place.

“If IT is the nerve centre of our business, we should be protecting it and adhering to standards,” Carbutt says. “Other areas of the business follow best practices, but there is no demand for IT standards. By having good service governance we can protect the investment in infrastructure and deliver services that create value.”

Service control involves service level management that provides controls, compliancy measures, quality and warranty for services, and third party management.

The service catalogue – or service level agreement – is where service level requirements are documented, Carbutt says. And this needs to be aligned to the business needs, while documenting the level of quality that is required.

Meanwhile, risk management standards seek to establish a common view on frameworks, processes and risk management; and it ensures stakeholder protection.

The services lifecycle includes design, transition, operation, strategy and continual service improvement.

Bringing it all together, Carbutt stress that people, processes and technology are all necessary

“CoBit 5 gives us the guidance to do this, with service management, business continuity, security and risk all underpinned by quality management in ISO 9001.”

To bring it together an integrated process management framework is vital.

“Can we use technology?” Carbutt asks. “Yes, we can – we can automate and integrate processes, aggregate data from multiple sources, perform quantities analysis, create reports and produce metrics, and clear linkages between people processes and technology.”

Technology on its own won’t let you cut costs or reduce headcount, however. An enterprise GRC (governance, risk and compliance) solution will require dedicated staff, Carbutt says. “You have to work at it, it won’t happened by itself. Technology can help you bring the disparate pieces of risk into a single location, but it can be difficult to define and implement.”