Continual Service Improvement Process

General Understanding

Knowledge Sources

ISO/IEC 20000:2011•Section 4.5 Establish and Improve SMS.

ITIL®•Continual Service Improvement.

COBIT 5•Manage Quality•Monitor, Evaluate and Assess Performance and Conformance.•Monitor, Evaluate and Assess the System of Internal Controls.•Monitor, Evaluate and Assess Compliance with External Requirements.

Continual Improvement – PDCA Cycle

Plan Do

Act Check

ImprovementQuality Assurance

7 Steps to Service ImprovementIdentify• Vision• Strategy• Tactical Goals• Operational Goals

1. Define what youshould measure

7. Implementcorrective action

6. Present and use theinformation, assessmentsummary, action plans, etc.

2. Define what youcan measure

3. Gather the dataWho? How? When?Integrity of data?

4. Process the dataFrequency? Format?System? Accuracy?

5. Analyze the dataRelations? Trends?According to plan?Targets met?Corrective action?

Goals

© C

row

n C

opyr

ight

201

3 R

epro

duce

d un

der

licen

ce fr

om A

XE

LOS

COBIT Processes

Provides the governance and management structures to manage and improve:

•Quality.

•Performance.

•Control.

•Compliance.

Continual Service Improvement

Plan

Planning for Improvements

ISO/IEC 20000: Plan – scope and service management plan.

ITIL: Define what should be measured (strategy).

Define what will be measured (measurement framework).

COBIT: Establish a quality management system.

Define and management quality standards, practices, and procedures.

Establish a monitoring approach.

Set performance and control targets.

Identify compliance requirements.

Optimize responses to compliance.

Step 1 – Defining Strategy

Defining what should be measured:

•Corporate Strategy.

•IT Strategy.

•Improvement Strategy.

The Continual Service Improvement Model

What is the vision?

Where do we want to be?

How do we get there?

Did we get there?

Where are we now?

How do we keep the momentum

going?

Service & process

improvement

Measurabletargets

Baselineassessments

Measurements &

metrics

Business vision,mission, goals, and objectives

Items to consider:

•Vision aligns with business and IT strategies

•Obtain an accurate baseline assessment.

•Understand and agree upon the priorities for improvement.

•Verify that measurements and metrics are in place.

•Momentum for quality improvement is maintained by assuring Changes are embedded in the organization.

© C

row

n C

opyr

ight

201

3 R

epro

duce

d un

der

licen

ce fr

om A

XE

LOS

The Continual Service Improvement Model

What is the vision?

Where do we wantto be?

How do we get there?

Did we get there?

Where are we now?

How do we keepthe momentum going?

Service & processimprovement

Measurabletargets

Baselineassessments

Measurements &

metrics

Business vision,mission, goals, and

objectives

© C

row

n C

opyr

ight

201

3 R

epro

duce

d un

der

licen

ce fr

om A

XE

LOS

Scope

Why scope?

•To provide the greatest value to the customer.

•To prioritize appropriately.

•To manage budgets and resources effectively.

•To minimize risk.

Service Management Plan

A service management plan will include information on:•Objectives.•Service requirements.•Policies, standards, and external requirements.•Roles, responsibilities, and authorities.•Resource allocations (human, technical, information, and financial).•Stakeholders and suppliers.•Process and system interfaces.•Risk acceptance and management.•Approved technologies.•Measurements and reporting.

Quality Management Systems

Benefits to Continuous Improvement:•Performance advantage through improved organizational capabilities.•Alignment of improvement activities to organization’s strategic intent.•Flexibility to react quickly to opportunities.•Employing a consistent approach to continual improvement.•Providing people with training .•Making continual improvement an objective for every person in the organization.•Establishing goals and measures in continual improvement.•Recognizing and acknowledging improvements.

Source: Quality Management Principles (ISO)

Approaches to Monitoring

• Identify stakeholders.

• Define requirements on monitoring and reporting.

• Maintain alignment with current business, customer, and IT objectives.

• Create agreement around goals, metrics, taxonomy, and retention periods.

• Create agreement around change control.

• Allocate resources to monitoring and reporting.

• Assess effectiveness of approach.

Identifying compliance requirements

1. Legislation

2. Regulations

3. Standards

4. Architectures

5. Policies

CSI – Implementation Issues

• Identify and fill critical roles and responsibilities, e.g.

CSI Manager, Service Owner, SLM and reporting analyst.

• Governance.

• CSI and Organizational Change.

• Communication and Strategy planning.

CSI - value to the business

For CSI to be successful, it must provide improvement opportunities throughout the entire service lifecycle.

There is much greater value to the business when service improvement takes a holistic approach throughout the entire lifecycle.

Improvements

Benefits

Return on Investment

Value of Investment

Continual Service Improvement

Service and Process Improvements, Guidance for Investments into IT and refreshed Service Portfolios

Service and Process Improvements, guidance for KPIs, metrics and reporting, refined SLRs, SLAs, OLAs, & UCs.

Request for Changes, Service and Process Improvements, guidance and refinements for testing & validation.

Process and Function organization improvements, refined SLAs & OLAs, guidance for metrics and reporting

Service Strategy

Service Transition

Service Operation

Service Design

CSI and the Service Lifecycle

Step 2 – Define Measurement Framework

Defining what to measure

Creating relationships between objectives, critical success factors, key performance indicators, and metrics

Identifying methods of reporting communicating service levels, customer satisfaction, business impact, supplier performance, and market performance

Governance

Governance has been around the IT arena for decades.

IT is forced to comply with sweeping legislation and an

ever increasing number of external regulations.

IT organizations must operate under full transparency.

IT Governance

“IT governance is the responsibility of the board of directors and executive management.

It is an integral part of enterprise governance and consists of the leadership, organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies

and objectives."

Source: Board briefing on IT Governance, 2nd Edition, 2003, IT Governance Institute – ITGI.

Defining Service Levels

Service Levels are a means of defining and measuring the behavior of service components within the context of providing value to the customer.

Defining Service Target

Service Targets represent the required level of service needed to deliver value to the customer.

Quality Management

What is quality?

•A measure of excellence.

•A comparison between similar objects.

•A fulfillment of requirements.

•etc.

Process Management

The activities of process management include:

•Process definition.

•Defining roles, responsibilities, and authorities.

•Evaluating performance.

•Identifying opportunities for improvement.

Continual Service Improvement

Do

Implementing and Operating CSI

ISO/IEC 20000: Do – service management system.

ITIL: Gather Data.

Process Data.

COBIT: Monitoring, control and review of performance.

Performance and conformance data.

Monitor internal controls.

Self-Assessments.

Confirm compliance.

Step 3 – Data Collection

Quality

Performance

Internal Control

Compliance

Procedure for Data Collection

Performance Monitoring

• Capability assessment.

• Investment performance reports.

• Service level reports and service reviews.

• Supplier reports and reviews.

• Project performance reviews.

• Availability, performance, and capacity monitoring.

• Incident and problem reports.

• Service request and change reports.

Internal Controls

What is an Internal Control?

“A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achieving of objectives to operations, reporting, and compliance.”

From COSO Internal Control – Integrated Framework Executive Summary

COSO Internal Controls Framework

The framework consists of:•Three objective categories

• Operations• Reporting• Compliance

•Five components• Control Environment• Risk Assessment• Control Activities• Information and Communication• Monitoring Activities

•17 principles

3333

Capability Assessments

A capability assessment compares the performance of a process

against a performance standard. This can be an agreement in a SLA,

maturity standard, or an average compared to companies in the same

industry (known as a benchmark).

An assessment for ISO/IEC 20000 is a capability assessment; it shows whether or not the requirements of ISO/IEC 20000 are being met.

3434

Purpose of Internal & External Audits

An independent evaluation is needed to assess the performance,

and is also required by customers and third parties.

The results can be used to update the agreed measures in

consultation with the customers, and also for their implementation.

There are three forms of evaluation:• Self-assessment.• Internal Audit.• External Audit.

3535

Types of Audit

Audit findings are used to assess the effectiveness of the quality

management system and to identify opportunities for improvement.

There are three main types of audit:

• First-Party Audit• Second-Party Audit• Third-Party Audit

Step 4 – Data Processing

Continual Service Improvement

Check

Monitor and Review

ISO/IEC 20000: Check – internal audits and management reviews.

ITIL: Analyze Data.

Present and Use Data.

COBIT: Analyze and report performance.

Identify and report control deficiencies.

Obtain compliance assessment.

Step 5 – Analyze Data

1. Review the data collected.

2. Current process results• Statistical measurements• Descriptive Analysis• Variation Analysis• Root Cause Analysis

3. Can we learn anything from a SWOT analysis?

40

Step 6 – Presenting Data

Objective: To produce agreed, timely, reliable, and accurate reports for informed decision making and effective communication

Management Reviews

Top Management must regularly review the service management system and services.

The purpose of the review is to determine continued suitability and effectiveness of the targeted area.

The review may include:

• Assessment of improvement opportunities.

• Assessment of SMS changes, including strategic and policy changes.

Service Reviews

Service and Service Level Agreements are reviewed with customer at planned intervals

Continual Service Improvement

Act

Step 7 - Implementation

Data drive Decisions

Objectives drive Priorities

Necessity drive Implementation