Several years ago, I had a discussion with David Cannon, the author of the ITIL Service Operation and ITIL Service Strategy books. “Myles,” he said to me, “everything we do now is about the business service.” For some time, those of us within the IT management industry have been suggesting that cloud and other disruptive technologies have fundamentally changed the CIO’s role into that of a services broker.
So, how do CIOs and their teams effectively manage services when they are no longer solely responsible for creating and delivering everything in their portfolio? I think it’s no different than a marketing department deciding to use channel partners in addition to its direct sales force. IT remains responsible for the quality of what’s delivered, and the buck still stops with the CIO (apologies to Harry S. Truman).
How should you judge management quality in a service broker era? COBIT 5 offers an overarching goal—to minimize the risk associated with internal or external suppliers and ensure competitive pricing throughout—as well as 5 secrets (process goals) for being a successful broker of services.
Goals for the Service Broker Era
Let’s explore each goal along with COBIT’s recommended metrics to understand how they can improve IT management.
1. Delivery of IT services in line with business requirements. Regardless of whom implements IT services, you and your operational leadership still own them. This means to mean that you need to actively measure the performance of services and you need to only pay for the quality of services delivered. COBIT recommends three metrics to measure success: number of business disruptions due to IT service incidents, percentage of business stakeholders satisfied that IT service delivery meets agreed-on service levels, and percentage of users satisfied with quality of IT service delivery. Simply put, how often are there business disruptions and what is the perception of quality of delivery? You do not want to experience what psychologists call cognitive dissonance, where reality and perception are at odds with each other. These are not only really good KPIs to measure your outside service providers against, but also to measure yourself against.
2. IT agility. As mobility and social media have effectively changed how firms compete, agility is clearly becoming critical to effective IT management. Mobility and social media have effectively changed the way that firms compete. And if you buy Alvin Toffler’s The Third Wave, the pace of change is only going to accelerate. At first blush, this may not seem important to IT organizations, but if change is accelerating for the business as a whole and IT owns the keys to the enterprise’s capability system, then this means that IT needs to be able to operate faster than ever. This means, to paraphrase Geoffrey Moore in Dealing with Darwin, IT organizations need to determine what is core (supports their enterprise’s capability system) and what is context (all other processes). And for context, IT needs to get it managed effectively by outside service providers so IT can respond more effectively to the things that drive corporate differentiation and impede commoditization to the corporate capabilities system.
COBIT 5 recommends three metrics for IT agility: level of satisfaction of business executives with IT responsiveness to new requirements, number of critical business processes supported by up-to-date infrastructure and applications, and average time to turn IT an objective into an agreed-on and approved initiative. These, in my mind, are perfect metrics. If IT is relevant, business executives see it as responsive to new and evolving requirements. In addition, IT is managing to keep things running with the latest infrastructure and applications. There is a bathtub curve of performance—the older the infrastructure becomes, the more frequently it fails and the more expensive it becomes to maintain. And finally, the proof of responsiveness is the pace of initiative creation.
3. Suppliers perform as agreed. Once again, IT does not lose responsibility for performance once suppliers have been selected. You continue to own responsibility. COBIT recommends two metrics to measure success here: percentage of suppliers meeting agreed-on requirements and number of service breaches to IT-related services caused by suppliers. Just as you should in your own department, you should actively measure performance against service agreements and track breaches caused by supplier-run services.
4. Supplier risk is assessed and properly addressed. Obviously, potential suppliers should have their risk considered and addressed. Three metrics are recommended: number of risk-related events leading to service incidents, frequency of risk management sessions with a supplier, and percentage of risk-related incidents resolved acceptably (time and cost). These metrics should be measured monthly—weekly at the beginning of a relationship—and should be compared where possible among vendors and benchmarked.
5. Supplier relationships are working effectively. This is an ongoing process that needs to be actively measured by IT. Three metrics are recommended to measure success against this: number of supplier review meetings, number of formal disputes with suppliers, and percentage of disputes resolved amicably in a reasonable time frame. As with a new car, you need to find out quickly if you have a lemon supplier and not hang on too long.
So where should you start?
As always, my suggestion is that you start where the most immediate value can be driven. If it were up to me, I would start with No. 1: delivering IT services in line with business requirements. Make sure that services are being delivered as expected first. I think of this as really the first level of control. What do you think? What would be first on your list? I would love to hear back from you.
Blog post: Making COBIT 5 part of your IT strategy
Solution page: IT Performance Management