Your company has made the decision to implement ITIL. Now what? Hopefully, your company has put a good communication plan in place with a well-defined project scope, objectives and training program as discussed in Part I of this series.
The next step in the ITIL Implementation process will be to evaluate existing policies and systems that affect the design, development, transition, operation, and improvement of your IT department. The recommended approach is to perform a formal evaluation called a process assessment. Process assessments can be completed by internal staff or by using a consultant. There are pros and cons to both methods, but the goal is the same: to determine where to focus your efforts.
A process assessment can help you understand both the maturity and capability of your processes, and provides insight into where there are gaps that should be filled. You can choose to look only at a defined set of IT processes or delve further with reviewing your people, process and technology systems or instead select to do a full assessment.
- People, Process, and Technology—In this scenario, the people, or functions required to carry out operations would be assessed for efficiency and effectiveness. The underlying technology would also be reviewed.
- Full Assessment—A full assessment includes all of the activities of a people, process, and technology assessment, but goes further and would also include an assessment of the vision, mission, goals, and objectives of the organization along with its strategy and culture.
The results of the assessment can be used to benchmark your processes against industry standards in order to help you understand how well your organization compares with other organizations of the same size, type, and industry. It also gives insight into where there are gaps.
Rating Your Policies and Systems
Once you select which of your internal processes you wish to review, you must then figure out what system to use to rate their performance. There are several rating models to choose from:
- The Capability Maturity Model Integrated (CMMI)—Uses five defined levels to evaluate how a process is being carried out and how closely is it being followed. It begins at Level 1-Initial which means a process is unpredictable and reactive to Level 3-Defined, which means an organization and proactive, all the way up to Level 5-Optimizing.
- ISO 15504—This is a recognized standard to help you spot areas of capability that need improvement. This ISO standard defines six levels of process maturity from 0-Incomplete to 5-Optimized Processes. Its measures include process deployment, process control, process innovation and work product management. For each of these areas, ISO 15504 also evaluates the level to which each process attribute is achieved from 0 to 100 percent.
There are many frameworks, including COBIT and TIPA, which utilize the ISO 15504 model for capability assessments. As you can see, although very similar, ISO 15504 defines each level very similarly but not quite the same as CMMI.
Control Objects for Information and Related Technology (COBIT): COBIT focuses on the capability of a process, or whether or not it achieves is defined objective. The model used for COBIT is based upon the ISO 15504 Standard and it also has five levels.
Tudor IT Process Assessment (TIPA): This model was developed by the Public Research Centre Henri Tudor in Luxembourg and combines the ISO 15504 process assessment model with the ITIL best practices, so it is specifically designed with ITIL in mind. It is quickly becoming the de facto standard for performing an ITIL Process Assessment.
Carrying Out the Assessment
There some common activities that should be undertaken when performing an assessment, including a document review and employee interviews to gain an overall understanding the various aspects of your internal systems. Some documents you should review are:
- Process roles (owner, manager and practitioners)
- Process stakeholders
- What triggers the process
- Process inputs
- Activities and their flow
- Tools and automation
- Common procedures and models
- Process outputs
- Information gathering requirements
- Process feedback mechanisms including customer survey results
- Measurements, including critical success factors (CSFs) and key performance indicators (KPIs)
Your assessment team should perform interviews of the key players who are accountable and responsible for your processes. These interviews can be one-on-one, or in a group setting. The goal is to understand each stakeholder’s perspective and gain insight into their views about how the process or processes work, where they see issues, how they view process compliance, and the benefits they think are being realized from the processes.
Now, that you’ve figured out what internal practices to review, selected your performance rating model, reviewed documentation and interviewed stakeholders, you are ready for the next step: acting on your assessment. To find out more check out Part III of the “ITIL® Implementation Where to Begin” white paper.