Driving World Class IT Operations by Implementing COBIT 5 Process Improvement

In a recent post, I discussed the importance of service agreements—a clear operations task. This post looks at a how leaders should evaluate the quality of their IT operations. COBIT 5 sees the IT operations function as being about coordinating and executing activities and operational procedures required to deliver internal and outsourced IT services. This means that IT operations are no longer just about running an internal service provider model but also about management of external service providers including cloud providers whether they are infrastructure as a service or cloud as a service.

 

Several years ago, I got to interview a VP of Operations at a major IT shop about his job and what mattered to him. While he took a broad perspective, he was very focused on what I like to call the enablers—the IT stovepipes. He complained to me in our conversation about not knowing what was coming next from the business. However, when I shared this with a colleague of his, I was told that he is the problem because he was focused on technology and not service oriented. This should be a wakeup call for all you operational folks. COBIT 5 says the purpose of the operations process is to deliver IT operational service outcomes as planned. This means the operational leader needs to become service oriented and even more important, customer focused.

 

Goals for change and release management

To improve operations, COBIT 5 suggests IT operations measure themselves against two process improvement goals. Let’s explore each along with their recommended metrics to get a better idea of how to improve IT operations. 

 

1.                  Operational activities are performed as required and scheduled. Research has shown that in all fields, (for example, medicine) that standard operating procedures (SOP) drive better performance and consistency of delivery. And clearly tooling like Network Automation and Server Automation can help. But the first step is to define policies. With policies, two metrics are recommended to measure success against this: number of non-standard operational procedures executed and the number of incidents caused by operational problems. Clearly, the first metric looks at whether you have defined a SOP and, just as important, whether the operations team is using it. The second says did the operational policies alleviate or increase incident volume. Obviously, the latter is a bad thing. In other words, what percent of incidents were seen in operations first and were created as tickets because operations could not fix them in an appropriate timeline.

2.                  Operations are monitored, measured, reported, and remediated Once you have procedures, the next task is to measure and manage against them. Two metrics are recommended: ratio of events compared to the number of incidents and the percent of critical operation event types covered by automatic detection systems. The first metric should have events significantly higher than incidents. This says events are being managed and taken care of in operations. I would add to this the percent of incidents caused by an event. This number should be very small. The last item is about coverage of operational events. And you want this number growing month over month. It says you can measure and manage across the operational stack.

 

So where should you start?

As always, my suggestion is that you start where the most immediate value can be driven. But if it were up to just me, I would start with the number of non-standard operational procedures. We need to make them a rare event to take out the resulting business and IT risk.  I think of this as really the first level of control. What do you think? What would be first on your list? I would love to hear back from you.

 

Related links:

Blog post: Making COBIT 5 part of your IT strategy

Solution page:  IT Performance Management

Twitter: @MylesSuer

 

Labels: IT operations
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product ...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation