IT signs on the dotted line

Populated by outlaw hackers, tough-talkin’ network sheriffs and technology-drunk executives playing fast and loose with the gold dust, computing environments have traditionally been the Wild West towns of the business world.

But in an era of closely scrutinized expenditures and well-scrubbed executives chock full of book learnin’, IT is being forced to clean itself up and play by enterprise management’s Marquis of Queensbury Rules. Many experts believe that one way to corral costs, ensure service to tech-dependant business units and protect IT staff from the outrageous demands of Wild Bill up in accounting is to have the stakeholders sit down and work out an internal service level agreement (SLA).

Traditionally, an SLA is a contract between an organization and an external service provider such as an ISP or ASP that mandates a specific level of performance for a Web site or hosted application. However, less well-known is the idea that an SLA can be used internally to prioritize work, set targets for help desk response time, or define requirements for network or application uptime.

From management’s perspective, an internal SLA is a way to hold the IT department accountable, and from the IT department’s perspective it’s a way to manage user expectations, said Rick Sturm a service-level management (SLM) authority, and president of Enterprise Management Associates Inc. in Boulder, Colo.

“There is also the perspective of demystifying IT,” Sturm said. “In the past, particularly in the mainframe era, we had the high priests in the glass rooms and they talked their mumbo-jumbo and we nodded and wrote cheques. Today people aren’t buying that. The users have PCs at home and distributed systems in their departments that they bought with their own budgets (and) are not scared to death of computers anymore. And they also have some sense of what’s realistic to expect in terms of availability and performance.”

Sturm, who also recently authored the book Foundations of Service Level Management, said there are no hard and fast rules about who needs an SLA, but it is partially related to an organization’s size.

“The formal agreement becomes necessary when the informal communications stop being effective, and also as users become more demanding and less accepting of best efforts by IT. Another way to look at it is that an SLA becomes necessary when a handshake is no longer effective,” he said.

According to Paul Inglis, a Toronto-based vice-president with EDS’s value-added management consultancy A.T. Kearney Inc., if there is an execution gap, that is “if there are a lot of silos in the organization and it doesn’t work with one voice,” the first step is a return to the company’s vision, business plan and strategy in the market. “Then the question is,” he said, “how is the IT department going to support the organization in that strategic direction?”

“Good morning business unit, how are you?”

Andrew Lyszkiewicz, director of information and technology for Land Information Toronto, a City of Toronto business unit, said that after several years of amalgamation-related growing pains the city is now developing a set of internal SLAs. Since most users never see the huge data centres, arrays of disks, backup environments and the overall care that infrastructures require to simply keep functioning, IT needs SLAs to ensure realistic expectations of what can be achieved, Lyszkiewicz said.

“It is understandable that business units ask for more, and who can blame them – they want to provide the best possible service to their customers, but in many cases the business units and IT don’t really understand each other.

“In order to have SLAs they have to be negotiated. This puts people together and creates an environment of co-operation and conversation where the business people will express and describe their requirements. In doing so they will automatically describe their business processes. So that is a good benefit, because this way IT people can learn about the business,” Lyszkiewicz said.

Tom Kawamoto, Toronto-based global service lead with IT consulting firm Compass America Inc., agreed that internal SLAs can be a powerful communication tool, especially if an organization has let the proverbial cart get in front of the horse.

“In the past we’ve often seen IT driving the business. So IT doesn’t necessarily talk to the business – they just say ‘this is what we’re going to provide you,’ whereas the business really needs to sit down with IT and say, ‘here are our key drivers, here are our needs, here are our business volumes – these are the services we need from you,'” he said.

In fact, Kawamoto said, IT is almost evolving into a utility – just like hydro or water, users expect that when they turn on their PCs in the morning they will have all their applications present and accounted for.

IT’s fear of commitment

When Kawamoto shows up to help a company work through its internal angst, he starts by comparing existing internal service targets with his firm’s research about industry trends and industry achievements. “By bringing in a benchmark or bringing in the industry baselines we can give them a range of where they should be with their current staffing,” he said.

“There is often resistance from IT because they’re defensive. So they’ll say, ‘you didn’t take into account that we have to do this as well,’ or, ‘our operation is not the same as what you are comparing us to,'” Kawamoto said.

Sturm agreed that IT departments can be leery of signing on to an SLA, but he said they need to realize that when they settle on a set of objectives that are “attainable, measurable, controllable, understandable, cost-effective and mutually acceptable” they gain a way to control costs and manage user expectations. And managing expectations, he added, is a way to drive higher levels of client satisfaction.

Client satisfaction is why the 7,000-plus employees of EMFISYS, the Bank of Montreal’s IT division, and the business units they serve operate under a variety of performance-mandating agreements, said Lee Dunn, the bank’s Toronto-based vice-president of processing services.

“The Bank of Montreal has used internal SLAs as long as I’ve been here, and that’s close to 30 years,” she said. “Our SLAs are our key performance indictors – the promises we are making to our internal customers on availability, reports and any other unique requirements that they may have.”

After starting out around legacy environments, the SLAs have evolved to encompass end-to-end services in the many different channels, Dunn said. “We’re also evolving to a concept called ‘service management’ within IT. That’s where we have service managers who are responsible for the end-to-end service of a particular customer, such as a branch. And within that end-to-end service function they are accountable for the SLA. So they live, eat and breathe service from a customer perspective,” she said.

Of course, the most thoughtfully crafted SLA is still only a piece of paper unless adequate support processes are put in place, said Diana Bugeya who, as Toronto-based manager of service management with CGI, has helped to set up many SLAs, including a recent agreement for a 40,000-employee company.

“The agreement (requires) a senior management buy in at the beginning to ensure that they provide the organization with the capability to (meet targets). The tools are great to have because it just makes our lives that much easier, but the work is really in the human side of the process. And the tools are typically not the problem – it is the human factor that is the problem,” she said.

Measuring up

Bugeya said that another trap rookie SLA-users need to be wary of is trying to gauge a department’s performance by measuring and reporting on everything. In fact, she said, many metrics conceived during the set-up process can turn out to be either useless, immeasurable or both.

“One metric that is often asked for and is very difficult to provide is something like response time. Clients often believe that they can translate that to productivity on the part of their agents or their employees. But unless you put markers into the application that allow you to know how quickly something is running through from start to finish there’s just no way one can measure response time,” Bugeya said.

A metric her clients have found more useful is a complex factor called “business availability.” Essentially a concept taken from “systems availability,” business availability translates the downtime of an IT resource into business costs by considering the value of an application to the client and the length of time it is unavailable.

Although the basic thesis of his consultancy is “what gets measured, gets managed,” EDS’s Inglis agreed that it’s important to think about how measurements are used.

“There are overhead costs and you have to be selective – you can’t measure everything. But you also need to balance off the costs of measuring and the potential risks of not measuring, and you shouldn’t always focus on costs -sometimes a service failure can be as catastrophic as a cost failure,” he said.

The City of Toronto’s Lyszkiewicz said that while he and many of his colleagues believe strongly in internal SLAs, there is always a lingering concern about the expense of managing an agreement.

“We don’t want to create a huge administration process around it, so this is why it’s so important that we understand what we are doing and write good documents. The goal is not to have a 100-page legal type of document that we’ll never be able to live up to. The overall scheme we have agreed on is to simply have an agreement of a few pages with attached schedules describing specific services,” he said.

When it doesn’t measure up

In traditional SLAs, external providers are usually bound to a series of financial rewards for compliance with the agreed-upon terms and, ominously, penalties for non-compliance. Internally, however, SLM guru Sturm said that darts and laurels require a lighter touch, especially if there is money on the table.

“To begin with, I like the carrot instead of the stick, but I have seen cases where [incentive plans] are abused. For example, I’ve seen situations where the people who were doing the (performance) reporting were also part of the bonus plan, which was an obvious problem.”

For non-compliance, reducing your staff’s annual compensation is clearly a non-starter, Sturm said, but there is room for creative penalties. For example, he said, when an IT resource is down and out for too long, instead of sending a second level manager to put out the fire, why not mandate that the CIO has to show up and personally deliver the goods to the user.

Rather than viewing an internal SLA as restrictive, the Bank of Montreal’s Dunn believes that by letting staff know exactly what’s required of them, they have a better opportunity to live up to expectations.

“I’ve worked here for a significant period of time so I wouldn’t think of anything other than an SLA when implementing a new application or service. It’s just standard, from help desk calls, to 24×7 operations, to the back-end support group, SLAs really are a way of life within the Bank of Montreal,” she said.

A way of life that should arrive sooner rather than later, said CGI’s Bugeya.

“The SLA process has actually, for those of us who have been serving a client community for a number of years, definitely brought us from an IS/IT propeller-head mentality to actually understanding the business drivers of a

company and understanding what we need to do to move them ahead.”