How Canadian CIOs should practice best practices

Glancing out the window as you’re settling into your seat after boarding your flight, you see the pilot doing a walk around the airplane as a part of the pre-flight checklist. Pilots are professionals and know what needs to be checked but still rely on a physical checklist (some now on tablets) to be sure that nothing gets overlooked. This is a classic case of a process to ensure that the obvious is NOT taken for granted, something that if not done can easily lead to service issues in any complex system, whether an airplane or IT service delivery systems.

 The pre-flight walk around is evidence that the process is both established and embedded into the workflow. No pilot would attempt to take-off until satisfied that everything is ready to go. We do the same in IT through processes that ensure daily backups are done, checked and stored off-site, so why talk about ITIL? What about other IT processes? Is there a master checklist of everything you do, and if so, are these activities embedded into your staff behaviour or are they sitting in dusty binders or in a rarely accessed part of SharePoint to be referenced only if questioned or during the annual budget negotiations?

ITIL is a series of best practices documents – library - which initially collected the folkways for successfully managing IT services as IT grew from a small ancillary part of accounting into its current pervasive utility throughout the organizational structure. Best practices deal with “what’s” – things that need to be examined, considered, and as appropriate, developed into operational processes. Yet most of IT is focused on the “how’s.” Of course back-ups are needed; what’s the most effective procedure? 

Because ITIL isn’t prescriptive, it’s been dismissed as good theory: I don’t have the time to look at it, my hands are full just serving my users and fire fighting. And besides, if ITIL’s author is government, just how useful could it be?   As a result, too few IT leaders know what best practices are contained in the ITIL libraries and how these could be applied to their service management challenges, missing opportunities to improve IT’s business value and alignment to the organization. In this, we all, as an industry, lose as the perception lingers that IT is an expensive overhead rather than a critical business enabler.

Applying best practices is learning from others’ mistakes instead of having to make those mistakes yourself. Using someone else’s experience is a lot better and cheaper than your own. But best practices don’t stop there. The overall premise and promise of ITIL is a comprehensive view of the best practices for effectively managing IT service to provide business value across the full systems’ lifecycle. Given that CIO Canada and every other IT management publication, seminar, and book is focused on alignment with the business and IT as a business enabler, best practices are an important leadership tool to review, measure, and calibrate how well IT is working. Having a well thought out and widely used checklist of what those practices are allows IT leaders to focus on how their organization is working and where improvement is needed.

This doesn’t mean that you pick up the ITIL library and start blindly following it. As with the pilot’s pre-flight walk around, the checklist needs to be tailored to your business’ needs. With the business paying for IT services, IT can’t assume it knows best about what provides business value. Responding to a user request with “it’s not in the service catalog” isn’t a best practice and doesn’t ensure the CIO’s job security. Frivolous requests will occur, but it’s the business unit’s job to manage its operations effectively and define to IT what services it needs to do its job. IT’s challenges are in balancing providing service at a reasonable cost to deliver that value with all of the other conflicting demands from other parts of the business. 

One set of best practices frequently neglected is continuous service improvement (CSI). Too often this is partly implemented, focusing on improving delivery of existing services, especially on reducing costs. What’s missed is that IT services have to be competitive - function, technology used, cost - in the marketplace, and deliver the business value needed today and tomorrow - which is not what it was yesterday. 

And there are things in ITIL which you may not agree with. I can’t accept expressing service levels as ‘targets.’ Conventional wisdom for an IT manager is to avoid firm guarantees or if forced, water it down so it can’t come back to haunt. One large in-house provider had service level ‘targets’ of 85% - that’s about 2 months of downtime per year for delivery of basic IT services! Their internal bill-back rates were ‘competitive’ with external providers, but overlooked their 98%+ committed levels with penalties for non-performance. That’s not business value.  Service levels have to be reasonable for the business to operate and for IT to deliver. ‘Target’ gives permission to fail: we’re sorry that the service was down, but we tried our best.  As Yoda would say: “do or do not; there is no try.” 

The best practice I’d like to see us all adopt is to do a pre-flight ITIL checklist review as the first step in the annual update of the IT strategic plan to make sure that we’re ready to fly.