ITIL tough but worth it, CIOs say

Deakin University CIO Craig Warren has been living the ITIL way for four years now. Just another process? Perhaps. Yet as many companies are finding, using ITIL to build a well-tuned IT organisation also has its costs.

Infrastructure Technology Information Library (ITIL), the set of best practices for the delivery of IT services, has a reputation for being hard - hard to plough through and hard to implement.

Jim Dunlap wouldn't argue with that. The vice president of IT at General Communication Inc. (GCI), Dunlap launched ITIL when he arrived at the Alaskan telecommunications company in 2004. "Three years later, we're still at it. It's not easy to roll out ITIL, to go from no processes to process-centric," said Dunlap at the recent CIO Decisions Conference. Indeed, 30% of his IT staff left during the transition.

The gains, however, have been dramatic, Dunlap said, and absolutely necessary for IT to keep pace with the business.

Publicly held GCI boasts 500,000 subscribers out of Alaska's state population of 660,000. Its locations pepper Alaska's 1.5 million square kilometres, making it one of the world's largest telecommunications companies in terms of geographic reach. And its list of offerings keeps growing: wireless, data and a lock on cable TV (90% of Alaskan households).

At a company that large and so accountable to so many customers, IT services should have been front and centre, Dunlap said. But the department was flying by the seat of its pants (e.g., unclear roles and responsibilities, ad hoc processes, outdated or fragmented documentation, no standard tools for development and service management, inconsistent reporting).

"There was not a shred of evidence that the IT staff knew anything about change management, other than we would make changes however we wanted and whenever we wanted," Dunlap said. There were no service-level agreements (SLAs) to speak of. Application management was "unheard of." "Crappy" software was put into production, only to be snatched back. The department had no program management office (PMO). The data centre took a wait-and-see approach, as in waiting for the thermal event to happen before making a move.

Three years into ITIL, the right monitoring and managing tools are in place, as are a "very rigorous" set of processes, Dunlap said. Infrared cameras keep watch over the servers 24/7. Every vendor is managed in an identical way, so scorecards have meaning. A PMO staffed by 10 people performs weekly risk analyses of every project. IT can fire up a new GCI marketing plan in a "matter of minutes," Dunlap said, rather than the four months it could take in the past.

Two steps forward, one step back

In Australia, a growing number of organisations are seeing significant benefits from having gone through the pain of ITIL - although in many cases the process is just as painful as for larger companies overseas.

It has been four years, for example, since Deakin University began embracing the ITIL way to improve its service delivery across the organisation. The process hasn't been easy, says acting head of IT Craig Warren, but it has been worth it.

"Initially, we had some basic processes in place that weren't great and weren't appallingly bad," he explains, adding that Deakin came in at around a 2 on a one-to-five scale of process maturity. "But there was plenty of room for improvement. We've taken all the recommendations from our initial assessment of our process maturity, and have implemented relatively significant change throughout the organisation. There's now a great deal more consistency in how we handle incidents, and customers get a much better turnaround time for standard services, and we're at around a 3.5 on the scale."

Getting to this point, however, has taken considerable and continued effort. After Deakin's first attempt to implement ITIL, a by-the-book approach had produced a complex mesh of processes that was simply too complex to implement effectively.

"We came up with a very complex incident management process first up, and after a year people were finding it difficult to follow the process," Warren says. "The ITIL book would say, for example, that at this point you should be informed by, say, configuration or availability management - but we weren't actually working to actually try and mature those processes."

Years down the track, however, Deakin is seeing the very real benefits of ITIL: the help desk team has increased its workload from 23,000 trouble tickets a year to 60,000 tickets per year, without substantially growing its numbers. Deakin is in the process of refining its configuration management database (CMDB), a key component of ITIL, and now has the recently updated ITIL v3 specification to add additional complexity to its efforts.

Pick a standard

ITIL is generating a lot of buzz these days. Technology publications were all over the recent release of ITIL V3, the library's first revision in seven years. Vendors have jumped on the bandwagon, offering up tools that promise to make adopting the nine-volume framework a bit easier. But ITIL has been slow to catch on and remains a bit of mystery for many companies, especially midsized organisations.

Although a number of high-profile ITIL implementations have confirmed the efficacy of the library's policies, many Australian companies remain in the dark when it comes to enunciating its real-world benefits. An April study by IDC found that 60 percent of mid-market IT executives have never even heard of ITIL - and just 18 percent of respondents said they were utilising it.

It shouldn't be that hard, said computer scientist D. Akira Robinson, who ran a breakout session on ITIL at the conference.

"Most people don't realise they have been doing some ITIL," Robinson said. If an IT shop has a service desk or a formal process for requesting a change, it is doing a form of ITIL. And while he happens to like the ITIL framework, particularly V3, the message for midsized companies is to adopt a framework that allows for continuous improvement and will make IT processes reliable and repeatable.

"I don't care if you embrace ITIL. But no matter what you do, pick a standard -- any standard, Six Sigma, ISO, CMM," he said.

CIOs who adopt ITIL also shouldn't feel compelled to adopt all the processes or hesitate to collapse processes where it makes sense, Robinson said.

For GCI's IT, the "heart and soul" of ITIL was the service desk. "ITIL begins and ends with the service desk." Dunlap piggybacked much of the ITIL implementation on the backs of large projects -- a billing conversion, for example, so the relationship between ITIL and the business was unambiguous. But it still takes a lot of marketing, he told the audience members, urging them to sell, sell, sell the standards to the business.

Oded Haner, CIO of audio specialist manufacturer Monster Cable Products Inc., is two years into an ITIL implementation, "without calling it ITIL," he said. His biggest challenge is selling the benefits of process-driven to a company that started in a garage, is privately held -- so no SOX requirements -- and entrepreneurial to the core.

Formal processes in that environment can be seen as a limitation, not an enabler of business, Haner said. But with rapid growth and locations in India and Ireland, "we had to put processes in place," he said. His strategy was to start modestly, with SLAs that spelled out and delivered on IT services. "That was the first win, and we marketed that win to everyone," Haner said.

As the GCI staff climbs the chain of standards, ITIL keeps giving back, Dunlap assured the audience. And these days, IT is no longer invisible at GCI, bragged Dunlap, clearly proud of the transformation. "It enables the company's growth. In fact, I have to keep throttling my staff to keep them from pulling the business too far and too fast."

Read more on Regulatory compliance and standard requirements