ITIL drives better governance for Victoria DET
It may offer invaluable guidance for the creation of service management strategies, but at the Victorian Department of Education and Training (DET), ITIL (IT Infrastructure Library) has been not an end in itself -- but a means to a much bigger end as the department worked to introduce an effective IT governance framework.
With more than 579,000 users, 194,000 networked PCs and 40,000 notebook PCs spread across 2000 schools from one end of Victoria to the other, scale has long been the natural enemy of order at DET. This equipment and user base is supported by a complex back-end IT ecosystem with 300 central servers and 4TB of central storage, compounded by 3280 school servers with 131TB of local storage and 9500 wireless LAN access points providing wireless coverage in every school.
Needless to say, consistent provision of IT management services had traditionally been extremely difficult despite the AU$250 million annual IT budget. Chronic problems with the delivery of IT support services had led to a lack of IT development control, no clear priorities or consistency, poor visibility across business and IT requirements, and almost no forward IT planning.
Recognising that a formal governance infrastructure would be invaluable in remedying these problems, DET recently embarked upon a project to review its IT operations and standardise its processes.
The effort met an early hiccup as early guidance from outside consultants produced a complex definition of governance that failed to resonate with the department's business processes. DET reworked the definition internally, but the involvement of a number of non-IT areas ended up muddying the governance definition even more.
-Good governance is enormous," says Tudor Owen, ICT governance manager with DET. -It's not about documentation, and not about compliance. If you can't see and prove to the business the benefits of IT governance, don't bother. You have to understand why you're doing it -- and what we [ultimately] said was that it defines the rules and regulations by which you manage your investments and relationships."
Down to business
Having a clear definition to work with, DET began working through the much more complex task of introducing a governance framework that would both standardise its IT support processes, and allow it to enforce broader governance controls on its IT organisation.
The department's plan was to launch a mass education campaign among its staff, introduce a manual portfolio management process, review its processes, and then -- within two years -- implement a portfolio management tool to automate its processes.
ITIL, recognised as the de facto standard for IT service management, was chosen as the framework to follow for the service management part of the project, while introduction of an established development methodology such as PRINCE2 would bring consistency to that part of the business. Both methodologies would be wrapped into a broader IT governance policy framework that would be managed using the purpose-built tool.
DET intentionally put off the tool purchase until the final phase because, says Owen, it's critical to get the earlier process-related phases right before tools can even be contemplated. Early employee education about the plans for governance, for example, proved to be difficult enough without throwing in the specifics of application training.
-Some people are [so] busy at the coal face they can't see any benefits of doing governance," he explains. -You're potentially adding more work, and [for them] it's just more paperwork. Many people just don't react well to change because you're taking them out of their comfort zones, and making the work they do visible and therefore accountable."
Not only were those employees going to be held accountable, but their responsibilities were likely to change as new process structures came into place. For example, introduction of a consistent project scoring methodology was designed to standardise the evaluation and approval of new projects according to business value; this method becomes easy to enforce with a centralised process model in place, but it also requires changes to existing processes including a certain lack of autonomy for many employees.
Autonomy also becomes an issue because, with centralised management monitoring ITIL-driven service quality and overall project progress, developers become far more responsible for justifying their existence, so to speak, than in the past.
In DET's new structure, every IT project, no matter how small, is tied to a specific individual responsible for monitoring its project and justifying its continued existence to management. -This way it's not an IT person who can say yes, the project can keep going," Owen explains. -It's a business person who has accepted that risk."
Return to form
With revised structure for project responsibility in place, DET faced the challenge of finding the right tools to model and enforce its governance policies.
After evaluating several possibilities, Mercury IT Governance (Mercury was recently purchased by HP) was implemented across the organisation to tie the service management rigour of ITIL with the ongoing project management rigour of DET's new hierarchical development approach. Because DET did so much groundwork up front and had 80 percent of its processes documented, implementing the Mercury tool only took two weeks.
That didn't mean things improved overnight, however: a quick implementation couldn't change the fact that much of the guidance that ITIL (and related process standards) offers is simply a reworked version of processes that were widespread in the past. The use of gate documents, for example, offers an easy way to ensure process requirements are met -- but have long been accepted parts of proper project management discipline.
-ITIL is often bandied about as being something very new, but I would say that 95 percent of everything that's in ITIL, we were doing years ago in mainframes," Owen explains. -The discipline and rules haven't changed -- and now we can control governance using these very simple gate documents where you [assess] the project up to a certain point."
The difference: by pairing ITIL with a clear governance framework, IT projects only progress past these gates with the review and explicit approval of the business managers responsible for them. Each project is scored according to five categories of business value: alignment to strategic goals, ROI, operational efficiency, educator value and value to students.
-We've been able to get agreement that the score constitutes where you are on the priority list," says Owen. -It all depends on how you define quality."
DET's approach has paid off significantly by forcing closer teamwork between business and IT stakeholders, allowing projects to be put in the context of DET's overall work rather than letting them run forever on their own steam. Centralised visibility of all projects allows redundant efforts to be identified and terminated before money, time and bother are all wasted.
The organisation's process transition isn't yet complete, but continued adherence to its evolving governance structure -- reinforced by the newfound rigour of its ITIL-backed service delivery approach -- is delivering benefits.
Yet while ITIL has provided crucial guidance as DET worked to improve its service delivery processes, Owen cautions that ITIL-driven change doesn't happen overnight: -ITIL contains the rules and regulations around running your IT business, and puts service into production," he says. -But you can't suddenly expect to be able to do things like governance in a few months; it's going to take years to do it right."
