October 10th, 2013

Is e-learning the way to go?

Africa Value Solutions’s e-learning provides an effective and flexible solution for those who wish to complete a class, but do not wish to attend a classroom course. These web-based courses combine the best of online interactivity and engaging course design by employing sound instructional design with multimedia components, practice tests and online quizzes. Students who have attended such a course are suitably prepared to successfully take the associated certification test which is a requirement for attending any of the further learning courses available in the appropriate tracks.

Africa Value Solutions (AVS) is accredited to offer the following international best management practice courses via self-paced e-Learning in over 51 countries:

Course Approach:

E-learning allows the delegate to go through the chapters in a logical manner. The content starts with an introduction, overview and ends with sample exams to test the delegates understanding of the material covered. E-learning enables the delegate to study the material at the delegate’s preferred pace. It is recommended to do the sample exams after the complete e-learning has been followed. To prepare effectively for the exam, delegates should be prepared to undertake revision and exam preparation work.

Course Student Material:

Students will receive the credentials to start the Computer Based Training (CBT). The CBT is an online training course and can be followed anytime and anywhere.

Businesses and Individuals

In this post we’re taking a look at why businesses and individuals are opting for online learning over the more traditional methods. E-learning is the global education market’s fastest growing sub sector. But what is it about online learning that is so appealing and how does it benefit today’s organizations and individuals?

E-learning provides opportunities for individuals who perhaps don’t have access to traditional training environments to learn current theories and methodologies at their own pace and without large costs. It’s estimated that individuals and companies can save 50-70% on their training costs by switching to e-learning from traditional training methods.

But it’s not just the costs that are attractive. Research has found that retention of e-learning is twice as high as classroom instruction at half the cost; moreover, it has been discovered that participants learn almost five times more material without increasing the time they spent training.

The use of e-learning requires up-front investment in technology, development tools and content. Africa Value Solutions (AVS) has invested and partnered with the best online training providers for our PRINCE2, ITIL and Management of Risk (M_O_R) e-learning courses. These investments are fixed, regardless of how many students we train allowing our prices to remain very competitive in comparison to the more traditional training modes.

Other advantages of e-learning include:

Faster delivery - At a time when change is faster than ever a key advantage of e-learning is that it has faster delivery cycle times than traditional classroom-based instruction. There is a practical limitation on how fast learning can be rolled out with classroom-based instruction, as the capacity to deliver learning is limited by the number of available classrooms and trainers.
More effective learning - A nine-year survey by a research literature in training concluded that: “Learners learn more using computer-based instruction than they do with conventional ways of teaching, as measured by higher post-treatment test scores.’
Lower environmental impact - Online learning is an effective way for individuals and organizations to reduce their carbon footprint.
Flexibility, Accessibility, Convenience – Learners can proceed through a training program “at their own pace and at their own place.” They can also access the e-Learning course at any time, and only as much as they need. This is also known as “Just in time and just enough.”
Savings in Travel Cost and Time
Ease of Updates

Some of the disadvantages attributed to e-learning include:

Learners with low motivation or bad study habits may fall behind
Without the routine structures of a traditional class, students may get lost or confused about course activities and deadlines
Students may feel isolated from the instructor and classmates
Instructor may not always be available when students are studying or need help
Slow Internet connections or older computers may make accessing course materials frustrating
Managing computer files and online learning software can sometimes seem complex for students with beginner-level computer skills

What do you think? Should we stick to more traditional methods of training, is e-learning the way forward or would a combination of the two create an ideal learning experience?

August 14th, 2013

No Comments »

Help! I’m Taking Over a Failing Project

What should you do when you take over a project that has been going wrong? One of our candidates was given a project and needed to produce a presentation for the Managing Director about the project in terms of where is stands, what went wrong and what his plans were to get it back on track. The previous project manager had agreed variables, timescales and a project plan but had off ill for two weeks with no contact with the client. Colin Bentley, former PRINCE2 Chief Examiner, offered this advice about how to tackle the presentation.

“I would have three parts to the presentation.

First would be the state of the project at the time the project manager went sick - was it on target, what if any were the problems, what was the state of open issues, risks, and what work was in progress?

The second would be the state now - same questions;

The third would be what you propose to do over the next period of time, maybe two weeks or a month. You would have to decide how long you need to recover any lost time or deal with problems and how long the Project Board is willing to give you to see any improvement. Of course, you may find that everything is going along nicely - but I doubt it.

I think you should also look at the state of the Project Plan, Business Case, current Stage Plan, the project organization and the way in which matters such as issue capture and analysis and risk management are being handled and make proposals if they are not following PRINCE2 guidance.”

Do you have any stories of taking over a failing project? Let us know how you dealt with it by emailing us at info@avs.co.ke.

August 14th, 2013

General, PMI® Knowledge Base, PRINCE2® Knowledge Base

No Comments »

The Principles of Project Management

By Colin Bentley, former PRINCE2 Chief Examiner

The principles of the PRINCE2 project management method are:

Continued business justification
Learn from experience
Defined roles and responsibilities
Manage by stages
Manage by exception
Focus on products
Tailor to suit the project environment.

Not all project management methods contain these principles. There are some other concepts included in virtually every project management method, including PRINCE2, which are management of quality, risk and changes.

Continued business justification – this states the concept that no project should be undertaken or allowed to continue if it has no business justification. This justification usually means financial justification. Too many projects start without anyone checking that it will bring benefits that outweigh the cost. During the life of the project very few projects review the original justification to see if the business environment, company strategy, cost of producing the end products and expected outcome have changed to such an extent that there is no longer a viable business case. PRINCE2 ensures that there is a viable Business Case before the project is allowed to start and requires a review of this at the end of every stage, thus avoiding money being thrown away.

Learn from experience – A huge amount of project money can be wasted by project managers making the same mistakes that others made before. There is little benefit to senior management to find that different projects are being run under different methods (or no method at all). There should be a formal method of recording good and bad experiences and practices and making these lessons available to every new project. This is a first step in moving towards project management maturity.

Defined roles and responsibilities – Project managers do not provide the budget for their projects. They do not establish the tolerances or limits beyond which they must acknowledge that the project is out of control and they need help. They do not decide what the customer wants. Project managers should not be responsible for deciding if major changes to the specifications should be allowed. Senior management should appoint a project board, a group of managers whose authority matches the commitment needed, with representation from the customer whose staff will specify what is required, the supplier whose resources will build the product and in charge of these a manager who is responsible to company management for the outlay and ensuring that the project matches company strategies. PRINCE2 provides role descriptions for a project management team and every member of the team signs up to a role description to understand what responsibilities are theirs and to whom they report. Such roles can be shared or combined according to the needs of a project.

Manage by stages – PRINCE2 believes that projects should be split up into stages. There is always an initiation stage, where a project plan is created, a business case is built and strategies are created for quality, risk, configuration management, change control and communication. After that stage the rest of the project is broken down into a number of stages, minimally one for small projects. The two main reasons for stages are to provide a project board decision time to check that the project should continue and to allow the project manager to create a detailed stage plan for the next stage.

Manage by exception – PRINCE2 does not believe in ‘progress meetings’. Once a Stage Plan has been agreed by the Project Board, the Project Manager gets on with the job of managing that stage. For each stage the Project Board sets tolerances within which the Project Manager must work. As long as the stage stays within these tolerances, work continues. If there is a danger of a tolerance being broken (an exception situation), the Project Manager must then make the Project Board aware of the danger and propose action.

Focus on products – PRINCE2 believes that in planning you should focus on the required products rather than the activities to create them. This helps the definition of the purpose and required quality of each product, how that quality should be verified, who should check that quality. This is much easier than defining the quality of an activity. Focus on products also forms the base of PRINCE2 planning. You think of the required products and then the sequence in which they need to be constructed. The method allows the major products to be broken down into project, stage and finally team plans.

Tailor to suit the project environment – if you are to have a project management method, it needs to work for all sizes of project, but what is needed for large projects may be too much for small projects. PRINCE2 builds in flexibility throughout the method to allow it to be tailored not only to the size of the project, but also local management requirements; role names, specific local forms and other company requirements. The company may have a change control method that it wishes to keep. It may require all projects to use a specific configuration tool. PRINCE2 can be seamlessly merged into all such local practices.

Colin Bentley has been a project manager since 1966 and has managed many projects, large and small, in several countries. He has been working with PRINCE2, PRINCE and its predecessor, PROMPT II, since 1975. He was one of the team that brought PROMPT II to the marketplace, wrote the major part of the PRINCE2 manual and is the author of all revisions to the manual until the 2009 version.

He was the Chief Examiner for PRINCE2 from its beginning until 2008 and wrote all Foundation and Practitioner exam papers and marked them until they reached the massive volumes that are sat today. Now retired, he has had over twenty books published, lectured widely on PRINCE2 and acted as project management consultant to such firms as The London Stock Exchange, Microsoft Europe, Tesco Stores, Commercial Union and the BBC. He still writes books on the PRINCE2 method and has updated them all to reflect the 2009 version.

July 16th, 2013

ISO/IEC20000® Knowledge Base

No Comments »

How ISO/IEC 20000 makes your organisation work better

The dryness of certifications and qualifications can sometimes take peoples’ eyes off the ball, making them forget that the underlying purpose of study, examinations, and accreditation is to make things better, and to sometimes create dramatic improvements in the way an organisation works.

ISO/IEC 20000 is an international standard that allows organizations to demonstrate excellence and prove best practice in IT service management.

Although the adoption of ISO 20000 has grown rapidly in the international arena for both internal and external IT service providers many of the very people who would gain from its adoption, are still not aware of the benefits, whether for individuals or more importantly for the organisation as a whole.

ISO/IEC 20000 allows IT service providers to achieve conformance to a service management system which specifically requires them to continually improve their delivery of IT services. The fact that the organisation is independently audited for compliance using an internationally recognized scheme and standard can only help to bring credibility to any organisation that takes it on.

One of the key benefits of achieving this standard is to establish an on-going culture of continual improvement and learning throughout the organisation, leading to continual improvement in the quality of IT services provided. This in turn leads to increased customer confidence in the service provider and ultimately more new business.

This is just a taster of the positives for organisations of completing ISO/IEC 20000 certification, to say nothing of the benefits for individuals within that business.

July 14th, 2013

ISO/IEC20000® Knowledge Base

No Comments »

ISO/IEC 20000: Application & Governance of Processes Operated by Other Parties

By Lynda Cooper.

The 2nd edition of ISO/IEC 20000-1 was published in April 2011. During my work training or advising organizations on how to use ISO/IEC 20000, two of the areas that raise the most questions are application and governance of processes. These are covered in Clauses 1.2 and 4.2 of ISO/IEC 20000-1. These were both new Clauses in the 2011 edition of the standard. This blog aims to provide some explanation and guidance about these 2 Clauses

Application – Clause 1.2

Clause 1.2 of ISO/IEC 20000-1 is headed ‘application’. This sub-clause does not contain requirements i.e. SHALL statements that an auditor will assess for evidence. However, it is a very important part of the standard. Many users of ISO/IEC 20000-1 will only read Clauses 4 – 9 which contain the requirements or SHALL statements. As with all standards, the introduction and Clauses 1 – 3 are very important to position the standard and define the terms used. Many certification schemes will reference items from Clauses 1 – 3.

Clause 1.2 starts by stating that the standard can be applied to any type and size of service provider regardless of services delivered i.e. it can be applied to small or large, public or private, IT services or non-IT services, internal or external service providers.

It then clearly states that no exclusions are allowed when a service provider claims conformity to ISO/IEC 20000-1 i.e. in order to gain certification, a service provider must be able to demonstrate conformity to all of the requirements in Clauses 4 – 9.

It also explains that ISO/IEC 20000-1 is not a specification for products or tools although it can be used to support their development.

Clause 1.2 then goes on to discuss how conformity can be shown when other parties are involved in operating some or all of the requirements of processes in ISO/IEC 20000-1.

For Clause 4, service management system (SMS) general requirements, the service provider must show evidence of fulfilling all of the requirements themselves. They cannot outsource requirements in Clause 4 and rely on governance of processes operated by other parties. Imagine if you outsourced all of Clause 4, including the top management control, you would no longer own or be in control of your SMS! It is acceptable to have other parties doing some of the work of Clause 4 on your behalf e.g. supporting you to develop the service management plan, conducting internal audits on your behalf.

For Clauses 5 – 9, the simplest scenario is for the service provider to operate all of the processes themselves. However, this is often not the case and the Clause goes on to clarify when the standard can be applied when there is a small or large amount of outsourcing of the service management processes.

If the service provider has outsourced the majority of the requirements in Clauses 5 – 9, then the service provider is not applicable to demonstrate evidence of conformity. It may be possible to ask your supplier to achieve conformity to ISO/IEC 20000-1. Alternatively, another standard such as ISO 9001 may be more appropriate.

If the service provider has outsourced only a minority of the requirements of Clauses 5 – 9 and can demonstrate governance of processes operated by other parties for those processes (or parts of processes), then the service provider is applicable to show evidence to demonstrate conformity.

Governance of processes operated by other parties – Clause 4.2

There are 3 possible ‘other parties’:

Suppliers – these are defined in ISO/IEC 20000-1 as external to the service provider’s organization and contracted to the service provider – see Clause 7.2, supplier management, for requirements to manage suppliers
Internal groups – these are defined as in the same organization as the service provider but outside the scope of the SMS. There will be a documented agreement between the service provider and the internal group – see Clause 6.1, service level management, for requirements to manage internal groups
Customers acting as suppliers – the customer can operate a process or part of a process e.g. the customer operates the 1st line service desk with some of the incident management process. Again there needs to be a documented agreement between the service provider and the customer – see Clause 6.1 for requirements to manage customers acting as a supplier.

The other parties can operate a process or part of a process. They can also provide a product, tool or service without operating any process or part of a process e.g. a supplier of laptops, service management toolset or network cabling service. Clause 4.2 only applies to those other parties who are operating a process or part of a process.

There are 4 requirements, which have been broken down further, for demonstrating governance of processes operated by other parties. It is important to remember that this is not asking for the service provider to be doing the activities themselves; what is the point of outsourcing if you do that?

The requirements are explained below:

Accountability

- the service provider needs to demonstrate that they are accountable for the process or part of a process i.e. if something goes wrong with the process operated by the other party, it is the service provider who is accountable to the customer for putting it right and not the other party. The other party is accountable to the service provider for putting it right

Control of definition of process and interfaces to other processes

- there are various ways that the service provider can do this – by providing a process description, by agreeing to the other party’s process description or by defining and agreeing a process description together

- it is important to include the interfaces to other processes, especially where these cross organizational boundaries e.g. if the other party is operating incident management and the service provider is operating problem management

Authority to require adherence and compliance to the processes

- the service provider needs to have a method to ensure compliance to the agreed process e.g. the internal auditors also auditing the process operated by the other party

Determining process performance

- the other party needs to allow the service provider to track the performance of the process. This could be through various methods e.g. reporting, direct access into a tool

Controlling the planning and prioritization of process improvements

- the service provider does not have to identify the process improvements themselves although they can do this if some improvements are found from the other activities e.g. from an audit of the other party’s activities

- the service provider and the other party can review the suggested improvements together

- the service provider has the final decision on plans and priorities for the improvements.

Contracts and documented agreements can be used to set expectations with the other party for these requirements. Evidence can then be shown in the form of meeting minutes, improvement logs, reporting etc.

The most frequently asked question

Finally, the most frequently asked question I get asked for governance of processes:

Does the other party have to be certified to ISO/IEC 20000?

The simple answer is no. But they do need to be aware of your requirements and their part in helping you to fulfil them.

Further information

ISO/IEC 20000-3 provides further guidance on application and governance of processes operated by other parties.

Lynda Cooper, an independent consultant and trainer, is one of the first people in the world to hold the ITIL Master qualification. Lynda sits on the BSI committee for IT service management (ITSM) and is one of the authors of ISO/IEC 20000. Lynda sits on various ISO/IEC committees and is the project editor for ISO/IEC 20000-1 and ISO/IEC 90006.

June 23rd, 2013

General, PMI® Knowledge Base, PRINCE2® Knowledge Base

No Comments »

What’s the best route into a project management career?

Whether you have just left education or are considering a change in career, it’s not always easy to know how to take the first step. One of our candidates recently asked us about a good entry route into the project management industry or the best way to obtain practical experience. He had recently graduated university with a BSc in IT with Management and passed the PRINCE2 Practitioner exam, although this put him in a strong position it is essential to remember that qualifications alone do not make an effective project manager.

If you’re just starting out in project management, it’s quite unlikely that you will enter a project management role immediately. The key is experience, tactically choosing the organization you want to work for and future-proofing your skills.

It’s a good idea to select a large organization which runs a lot of projects as this will allow you to work on different teams, gain experience and show your colleagues what you are capable of. Make yourself known to your managers and the HR team and let them know that your aiming for a Project Manager role.

Use your knowledge and do some research into upcoming trends in project management. (The Arras People Annual Benchmark Report and PMI’s Pulse of the Profession Report are good places to start.) If you start to build your skill set to cater to this trend, you will be ahead of the game when organizations are looking for professionals who can tackle their projects using these up and coming techniques. What would be even better would be if you could pinpoint a skill that you envision to become a market leader and look for a company that is using that skill. You can then look for project management openings around that skill, whether it be a methodology or understanding of software

June 4th, 2013

General, ITIL® Knowledge Base, PMI® Knowledge Base, PRINCE2® Knowledge Base

No Comments »

Accreditation – Why it Matters for Trainers

Why should people use accredited training organizations like Africa Value Solutions (AVS)?

We think the first thing about using an Accredited Training Organization is that you know they have been externally validated. Somebody has come in and audited them as a training company and for Africa Value Solutions (AVS), this has been done by APMG, ISACA and other International accrediting bodies. It is important that we are audited from three aspects.

First of all it’s the quality of our training materials, so we have external assessors who look at everything that we’ve put together – the volume of materials that we’re asking people to do, the content of materials we’re asking them to do and pre-course, and also that the materials cover the full syllabus so that we’re not leaving anything out. It makes sure that from an external point of view, you know that the course materials you’ll have, will cover everything you need for the exams.

Secondly, the organization looks at whether our trainers know enough to be your trainer. All the trainers have to get an elevated mark in all the exam courses they train but also they’re looked at every year. An assessor comes in and sits in on the course and asks them questions about the materials after the course. So every twelve months you know that your trainer knows what they’re doing.

Finally, all of our materials and our processes for how we deal with booking exams, giving people their results and holding the courses are all looked at as well. It’s a really good external check. An accredited training organization means they have been verified.

How important is accreditation?

It’s very important that we have the quality mark when dealing with all our training’s. There are lots of training companies who are not accredited training organizations, they just hold courses in things that they want to be talking about. For Africa Value Solutions (AVS), knowing that there’s a link between what we’re doing, the syllabus, examinations and that we’re externally verified is that quality mark in the marketplace. It’s important to say “Actually somebody’s been looking at us and they think we’re very good at this.”

How should candidates choose their training providers?

We think there are lots of external indicators about whether or not a training company knows what they’re doing and sometimes it’s not the obvious ones. You really ought to ask about pass marks but think about pass marks contextually. Everybody can claim that they have the highest pass marks in the marketplace but we think if you’ve got a training company that really knows what they’re doing, have a look at their website. Have they got a knowledge base? Have they got articles? If they’re interested and they care about the subject then they are going to have lots of material and they will have been building that up for years so they’ll know what they’re doing. If they know what they’re doing in that regard, they’ll know what they’re doing in the classroom.

The other thing to look at is to ask! Ask “how experienced are the trainers? Have the trainers ever been a project manager or a project sponsor? Has my trainer ever been involved in large scale transformational change?” Because otherwise you may very well end up with somebody who is just reading a book aloud to you for a week. The experience of trainers is really important and I think it’s also worth asking what else your trainer is qualified in. We passionately believe that if you’re being trained on one thing, you want your trainer to add in lots of extra context to see the picture and pass on extra techniques and tips that they understand from other parts of the project management world. So if you’ve got a PRINCE2 or ITIL trainer, what else are they trained in? Africa Value Solutions through our International network has access to over 200 highly experienced trainers in a variety of fields.

If you’re interested in booking a course with us, click here.

June 4th, 2013

ASL, BiSL Knowledge Base, General, PRINCE2® Knowledge Base

No Comments »

Are your lessons learned being used?

It’s all very well filing your lessons learned reports but is your organization taking note of them? During the project Start Up phase, project managers should look for Lessons Reports from previous projects and incorporate them in the Lessons Log for the new project.

Tracking is a job for Project Assurance and this can be done at a number of points in a project. Firstly, has the project manager looked for Lessons during the SU process? Secondly, at each stage end, have any new lessons been added to the Lessons Log? This can be compared to the stage results – time, cost, quality and to Highlight Report mentions of any problems encountered during the stage.
At project closure the Lessons Report can be examined for the project manager’s entries and these compared to Stage Plans and the Quality Register to see if any lessons learnt have resulted in any corrections or changes by the project manager.

Naturally at any time during the project, Project Assurance may become aware of a problem that should result in an entry in the Lessons Log, and can check: (a) that an entry has been made; and (b) that the lesson has been incorporated in the later planning and monitoring of the project.

Project Assurance can always ask for the End Stage Report to include any new lessons and what has been done as a result of the lesson.

What is important though, is that it’s not just a case of reports filed or meetings held. What project managers need is accurate information and well-reasoned decisions.

On Project Smart, Duncan Haughey’s article ‘Avoid the Same Old Mistakes by Focussing on Lessons Learned’ is worth a read. He says, “If project managers are going to actively contribute to the project management knowledge within an organisation and make use of it, then we have to make it easy for them. Nobody is going to go out of their way to do it. So it’s important to have a well defined and simple process for collecting, collating, analysing and disseminating lessons learned. It could be along the lines of discover – recommend – document – share – review – store – retrieve.”

I wonder how many organizations are really honest in their lessons learned reports, and how many project managers hide their real opinions from their sponsors. It’s difficult to step up to the mark and speak out when you know things are going wrong, but masking problems means the same old things keep coming up time and again. So the real question is, how truthful is the lessons learned log?

This is the kind of question we will be grappling with at the UK Showcase this June. It takes place at the QE11 Conference Centre on June 20th. It’s free to attend for programme and project managers. Register today or sign yourself up to host one of our Birds of a Feather sessions – your peers will thank you!

June 4th, 2013

ASL, BiSL Knowledge Base

No Comments »

BiSL Foundation Exam available all over the globe

Business Information Management

Within the complexity of today’s market, organizations simply cannot function without a fully functioning information provision, including technology (IT). The most critical elements are found in the alignment of IT and business processes. It is precisely this alignment that is often far from perfect. All over the world people are looking for guidance on how to manage business information management.

BiSL framework

The BiSL® process model provides an insight on all the primary processes within the field of business information management and the relation between the various processes.

BiSL Training courses

I am training professionals all over the world and I’ve seen a lot of interest in BiSL, for example in the USA. However, most BiSL training courses are scheduled in the Netherlands.

BiSL Foundation Exam

On LinkedIn I saw people from all over the world asking how they could take the BiSL exam. I wondered how Capgemini could help. On one hand the ASL BiSL Foundation and APMG were trying to provide examinations in other countries. On the other hand, an accredited training organization can provide virtual exams to their participants via the Internet. So I wondered whether we could provide training courses (including exams) all over the globe.

The solution

Beside BiSL training courses I also provide training in ITIL. I had already worked on the development of Capgemini’s virtual ITIL training course (including exam) because so many of our customers don’t their employees to travel, due to high costs and loss of precious time. Being a BiSL expert that is able to provide virtual training in ITIL it was easy to come up with a virtual BiSL training course including a virtual exam. This makes us the first (Dutch) company to provide BISL training courses and exams all over the globe.

May 23rd, 2013

General, ISO/IEC20000® Knowledge Base

No Comments »

ISO/IEC 20000 – Defining the scope of the service management system

By Lynda Cooper.

The 2nd edition of ISO/IEC 20000-1 was published in April 2011. Adopting the standard will produce improvements in service management and service delivery leading to business benefits for organizations.

When considering certification to ISO/IEC 20000, one of the first things to be done is to define the scope of the service management system (SMS). Are you going to include all of your services, some of your services, only IT or more than IT? ISO/IEC 20000-1 includes requirements for defining scope and ISO/IEC 20000-3 includes guidelines.

The requirements for defining scope

ISO/IEC 20000-1 Clause 4.5.1 states the requirements for defining the scope of the SMS. It requires the scope statement to be included in the service management plan which will set the context for the whole plan.

There are two items that must be included in the scope statement:

name of the service provider delivering the services

the service(s) to be provided.

The name of the service provider can be the whole organization or can refer to the specific service provider area within the organization. For example, it can be ‘Organization A’ or ‘the IT department of Organization A’.

The services to be provided can be generically described as ‘all IT services’ or more specifically described e.g. all desktop services, all services to customer B, SAP support services.

There are four items that must be considered when defining the scope. These items can optionally be included in the scope statement:

location(s) where the service provider delivers the services

customer(s)

customer location(s)

technology.

Taking each of these in turn, location of the service provider could be a data centre, an office or various sites. There may be several sites included in the scope or just one. Auditors usually like to specify the sites that are included in the scope.

The customer can be defined if it helps to define the scope e.g. all internal users, the finance department, external customers.

The customer location can be defined if the service is limited to specific locations for the customer e.g. all internal users at the head office site, all external customers in the UK.

The technology can support the definition of the services e.g. desktop services, application support services, SAP support service, telecoms services.

IT or beyond?

ISO/IEC 20000-1 is largely used for IT services. The definition of IT in this case is taken from ISO/IEC 38500:2008:

information technology (IT)

resources required to acquire, process, store and disseminate information

NOTE Includes Communication Technology (CT) and the composite term Information and Communication Technology (ICT).

From this we can see that IT can include hardware infrastructure, software applications, telecoms, cloud computing, networks and much more.

ISO/IEC 20000-1 has the term Information Technology on the title page but not throughout the standard. It can be applied to any service as long as all of the requirements can be met. There has been a certificate awarded for business process outsourcing services in India.

Guidelines for defining scope

The scope statement should be easy to understand and unambiguous.

There is no need to include the names of other parties involved in the services e.g. suppliers, or the names of the processes – they are defined in ISO/IEC 20000-1.

A service catalogue can be referenced in the scope statement but it is not good practice as it is not clear what the scope is. If the service catalogue is included because it is too complex to specify the scope in other ways, do not include the version or date as this may change if the catalogue is updated. If the catalogue is in the scope statement, then it is essential that all services in the catalogue meet the requirements of ISO/IEC 20000-1.

Exclusions can be included in the scope statement to aid clarity although this is unusual.

The scope can only be for a single legal entity. If all of the requirements are satisfied by two companies working together, then this is not a valid scope.

The commercial status is irrelevant to the scope. For example, the infrastructure could be owned, leased or in the cloud. The service provider can be internal or external to the customer. The terms of a contract cannot be used to reduce the service provider’s obligations to fulfil all the requirements of ISO/IEC 20000-1.

If the scope changes to add or remove services/locations, then the scope statement may need to be updated and the auditor will have to check that all of the requirements of ISO/IEC 20000-1 are still being met for the revised scope.

Format of scope statement

It is important to remember that it is the scope of the SMS that is being defined and certified. The scope statement can therefore be:

The SMS of <service provider> that delivers <services>.

A more complex scope statement can look like

The SMS of <service provider> that delivers <technology> <services> from <service provider location> to <customer> at <customer location>.

Further information

ISO/IEC 20000-3 provides further guidance on the definition of scope in the form of scenarios.

April 28th, 2013

COBIT Knowledge Base

No Comments »

COBIT FAQs

Frequently Asked Questions

What is the purpose of COBIT 5?
Who is using COBIT 5?
Where are the control objectives in COBIT 5?
Are there other major differences between COBIT 4.1 and COBIT 5?
What is the overall quality of COBIT 5, and were any industry professionals part of the expert review?
Can I use COBIT 5 as a statement of criteria for specific audit conclusions?
What training is available for the use of COBIT 5?
In what way can I suggest to executive management that it use COBIT 5?
Is the COBIT 5 framework superior to the other standards and frameworks such as the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 series and Information Technology Infrastructure Library (ITIL®)?
What is the quickest and best way to convince key executives and other enterprise stakeholders of the value of using COBIT 5?
Has the COBIT 5 framework been accepted by C–level executives?
How is COBIT 5 aligned with the international standard on IT governance, ISO/IEC 38500?
Do I need to meet an exact level when assessing a process using COBIT’s process assessment models?
What does COBIT stand for?
Why is COBIT 5 presented in international English?
What are the guidelines for use of COBIT® 5 copyrighted content?

1. What is the purpose of COBIT 5?

COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise information and technology assets (IT). Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector.

2. Who is using COBIT 5?

COBIT 5 is used globally by those who have the primary responsibility for business processes and technology, depend on technology for relevant and reliable information, and provide quality, reliability and control of information and related technology.

3. Where are the control objectives in COBIT 5?

Based on five principles and seven enablers, COBIT 5 uses governance and management practices to describe actions that are examples of good practices to effect governance and management over enterprise IT. Many of these practices and the supporting activities exert ‘control’ over the process to deliver the required outcome.

The move from the control objectives term was explained in an ISACA Journal article, Volume 4, 2011, written by one of COBIT’s first contributors, Erik Guldentops.

4. Are there other major differences between COBIT 4.1 and COBIT 5?

Yes, the framework design for COBIT 5 was revisited and restructured to ensure complete coverage for all major aspects related to the governance and management of enterprise IT. ISACA has prepared a presentation that outlines the main changes introduced.

5. What is the overall quality of COBIT 5, and were any industry professional’s part of the expert review?

To assure the high quality of COBIT 5, several measures were taken. The most important measures are:

The entire research process was overseen by both ISACA’s Knowledge Board and Framework Committee, which are responsible for overseeing all ISACA framework research development.
The detailed research results and deliverables were quality-controlled throughout the development process by a dedicated task force of experienced volunteer professionals.
A draft design document was issued for public exposure, and the feedback was integrated into the development work to produce the final COBIT 5 products. Before being issued, the draft development products were distributed to more than 100 subject matter experts around the world to obtain their professional review.
Once ready, draft versions of COBIT 5 and COBIT^® 5: Enabling Processes were made available to the public for review. Many good comments were received, suggesting further improvements for consideration. Survey questions concerning the level of satisfaction of the work at the draft stage were included in the public exposure activity, with 79 percent of the responses being positive. Based on the review comments, the development team made changes as appropriate.
The final product was reviewed by COBIT 5 Task Force members, the Framework Committee and the Knowledge Board.

6. Can I use COBIT 5 as a statement of criteria for specific audit conclusions?

There are additional professional guides planned that will extend COBIT 5. Amongst these is COBIT 5 for Assurance. This will serve as the guide for assurance professionals wanting to use COBIT 5 in their work. Once complete, COBIT 5 for Assurance will provide comprehensive guidance on using COBIT 5 to support assurance activities. The completion of this guide is planned for 2013.

7. What training is available for the use of COBIT 5?

ISACA is developing an education and training portfolio to support COBIT 5. As training is developed, ISACA will communicate news via appropriate media, including the ‘Education & Training’ page in the COBIT 5 area of the ISACA web site.

8. In what way can I suggest to executive management that it use COBIT 5?

Because COBIT is business-oriented, using it to deliver value and govern and manage IT-related business risk is straightforward. The COBIT 5 two-page executive summary and supporting short presentation can be used in the discussion with management. The goals cascade in the framework can be used to:

Determine stakeholder needs and governance objectives (value creation)
Identify enterprise goals that can support stakeholder needs. If the balanced scorecard (BSC) is used to develop these goals, then a common set of terms can be used to communicate the goals. Enterprise goals from the BSC are reproduced in figure 5 on page 19 of COBIT 5.
Select IT-related goals (for each enterprise goal) that will facilitate the achievement of the goals. IT-related goals can be found in figure 6 on page 19 of COBIT 5.
Achieve IT-related goals. This requires the successful application and use of enablers. The framework describes enablers in detail in chapter 5. One of the enablers, processes, is treated separately in the COBIT 5: Enabling Processes publication.
Present the proposed set of needs, goals and enablers to executive management as a means of delivering effective governance and management of IT-related technology.

9. Is the COBIT 5 framework superior to the other standards and frameworks such as the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 series and Information Technology Infrastructure Library (ITIL^®)?

Most enterprise stakeholders and executive management are aware of the importance of the general control frameworks with respect to their fiduciary responsibility, such as Committee of Sponsoring Organizations of the Treadway Commission (COSO), Code of Connection (CoCo), the UK Corporate Governance Code, King III, etc.; however, enterprise stakeholders and executive management may not necessarily be aware of the details of each framework. In addition, enterprise managers are increasingly aware of the more technical security guidance, such as the ISO/IEC 27000 series, and service delivery guidance, such as ITIL. Although the aforementioned standard and framework emphasize business control and IT security and service management and delivery issues in specific areas of enterprise IT-related activity, only COBIT 5 integrates all functions and processes that establish the governance of enterprise IT (GEIT) into overall enterprise governance and from a business perspective. It should be noted that ISO/IEC 15504 and ITIL V3 were used to develop the governance and management practices. COBIT 5 is not meant to replace any of these frameworks or standards. It is intended to emphasize what governance and management elements and practices are required to create value from information and technology in support of enterprise business goals.

10. What is the quickest and best way to convince key executives and other enterprise stakeholders of the value of using COBIT 5?

The enterprise’s culture is vitally important. A proactive culture will be more receptive than one that is not proactive; however, consider emphasizing COBIT’s focus on stakeholder value creation, it being business driven, its alignment with other internationally recognized standards and frameworks, and its simple, but complete, structure. COBIT 5 is based on five principles and seven enablers. All other governance and management guidance in COBIT 5 cascade from these basic areas..

11. Has the COBIT 5 framework been accepted by C–level executives?

Yes, previous versions of COBIT have been accepted in many enterprises globally, and new cases continue to be documented. However, it should not be a surprise that in those entities where the chief information officer (CIO) has embraced COBIT as a business framework for information and technology, this has come as a direct consequence of one or more COBIT champions within the audit and/or IT function(s). Even more important than acceptance by the CIO is acceptance by the board of directors and executive management. Successful implementation of governance and management of enterprise IT using COBIT depends greatly on the commitment of the executive management team as a whole. The CIO alone cannot implement COBIT 5 effectively throughout the enterprise because there are implications for many areas of the enterprise outside of the IT function. The emphasis on value creation and alignment of stakeholder needs, enterprise goals, and IT-related goals will ensure that COBIT 5 is seen as a business framework.

12. How is COBIT 5 aligned with the international standard on IT governance, ISO/IEC 38500?

COBIT 5 clearly differentiates between the key areas of governance and management. In alignment with ISO/IEC 38500, COBIT 5 presents governance in terms of Evaluate, Direct and Monitor. These terms come directly from the standard’s ’Model for Corporate Governance of IT’.

13. Do I need to meet an exact level when assessing a process using COBIT’s process assessment models?

The main purpose of the COBIT assessment programme is to give management a robust, reliable, repeatable approach and supporting tools to better understand the current capability of their governance and management processes, and to help management do benchmarking, gap analysis and process improvement planning. The assessment objective is to understand the level of capability that is present and the level that is appropriate for a given process, based on business requirements, and to understand the nature of any gaps so that any significant weaknesses in the process can be identified and improved..

14. What does COBIT stand for?

COBIT was originally an acronym for Control Objectives for Information and related Technology. Now used in short form, COBIT is used to identify the name of the framework.

15. Why is COBIT 5 presented in international English?

Starting with the first COBIT (1996), a conscious effort was made to use international English to underscore the global nature of the sources that went into its development (the international standards and frameworks used as references) and the global application of the resulting COBIT. Over the years, this approach has been questioned and challenged from time to time, but it has remained in place and all COBIT derivative products follow this rule as well.

16. What are the guidelines for use of COBIT® 5 copyrighted content?

Please view the Guidelines for Use of COBIT Copyrighted Content.

April 22nd, 2013

PMI® Knowledge Base, PRINCE2® Knowledge Base

No Comments »

Project Management – PRINCE2 or PMP

We at Africa Value Solutions (AVS) are often confronted with the question of whether prospective students should enroll for PRINCE2 or PMP to further their project management careers. It is for this reason that we wish to share this article. PMP & PRINCE2® are both recognized and respected across the world. PRINCE2® helps in understanding more from the project point of view whereas PMP helps in developing the project management skills. Whilst PMP is recognized more in the US and US dominant countries, PRINCE2® is recognized in the British and their influenced countries. Having both, definitely complements and improves the marketability of a project manager!

Visit: http://avs.co.ke/difference-between-prince2-and-pmp

Summary of PRINCE2

Provides a complete step-by-step methodology on how to set-up and run a project
Guidance on Pre-project activities and Post project activities
Emphasis on Business Case and Benefits
Management by Exception
Detailed description of responsibilities of the project management team
Description / Templates of project management products
Offers the depth in project management practices
Knowledge is organized around Principles, Processes, Themes & Governance
Tailoring guidelines
Emphasis on Business case and Benefits
Managed by Stages i.e. only one stage is committed at a time
Focus on Products
Detailed description on developing project plans
Trainings and Exams are over in 5 days
Specialist aspects are not covered
Detailed techniques not provided to plan and carry out project management activities
Leadership and People management skills are not coded in the method
No flexibility offered on adapting the best practices as it is more sort of a method
Not much emphasis on guidance or development Project Manager’s Skill set.

Summary on PMP

Provides the all round guidance on project management
Lists the tools and techniques that can be used in a specific process
Guidance organized by Process groups & Knowledge areas
Knowledge on specific aspects of the project such as Contract management, Quality management
Provides guidance on leadership, motivational skills and other interpersonal skills
Guidance on Reporting techniques such as Earned Value Management for effective reporting
Guidance on the professional code of conduct of a project manager
No guidance on project management team responsibilities
No guidance on tailoring
Not much details on how exactly to proceed / step by step approach
Whilst outputs for every process are described the guidance on their contents is not provided
No knowledge covered on the post project activity of ensuring the project was successful from benefits point of view
Not enough details on the contents of plan and how they should be developed at varying levels of detail and by whom

Conclusion

PMP & PRINCE2® are both recognized and respected across the world. Doing PMP helps in developing the project management skills whereas PRINCE2® helps in understanding more from the project point of view. Whilst PMP is recognized more in the US and US dominant countries, PRINCE2® is recognized in the British and their influenced countries. Having both definitely compliments and improves the marketability of a project manager! Africa Value Solutions offers both PRINCE2 e-Learning and instructor led classroom training and PMI exam preparation for the East African Project Management Market.

Knowledge & Guidance

Criteria	PMP®	PRINCE2®
Recognition	Worldwide	Worldwide
Popularity	North America, Canada, Asia	UK, Western Europe, Australia
Reference Book	PMBOK	PRINCE2® Manual
What is it?	A Best Practice Guidance that can be tailored and modified	A methodology that defines the step-by-step approach on managing projects
Architecture	5 Process Groups9 Knowledge Areas42 processesInput / Tool / Output for each process	7 Principles7 Processes7 ThemesGuidance on TailoringTemplatesRoles & Responsibilities
Differentiator	Descriptive	Prescriptive
Defined Responsibilities	Only for the Project Manager	For the entire Project Management Team including Executive, Assurance, Team Managers, Project Manager, Supplier, User, Support
Techniques	Described what techniques can be used and when	Techniques are left to the users to decide
Scalable	Yes	Yes
People Management	Yes, Guidance on Managing Project Team	No, Left to the User
Contract Management	Yes, Guidance on What Contracts are good for which type of projects	Not covered
Templates & Contents of the Project Management Deliverables	No	Yes, Templates are provided
Direction & Guidance from the Sponsors / Management	Some guidance in the beginning in the form of Project Charter	One entire process is dedicated to Direction and Ad-hoc guidance and approvals – Directing a Project
Tailoring Guidelines	Not provided	Provided in the Manual
Specialist Aspects such as Requirements Gathering, Costing, Reporting, Quality Techniques	Covered	Not Covered
Pre-Project	Techniques on Project Selection	Detailed description on how to start up a Project in a controlled way before committing to it
Post-Project	No such guidance	Creates the Benefits Review Plan

Accreditation

Criteria	PMP®	PRINCE2®
Governing Body	PMI, USA	APMG, UK
Authorised Training Organization	R.E.P.	ATO
Accredited Trainer	No	Yes
Entry Level Qualification	CAPM	PRINCE2® Foundation
Expert Qualification	PMP	PRINCE2® Practitioner
Eligibility – Entry Level	23 hours of Contact Training1500 hours of experience	None
Eligibility – Expert Level	35 hours of Contact Training4500 hours of Project Management Experience	None – although Experience is Recommended
Prerequisites	PMI application approval	Foundation certified
Open Book	No	Yes
Exam Format	Online – Computer based	Paper based
Exam Conducted By	Prometric	ATO on the last day of Training
Duration	4 hours	2.5 hours
Pattern	Multiple Choice Objective Type	Multiple Choice Objective Type
Number of Questions	200	Foundation 75Practitioner 9
Passing Percentage	62.5%	Practitioner 55%Foundation 50%
Result Declaration	Immediate	Foundation ImmediatePractitioner approx 4 weeks
Re-Certification	60 PDU’s in 3 years	Re-exam after 5 years
Official Information	PMP Handbook	PRINCE2® Qualifications Scheme
Official Exam Reference	PMBOK Edition Four	Managing Successful Projects PRINCE2® 2009 Edition
Official Website	www.pmi.org	www.apmgroup.co.uk

April 18th, 2013

General, PMI® Knowledge Base, PRINCE2® Knowledge Base

No Comments »

Tips for Taking Over a Project

Imagine you have just been parachuted into a project. What are the three key things you should do immediately to move the project forward? Below are opinions from four experts.

Adrian Hicks, Chief Examiner, MSP (Managing Successful Programmes)

Read the business case.
Read all the highlight reports.
read all the board minutes.

Andy Taylor, Assessor, MSP (Managing Successful Programmes) and PRINCE2

Look at the milestones to date and see how they have been adjusted.
Look at the business case to see if it has been maintained.
Call a project team meeting to talk to those actually doing the work.

Alan Harpham, Chairman, APMG

Request an independent review of its current status.
Read the original objective(s), defined outputs and hoped-for outcomes with agreed changes.
Make some findings of your own based on these two documents.
Meet the project team and discuss your findings.
Continue with them as they are (project appears on track), coach them to improve or make strategic changes to the team (project can still achieve but needs to improve) or inform the sponsor that his/her project is in serious trouble and will not achieve its original requirements with recommendations on what to do next to save it or can it.

Sammy Onyango: CEO Deloitte East Africa at Deloitte

Understand the Project and its objectives
Establish the stage at which the project has reached (Progress Status)
Determine next steps required to completion

What do you think? We would love to hear from you.

April 16th, 2013

General, ITIL® Knowledge Base

No Comments »

Presenting ITIL® to the Management Team

I’m developing a strategy for implementing ITIL within my organization, how can I effectively present my plans to the management team?

An APMG accredited ITIL practitioner recently asked for some tips to help her present her ITIL implementation plan to the IT Executive Management team at her organization. To effectively execute ITIL, it is essential to have support from senior managers, so this is a very important question.

Naturally, strategies for implementing ITIL will vary but the end goal is the same: to improve service management within an organization using ITIL methodologies to enable change.

You need to start by explaining where you want the organization to be, this could be related to your position in the market, need for cost reduction and/or a full or partial solution to your IT service management issues. Considering what you want to achieve from implementing ITIL, explain the benefits in terms of your desired business outcome and describe what it will enable the business to do.

Then you should provide an analysis of the state of the business as it currently stands. Your honest opinion is important here as you have to deliver a true reflection of how the organization is running. This will help the management team to understand why the implementation of ITIL is essential and will increase the relevance of the aforementioned benefits. If you are struggling to provide a realistic view of the business, it might help to get an external point of view; this will also help to bring up any issues that you perhaps had not considered.

Once you have established where the organization is now and where you want it to be, you need to address your plans for reaching your goals. This is where you discuss the strategy you’ve devised for your organization, remember to set measurable targets and be realistic about costs and timescales. You’ll need to manage the expectations of the management team, so ensure there is plenty of opportunity for them to ask questions and ensure that as the changes are being carried out, you have put a system in place which allows for open communication between team members, teams, departments and management levels. You’ll also need to explain how you plan to monitor the success of the implementation and any procedures in place make adjustments to the original plan or strategy. Be realistic about people’s workloads and abilities.

As you conclude your presentation, make clear to the management team that this is not a one off project. High standards of service management will deliver the benefits to get you where you want to be, but your ITIL strategy will need to be embedded into the company’s culture and you will need their support for that to happen.

If you find yourself in this situation, the most important thing is to set realistic expectations for your managers.

April 16th, 2013

General, ISO/IEC20000® Knowledge Base

No Comments »

Why You Need ISO/IEC 20000

There are currently 705 organizations certified to the ISO/IEC 20000 standard on the official http://www.isoiec20000certification.com website. That sounds healthy for the standard and for the IT Services industry, but looking at the 36 pages of international names, it is striking how few of them overall are based in Europe, compared to the Far East and United States, (although Germany, Spain and Portugal are reasonably well represented).

The number of ISO/IEC 20000 certified organizations in the UK seems particularly small to me, especially in comparison to the number of UK based individuals qualified in ITIL, Prince2, etc.

The reasons for this are not altogether clear, although there seems to be a feeling that, “It’s a lot of work” and “what’s the benefit?” Does that mean that organizations in the UK are lazier than their International counterparts, and not prepared to put in the work, more arrogant “We don’t need it!” or just lacking in understanding about ISO/IEC 20000?

I think it’s something else.

Let’s look at the description of ISO/IEC 20000 from the official website:

“ISO/IEC 20000 is an international IT standard that allows companies to demonstrate excellence and prove best practice in IT management. The standard ensures companies can achieve evidence-based benchmarks to continuously improve their delivery of IT services.”

What’s not to like? Which IT service companies wouldn’t like to “Demonstrate excellence,” “Prove Best Practice?” and “achieve evidence-based benchmarks” to impress their customers and potential customers? Not many, so what’s stopping them?

I think that it’s a lack of focus on the next sentence in the official description, “continuously improve their delivery of IT services” – i.e. actually doing it.

Is that just too frightening to undertake? If so how have the over 700 certified companies achieved it?

In a blog on the subject, Lynda Cooper suggested that

“Certification enforces process compliance by turning the “shoulds” into “shalls” so that all the benefits of best practice ITSM will be gained. Instead of your staff saying they know they should operate a process in a certain way, they shall operate it in that way because an auditor will check it!”

Shouldn’t IT Service organizations in the UK be striving to deliver this high level service? What do you think?

April 15th, 2013

Exams Knowledge Base, General, PMI® Knowledge Base, PRINCE2® Knowledge Base

No Comments »

APMG CEO on the Role of APMG & Project Management Qualifications

Below is an interview by APMG CEO Richard Pharro on the role of APMG and how project management qualifications benefit project managers.

Welcome Richard. I was wondering if you could start by telling me about the role of APMG?

APM Group started in 1993 and we started life as the commercial arm of the Association for Project Management (APM). Then in the year 2000 APM brought in an executive director and we decided to go our separate ways. We started off involved in project and programme management with a bit of training and consultancy back in the early 1990s. We then found this product called PRINCE2 around 1995, where under contract with CCTA at the time, now the Cabinet Office, we developed a qualification scheme.

In 2000, we were accredited by UKAS and so became a certification body. Through the 2000s, we focused on programme and project management. Now we like to think of ourselves as a generic certification body working across a whole range of best practices, all focusing on areas to do with management.

I suppose one way of looking at us is as an aggregator, so we work with organizations which have best practice. Predominantly people like the Cabinet Office but also the DSDM Consortium on Agile and the Chartered Management Institute on programme and project management. We bring those together in a series of syllabi and qualifications and now we’re starting to introduce vanilla material. These are then provided to a range of accredited training companies who deliver courses for the benefit of their clients.

We’re very much at the heart of trying to package a product to make it teachable and learnable through a network of accredited training companies.

Could you tell me about the benefits, as you see them, of the project management qualifications to project managers?

The qualifications we offer focus on methodology so for example they’re looking at PRINCE2 as a project management methodology and MSP as a programme management methodology. I do genuinely believe that you can teach a methodology in a week. I think that the qualification offers, or really the training offers, people the opportunity to understand the terminology at a basic or foundation level and then apply that methodology in the workplace. I think it avoids too much repetition and too much time in starting up projects and initiating projects within the workplace.

People can get off to a flying start as everyone should know what to expect within the delivery model.

April 3rd, 2013

COBIT Knowledge Base, General

No Comments »

Can COBIT 5 boost your bottom line?

There has been a lot of talk lately about the new COBIT 5 framework and the differences and benefits it offers over COBIT 4.1

One of the core differences is the alignment of IT objectives with business objectives in COBIT 5, so that all parts of a business can find real value in information governance and control. It aims to show a clear business value for organisations using the framework, so that general senior management as well as the IT Director will not only support its adoption, but actively promote it within the whole business.

Essentially, COBIT 5 helps business leaders address the needs of all stakeholders across the organisation and ultimately maximise the value from information and technology.

Apart from supporting compliance and improving integration of information security, the main benefits of COBIT 5 are to reduce complexity and increase cost-effectiveness, which will obviously add value to the bottom line. But, more importantly COBIT 5 focuses on achieving strategic goals and realising business benefits through the effective and innovative use of IT. It is this strategic approach towards IT that helps organisations of all sizes create value.

The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world to achieve real financial benefits.

For more information about COBIT 5 please go to our website

March 27th, 2013

General, ITIL® Knowledge Base

No Comments »

Service Measurement & Reporting Across the ITIL Service Lifecycle

ITSMWatch guest columnist Gary Case of Pink Elephant, who literally wrote the ITIL v3 book on Continual Service Improvement, shares his insights on service measurement and reporting.

Service measurement and service reporting are small processes that are invoked by many other IT service management (ITSM) processes. They are necessary for the execution of other processes, and are executed by those processes throughout the service lifecycle. As necessary components of services, service measurement and service reporting are developed along with the services.

This paper highlights the necessary service measurement and reporting development activities across the service lifecycle.

The objective of service measurement is to identify and collect information that identifies and quantifies service value-add and contribution to organization goals as well as indicators of service risks, issues, and improvement opportunities enabling informed governance and planned action.

The objective of service reporting is to analyze and deliver service measurement information to stakeholders, governors, and decision makers in a form than enables action.

Service Strategy

Overarching organizational and service-specific measurement and reporting requirements and policies are defined in the Service Strategy phase. The definition of policies as formal policies, standards or guidelines is usually made at the organizational level. Here the lower case term policy includes all three as organizationally applied.

Organizational service measurement policies are defined in Service Strategy for use as services are defined, designed, developed, deployed, operated, and retired. The service measurement policies are subject to regulatory and broader organizational data collection and access controls.

In Service Strategy, service measurement policies should be established for:

– How and from what sources measurement data should be captured, stored and processed for use in reports in compliance with the organization’s information quality and sensitivity standards. — Standards for tools to be used to capture, store and process Service Measurement data. — Service Strategy should create a policy around how to show value from service reporting whether it is for services or processes (from strategies to measures concept).

The specific service reporting policies are driven by organizational values and culture. As with service measurement, service reporting policies are subject to regulatory and organizational access controls.

Service reporting policies should include:

Standard formats shall be used for dashboards, scorecards, reports, logs, etc.
Reports shall include all agreed goals, critical success factors, key performance indicators (KPI) for each service at a level of granularity appropriate for the target audience.
Standard tools, data architectures and patterns, and consistent techniques shall be used for collecting, storing, processing, analyzing service measurement data and executing service reporting.
To the extent possible, reports shall be transparent and available across management layers and departments (business, senior IT leadership, mid level managers, front line managers, process owners, process managers, relationship managers, service managers, service suppliers, customers, technical performers, etc.).
Those authorized to act on report contents shall be well enough informed by the report to make strategic, tactical, and/or operational decisions.

Service Design

Execute the following activities for service measurement and Service Reporting as standard processes and as processes supporting IT services in design.

For service measurement and service reporting as standard processes:

Design standard measure patterns and a service measurement data architecture to achieve the organizational service measurement objectives.
Design standard report patterns and a service reporting data architecture and analysis and report generation procedures to achieve the organizational service reporting objectives.
Design service measurement and service reporting awareness programs, and controls and governance mechanisms.
Design the procedure for modifying, adding, or deleting measurements and reports.

Define roles and responsibilities to govern and manage the execution of service measurement and service reporting including a service analyst role. The service analyst is responsible for analyzing service information for trends, changes, and anomalies to provide insight and foresight for service operations and continual service improvement.

For service measurement and service reporting as processes supporting services being designed:

In concert with service level management (SLM) requirements for services being designed, design measures and the service-specific service measurement data architectures, and processing procedures using standard patterns to achieve the service objectives.
Evaluate service CSFs, KPIs, for “what should be measured” and “what can be measured” adjusting or (re)negotiating requirements and/or expectations as necessary.
In concert with SLM requirements for services being designed, design reports, scorecards, dashboards, and other information formats; and analysis and report generation procedures using standard patterns to achieve the service objectives.
Establish access control levels for reports based on organization information sensitivity standards.
Map service measurement and reporting requirements to standard tool capabilities for capturing, processing, and analyzing data, and presenting (reporting) the data/information.
Identify capability gaps and propose design solution(s) for gap closure.
Design the service-specific data capture and reporting capabilities to be included in the SDP.
Update the Service Catalog as appropriate.
Define roles and responsibilities to govern and manage the execution of service measurement and service reporting including a service analyst role. The service analyst is responsible for analyzing service information for trends, changes, and anomalies to provide insight and foresight for service operations and continual service improvement

Service Transition

Execute the following activities for service measurement and service reporting as standard processes and as processes supporting IT services being transitioned to production.

For service measurement and service reporting as standard processes:

Publish service measurement and service reporting standards.
Establish service measurement and service reporting controls and governance.
Conduct service measurement and service reporting awareness campaigns for service designers, providers and customers.

For service measurement and service reporting as processes supporting services transitioned to Production:

Build, test, and deploy measurement data collection, storage, processing, analysis and reporting as designed to satisfy requirements.
Provide early life support during and after the transition. This would also include how to request a report or changes to a report.
Deploy measurement and reporting change request and incident reporting procedures.
Update the Service Catalog as appropriate.

Service Operation

Execute the following activities for service measurement and service reporting as processes supporting production IT services:

Perform service measurement procedures and service reporting procedures as designed to provide agreed reports to service stakeholders to assess, diagnose, services as designed and specified in the service measurement and reporting requirements.
Assess the effectiveness of service measurement and service reporting for SLM, supplier management and other processes and functions identifying opportunities for improvement. Log these opportunities for use in continual service improvement.

Continual Service Improvement

Execute the following activities for service measurement and service reporting as standard processes and as processes supporting IT services being transitioned to production.

For service measurement and service reporting as standard processes:

Use Incidents, Problems, Service Requests, and logged effectiveness gaps to identify organizational service measurement and Service Reporting improvement opportunities.
Propose improvements as quick wins, and service improvement programs and submit as requests for change.
Track and promote the progress of service measurement and service reporting improvement requests.

For service measurement and service reporting as processes supporting undergoing seven step improvement process activities:

Use feedback from the service owner and other Incidents, Problems, Service Requests, and logged effectiveness gaps to identify service measurement and service reporting improvement opportunities for a service.
Propose service-specific improvements as quick wins, and service improvement programs to service owner for submission as requests for change.

Gary Case is the co-author of ITIL v3’s Continual Service Improvement core volume, and is an IT professional with more than 30 years of experience. As a principal consultant and ITIL Expert, currently the highest ITIL v3 certification, Gary specializes in providing strategic process consulting, business alignment, project management, and training to IT professionals across all industries. He also presents ITSM and ITIL-related sessions to audiences at major events worldwide. Gary joined Pink Elephant after successfully running his own consulting and training company, and serving as the director of Training for Help Desk Institute (HDI).