• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Q Q Document Transcript

    • Q&A: Jean Ritala of Mystic Lake Casino Hotel on ITIL By Anna Maria Virzi Jean Ritala is I.T. support services manager at Mystic Lake Casino Hotel in Prior Lake, Minn., and president of the I.T. Service Management Forum USA (itSMF), a not-for-profit membership organization. Ritala has been an active member of itSMF's Minneapolis local interest group, one of 37 such chapters in the United States, and is an advocate of the Information Technology Infrastructure Library (ITIL). Here are her suggestions, offered in an e-mail interview with executive editor Anna Maria Virzi, for adopting ITIL: Q: What are your top tips for an organization implementing the Information Technology Infrastructure Library? A: You need a change agent to spearhead and drive an ITIL implementation. Someone who sees change as a process and not an event and recognizes how change will affect the bottom line in an organization. A person who is an active enthusiast for change who inspires others. A role model for new vision skills and behaviors. You need a burning platform, or what some people call "pain points" or a mandate in an organization. Like from a recent internal or external audit or where it's too painful too stay the same. • Do a good baseline assessment on the maturity of your company processes first. You can't measure how you've grown and improved unless you know where you've been and what things were like before. • Realize it's a multi-year journey, not a one-time silver bullet approach to change. • Take small steps. Get strategic—and quick—wins. • Tie ITIL to performance reviews and monthly guest service scorecards, such as the results of guest service surveys. Q: What benefits can a company realize from ITIL? A: • Streamlined, centralized ways of doing things that bring process efficiency. There's less chaos when everyone's on the same page doing things. • Cost savings with process improvement, particularly when you start by showing improvement in the areas of "pain" in an organization. • Increased knowledge of "end-to-end" processes in an organization and the how and why of these process ties. • Obtain the ability to answer an executive's questions real time about what the heck is going on—once you have enough of the ITIL processes in place. • Ensure more effective use of subject matter experts in I.T. and an organization by utilizing the "right people for the right job" and not using, say, a programmer to answer baseline questions coming into an I.T. service desk. Q: What are the limitations of ITIL?
    • A: • It takes time. Again, there is no silver bullet. Or a 12- to 18-month month way to slam in a paradigm shift in an organization's processes. It's an ongoing evolution of changing how people think and do things. • ITIL needs dedicated change agents who have a relentless pursuit of service management excellence • You need dedicated technical writers as well so you help make it easier for everyone to do better and more document, and ongoing, updates. • Remember: It's not the tool(s), it's changing mindsets so you can change and implement new processes. • Realize that executives or less experienced change agents may think or tell you it will be done quickly and that all depends on dedicated resources and commitment to changing how a business does things. • The line of business and executives don't care what you call it. Just tell them you are working on service improvements so you can align to the business better. Q: What is the most popular library or framework and why? A: ITIL processes and terminology may be new, but many highly regulated companies such as defense/government contracting, medical, etc. have been using process frameworks that are or have been similar. When I worked for Honeywell and the defense side of Honeywell in the 1980s, we used formal change, configuration and release management processes. Also, some companies may choose to use a combination of frameworks. I know several companies that combine using Six Sigma and ITIL. Q: Any reasons why some companies avoid ITIL? A: None that I see. Any company that's in business to provide service and products and wants to grow needs to learn how to do continual process improvement by setting standards and doing good documentation. Even the smallest companies with few staff can implement process improvement. In many organizations several ITIL functions are done as part of a person's job. An example is a service desk manager may and often will do incident management and service level management. Q&A: Jean Ritala of Mystic Lake Casino Hotel on ITIL (continued) How to Get Support for an ITIL Project Q: How can a technology manager win business support for ITIL? A: • Have awareness and communications campaigns. • Provide overview training for management and employees, even an hour at the start. • Train key change agent(s) who will start and lead the implementations, then train the others • Show them by inviting them to itSMF USA local interest group meetings so they can network with their peers to learn what and how others are doing ITIL implementations
    • Q: What are some metrics that companies collect and analyze once they've adopted ITIL, which they may not have collected before? A: • The number of incidents that became problems • How end-to-end process ties through reports so you can see the true issues • The number of changes that were not approved, each quarter, and why • The number of times that service level agreements were not met and why • The cost of the last downtime • The cost of existing services, including the cost of removing or adding a service • The number of incidents and/or problems reported after a change was made Q: What size investment does a company typically have to make to adopt ITIL? A: As little as $15,000 will get you started. That would cover, for example, sending a few key employees for an ITIL Foundation (a certificate program to become familiar with ITIL basics) and at least one employee to an ITIL Managers' course (a certificate program to become proficient in ITIL). You can make it the service desk manager's job to start an ITIL implementation. And you don't need any software to start. At Mystic Lake Casino Hotel, we started with only the cost of a Foundations' course. And I paid for the ITIL Manager's course myself. And we sent all I.T. management to free ITIL overviews by vendors and sponsors. Bank of New York's Suresh Kumar: 5 ITIL Tips By Anna Maria Virzi Suresh Kumar, chief information officer of the Bank of New York's Pershing subsidiary, outlines five tips for adopting the Information Technology Infrastructure Library. The bank is using ITIL to implement measures to improve problem, incident and change management. What are your top tips for an organization implementing the Information Technology Infrastructure Library? 1. Make sure you have support of senior technology and business executives. 2. Assemble a team of subject matter experts to help you define processes and establish ways to measure them uniformly across your organization. Start with those processes in need of most remediation. 3. Use automated tools, such as a help-desk application, to collect metrics to analyze and act upon. 4. Your processes do not have to be perfect when you start implementing ITIL. Our philosophy is one of continuous process improvement. It takes time to create a culture of managing by measurement, but it is time well worth spending.
    • 5. Do not expect instantaneous results. It takes time to build the historical data needed to see trends. Q&A: Gartner's Ed Holub on ITIL As research director of I.T. operations management at consultancy Gartner, Ed Holub fields over 500 inquiries a year from different clients—with about 50% related to Information Technology Infrastructure Library (ITIL) and process maturity. Holub also devotes a significant amount of his time advising clients about organization and staffing issues for I.T. infrastructure and operations, a topic he says is often tied to ITIL because clients want to understand the implications on how they are organized and what skill sets employees need as their organizations work on processes and service improvements. In an e-mail interview with executive editor Anna Maria Virzi, Holub offers this advice: Q: What are your top tips for an organization implementing the Information Technology Infrastructure Library? A: Don't underestimate the level of effort required to transform an organization to be more process and service-centric. Fundamentally ITIL is less about technology and is more about changing the culture of an organization to embrace the value inherent in standardization versus one-off solutions. Always remember that ITIL should be viewed as a means to an end. Don't get fixated on achieving a certain level of process maturity and lose sight of the underlying goals that motivated the journey to begin in the first place. Q: What benefits can a company realize from ITIL? A: Focusing on the standardization and discipline that ITIL emphasizes can reduce the ongoing cost of delivering I.T. services at the same time the quality and consistency of service is improved. Q: What are the limitations of ITIL? A: ITIL is a set of integrated, best practice process guidance that focuses on the core service delivery and service support processes that any I.T. infrastructure and operations organization performs. ITIL is high-level and focuses on "what" should be done, but doesn't describe at a detailed level "how" to do it. It is important that I.T. and business executives work together to understand what specific business problems they are trying to resolve, and how ITIL can be an enabler to solving them. Q: What is the most popular library, and why? A: The majority of organizations start by focusing on a subset of the core service support processes, typically incident, problem, and change management. These three processes are closely related because the unintentional impact of change is usually the largest cause of
    • unplanned downtime. Q: Should some companies avoid ITIL? If so, please characterize. A: ITIL isn't a panacea that will improve any organization. If the leadership team isn't bought in to the principle of standardization, then ITIL will fail. Q: How can a technology manager win business support for ITIL? A: I.T. should talk with business executives and examine their strategic and tactical plans and goals. I.T. should align their use of ITIL to help improve ongoing I.T. operations to better support the business goals by reducing the cost of I.T., by improving the availability of systems, and by making I.T. more agile in rapidly supporting new business requirements. Q: What are some metrics that companies collect and analyze once they've adopted ITIL, which they may not have collected before? A: It is important to select a balanced set of metrics to gauge the health of processes from both an efficiency and effectiveness perspective. If either efficiency (cost) or effectiveness (quality) is overemphasized you may inadvertently drive the wrong behavior. Some of the most common metrics companies begin collecting: the success rate of changes that are being made to the production environment, the mean time to restore (MTTR) service, and the availability of mission-critical applications from the end-users' perspective. Q: What size investment does a company typically have to make to adopt ITIL? ITIL is typically part of a multi-year journey. Organizations should start with a relatively narrow focus and address pain points they are experiencing. Once benefits are being realized, they can be reinvested in further improvements. While a company may spend money on training, consulting, and tools, the most expensive part of an ITIL implementation is typically the opportunity cost represented by the amount of time their internal staff will spend working on it. Q&A: CA's Robert Stroud on ITIL By Anna Maria Virzi Robert Stroud, named to I.T. Service Management Forum USA's board in June, is a 25-year information technology executive. He is director of brand strategy for CA's business service optimization unit and has contributed to titles on the Information Technology Infrastructure Library (ITIL). In an e-mail interview with executive editor Anna Maria Virzi, he provided tips for companies looking to adopt ITIL. Q: What are your top tips for an organization implementing the Information Technology Infrastructure Library? A: • Understand ITIL is a journey, not a destination
    • • Establish where you are and where you want to go • Identify the route or path you will travel • Investigate the roadblocks and establish goals along the way • Achieve small successes quickly to demonstrate value for the implementation project Q: What benefits can a company realize from ITIL? A: • Automation of manual processes enables organizations to free up resources to focus those resources on projects, which deliver more strategic value and increase competitive advantage. • Quality, automation of repetitive tasks will ensure that service is delivered in a repeatable and consistent manner, thereby delivering significantly greater cost and time savings. Q: What are the limitations of ITIL? A: ITIL describes what needs to be done to improve service to the business—not how to do it. Many ITIL and service management consultants and service providers who help companies build their ITIL plans often focus entirely on process improvement and organizational issues. Achieving tangible efficiency gains and ROI [return on investment], however, requires the automation of appropriate components of the ITIL processes—usually repetitive procedures and workflows—through technology. To increase the chances for success, look for consultants who are skilled across the essential elements of ITIL—people, process and technology—and who have a pragmatic, outcome-based approach to an ITIL project. Many companies choose to concentrate on a single ITIL process, such as incident management. But ITIL processes are by nature inter-related and inter-dependent. So if you want to drive down the number of incidents, you need to quickly find the root-cause of persistent problems. To reduce the number of problems, you'll need to consider change management. Organizations that get too far down the path with one process before considering related processes may spend significant time and money in constantly revisiting and refining the initial process as they implement others. The best way to improve service is to simultaneously work on enhancing two or three process areas. Q&A: CA's Robert Stroud on ITIL (continued) ITIL and Other Frameworks Q: What is the most popular library or framework and why? A: ITIL is currently the most popular framework in the industry. There are multiple reasons for this, including the maturity of I.T. I.T. serves as an interface with the business and I.T. services require automation for problem identification and resolution. Additionally, as I.T. becomes more increasingly complex, ITIL enables organizations to establish best practice processes to understand, prioritize, document and deliver I.T. value in accordance with
    • business requirements. Although ITIL is the leading framework today, it utilizes and interacts with other industry best practice frameworks and standards, including: • COBIT (Control OBjectives for Information and related Technology): an I.T. governance framework that is used as a component within many organizations to achieve Sarbanes- Oxley compliance initiatives. • ISO/IEC 20000 I.T. Service Management Best Practice: an organizational certification from the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) that developed from ITIL. Approved in 2005, it is the next step in the maturity of service management. Unlike ITIL, which provides individual certifications, ISO/IEC 20000 provides organizational, auditable certification. As ISO 9000 becomes more widely accepted, this may become a "cost of doing business" over the next few years. • ISO 17799: a generally accepted ISO standard for security that is utilized by large and small organizations to ensure an industry accepted level of organizational security of data, access and identification. Q: Should some companies avoid ITIL? If so, please characterize. A: No. ITIL is clearly becoming the de facto standard in service management and the lens through which the delivery of I.T. services will be measured. The goal is to improve service and not just implement a best practice framework. By implementing ITIL industry best practices, organizations of any size can achieve greater scales of efficiencies and deliver enhanced value. Q: How can a technology manager win business support for ITIL? A: Buy-in starts at the top. I.T. managers and senior executives need to ensure a recognized project management method is being used, and risk planning is well understood. Teams must engage in joint planning to establish project goals, communications initiatives, a measurement framework, and roles and responsibilities to drive business success and a speedy ROI. Q: What are some metrics that companies collect and analyze once they've adopted ITIL, which they may not have collected before? A: Although organizations have different requirements, risk factors, risk avoidance, mitigation and impact scenarios are important, and cost monitoring metrics and regular communications are key. Service level impacts—particularly the cost of downtime and outages in lost revenue—are especially meaningful to the business. Q: What size investment does a company typically have to make to adopt ITIL? A: ITIL investments vary primarily depending on the size and level of maturity of the I.T. organization, and the desired goal or end state the organization wished to achieve by automating systems and improving service levels. ITIL focuses on unifying people, process and technology through a comprehensive, consistent and coherent set of best practice approaches for I.T. service management
    • processes. Since the ultimate goal is to optimize the bottom-line performance of the business, not just to implement a best practice framework, the benefits are sufficient to justify ITIL investments in organizations of any size. July 6, 2006 How Bank of New York Uses ITIL to Troubleshoot By Anna Maria Virzi The Information Technology Infrastructure Library helps the bank define, measure, track and investigate service outages. But does it improve service? Technology managers at the Bank of New York thought they were doing a good job of running the information systems, networks and other services the company supplies to its internal and external customers. But good wasn't good enough. They couldn't back up their assessment with metrics. ADVERTISEMENT "When senior business managers asked senior I.T. managers: 'How are you guys doing? How is the process working? Show me some measurements,' we were not able to supply that," recalls Joseph Gallagher, vice president of I.T. process implementation at the Bank of New York. Those measurements, which have since been adopted, include statistics such as the number of service outages and their severity as well as the amount of time it takes to restore service. View the PDF -- Turn off pop-up blockers! That's why Bank of New York's technology managers turned to the Information Technology Infrastructure Library, or ITIL, a series of publications written by the United Kingdom's Office of Government Commerce in the 1980s that describe best practices for managing technology infrastructure—such as specifying that you should have a central information repository for tracking service problems such as server crashes or network outages. It provides a "feedback loop" to reduce or eliminate future incidents by collecting and analyzing the source of incidents and taking corrective action before a similar incident reoccurs. Advocates see ITIL as a way to boost discipline in technology operations, and adopt a common vocabulary for discussing quality of service and establishing metrics. The library, which is available in print, on a CD-ROM or via an intranet license, provides guidance on how to approach eight key processes, including service delivery, service support, security management and software asset management. "ITIL was specifically created because of the recognition that good quality software and systems don't automatically provide good quality services to customers," says David Cannon, Hewlett- Packard's I.T. service management practice principal and a consultant working on behalf of the British government to refresh ITIL. Cannon compares the situation to someone who owns a $100,000 Mercedes—with the best safety and performance systems that money can buy. "The problem is that I have never taken a driving lesson in my life and don't have a license. As a result, I stick to the back roads and drive at least 10 mph below the speed limit ... I never get anywhere on time," he says. U.K. technology managers
    • apparently were in the slow lane, too, when they purchased software and hardware to automate services back in the 1980s, yet did not get optimal performance. So, the U.K. recognized the need for a manual to help get its operations running better. Now, that manual is being used by some of the world's largest companies as a guide to better information-technology management. Earlier this year, for instance, Hewlett-Packard announced that General Motors had retained HP Services to use ITIL as a building block for the deployment of GM's next-generation outsourcing model—to verify that I.T. vendors meet service levels. As many as 75% of the Fortune 100 are among those companies embracing ITIL for an assortment of reasons, says Jack Probst, an executive consultant at Pink Elephant, a firm that provides ITIL education, conferences and consulting services to companies such as Nationwide Insurance, Bank of Montreal and BP. Two Pink Elephant employees are also working as consultants on the project to update the library. When a Problem Isn't a Problem When the Bank of New York acquired Pershing, a financial clearinghouse for securities and other financial transactions, in May 2003, both organizations were working on improving I.T. service support through ITIL; the Bank of New York initially focused on change and incident management and the Pershing subsidiary zeroed in on incident and problem management. Why? "They were the ones [that gave us] the most pain—from a business perspective," says Gallagher, who was then project leader for the efforts to implement incident and problem management at Pershing.
    • ADVERTISEMENT Today, the Bank of New York, including its Pershing subsidiary, defines a major incident as any issue that causes a disruption of service to three or more internal or external customers. It could involve, say, a disabled mainframe or a server crash that makes it impossible for employees to access a software application. Previously, each group within the I.T. organization used its own method to manage incidents, making it difficult to measure the effectiveness of the process, according to Gallagher. "Also, communication of the status of an incident as it was under investigation was limited and inconsistent; many managers were not aware of the progress of incident diagnosis and resolution," he explains. At the bank, problem management refers to the process of investigating and verifying the cause of incidents, such as a server outage, and then assessing whether the incident is part of a larger pattern that requires a long-term fix or other remediation, such as notifying the server manufacturer about a possible product defect. Taking a cue from ITIL, Gallagher stresses that the terms "incident" and "problem" are not interchangeable. In ITIL lingo, an incident refers to a service disruption, e.g., the actual event. The "problem" refers to why an incident happened in the first place. But isn't this splitting hairs? Gallagher sees it this way: An "incident" is something that technology managers must react to as quickly as possible to ensure that service is restored. If you try to investigate the cause of an incident while attempting to restore service, Gallagher says your immediate restoration work won't get top priority—and, as a result, may take longer. Oftentimes, a company hit with a major service outage due to systems changes will adopt the library's processes for filtering and managing changes to avoid disruptions in service. "What seems to resonate with everyone is that [ITIL] is best practices-based; it provides guidance without specific direction. So, it provides flexibility in how you implement the framework," says Probst. What's the downside? Don't expect change to happen quickly. "A lot of executives want to know why it's going to take a year or 18 months" to improve a process, Probst says. The reason why it takes so long: Managing services consistently throughout an organization may require employees to change the way they work. "People have to give up old ways." Probst adds. "You're changing culture and the organization." Gaining Traction Proponents of ITIL say the practice is designed to improve consistency in operations from one unit or division to another. "We used to have four different service desks, and everyone did things their own way. There was no commonality as to what was an incident, what was a problem. We didn't have any tools to track this," says Pershing's chief information officer, Suresh Kumar, of his organization.
    • ADVERTISEMENT At Pershing, one service desk is dedicated to handling calls from internal business users and another from external customers; the other service desks are dedicated to taking calls from a specific segment of the company's customer base. While Pershing still has four service desks, they all use the same definitions to describe a particular problem. "ITIL recommends that an organization follow the same processes, start to finish. Regardless of service or customer, the activities for incident should be the same," Gallagher explains. "People get into their heads that this is the process, it becomes institutionalized, it becomes repeatable." Following the same definitions provides another benefit. "It gives our business a sense that we're working on the highest priority incidents. That we're focusing our resources," Gallagher explains. "It gives us the ability to measure the time to resolve those incidents, and look for ways to improve and reduce the time to resolve [them]." Incident and problem management are popular ITIL practices, says HP's Cannon. "When things break, it causes downtime to the business. There's a certain amount of urgency to get that problem fixed." At the Bank of New York, each incident is assigned a severity number, from one to four, with number one representing an incident that has significant impact on the services offered to the business and customers. Four is assigned to minor incidents that do not need immediate attention. ITIL recommends the same numbering scheme. ITIL also recommends that the service desk "own" every incident created. The Bank of New York follows this guideline, making an exception for its highest priority incidents affecting business or customers. In those cases, the bank assigns incident "ownership" to the service owner within I.T. The service desk then acts as incident coordinator, setting up telephone conference calls, updating the incident ticket, paging managers and keeping customers updated, according to Gallagher. "This distribution of responsibilities during high priority incidents ensures that all I.T. staff are focused on incident resolution," he says. By breaking up these duties, the Bank of New York makes sure that one person is not responsible for both fixing an incident and alerting customers about the service disruption. Managing Problems Once an incident is resolved at the Bank of New York, the "problem management" process kicks in with a so-called root cause analysis. This phase involves a more in-depth investigation into the cause of an incident; those findings are then vetted and corrective actions are taken to prevent an incident from reoccurring, according to Gallagher. ADVERTISEMENT
    • The bank has realized benefits from this effort. During 2005, Pershing recorded an average of 65 so-called severity-one incidents each month. For the first five months of 2006, the number dropped to 51, a 21.5% decline from 2005. The cost to resolve the most severe incidents declined from an average of about $1,600 per incident in July 2004, to about $200 per incident in January 2006, according to Gallagher. The bank has not performed a return-on-investment assessment for the ITIL initiative, he says. "ITIL has allowed us to streamline processes and advance the culture toward providing exceptional service." The cornerstone of the Bank of New York's problem management efforts has been the establishment of a Root Cause Analysis (RCA) Committee, comprised of about 10 senior managers who represent a cross-section of I.T. groups. Every business day, the committee reviews and verifies the cause of a severity-one incident. That review process, first initiated at the Pershing subsidiary, is now being rolled throughout the Bank of New York, according to company executives. Here, the Bank of New York has gone over and above what's called for in ITIL. Each severity-one incident is assigned to a root cause analysis "owner," potentially any one of Bank of New York's technology employees. The root cause analysis owner is then asked to investigate an incident and report back to the RCA Committee within five business days. Promptly at 9 a.m. each business day, the RCA Committee convenes. Those on-site gather at a Bank of New York conference room; others dial in to a telephone conference line. On each agenda: two to five incidents; each "owner" is allocated time to discuss his investigation into a particular service disruption and explain what he thinks caused the problem. From there, the owner fields questions from committee members, who may agree or challenge the owner's assessment and direct him to gather more information. About one-third of the cases are kicked back for additional research, according to Gallagher. "If you are not sure of your root cause, how can you be sure of your corrective action?" he asks. Out of a monthly average of 65 severity-one incidents reported in 2005, 15% were attributed to human error, 13% to a program bug, 11% to vendor issues, 11% to process problems, 8% to software and 8% to inaccurate technical analysis; 13% were due to unknown reasons. By collecting in-depth, consistent information about incidents and their causes, the technology team is able to determine whether a problem is an isolated incident or part of a larger trend, according to Pershing's technology managers. If it's part of a larger trend, a task force is created to investigate the cause and recommend an action plan. This was the case with printers owned by Pershing and located at customers' premises. These printers, used to prepare daily reports about transactions, account balances, etc., were going offline without explanation. Once Pershing started to log each disruption as an incident, the financial institution discovered there were 600 to 700 printer-related incidents each month.
    • CIO Kumar assigned a team of technology workers to use Six Sigma methodology to investigate the printer problems. The team discovered that "a large percentage of incidents were due to a network communication issue," Gallagher says. After further investigation, Pershing learned that a software patch would remediate most of the incidents. Today, there are about 100 printer incidents a month that are attributed to typical issues such as paper jams or spooling errors. "Nothing stands out as a major repeatable incident now," Gallagher says. Keep in mind: ITIL does not offer specifics on how to fix printers or any other equipment. "What ITIL provides is a process to classify incidents in a manner to ensure they are accurately assigned to the appropriate support group within the I.T. organization," Gallagher says. Getting Tools To collect and analyze information about service disruptions, you need tools. And Gallagher advises that those tools be automated whenever possible. At Pershing, the internal software developers built an application, called OmniMetrics, that imports information from its BMC Remedy help-desk application database and other sources to create performance scorecards. These scorecards show the total number of severity-one incidents by month, group or manager; they also assess each tech team's responses to incidents, thus giving an overall picture of performance. ADVERTISEMENT For organizations looking to implement ITIL and measure performance, Gallagher has some advice: "Don't promise improvement until you have a real good historical baseline." Case in point: Before June 2004, Pershing had no baseline metrics for measuring severity- one incidents. When it started to develop processes for managing incidents and problems, the definition of a severity-one incident changed, and more incidents were reported. Why? The company saw the value of reporting and tracking outages, Gallagher says. Incidents such as missing a service level agreement during the overnight batch cycle—not originally included—were added. By December 2004—in time for the 2005 calendar year—Pershing locked down its definition of severe service outages. "We wanted a 12-month period of saying, 'This is how the
    • organization performs without any changes to the criteria.' That was our baseline," Gallagher explains. Once Pershing collected and analyzed metrics, the technology organization could create scorecards, another key tenet of ITIL, to show the performance of technology services— and, in effect, the performance of managers responsible for those particular services, or service owners, according to CIO Kumar. One surprise: When Pershing created a catalog listing all technology services, Kumar says he and his team discovered that in some cases, there were multiple owners of a service. And in other cases, there were no owners. Plus, a service owner might not necessarily know who the customer of his service was. To improve accountability, Pershing has identified one service owner for each service, in a process that's still evolving throughout the Bank of New York, according to Kumar. The CIO provided this example: Let's say there's an incident with a printing service that could be due to any of several reasons—either an application, network, firewall or server failing to work properly. Previously, the tech team would view the problem as either a hardware or software problem. Someone using the service, though, would view it as a printer problem, which is how the technology team now approaches its job. Publishing a monthly scorecard—and identifying services and service owners—increased the transparency of technology operations and triggered an immediate improvement in operations, Kumar says. "We didn't have to yell at people," he says. "We didn't have to offer any incentives. It just goes to show that when everyone comes to work, they love to do the best they can. But lack of information doesn't give them the knowl edge to see performance." Bank of New York Base Case Headquarters: 1 Wall St., New York, NY 10286 Phone: (212) 495-1784 Chief Information Officer: Kurt Woetzel Financials in 2005: $8.3 billion in revenue, an increase of 16.9% from prior year; $1.6 billion in net profit, an increase of 9.1%. Business: Provides investor, issuer and broker-dealer services. Its Pershing subsidiary offers clearing services. Challenge: Identify, verify and analyze the cause of technology service disruptions. BASELINE GOALS: • Reduce the average monthly number of severe service disruptions, from 65 in 2005, by 20% in 2006. • Cut the monthly number of printer problems, from 500 in June 2004 to 100 this year. • Reduce the monthly number of password-related incidents, from about 2,600 in January 2005 to less than 1,200 in 2006.