Presentation delivered to itSMF Seminar, December 2008 in Canberra. Discusses sources of best practice for organisational structure. Updated for Canberra ACS conference, 2010.

1. What ITIL V3 doesn’t say aboutpeople and organisation Patrick Keogh Lucid IT

2. Agenda Review ITIL V2 roles and functions ITIL V3 roles and functions How would this fit together? Other sources of good practice - what did ITIL V3 leave out? What about the people?

3. ITIL V2 Roles Process owners Service Desk Manager CIO Change Owners, CAB and CAB/EC (becomes ECAB in V3) Implied (operators, programmers, testers etc.) Functions Service Desk (IT Security Management) (Support teams for Incident Management)

4. CIO ITIL V2 ? ? ? ? ? Service Desk andService Desk Manager ? ? ? IT Staff Process Owners

5. ITIL V3 Additional Roles Service Owners Product Owners Service Design Manager IT Architect Applications Analyst/Architect Technical Analyst/Architect Risk Manager Project Managers IT Facilities Manager Major Incident Team

6. ITIL V3 Additional Functions IT Steering Group IT Operations Management Technical Management Applications Management

7. ITIL V3 – The Structure Emerges CIO ITSteeringGroup Service Desk andService Desk Manager TechnicalManagement IT OperationsManagement ApplicationsManagement

8. ITIL V3 – But some bits are left over! Some process owners do not have a “natural” place in this structure Security Change Service Portfolio, Catalogue and SLM Some ITIL V3 roles not catered for explicitly: Service Owners Product Owners Service Design Manager IT Architect Risk Manager Project Managers

9. Other sources of good practice Project and programme management (Prince2, MSP, PMBOK etc.) Governance and assurance (COBIT, ISO38500, ISO9000 etc.) Information Security (PSM, ACSI33, ISO27001 etc.)

10. Additional Functions Project/Programme Management Office (PMO) Recent thinking combines Portfolio, Program and Project Management into a P3O – more on that later! Quality, Assurance and Risk Require separation of duties, professional standards Service Management Office (SMO) Bring together all of the whole-of-service roles, especially the customer facing ones. IT Training Others?

11. The P3O The purpose of the Portfolio, Programme and Project Offices (P3O) guidance is to provide universally applicable guidance ... That will allow: Informed senior management decision making on strategic alignment, prioritisation, risk management, optimisation of resource etc to successfully deliver their business objectives (portfolio management) Identification and realisation of business outcomes and benefits via programmes Successful delivery of project outputs that enable benefits within time, cost and quality restraints. From OGC P3O web site http://www.p3o-officialsite.com/

12. A possible Structure – one of many!

13. Your mileage may vary! Organisational structures depend on total size available management skill sets range of duties associated with team leadership So don’t take what I say or what ITIL says as gospel, consider how it will best work in your organisation!

14. But what about the people? ITIL says we need skilled people… What skills? How will we define and test them? For which job roles? To what level? Plenty of questions, but ITIL V3 does not give us the answers!

15. Best practice to the rescue – SFIA

16. SFIA Model Two dimensions Skill areas Levels of Responsibility These can the be mapped to job roles to fully describe IS/IT skill levels Current version of SFIA is V4

17. SFIA Skill areas Eighty eight skill areas covering: Strategy & architecture Solution development and implementation Business change Service management Service Strategy Service Design Service Transition Service Operation Procurement & management support Client interface

18. SFIA Levels of Responsibility Follow Assist Apply Enable Ensure/advise Initiate, influence Set strategy, inspire, mobilise

19. SFIA Example – Change Management Skill area: The management of change to the service infrastructure including service assets, configuration items and associated documentation, be it via request for change (RFC), emergency changes, incidents and problems, so providing effective control and mitigation of risk to the availability, performance, security and compliance of the business services impacted.

20. SFIA Example – Change Management Levels: Level 3Develops, documents and implements changes based on requests for change. Applies change control procedures. Level 4Assesses analyses, develops, documents and implements changes based on requests for change. Level 5 Develops implementation plans for dealing with more complex requests for change, evaluates risks to integrity of infrastructure inherent in proposed implementations, seeks authority for those activities, reviews the effectiveness of change implementation, suggests improvement to organisational procedures governing change management. Leads the assessment, analysis, development, documentation and implementation of changes based on requests for change. Level 6Sets the organisation's policy for the management of change in live services and test environments, and ensures that the policy is reflected in practice.

21. Summary ITIL V3 provides significant additional meat in the area of people and organisation, but not enough. Other sources of best practice can make a very significant contribution to our knowledge in these areas. The trick is understanding how all these best practices and standards “click together”. Organisational structure is not a panacea, but is part of an overall service management approach, as part of the “Four Ps” – people, product, process & partners.

22. Questions ?