This document discusses Info-Tech Research Group and change management. It provides an overview of Info-Tech as a global leader in IT research and advice. It then discusses the importance of balancing risk and efficiency in change management processes. Having too onerous of a process can lead to changes being implemented without proper review, while not having any process can increase risk. The document emphasizes having a right-sized change management process that incorporates adequate review and approval without being overly burdensome. It also stresses the importance of staff buy-in, tools to track changes, and management support for effective change management.
2. Info-Tech Research Group 2Info-Tech Research Group 2
Balance risk and efficiency to optimize change management.
ANALYST PERSPECTIVE
Any significant change to the technical environment – be it a core business
application or a critical network/compute/storage appliance – brings a certain
element of risk of unplanned consequences. Organizations that prefer to avoid all
risk will drown in a burdensome process and red tape, entailed by rounds of
technical and configuration reviews. It’s essential to balance the need to mitigate
risk while remaining flexible and responsive to the needs of the business.
A right-sized process will incorporate adequate due diligence, without being so
onerous that sysadmins prefer to bypass the process altogether and implement
changes “under the radar.”
Key success factors for any change management initiative include staff buy into
the need for the control, appropriate processware, an ITSM platform to track the
lifecycle of all changes, and visible management support for this foundational
activity of any dynamic business.
Sumit Chowdhury,
Senior Director, Infrastructure Practice
Info-Tech Research Group
3. Info-Tech Research Group 3Info-Tech Research Group 3
Resolution
Situation
Complication
Executive summary
1. An objective framework for estimating
risk is necessary to assess changes.
Simply asking “what is the risk?” will result in
subjective responses that will likely minimize
the perceived risk.
2. Maximize value through integration with
the IT service management ecosystem.
Change management in isolation will bring
some benefits, but integration with problem,
incident, project, configuration, and release
management maximizes the ROI.
3. A mature change management process
will minimize review and approval activity.
Counterintuitively, with experience in
implementing changes, risk levels decline to a
point where most changes are preapproved.
• IT system owners often resist change management because they see it
as slow and bureaucratic.
• At the same time, an increasingly interlinked technical environment may
cause issues to appear in unexpected places. Configuration
management systems are often not kept up to date to catch the potential
linkages.
• Infrastructure changes are often seen as “different” from application
changes, and two (or more) processes may exist.
• Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes,
while also maintaining throughput of innovation and enhancements.
◦ Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
◦ Establish and empower a change manager and change advisory board with the authority to manage, approve, and
prioritize changes.
◦ Integrate a configuration management database with the change management process to identify dependencies.
Infrastructure and application change occurs constantly, driven by changing
business needs, requests for new functionality, operational releases and
patches, and resolution of incidents or problems detected by the service
desk. IT managers need to follow a standard change management process
to ensure that rogue changes are never deployed while the organization
remains responsive to demand.
4. Info-Tech Research Group 4Info-Tech Research Group 4
BUSINESS
NEW
APP
NEW
VERSION
Business requests2
IT change is constant and is driven by:
CONFIGURATION
MANAGEMENT
SYSTEM (CMS)
WORK-
AROUND
FIX
INCIDENT &
PROBLEM
SERVICE
DESK
MAJOR
RELEASE
SECURITY
PATCH
MAINTENANCE
RELEASE
OPERATIONS
CHANGE
MANAGEMENT
If you have a CMS, it is used to
keep a record of changes to
the infrastructure and is
queried to assess change
requests.
Operational releases and patches1
Incident or problem tickets3
Business-driven changes may include
requests from other business
departments that require IT’s support.
Operational releases,
maintenance, vendor-driven
updates, and security updates all
can be key drivers of change.
Some incident
and problem
tickets require a
change in order
to facilitate
resolution of the
incident.
5. Info-Tech Research Group 5Info-Tech Research Group 5
Successful change management will provide benefits to both
the business and IT
Respond to business requests faster, while reducing the number of change-related
disruptions.
IT Benefits
Fewer change-related incidents and outages.
Faster change turnaround time.
Higher rate of change success.
Less change rework.
Fewer service desk calls related to poorly
communicated changes.
Business Benefits
Fewer service disruptions.
Faster response to requests for new and
enhanced functionality.
Higher rate of benefits realization when
changes are implemented.
Lower cost per change.
Fewer “surprise” changes disrupting
productivity.
IT satisfaction with change management will drive business satisfaction with IT. Once
the process is working efficiently, staff will be more motivated to adhere to the process,
reducing the number of unauthorized changes. As fewer changes bypass proper evaluation
and testing, service disruptions will decrease and business satisfaction will increase.
6. Info-Tech Research Group 6Info-Tech Research Group 6
Change management improves core benefits to the business:
the four C’s
Change management brings daily control over
the IT environment, allowing you to review
every relatively new change, eliminate changes
that would have likely failed, and review all
changes to improve the IT environment.
Request for change templates and a structured
process shapes implementation, test, and
back-out plans to be more consistent.
Implementing processes for pre-approved
changes also ensures these frequent changes
are executed consistently and efficiently.
Change management planning brings
increased communication and collaboration
across groups by coordinating changes with
business activities. The Change Advisory
Board (CAB) also brings a more formalized
and centralized communication method for IT.
Change management processes will give your
organization more confidence through more
accurate planning, improved execution of
changes with less failure, and control over the
IT environment. This also leads to greater
protection against audits.
Most organizations have at least some form of change control in place, but
formalizing change management leads to the four C’s of business benefits:
1 3
2 4
Control
Consistency
Collaboration
Confidence
7. Info-Tech Research Group 7Info-Tech Research Group 7
You likely need to improve change management more than
any other infrastructure & operations process
8.9
8
8.4
8.7
8.4
8.2
7.9
8.6
7.1
6.1
6.3
6.5
6.2
5.8
5.4
6.1
0 2 4 6 8 10
Service Desk
Asset Management
Operations Management
Incident &
Problem Management
Availability &
Capacity Management
Release Management
Configuration Management
Change Management
Effectiveness Importance
Source: Info-Tech; N=3,285
Of the eight infrastructure &
operations processes measured
in Info-Tech’s IT Management
and Governance Diagnostic
(MGD) program, change
management tied for the
biggest gap between
importance and
effectiveness of these
processes.
Twenty-one percent of
organizations who have
completed this diagnostic were
classified as needing to improve
change management based on
these scores. More
organizations need to
improve change
management than any
other infrastructure &
operations process.
8. Info-Tech Research Group 8Info-Tech Research Group 8
Executives and directors recognize the importance of change
management, but feel theirs is currently ineffective
Info-Tech’s IT Management and
Governance Diagnostic program
assesses the importance and
effectiveness of core IT processes.
Since its inception, the MGD has
consistently identified change
management as an area for
immediate improvement.
Importance Scores
No Importance: 1.0-6.9
Limited Importance: 7.0-7.9
Significant Importance: 8.0-8.9
Critical Importance: 9.0-10.0
Source: Info-Tech; N=3,285
6.7
6.3
5.8 5.8
8.7 8.7 8.6 8.5
0.0
2.0
4.0
6.0
8.0
10.0
Frontline Manager Director Executive
MGDScore
Seniority Level
Change Management - Effectiveness
Change Management - Importance
Effectiveness Scores
Not in Place: N/A
Not Effective: 0.0-4.9
Somewhat Ineffective: 5.0-5.9
Somewhat Effective: 6.0-6.9
Very Effective: 7.0-10.0
9. Info-Tech Research Group 9Info-Tech Research Group 9
You are not alone…
Many organizations suffer from the lack of a defined change management process.
We are always
struggling with
utilization, and I think
[this] is because of a lack of
user knowledge.
– CIO, Claims Management
Provider
We found that people were making changes ad hoc into
production. This would result in change-related incidents.
– Senior Director, Technology and Managed Services
By not pre-planning
changes far in
advance, we are forced to
give the change
management form at the
eleventh hour (…) Because
of these time frame issues,
we don’t require proof of
testing prior to change,
and that’s a big gap.
– Assistant Director of
Technology Solutions,
Municipal Government
Services
We only recognize dependencies after deployment.
– Siebel Systems Administrator
10. Info-Tech Research Group 10Info-Tech Research Group 10
After: Right-Sized Change ManagementBefore: Informal Change Management
Overcome perceived challenges to implementing change
management to reap measurable reward
Change Approval: Changes do not pass through a
formal review process before implementation.
10% of released changes are approved
• Implementation Challenge: Staff will resist having to
submit formal change requests and assessments,
frustrated at the prospect of having to wait longer to
have changes approved.
Change Prioritization: Changes are not prioritized
according to urgency, risk, and impact.
60% of changes are urgent
• Implementation Challenge: Influential stakeholders
accustomed to having changes approved and
deployed might resist having to submit changes to a
standard cost-benefit analysis.
Change Deployment: Changes often negatively
impact user productivity.
25% of changes are realized as planned.
• Implementation Challenge: Engaging the business so
that formal change freeze periods and regular
maintenance windows can be established.
Change Approval: All changes pass through a formal
review process. Once a change is repeatable and well-
tested, it can be pre-approved to save time. Almost no
unauthorized changes are deployed.
95% of changes are approved
• KPI: Decrease in change-related incidents.
Change Prioritization: The CAB prioritizes changes so
that the business is satisfied with the speed of change
deployment.
35% of changes are urgent
• KPI: Decrease in change turnaround time.
Change Deployment: Users are always aware of
impending changes and changes do not interrupt critical
business activities.
Over 80% of changes are realized as planned
• KPI: Decrease in the number of failed deployments.
11. Info-Tech Research Group 11Info-Tech Research Group 11
Info-Tech’s approach to change management optimization
focuses on building standardized processes
Phase 1:
Form Strategy
Phase 2:
Build Intake Process
Phase 3:
Build Core Processes
Build risk
prioritization and
categorization
scheme
Assess CM maturity
1.2
1.1
Determine roles +
responsibilities
Build core change
processes
2.2
2.1
Establish post-
implementation
activities
Create change
intake process 3.2
3.1
• Maturity Assessment
Tool
• Risk Assessment Tool • Core Process Workflows
• Change Manager Job
Description
• RACI Chart & Role
Descriptions
• Request For Change
Process
• Request For Change
(RFC) Form
• Change Calendar
Guidelines
• Emergency Change
Process Workflow
Phase 4:
Build Implementation
Plan
Implement project
Identify metrics and
build change
calendar
4.2
4.1
• Metrics and Reports
• Change Metrics Tool
• Communication Plan
• Executive Presentation
• Implementation Gantt
Chart
• Sunshine Diagram
Outcomes + Deliverables
Change management standard operating procedures (SOP)
• Pre-Implementation
Checklist
• Post-Implementation
Review Checklist• CAB Charter