ITSM Basics: A Simple Introduction to Change Management
Posted by Joe The IT Guy
on September 24, 2015 in ITSM
If you read my blog regularly you’ll know that I’ve already written simple introduction blogs related to:
Now it’s change management’s turn.
To misquote Amazing Fantasy #15 – the first Spider-Man comic ever! – “with IT change, comes great responsibility!” (The original comic quote was: “...with great power there must also come -- great responsibility!” if you’re interested).
The need for change, IT or otherwise, is an unavoidable part of modern business life, whether that change is:
- Reactive – aimed at resolving errors or to adapt to changing business or IT requirements, or
- Proactive – which could be to provide new products, services or functions; to reduce costs or to increase efficiency; or to increase performance or operational effectiveness
Change management, put in simple terms, is ensuring that such changes are managed and implemented in an optimal manner and with a sufficient level of control. So it’s a process, or collection of discrete activities, that allow organizations to consider, agree, and deploy changes to their IT ecosystem as easily, quickly, and cheaply as possible while effectively managing risk…more on this later.
So to give you an introduction to change management, I’ll briefly cover:
- Where change management fits in
- The objectives of change management
- ITIL definitions of change management
- The “change lifecycle”
- The benefits of change management
I refer to ITIL – the IT service management (ITSM) best practice framework formerly known as the IT Infrastructure Library – a fair bit (you might think too much) but you can quite easily use your own self-created change management process and activities, or look to alternative sources of ITSM and IT management advice such as ISO/IEC 20000, ISACA’s COBIT, USMBOK, Microsoft’s MOF, or even a combination of a few of these.
Where Change Management Fits In
Change – especially uncontrolled or poorly managed IT change – has associated risks, which can potentially result in either business-affecting incidents or problems. In fact, it’s not unusual for service desk personnel to cite poorly-delivered change as a major cause of incidents, even major incidents.
Plus the lack of effective change management, or the inability to demonstrate the right change controls, can be a major stumbling point in both internal and external compliance audits. Some common compliance concerns include the answers to questions such as:
- Is there adequate separation of duties between the key roles in the change management process?
- Are change requests approved and prioritized by appropriate personnel, including service owners?
- Is change impact thoroughly assessed?
- Are there detailed audit trails for all changes?
- Is there a process for tracking the progress of critical changes?
Thus, change management has a very serious purpose, to:
- Optimize, so not necessarily to minimize, IT and business risk exposure associated with the change (given that some risks might be accepted and managed accordingly)
- Minimize the severity of any impact or disruption brought about by the change
- Ensure the change is delivered first time and without the need for rollback and/or rework
- Provide business stakeholders with appropriate and timely communication about the change
Finally, change management is a commonly adopted ITIL process, usually second behind incident management in terms of frequency. It’s also an early-adopted ITIL process, either paired with incident management or configuration management.
Change Management Definitions
It’s time for me to get all ITIL on you as we look at what change management is!
ITIL uses the term “change” to describe:
“The addition, modification, or removal of anything that could have an effect on IT services.”
Where change management is:
“The process that ensures that standardized methods and procedures are used for the efficient and prompt handling of all changes, in order to minimize the adverse impact of any changes on IT services and business operation.”
So that’s sort of what I said earlier but said in a much fancier way.
Other common change-related ITIL-definitions include:
- Request for change (RFC) – “A formal proposal for a change to be made. It includes details of the proposed change, and may be recorded on paper or electronically. The term is often misused to mean a change record, or the change itself.”
- Change advisory board (CAB) – “A group of people that support the assessment, prioritization, authorization and scheduling of changes. A change advisory board is usually made up of representatives from: all areas within the IT service provider; the business; and third parties such as suppliers.”
For completeness, although I state my own benefitsbelow, ITIL states that the value of change management includes:
- “Protecting the business, and other services, while making required changes
- Implementing changes that meet the customers’ agreed service requirements while optimizing costs
- Contributing to meet governance, legal, contractual, and regulatory requirements by providing auditable evidence of change management activity. This includes better alignment with IISO/IEC 20000, ISO/IEC 38500 and COBIT where these have been adopted
- Reducing failed changes and therefore service disruption, defects, and re-work
- Reducing the number of unauthorized changes, leading to reduced service disruption and reduced time to resolve change-related incidents
- Delivering change promptly to meet business timescales
- Tracking changes through the service lifecycle and to the assets of its customers
- Contributing to better estimates of the quality, time and cost of change
- Assessing the risks associated with the transition of services (introduction or disposal)
- Improving productivity of staff by minimizing disruptions caused by high levels of unplanned or ‘emergency’ change and hence maximizing service availability
- Reducing the mean time to restore service (MTRS), via quicker and more successful implementations of corrective changes
- Liaising with the business change process to identify opportunities for business improvement.”
What this means is that change management is really all about knowing what needs to change and why, approving and prioritizing the changes, and then ensuring that changes are deployed with risk optimally managed.
Change Management Objectives
ITIL defines the objectives of the change management process as:
- “Responding to the customer’s changing business requirements while maximizing value and reducing incidents, disruption, and re-work.
- Responding to the business and IT requests for change that will align the services with the business needs.
- Ensuring that changes are recorded and evaluated, and that authorized changes are prioritized, planned, tested, implemented, documented and reviewed in a controlled manner.
- Ensuring that all changes to configuration items are recorded in the configuration management system.
- Optimizing overall business risk – it is often correct to minimize business risk, but sometimes it is appropriate to knowingly accept a risk because of the potential benefit.”
So, in practice, this could mean:
- Ensuring that new modules, or new functions within an existing business system, are delivered in a manner that doesn’t disrupt business operations. This could be at the point the new modules, or functions, are released or in the ongoing use of the changed application, i.e. the whole system might no longer work as it should post change.
- A change to resolve a major incident, i.e. an IT issue that is having a significant and adverse impact on business operations. This would normally be termed an emergency change.
- A change to address a business-affecting issue, for example a change in industry legislation might require business processes, or data collection, to change and thus the supporting IT needs to be changed to reflect it. This might need to be undertaken as an expedited change if the planning and lead-time is insufficient.
My simple diagram (OK I admit that it’s not that simple) hopefully provides a snapshot of what can happen with change management.
Change Management Benefits
A formal change management process should address many of the common issues encountered with uncontrolled change, such as:
- Change-related incidents
- Unauthorized changes (and their potential unwanted impact)
- Change scheduling conflicts
- Rush jobs to deploy changes
- The unexpected and unwanted side-effects of deployed changes
- The inability to back out or rollback failed changes
- Rush jobs to deploy fixes
- A lack of cross business input in assessing change impact or change priority
- The absence of appropriate approvals and audit trails
- Lack of change awareness, especially at the IT service desk
Thus the main benefits of formal change management include, but are not limited to, the following areas.
The financial benefits associated with minimizing change-related incidents and problems, such as a reduction in the:
- Business costs associated with business-critical service downtime (when caused by changes)
- IT costs of dealing with change-related incidents and problems, from the service desk through to technical domain experts
- IT costs of backing out failed changes or deploying change fixes (including on-the-fly code fixing) – often paid overtime
- Business cost of delays to important or mandated changes
Improved change visibility, control, and sometimes speed of change through the:
- Communication of the schedule of changes
- Use of a stage-gate approach to change approval
- Prioritization and fast tracking of changes, for example: the use of change models and having to deal with expedited or emergency changes at speed
Better collaboration – the business-wide collaboration benefits include:
- Better cross-functional risk and impact assessment
- Improved change prioritization and scheduling between competing needs
Better use of potentially scarce IT resources, including:
- The idea that defined roles and responsibilities, along with a single, consistent process, not only speed things up but also reduce the need for rework, duplication of effort, and wastage
- The ability to leverage existing knowledge, through effective knowledge management, to speed up change
Plus, of course, the usual goal for, and benefit of, ITSM: Better IT services, and improving customer service and the business’s perceptions of the IT organization as a whole.
Well there you have it, a quick guide and a simple introduction to change management. Hopefully you found it helpful.
If you want to read more from me, and few of my friends, on change management then please look at: