28 February 2016

IT Operating Models

The term ‘IT Operating Model’ is poorly defined and this publication proposes a definition in terms of its components. The definition is derived from the definition of an Operating Model for enterprises.

When considering IT Operating Models, it is important to distinguish between an IT Operating Model as used by a specific enterprise, and a meta-model or template of IT Operating Models in general, on which the enterprise’s specific model could be based.
The specific IT Operating Model is the design or description of how the IT function of a specific enterprise interacts with its stakeholders. It describes the IT function and how it functions.
The generic IT Operating Model describes the kinds of components that are needed to describe an IT function and how it functions.
Unfortunately, “IT Operating Model” is often used to denote both the specific and the generic variations. In this publication, “IT Operating Model” refers to the generic meta-model.

A broadly accepted definition of an IT Operating Model has not yet emerged, so the IT Operating Model in this publication has been based on Andrew Campbell’s Operating Model (for enterprises, not specifically for IT) as described in the Wikipedia entry ‘Operating Model’.
Seeing as this enterprise Operating Model is positioned as part of an enterprise’s Business Model, both are described below in terms of their component parts.
The Operating model describes how an organization delivers value, and it is a subset of the larger concept Business Model. A Business Model describes how an organization creates, delivers and captures value and sustains itself in the process. An Operating Model focuses on the delivery element of the Business Model. Campbell points out that there is still much disagreement about the use of the words business model and operating model.

Business Model (how an organization creates, delivers and captures value and sustains itself in the process):
  • Stakeholders with whom the organisation will interact
  •  Offers that the organisation makes to each stakeholder segment
  • Contributions that each stakeholder segment is expected to make
  • Resulting financial models (income statement and balance sheet)
  • Operating Model that makes it possible for the organisation to interact effectively with its stakeholders

Operating Model (how an organization delivers value):
  • Core work processes that create and deliver value to stakeholders
  • Equipment and technology to execute these core processes
  • Information and information systems to support these core processes
  • Other processes to support the core processes
  • Suppliers and supplier agreements to support the processes
  • People to do the work
  • Organization structure, decision rights, incentives and accountabilities and culture that ‘govern’, motivate and support the people
  • Locations, buildings and ambiance

An IT Operating Model can easily be derived from the enterprise Operating Model by changing the focus from generic business processes to IT processes and by assuming that there is no other “equipment and technology” than “information systems”.

IT Operating Model (how an IT function delivers value): 
  • Core work IT processes that create and deliver value to stakeholders
  • Information and information systems to execute and support these core IT processes (it is assumed that there is no other “equipment and technology” than “information systems”)
  • Other processes to support the core IT processes
  • Suppliers and supplier agreements to support the processes
  • People to do the work
  • Organization structure, decision rights, incentives and accountabilities and culture that ‘govern’, motivate and support the people
  • Locations, buildings and ambiance

Many discussions about IT Operating Models focus on the processes. This broader definition points out the other components that enable the IT function to deliver value.

It should be noted that these components are interrelated. Changes to components may influence other components in expected but also unexpected ways. The interactions between components should therefore be closely monitored, as much if not more so, than the components themselves.

12 December 2015


SIAM is an abbreviation of Service Integration and Management. It usually refers to a model and/or a capability of an IT function. The terms 'Service Integration' and 'Service Integration and Management' are often interchangeable. 

This is a quick comparison between the SIAM model and the BiSL framework. The AXELOS publication 'An introduction to Service Integration and Management and ITIL®' by Kevin Holland goes into SIAM in more detail.

SIAM offers guidance for the internal or external IT service provider, in particular how to integrate and manage the efforts of multiple providers.

BiSL offers guidance for IT service consumer ('the business') with respect to 'business information management', including formulating which IT services are required, and making sure that the IT services are well used and that the intended value is realized.

As such, they are on opposing sides of the Great Business-IT Divide but they interact in the sense that:
  • BiSL guidance helps select, contract and management the IT service provider from an IT service consumer perspective
  • SIAM guidance addresses how the IT provider engages with the business and provides appropriate IT services
While the business could have demands (e.g risk appetite) that influence the choices for few or many providers and how they are managed, the actual integration and management is executed by the IT provider function.

13 November 2015

Contemplations on 2025

Some thoughts on future scenarios.


  • information and related technology continue to increase in economic and societal importance
  • existing information technology evolves further down the path towards commoditization
  • connections increase between people and people, people and things, and things and things   
  • artificial intelligence becomes more advanced and significant 
  • disintermediation and democratization continue to disrupt the market place, also stimulating growth of the shared economy 
  • consumers’ dissatisfaction with providers’ uncompromising algorithms and inconsiderate people fuel the experience economy
  • inequality of distribution of income and wealth increases 


  • the increasing significance of information results in it being promoted to an item on the financial balance sheet, attracting management attention
  • the increasing significance of artificial intelligence results in more emphasis on digital ethics (e.g. damage mitigation strategies in self-driving cars) 
  • internal centralized IT departments make way for multiple decentralized I&T functions within business divisions/units, with a more fluid division of demand and supply, and with the emphasis on decision-making regarding investments and value realization
  • externally available IT services increase in number and usefulness, resulting in user organizations focusing on differentiating applications of readily available I&T
  • more pervasive artificial intelligence increases the divide between empowered and emasculated citizens/consumers
  • the experience economy stimulates the development of digital enterprises in which the interaction with the enterprise’s digital ‘hologram’ is experientially equivalent with the interaction with the enterprise’s analogue manifestation
  • full time employment is for many people no longer possible and/or desirable, the latter resulting in knowledge continuity challenges for enterprises
  • the increased recognition of the complex adaptive nature of systems (in the broadest sense) drives smaller-scale, multidisciplinary, and experimental/emergent ways of working

04 March 2015

Guerrilla IT – how to be an IT rebel with a cause

I conducted two pre-conference workshops about ‘Guerrilla IT’ at the itSMF Norway annual event in March 2015. The idea for Guerrilla IT emerged in conversations with itSMF Norway’s Sofi Falberg at a conference in 2014. We spoke about people feeling the need to make relatively low key and informal individual contributions to improving ITSM, possibly under corporate radar. And that’s when I coined the term Guerrilla IT. Then before I knew it, I had committed to delivering a workshop about it in the new Service Bazaar format!

I announced the workshop as follows:

“Do you want to do something really worthwhile in IT yet keep getting ambushed by mealy-mouthed middle managers with their petty policies? In this interactive workshop we'll explore and discover how to identify realistic initiatives and how to deploy them under corporate radar while keeping out of friendly fire. You'll leave the session with some ideas for your specific situation as well as an arsenal of weapons for an IT rebel with a cause.”

In 90 minutes, with a maximum of 8 participants, we discussed:
1.       The concerns they the participants had at their organization or in the case of consultants, one of their clients
2.       The relationships that they thought needed the most improvement
3.       The kind of behaviour that business people and IT people should exhibit
4.       The factors that drive behaviour, and therefore need to be changed in order to influence behaviour
5.       The degree of freedom that their organization consciously or unconsciously afford them to take behave like an IT guerrillero or guerrillera
6.       Their person appetite for heroic behaviour
7.       The kind of guerrilla IT tactics that, given their organization’s and their own nature, would be effective
8.       Their ‘rebel’s resolutions’ - the takeaways that they could apply at work.

The results of the two workshops are summarized below:

1.       Participants concerns 
  • Ill-conceived services being abandoned on the doorstep of the ITSM department
  • Lack of IT awareness of the business context and in particular the customers’ interests – in other words no business focus
  • The shift from ITSM to Service Management in general
  • The difficulties of changing the culture in an organization, in particular resistance to change
  • Lack of basic trust
  • The challenges of working in a dysfunctional organization
  • The challenges of working in a disconnected organization in which IT seems to live in a world of its own
  • Change-overload – too much change to deal with

2.       Relationships in need of improvement

I gave the participants  the following simplistic depiction of the business (left) and IT (right) to think about.

  • Better understanding by ITSM of what the business does and how value is created
  • Better understanding by the business of how IT is organized – they don’t know where to go
  • More user involvement by business management in formulating needs for IT
  • Better insight by ITSM in what users actually do with the systems
  • Involvement of users in designing IT processes (usually this doesn’t happen, despite the fact that they are part of the process)
  • Better collaboration between AD/AM and ITSM (infrastructure) because of their interdependency

·         “Many BRMs don’t do BRM, they’re just order-takers”
·         “We need IT Relationship Managers in the business as well as BRMs in IT”

3.       Desired behaviour  

In each workshop, the group was split up into 2 groups of 4-5 people each.

In the first workshop, one group was tasked with thinking about the kind of behaviour that IT people should exhibit in their dealings with the business, and the other discussed the desired behaviour from the business.

Desired IT behaviour
Desired business behaviour
Understand the business better
Articulate requirements clearly
Proactively suggest innovations
Have mature conversations with IT about cost/value (meeting every single business requirement is not feasible)
Understand impact on consumers
Understand that IT is not setting out to do a bad job – the business needs to tell IT clearly what it needs
Understand business processes in depth and how IT supports them
Be aware of IT’s capabilities and limitations
Be less systems-focussed (because business people don’t think like that)
Strike a balance between business want/need and technical feasibility
Understand business output
Communicate with IT in terms of problems, not solutions
Focus more on value
Invite IT to participate in business discussions and thereby gain insight
Change keeping-the-lights-on to innovation ratio
Build a dialogue with IT
Provide honest and simple reports (referring to misleading reporting with for instance tactically classified incidents)

Support shadow IT (SalesForce.com is OK)

Build a dialogue with the business

·         “'There is a difference between quick and agile”
·         “Get your users involved in #ITSM process design”
·         “There is a problem with 2-way accessibility between business and IT”
·         “IT needs to hear about desired outcomes from the business rather than requests for specific solutions”

In the second workshop the participants explored another perspective, namely the horizontal divide between the executives and managers who take managerial decisions, and operations (both business and IT). One of the participants called this gap between executives and operations the ‘Rockwool syndrome’, referring to the insulation material. Having no real experience with executives, the ‘executive group’ admitted to having difficulty in getting into their role, and therefore struggled with their formulation of desired operations behaviour.

Desired executive behaviour
Desired operations behaviour
Share the reason for the decisions made
Understand that it’s about profitability and efficiency
Help us (operations) how the strategy (micro-strategy) contributes to the goals
Support our goals
Walk the talk. When you make a strategy, give it the right investment to achieve it
Be loyal
Ask operations for their opinions, advice and expertise and incorporate that in the design and decisions of strategy
Understand ‘business to operations’
Map the metrics and measurements clearly to the strategy
Be willing to change
Prioritize the strategy impact, especially when there is scarcity of resources/capabilities and conflicts of operations to be executed
Communicate and inform better
Strategy needs to be ‘concrete’ in terms of clarity (e.g. is the service catalogue an accurate reflection of the strategy)

Management activities should also be recognized as processes (processes are not just for operations)

4.       Factors that drive behaviour 
  • Insight and understanding
  • Belief that the new way of working might be better
  • A common enemy (or goal – in other words, why are we doing this?!)
  • Seeing an opportunity rather than a problem
  • Something in it for me
  • Urgency (with reference to John Kotter)
  • KPIs and incentives that are effective, not those that produce contra-productive behaviour
·         “Uniting against a common enemy can bring IT and the business together”
·         “We need to focus on opportunities rather than problems - be proactive not reactive”
·         “Change will not happen unless you can see ‘what's in it for me?’"
·         “The problem with many KPIs is that they can be gamed or manipulated.”

5.       Organizations’ degree of freedom  

Unsurprisingly, the answers to this question varied greatly, depending on the kind of organization. In a military organization there was very little room to manoeuver, while in a more administrative public organisation things were (unconsciously?) very loosely organized. Some organisations were positioned midway.

·         “There’s a disconnect between how managers think that things work, and reality”
·         “Processes [descriptions] have to followed, or changed”

6.       Participants’ appetite for heroic behaviour

Most participants thought that they were pretty heroic. None admitted to being cautious.

7.       Guerrilla IT tactics

Justified deception: One of the participants misled the business by saying that something simply wasn’t possible to realize, referring to complication (and fictitious) technical reasons.

Messianic IT: The phenomenon that an IT hero (not one of the participants) gathered a ‘following’ of users who always used his services instead of the regular channels to the department. The downside is that when the hero leaves the organization, much knowledge is lost because nothing is documented (this would undermine the hero’s position).

8.       Rebel’s resolutions

Although the participants thought that the time was well-spent, concrete resolutions for what to do when they got back to work, were thin on the ground. There was a nodding of heads when some people mentioned the reinforcement of how important behaviour is, and the realisation that the business needs to be included in all things ITSM.


Some of the references below were explicitly mentioned during the workshops, others I have added after the event.

Motivation (Autonomy, Mastery, Purpose)
> YouTube ‘RSA Animate – Drive’, Daniel Pink

Persuasion (Reciprocation, Social Proof, Commitment and Consistency, Liking, Authority, Scarcity)
> YouTube ‘Science of Persuasion’, Robert Cialdini

Charisma (Presence, Power, Warmth)
> YouTube ‘Olivia Fox Cabane: Build Your Personal Charisma’, Olivia Fox Cabane

Rebels at work
> www.slideshare.net/Foghound/corporate-rebel-ebook, Lois Kelly

08 January 2015

Tears at Toyota

I just remembered that I wrote a guest blog about service experience for Cherwell in March 2014.

So this guy at my Toyota garage made me cry. He had no idea that he did, and he never will. But I’m grateful to him for the experience. “He made you cry and you’re grateful?” I hear you thinking, “How come?” Read the rest of the blog at: Cherwell.

Managers don't govern, they are governed

As people often use the word 'governance' in various and therefore confusing ways, I spent a while looking at some authoritative sources of governance wisdom, from which I've summarized the statements below. I now have a better understand of what governance is and what it is not. The statements without a reference, are my own opinions.

1. Corporate governance is the system by which organizations are directed and controlled. [ISO 38500, 2008, adapted from Cadbury, 1992 and OECD, 1999]

2. Boards of directors are responsible for the governance of their companies. [Cadbury, 1992]

3. The shareholders’ role in governance is to appoint the directors and auditors, and to satisfy themselves that an appropriate governance structure is in place. [Cadbury, 1992]

4. The responsibilities of the board include setting the company’s strategic aims, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship. [Cadbury, 1992]

5. A board of directors often has several committees, e.g. compensation committee, audit committee and governance committee,  to assist the board with the discussion and decision making within the board. [Andriole, 2009]

6. The board determines, within the bounds of laws and regulations,  which aspects of their organization they wish to direct and control by means of policies and plans that they issue to their executives, and, implicitly or explicitly, which aspects are left to the discretion of their executives.

7. From a semantic perspective, when directing and controlling aspects of the organization are delegated to executive management, this should be called management, not governance.

8. Directors are members of the most senior governing body of an organization, and include owners, board members, partners, senior executives or similar, and officers authorized by legislation or regulation. [ISO 38500, 2008]

9. Governance is by definition non-executive, although directors may also have other roles of an executive nature.

10. Directors should govern IT through three main tasks:
a) Evaluate the current and future use of IT
b) Direct preparation and implementation of plans and policies to ensure that use of IT meets business objectives
c) Monitor conformance to policies, and performance against the plans
[ISO 38500, 2008]

11. Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options, setting direction through prioritisation and decision making, and monitoring performance, compliance, and progress against plans. [COBIT 5, 2012]

12. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. [COBIT 5, 2012]

13. When an auditor reports to the board, auditing is part of governance's monitoring activities; otherwise it's part of management's monitoring activities.

14. Managers (including senior executives in their role as executives) don't govern, they are governed. They participate in governance activities by following the board's directives, and by demonstrating that they have done so - this is part of their management task. 

[Andriole, 2009] Boards of Directors and Technology Governance: The Surprising State of the Practice, Stephen J. Andriole
[Cadbury, 1992] Report of the Committee on the Financial Aspects of Corporate Governance, Adrian Cadbury 
[COBIT 5, 2012] www.isaca.com
[ISO 38500, 2008] www.iso.com
[OECD, 1999] OECD Principles of Corporate Governance