The ITIL process maturity framework can help identify improvement opportunities

Share: ,
February 3, 2012

By Adam Holtby

Reviewing process maturity is an important activity for IT departments. It identifies potential areas of improvement and highlights business-critical IT processes that, if not at an appropriate maturity level, may put the business at risk. The ITIL process maturity framework is one approach to assessing process maturity.

The value of assessing process maturity

A process maturity assessment is a useful way to identify areas of possible improvement as part of a continual service improvement initiative, and it can help organizations to recognize the importance of their processes. Assessing the maturity of a process will check its usability, and draw attention to any activities and tasks that are not efficient. There are risks associated with immature processes, especially core processes such as incident, change, and problem management, and these risks can adversely affect IT and business operations.

The most basic level of incident management is known as “level 1 maturity.” The ITIL service design publication defines level 1 maturity as where, “A process has been recognized but there is little or no process management activity and it is allocated no importance, resources, or focus within the organization. This level can also be described as ‘ad hoc’ or occasionally even ‘chaotic’.†At this level of maturity, incident management is totally reactive, with no activity around identifying and reporting incident trends.

At level 1 maturity many avoidable incidents occur. Roles and responsibilities are loosely defined, which results in a lack of accountability and leads to escalation issues. This extends the time it takes to resolve incidents, and adversely affects the quality of service. The production of reports is inconsistent, as is the review of any reports that are produced. This negatively impacts operations, and the lack of direction and vision from senior management results in the service desk function becoming less productive.

It is important to note that many business-critical applications rely on efficient incident management. If a key business application experiences an outage, normal service must be resumed as soon as possible. However, if the maturity of the incident-management process is low, with poor escalation and accountability, the time it takes to resolve an incident greatly increases. It is therefore vital that organizations assess the maturity of their processes in order to determine the gap between their current capability and desired future state.

Measuring maturity begins with assessing the current environment

Regardless of the framework adopted, measuring maturity usually begins with an assessment. This can be done internally on a self-assessment basis (many templates for self assessment are available) or externally, by a third party. Self-assessment may be an attractive option for organizations concerned about the cost of an external assessment, but it is important to consider the value of the impartiality and expertise that a third-party assessor can offer.

The ITIL process maturity framework assesses the process environment against five areas:

  • the organization’s vision, which outlines its goals for the future and the role of IT in the business
  • what must be done to reach this vision
  • the skills needed
  • the technology that will support the process
  • the values and beliefs of the people involved.

Conducting an assessment will identify improvement opportunities. The next step is for the organization to decide which, if any, to address first. The key considerations at this point are whether the resources (including people, time, and funds) necessary to make the improvements are available, and whether the required expenditure represents value when compared with the desired outcome.

It is important at this stage to ask how crucial an IT process is to the business and its strategy. If a high level of value is attached to the process, having low maturity levels associated with it can put the business at risk. Organizations must ensure that the resources are available to improve the maturity of their most valuable processes if an assessment categorizes them as immature.