MANAGEMENT
GUIDELINES
Goals and Metrics
AI6 Change authorisation DS8 Incident reports
DS9 IT configuration/asset details DS13 Error logs
Requests for change (where and how to
apply the fix) AI6
Problem records AI6
Process performance reports ME1
Known problems, known errors and
workarounds DS8
• Average duration between the logging of a problem and the identification of the root cause
• Percent of problems for which a root cause analysis was undertaken • Frequency of reports or updates to an
ongoing problem, based on the problem severity
• Number of recurring problems with an impact on the business
• Number of business disruptions caused by operational problems
• Percent of problems recorded and tracked • Percent of problems that recur (within a
time period), by severity
• Percent of problems resolved within the required time period
• Number of open/new/closed problems, by severity
• Average and standard deviation of time lag between problem identification and resolution
• Average and standard deviation of time lag between problem resolution and closure
Activities
• Assigning sufficient authority to the problem manager
• Performing root cause analysis of reported problems
• Analysing trends
• Taking ownership of problems and progressing problem resolution
IT
• Ensure the satisfaction of end users with service offerings and service levels. • Reduce solution and service delivery
defects and rework.
• Protect the achievement of IT objectives.
Process
• Record and track operational problems through resolution.
• Investigate the root cause of all significant problems.
• Define solutions for identified operations problems.
Activities
RACI Chart Functions
CEO CFO Business ExecutiveCIO Business Process OwnerHead Oper ations
Chief Ar chitect
Head DevelopmentHead IT Administr ation
PMO Compliance,
Audit,
Risk and Security Problem Manag er
Identify and classify problems. I I C A C C I R
Perform root cause analysis. C C A/R
Resolve problems. C A R R R C C
Review the status of problems. I I C A/R C C C C R
Issue recommendations for improvement, and create a related RFC. I A I I I R
Maintain problem records. I I I I A/R
A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
DS10 Manage Problems
Deliver and Support
Manage Problems
DS10
From Inputs
Outputs
To
measure measure measure
drive drive
set set
Goals
DS10 Manage Problems
Management of the process of Manage problems that satisfies the business requirement for IT of ensuring end users’ satisfaction with service offerings and service levels, and reducing solution and service delivery defects and rework is: 0 Non-existent when
There is no awareness of the need for managing problems, as there is no differentiation of problems and incidents. Therefore, there is no attempt made to identify the root cause of incidents.
1 Initial/Ad Hocwhen
Personnel recognise the need to manage problems and resolve underlying causes. Key knowledgeable personnel provide some assistance with problems relating to their area of expertise, but the responsibility for problem management is not assigned. Information is not shared, resulting in additional problem creation and loss of productive time while searching for answers. 2 Repeatable but Intuitive when
There is a wide awareness of the need for and benefits of managing IT-related problems within both the business units and information services function. The resolution process is evolved to a point where a few key individuals are responsible for identifying and resolving problems. Information is shared amongst staff in an informal and reactive way. The service level to the user community varies and is hampered by insufficient, structured knowledge available to the problem manager.
3 Defined when
The need for an effective integrated problem management system is accepted and evidenced by management support, and budgets for the staffing and training are available. Problem resolution and escalation processes have been standardised. The recording and tracking of problems and their resolutions are fragmented within the response team, using the available tools without centralisation. Deviations from established norms or standards are likely to be undetected. Information is shared among staff in a proactive and formal manner. Management review of incidents and analysis of problem identification and resolution are limited and informal. 4 Managed and Measurable when
The problem management process is understood at all levels within the organisation. Responsibilities and ownership are clear and established. Methods and procedures are documented, communicated and measured for effectiveness. The majority of problems are identified, recorded and reported, and resolution is initiated. Knowledge and expertise are cultivated, maintained and developed to higher levels, as the function is viewed as an asset and major contributor to the achievement of IT objectives and improvement of IT services. Problem management is well integrated with interrelated processes, such as incident, change, availability and configuration management, and assists customers in managing data, facilities and operations. Goals and metrics have been agreed upon for the problem management process.
5 Optimised when
The problem management process is evolved into a forward-looking and proactive one, contributing to the IT objectives. Problems are anticipated and prevented. Knowledge regarding patterns of past and future problems is maintained through regular contacts with vendors and experts. The recording, reporting and analysis of problems and resolutions are automated and fully integrated with configuration data management. Goals are measured consistently. Most systems have been equipped with automatic detection and warning mechanisms, which are continuously tracked and evaluated. The problem management process is analysed for continuous improvement based on analysis of measures and is reported to stakeholders.
MATURITY
MODEL
© 2007 IT Governance Institute. All rights reserved. www.itgi.org 140
Deliver and Support
Manage Problems
PROCESS
DESCRIPTION
Control over the IT process of Manage data
that satisfies the business requirement for IT of
optimising the use of information and ensuring that information is available as required by focusing on
maintaining the completeness, accuracy, availability and protection of data is achieved by
• Backing up data and testing restoration • Managing onsite and offsite storage of data • Securely disposing of data and equipment
and is measured by
• Percent of user satisfaction with availability of data • Percent of successful data restorations
• Number of incidents where sensitive data were retrieved after media were disposed