I regularly find that problems that I speak with clients about are due to poor change management when I asked to review risk management within their business data systems. I would suggest that this problem exists in equal quantity where businesses outsource or insource their IT services. Where Cloud or hosted services are being used there is generally a good level of change management in that service but this is not always the case and should not be assumed.
This subject can be made very complex and difficult to manage but it does not need to be and for many businesses it can prevent many simple and common problems if it is implemented appropriately. The basic principle of change management is that any change is assessed, authorised, planned and executed. I find that complexity comes from the type and speed of change needed with the latter typically being as the result of poor planning. In many cases I find that the client does not have any control over change with them carrying out little or no planning often because they see IT as complex or they underestimate the scope of the change. I say “client”, but this also includes outside service providers if they provide the IT services for the whole environment or for an individual application. I see that many businesses are now engaging with multiple vendors in the delivery of their IT Services as they take services from the Cloud and as a result, good change management is even more important.
If you do not operate a change management process, I would suggest that the cost of supporting your IT services will be higher than it should be. You may also be suffering from repeated periods of unplanned downtime, unmanaged expenditure and potentially lower levels of cyber and data resilience.
There are many definitions of IT Service Management (ITSM) principles for change management but they commonly follow this process:
- Formal recording of change requests.
- Reviewing the business impact, cost, benefit and risk of the proposed change request.
- Creating a clear business justification to support the proposed change request.
- Reviewing and approval of a change request.
- Management and coordination of implementing the change request.
- Monitoring and reporting on the implementation of the change request.
- Reviewing and closing the change request.
Information Technology Infrastructure Library (ITIL) is a set of practices for ITSM that focuses on aligning IT services with the needs of a business. ITIL is commonly used by many IT service companies and departments and defines the change management process as:
The goal of the change management process is to ensure that standardised methods and procedures are used for efficient and prompt handling of all changes, in order to minimise the impact of change-related incidents upon service quality and consequently improve the day-to-day operations of the organisation
I recognise that achieving full ITIL adoption may be beyond and possibly not appropriate for all businesses but that does not prevent them adopting the principles of ITIL with respect to change management. In cases where full ITIL implementation is not possible or appropriate, businesses should adopt a simple change management process, so where should you begin?
Step 1 – Walk before you run
You should identify key people from each of the functional user groups within the business to act as members of the Change Advisory Board (CAB). The CAB manages change within the business and it meets as required to ensure that changes are reviewed in a timely manner to prevent unauthorised changes from being introduced. It is critical that the CAB includes people from different sections of the business to allow everybody to be involved in the change management process. The CAB needs to be able to receive input on things like planned downtime, benefits, risks, resourcing and mitigation from all affected parties. Subject to the level of change that the business faces, the CAB should meet weekly or monthly as a minimum with an emergency CAB called if there is any change that will not wait for the next scheduled meeting.
- Appoint a Change Manager to facilitate the CAB meetings with the authority to approve and co-ordinate change.
- The CAB should comprise key department staff and decision makers to ensure that decisions can be made.
- Proposed changes should be reviewed by the CAB to determine if they will have a negative impact to the business.
- Change implementation plans should highlight and address risks and create recovery/rollback plans.
- A log should be maintained that tracks changes and their outcomes with any follow up actions with this reviewed by the CAB.
- A clear process should be created for an emergency change process to handle urgent and critical changes.
You may already operate some informal procedures that overlap with the functions of the CAB and therefore only need to formalise them. Do not become too hung up on the finer changes and allow delegation of these but the CAB should review these and review the delegation if failure is common as this indicates that the process is not working as it should.
Step 2 – Learn from failure
Failure is a fact of life and we should not look to use it as an excuse to apportion blame, we should see failure as an opportunity to learn how we can improve. The process of change management should not be dependent upon one person so if a failure has occurred, the CAB is at fault so the CAB should look to resolve the problem. I would suggest that this strategy encourages more people to be involved in change management as they can’t be isolated and they can add value. The CAB should be used as the process to review changes and see what opportunities there are to reduce the risk of failure or business impact when they review proposed change requests.
- The CAB should use the change request outcome data for changes that were executed since the last meeting to identify improvements in the way the CAB operates. These could include reviews of failed changes or unplanned implications to see if the CAB could have anticipated them.
- If the lessons learned highlight a change in the CAB culture and it is small, achievable and low risk, implement it immediately.
- If the lessons learned require more work, prioritise them in a list and implement them as opportunity allows and review this list at future CABs.
Step 3 – Enjoy success
The change in culture brought about through a CAB needs to be communicated to all staff within an organisation to encourage others to recognise the importance and value of the CAB. The CAB will uncover opportunities for change in business culture to change and where it has prevented unintended consequences, these should be celebrated with senior management and stakeholders.
Create some simple metrics to show the number of change requests approved, the number of back outs and the number of rejections due to identified failures as this will assist in demonstrating the value of the CAB and the change management process. You should see a reduction in back outs and preventing changes going through due to identifying risks as changes go through the process.
It should be noted that the CAB should review all planned business changes, not just those emanating from IT, requiring all parties to raise change requests for the CAB to review. A good example I have recently worked on was the planned opening of a new remote office and the relocation of a complete department to the new office. I was asked to look at options when a problem was identified. The external IT service provider was not aware of the planned change and, other than a new printer for the office, there were no major planned IT costs for the project. It was identified late in the project that there were IT resource issues with the agreed project in respect to server storage, processing capacity, software licensing and data communication services that needed considerable investment. As these were identified at a very late stage in the project there were major unplanned costs and delays in the staff being able to relocate to the new office which held the business back with the planned growth. These delays and costs could have been prevented or planned for if IT had been aware of the change through a CAB.
Change should not be difficult, unplanned problems produced by unmanaged change are difficult to resource and that is what change management is all about, give it a try and enjoy the rewards.