Review of Building an ITIL-Based Service Management Department

Some time ago I purchased the official OGC ITIL book Building an ITIL-Based Service Management Department but I have not got around to reviewing it until now. Part of my slowness stems from my disappointment with the book, and partly I was holding off to see what others thought. I hold Malcolm Fry in high regard: I expected much better and I wondered if maybe I had missed something. Apparently not.

The response to this book has been nil, as far as I can tell. This is puzzling: it deserves to be howled down as ill-conceived. Malcolm is entitled to his opinion, but for OGC to have given this the official stamp of approval is unacceptable. At the very least it is highly debatable. At worst it is wrong. I note that itSMF (or its body IPESC) has not ratified the book. While individual reviewers are listed there is no mention of any official review anywhere. I can't imagine how the ITIL "swirl" logo came to be affixed to this book - who ratifies this stuff? who decides what gets to be a Complementary Publication?

Why am I so critical of this book? Because it is common knowledge in the industry that ITIL provides guidance on process at an abstract level, and nothing about ITIL is intended to dictate the structure of an organisation. The whole point of the ITIL processes is that they should flow across organisational units and bring us together to work on an incident or problem or change or whatever. In fact I was prompted to finally get around to this review by Hank Marquis' recent article in DITY Weekly

A better approach is to consider the ITIL processes as oversight or governance over the work performed by staff. ITIL processes do not describe an organization, but rather the work an organization must perform.

At least I thought it was common knowledge that you don't organise around ITIL. Certainly I have seen organisations distract themselves or divert their organisation from its optimal structure by trying to organise around ITIL. The lack of any comment about this book has left me bemused.

ITIL's core Service Strategy has a whole chapter 6 on organisational design, that never once suggests ITIL as a model. Service Operation 6.1 talks about organising around functions and once again never suggests ITIL processes as a model. In section 6.7.3 it explicitly states

it is not a good idea to strucutre the whole organisation according to processes... processes are used to overcome the silo effect of departments, not to create silos... processes specifically exist to link the activities of different groups... Using processes as the basis to create departments can defeat the purpose of having processes in the first place

In the good old days, ITIL V2's Planning to Implement Service Management 5.5.2 also said

To organise Service Management dealing with ten [sic] processes in a well-balanced organisational structure is complex. Many units play a part in the activities. It is necessary to have a single line of command (accountability) to integrate these activities across organisational boundaries. Process managers tend to be functionally, and not hierarchically, responsible for the IT employees of different units...
Which guiding organisational principle is applied may differ from organisation to organisation. Each principle has its own benefits and drawbacks. There is no universal organisational structure for IT Service Management

So now TSO publishes this official ITIL publication (copyright TSO not OGC) which is entirely based on the concept of grouping "Fundamental Tasks" (yet another term for ITIL processes/functions/activities/domains) to create an organisational structure. A FT is "a function, activity or process that...". Most of the FTs are from ITIL though there is a chapter on "Identifying non-ITIL Fundamental Tasks". Extraordinarily, this chapter covers this topic without once naming COBIT or any other more-comprehensive framework as a point of reference, which seems to me a gross omission. The chapter is just weird. It suggests that ITIL eduction and ITIL core books and ITIL experts are sources of non-ITIL FTs, as are conferences and seminars, but not - as I say - any other framework.

Not only does this book violate the principles quoted above from the core ITIL books about not organising around ITIL processes, but this ITIL fixation causes a myopia that overlooks fundamental organisational requirements. For example the structure in figure 10.4 is supposed to be Service Planning but has no portfolio planning function. Figure 10.6 is supposed to be Service Support but there is no training fuinction. (There are also some odd placements, such as putting Availability Management under a grouping called Service Operation rather than Planning).

This book also annoyed the heck out of me by referring to projects to "implement ITIL", which is not exactly thought leadership. "Implementing" ITIL went out with blue blazers.

It seems to me this book can be summed up as what the English call a howler: a laughably bad blunder due to not understanding. The only thing that puzzles me is that surely Fry knows better than this. Did I miss the point somewhere?


Comments to the comments

I haven't read Malcolm Frys books, but I have a few comments to some of the comments.

People seems to think APMG is managing everything within ITIL V3. That's not the case although they play a central role in protecting ITIL V3 IPR for OGC.

APMG is managing the ITIL V3 qualification scheme including accreditation of Examination Institutes and thus setting the rules for accreditation of Accredited Training Organisations, course material and instructors.

APMG is managing the exams in this role as well.

APMG is handling the complementary qualifications requests for inclusion into the ITIL V3 scheme.

And APMG is endorsing publications relevant for the qualifications e.g. study aids.

APMG is not managing complementary or other publications as such. Official ITIL publications are handled by TSO under contract with OGC.

itSMF (IPESC) may endorse the publications if asked, but OGC, TSO or APMG are not obliged to ask for such an endorsement. The IPESC endorsement doesn't result in the approval to use the swirl logo. itSMF has no part in this.

So who is allowing the use of the swirl logo on a publication and thus making it an official (core or complementary) ITIL publication? I'm not sure, but I suspect it's TSO.

The Swirl is a Trademark

The Swirl is an ITIL trademark so its use is controlled by APMG on behalf of OGC. This includes for complementary products including publications. The TSO contract with OGC only covers 'core ITIL' - i.e. the 5 books so in theory anything else they publish is complementary and as I understand it they should apply to APMG for use of the relevant trademark.

no transparency

Understood. But who decides whether a publication is suitable and good enough to be a Complementary Publication? Is anything published by TSO automatically a CP? if not, who is/are the judge? if it is APMG, why them? how do they appoint arbiters? What criteria are used ? etc etc etc



It is APMG because CPs are supposed to enhance the ITIL brand and APMG are contracted by OGC to do exactly that. How they appoint arbiters is, as you suspect, clouded in mystery. The crieria for the product are laid down (see link above and start the process) but given the applicants pay APMG for the assessment, rather than OGC doing so, it seems likely to me that there it is APMG's interest to attract as many CPs as possible and as they get a royalty a lack of transparency might lead the sceptical to believe it is in APMGs interest to approve as many CPs as possible in order to bring in the money. Of couse I'm not that sceptical....perhaps you know someone who might be. I'd certainly like to know the answer to your question about TSO.


That would certainly seem to be in keeping with the APMG approach to training providers - they earn revenue from selling exams, so they are a bit more lax than perhaps they should be regarding course approval. The fact that they allow a number of web based training providers to certify people at ITIL Expert level based on watching online videos would seem to be against the spirit of the "contact hour" requirement for ITIL v3 intermediate courses, if not the letter. Still, as long as it results in exam revenue, they don't seem to care much beyond that.

Four key roles for basic service provider operations

First - a thank you to John W for at least including the USMBOK in his thoughts.

In the Guide to USMBOK I wrote to an age old premise of mine from managing data centers that you need at least 4 key roles to manage IT as a service provider organization. They each represented the customer (business), service provider (service/product manager), operations and infrastructure perspectives. Form a Parliament representing these constituencies, wrap it in meaningful governance to control decisions, and add a trump or Director mechanism to arbitrate and voila!

ITIL V3 compounded the confusion started by V2 with respect to how processes and roles interact. ITIL V3 lists 45 'roles', with names spanning director, planner and manager. It also refers to two more that could be included (sales manager and business relationship manager). Forty seven roles and 35 subject areas (almost 30 of which are clear processes) all makes for an incredibly confusing set of choices for architecting an organization. This must be why the OGC Mandate for Change places such a large emphasis on cleaning things up!.

To begin, I have great respect for Malcolm and have not read the book. I feel sorry for him in many ways. Its no easy task to write a book. And to write one in the midst of the moving target that is ITIL V3, is at best - brave, at worst perhaps foolhardy. Why any organization is sanctioning publications to extend or compliment a version that is changing is beyond me. This means I am unlikely to buy any book by any author on ITIL V3 until clarity reigns on processes, roles, inputs, outputs, and how they all fit into a single model that can be operationalized, no systemized.

In the USMBOK I set out to describe the elements of a service management system that could be operationalized and the key roles within a service provider organization, a key component of the system (taking the holistic view). I deferred the task of documenting how each key role (knowledge domain), and the six key skills each role requires (knowledge areas) play into operating and sustaining the system. Thats the next set of writings. First the system and roles had to settle.

Back to ITIL. It speaks to a larger sized IT organization that can afford to consider adopting and yes 'implementing' 25+ processes and a similar number of managerial roles. It requires consultants, vendors and trainers to caution customers that it is descriptive and not prescriptive, and thus is not implying these positions be created. It takes a brave soul to decipher the core publications and suggest a more pragmatic approach. I feel for ITIL to truly become a goto reference for smaller scale organizations it really needs to address this aspect in the upcoming 'new edition'.

Principles not structures

I was going to wait until reading the book before making a comment, but I want to make some general observations.

The first is that is was a very early discovery on the ITIL journey that a too literal use of ITIL to design organisations can have a negative impact and lead to an all new set of silos. This was rapidly followed by the conclusion that matrix management was the best way forward. Well, sort of, if you have an existing culture that can adapt to it.

The second is that the right organisational structure for your IT department is dependent on a lot of factors. In the UK I'm sure the impact of sourcing strategies has been very influential, with ITSM roles split between the retained IT organization and the supplier, both of whom have to interface with customers and users. Confusion reigns if the interfaces aren't well understood. You obviously also need to take into account the approach to organisational structure adopted by your parent organisation, and its culture as well.

There are some basic underlying principles to apply, such as maintaining adequate segregation of duties and avoiding duplication of effort.

Of course whatever you decide isn't that important, because next year there will be another reorganisation.

Svc Mgt organization requires a BUS driver

Of course I haven't read Mr. Fry's book, so I can't comment, but I am on the same savage journey as many of you poor bastards so I can't resist commenting on the generic concept of 'building a service management department'.

I don't know of too many IT organizations that are really trying to organize around ITIL processes; most are slowly drowning as workloads and complexity rapidly increase (and resources decrease). In fact, the whole topic of 'organizing IT' makes me wonder if we're missing an opportunity that's right in front of us….

If you want IT to do more with less in a world where more services are required, faster, and with more complexity then it certainly seems like somethings got to give…. we're already going 100 miles an hour with the top down and the driver has yet to see those huge bats, swooping and screeching all around us.

If you're talking about IT service management, then we'll be defining technical services and making sure we have our act together by focusing on IT processes like the Good Books say. But if you want us to add BUSiness services to this mix given existing resource constraints, you must be in the depths of an ether binge…

Perhaps Ian's onto something with his USMBOK. The concept of service management must be expanded to include the business. Leaving the IT in service management seems to be resulting in IT trying to organize something that is not in their domain anyway, resulting in a high speed death march with 90 pounds of air in the tires.

Organizing for service management will require the driver of the BUS to be included in the organizational structure. I don't know whether Malcolm's book addresses this, as I have not read it. Hank's article does reference key differences between processes and performance, and I liked the comments about how manufacturing overcame similar issues facing IT today... but I still got the feeling that the business wasn't explicitly identified as a participant.

We continue to frame this as an 'IT problem' when it is really not that at all. IT can begin developing Technical Catalogs of Services and improving IT process maturity, but the real gains will not occur until we're able to map to a Business Catalog of Services. This requires somebody other than IT to drive the BUS, and unless and until this is included in the organizational structures then the savage journey will go on...

just wait 'till they see those bats.

John M. Worthington
MyServiceMonitor, LLC

TSO comment is intriguing

I ran out and bought the book as soon as I saw the author and the title. I was looking for some depth of insight into roles within an existing org. About half way through I put it down and deemed it a future resource if I ever had the chance to help a huge organization that could dedicate a whole department to ITSM. Upon discussion with colleagues and additional reads of the book, I just can't figure out what the premise or goal of the book really was. You don't implement ITIL, you don't reorg based on a set of process guidance (process is meant to span mulitple functional teams where your distinct skill sets are housed and managed), and even if you could (time, budget, resources, maybe a greenfield) I can't make the efficiency/effectiveness case for why you would ever want to.

What I find more interesting is the fact that this is a "castle ITIL" stamped/branded publication. That blows my mind. If one was trying to further an idea or concept or foster maturity in a very immature environment, wouldn't one be ultra careful to make sure one's publications were in line with helping to foster that maturity? This seems to 180 degrees fly in the face of what ITIL's ITSM best practices present in the books.

I had a chance to talk with Malcolm at both last year's itSMF Fusion and this month's HDI I'm kicking myself for not asking him what his context was for this book...

Has anybody read ITIL Lite?

It is another book by Malcolm.


Couldn't agree more

Hi Skep,

I couldn't agree more, in fact I wrote this review (Linkedin Books) back in October of last year.

"An odd formula of using ITIL functions (logical teams) and ITIL processes to design an organizational structure.

Using ITIL functions (teams) to help define how to structure your own teams implies that those functions are prescriptive. If that's the case (it's not), why go any further as the answer will just be to organize using that model.

Using processes to define an organizational model undermines the core ITIL axiom that processes are performed across functional teams and only as effective as an organization's ability to coordinate and manage that process across the organization. In the end, this approach seems to drive towards the creation of an organization that's silo'd around processes. Do process silos really represent an advantage over the organizational silos that are so prevalent today?

I wish the author (who I have a tremendous amount of professional respect for) would have taken a purely activities based approach, rather than using the ITIL processes and functions.

While I don't necessarily endorse this approach, this book is a short read (~100 pages) and you'll come away with a stronger sense of how to do this, as well as what to avoid. I came away with a more informed approach for performing this work, although not in the way that the author or publisher were probably anticipating. "

Frankly, I was a bit shocked by the book.

I've been meaning to start posting here since we hung out at Pink10 - better late than never...

Licensing ITIL Complementary products


The answer to your questions "who ratifies this stuff? who decides what gets to be a Complementary Publication?" is APMG. They have been licensed by OGC to control and protect the ITIL Trademark. They are the sole arbiters as far as I can tell. Products submitted for consideration are assessed by APMG - who do get them reviewed against certain criteria but I don't believe any of the various ITIL boards consider them.

Anyone submitting a project for licensing approval has to pay a fee to APMG for the review and if the product is approved they pay a further license fee and a royalty on sales of the approved product. I guess APMG's role in protecting the trademark is to ensure that revenues earned from any substandard licensed product outweigh the damage to the ITIL trademark. I'd question whether or not this is good governance.

Is it APMG endorsed or not?

Hi Skep
I can't see the APMG endorsement mark on the cover. So does it say whether or not it is APMG endorsed within the text? To be fair to APMG maybe that fact should be clear first? The picture is even more murky because on the ITIL site it says it is an Official (presumably OGC) complementary product -- but you have pointed out it is not Crown how can that be?
Anyone any ideas?


OGC have contracted APMG to manage the ITIL trademark and the ITIL qualification scheme, and have contracted TSO to manage the copyright of the ITIL material. As part of their contract to manage the ITIL trademark APMG runs the ITIL complementary product program. So you won't see an APMG endorsement as they are doing it on behalf of ITIL. Interestingly APMG are able to grant copyright permissions along with the trademark licence which makes me wonder if TSO can grant an ITIL trademark license along with the copyrights and can they grant this to themselves!

Details of the assessment scheme for complementary products can be found here for the terminably bored.

TSO now empowered to grant the ITIL swirl to its own books?

It is a fair question. Is TSO now empowered to grant the ITIL swirl to its own books without ratification by anyone else?

Sometimes I think Castle ITIL wouldn't know due process if it stood up in their cornflakes. Or good governance.

I haven't read the book but,

I haven't read the book but, based solely on the title, it might be a worthwhile read for large enterprises. The Fortune 100 I work for has upwards of 5,000 IT professionals operating in maturing ITIL based environment. While we are certainly not organized around ITIL processes, we are large enough to warrant a dedicated department devoted solely to ITSM. These include the folks supporting the ITSM automation platform, process owners, analytics/reporting, continous improvement etc. That said I have no intention of reading the book any time soon - sailing season just started!

I agree with "Visitor"

Disclaimer: I've not read the book.

I don't think it possible or practical to organize a department "around ITIL", but I do think there needs to be resources dedicated to ITSM. Part-time process managers are no-time process managers. I've seen it. And this dedicated group needs to be as close to the CIO/COO as possible. I guess I'm describing a hybrid: some resources enforcing what Visitor described, but most resources in their functional areas of expertise.


you can't judge a book by its cover

It is possible in a large enough organisation to justify fulltime process managers for incident, problem etc. Change manager is one obvious role that is warranted in even fairly small organisations. But that doesn't mean creating a whole Service Management department, i.e. silo. Service Management is a philosophy, an approach to IT , the way we do what we do. it isn't what we do. We operate.

"based solely on the title" Visitor, you can't judge a book by its cover [I've always wanted to say that in this context]. For those who haven't read it, i can tell you that the whole 100-odd pages are about identifying those "Fundamental Tasks" using ITIL to identify both the ITIL and non-ITIL tasks [don't ask me - that's what it says] then grouping those tasks and using that as the organisational structure for the "Service Management department" - a silo based on ITIL with a structure based on ITIL

Syndicate content