What ITIL® Can and Cannot Do
ITIL® and ITSM are not the same thing. (ITIL® is a registered trademark of Axelos, Limited. All rights reserved), ITIL refers to a specific framework, set of publications, and certifications. It no longer stands for “Information Technology Infrastructure Library, although that language is still used almost everywhere you look. It is simply a brand: ITIL®.
ITSM, on the other hand, is an acronym for Information Technology Service Management. People often conflate or confuse ITSM and ITIL, making statements like, “ITSM doesn’t say anything about…” ITSM, that is, Information Technology Service Management, simply refers to the management of IT services. In one way or another, every organization manages its information technology and the services it provides. ITSM is not a framework and has no “official” publications. Bear in mind that talking about ITSM does not necessarily mean we are talking about ITIL.
From its beginnings in 1989, ITIL started giving IT and service management a common language, which many believe is its greatest gift. When IT teams use terms like incident, service request, problem management, and IT asset management (or ITAM), they use the common language ITIL has provided. Without a doubt, ITIL became the world’s most widely used IT service management framework. Many organizations are still transitioning from ITIL v3 (and its 2011 revision) to ITIL 4, which was released early in 2019. HDI’s The State of Service Management in 2022 report shows that 25% of respondent organizations actively use ITIL v3 or earlier, and 26% are actively using ITIL 4. The transition to ITIL 4 is apparent because 27% say they have used ITIL v3 or earlier, and 30% say they plan to use ITIL 4.
In the same study, respondents were asked about the value of service management to their organizations. The results:
“The value of service management is linked to an increase in customer satisfaction (55% [percent of organizations]), a decrease in incident volume (44%), and an increase in incidents resolved without a business impact (35%).”
Notably, while 38% of organizations surveyed by HDI said they “haven’t used and don’t plan to use” ITIL V3, that percentage drops to 32% when asked about ITIL 4, indicating that ITIL 4 has the potential to gain wider adoption than V3. At the same time, it is worth noting that ITIL is no longer the most widely used of the frameworks and methodologies available, according to HDI’s research. DevOps (47% of organizations) and Agile (41%) both have surpassed ITIL in terms of wide adoption. We do need to remember that this does not mean that organizations have switched from one framework to another; many organizations are using multiple frameworks and/or methodologies.
ITIL is a Framework, Not a Methodology
We should be absolutely clear that ITIL is a framework. It is meant to be adopted and adapted, not “implemented.” ITIL is descriptive, not prescriptive; in other words, it suggests what we should strongly consider doing, not what we must do, and not how to do it. In general, those things we should strongly consider doing—and which other organizations have done with good results—are called “best practices.” Calling them “good practices” might have been better since there has not been a concerted effort or a clear way to establish what best means. The ITIL framework exists to help us decide what we need to do and gives us the language to discuss those decisions.
The differences between a framework and a methodology are worth discussing:
A high-level conceptual structure that provides a common language for approaching a problem or a set of problems. It establishes the boundaries and principles for a process or set of processes and outlines their components and relationships. A framework typically provides a set of guidelines, principles, and good practices, but it is flexible enough to be adapted to different contexts and situations.
A detailed and prescriptive set of steps or procedures that guides the execution of a specific process or project. It is a specific and structured approach that provides a clear roadmap for achieving a particular goal or objective. A methodology typically includes a set of tools, techniques, and templates, and it is often standardized across different projects and organizations.
Many in the world of IT service management (ITSM) have mistaken the framework for a methodology, erroneously stating that ITIL tells them they must do things in a specific way, and if they aren’t doing things “by the book” they aren’t “doing ITIL.” Part of this misapprehension stems from the way ITIL has been promulgated across the industry as a set of certifications rather than a source of good practices. This is largely the result of ITIL’s evolution from its origins as a way to standardize IT management practices within the government of the UK to a commercial venture as it is now. Reading the source books is important, rather than depending only on training materials that may be solely focused on achieving a passing grade on the examination.
Another common misconception is that ITIL is a standard or a set of standards. A standard is a methodology that must be followed “to the letter” to produce a desired result. An example of a standard is the electrical outlet. While the standards may vary by geographical region, all the outlets within a region must conform to a standard for size, shape, power output, and so on to ensure that electrical devices will work. No such mandates exist in the case of ITIL.
ITIL 4 and ITIL V3 (2011)
A good deal of the criticism of ITIL as being “too process focused” derives from ITIL V3, including its 2011 update. The architecture of V3 was comprised of 5 components of the “Service Lifecycle,” each explained in one of the core publications. These were:
- Service Strategy
- Service Design
- Service Transition
- Service Operation
- Continual Service Improvement
Taken together, these all are built on the viewpoint that IT—then almost universally a department—functioned as a provider of services to a business. Especially recently, this has been seen as a divisive viewpoint, separating IT from the core business and creating an “Us versus Them” mentality. Since ITIL is, once again, a framework to be adopted and adapted, this was not always the case, but its overall impression does hold some truth born out in a very common answer to the question, “Where do you work?” The answer is often, “I work in IT,” rather than, “I work at XYZ Company.” Of course, at least in part, many IT departments are outsourced to Managed Service Providers, making the division between IT and “the business” factual rather than attitudinal.
ITIL 4 strives to address this issue, emphasizing “value to the customer” and providing better ways to see and improve the value streams across the entire organization and its customers. It also makes the co-creation of value one of its key concepts.
IT Governance UK says, “While previous versions of ITIL focused on IT services, ITIL 4 expands its management practices to include culture, technology and data management. This reflects an overall change in ITIL 4, away from process-dominant thinking and towards a diverse and dynamic way of operating.”
ITIL® Applies to Far More Than the Service Desk
The ITIL 4 framework rests upon a set of guiding principles and defines a Service Value System (SVS), which includes:
- Guiding principles
- Service value chain
- Continual improvement
One of these, continual improvement, should not be confused with any kind of technical roadmap; ITIL is technology-agnostic. The framework is meant to encourage continual improvement across the entire organization by identifying and documenting (logging) opportunities for improvement, allocating time and budget for improvement, making the business case for action toward improvement, planning and implementing improvements, measuring and evaluating improvement results, and coordinating improvements across the organization.
The model ITIL 4 sets forth for continual improvement and asks a series of questions, which, as we can see, can be applied at any level of the organization and for virtually any type of improvement, not solely IT.
- What is the vision?
- Where are we now?
- Where do we want to be?
- How do we get there?
- Take action.
- Did we get there?
- How do we keep the momentum going?
As for the actions taken, ITIL 4 specifically mentions Lean, Agile, and DevOps as possible approaches, along with business methods such as SWOT (strengths, weaknesses, opportunities, threats) analysis.
There are 34 management practices included in ITIL 4, divided into three categories: General Management practices, Service Management practices, and Technical Management practices. The full list of these practices is available here, but the General Management practices include the following:
- Strategy management
- Workforce and talent management
- Measurement and reporting
- Risk management
- Information security management
- Organizational change management
- Supplier management
Service Desk is itself included as one of the Service Management practices, along with these and others:
- Incident management
- Service request management
- Problem management
- Release management
- Change enablement
- Service validation and testing
- Service configuration management
- IT asset management
According to the most recent research by HDI, The State of Service Management in 2022, the most common practices adopted by organizations are Service Desk (58% of organizations), Incident Management (48%), and Project Management (44%).
The only Technical Management practices included in ITIL 4 are:
- Deployment management
- Infrastructure and platform management
- Software development and management
We can quickly see that the ITIL framework has to do with all aspects of IT and its integration with a business or other organization. ITIL is used in education, nonprofit, and public sector organizations as well as in profit-making businesses.
Above and beyond the usual realm of service management, ITIL 4 defines four dimensions that are intended to help us look across the organization holistically:
- Organizations and people
- Information and technology
- Partners and suppliers
- Value streams and processes
Value streams, which are described “as a way to visualize the series of steps that take place in order to create value for customers,” are discussed in the context of co-creating value with customers, which points out that ITIL is not entirely focused on IT, and is certainly not solely comprised of processes, although processes and practices play a major role.
Why a Framework is Important?
Frameworks, as we said, are flexible enough to be adapted. This flexibility has proven exceptionally important as the world of IT has shifted and grown from mainframe systems operating in basement machine rooms to the desktop computer and its installed software, to Software-as-a-Service (SaaS) and cloud-based software served up via networks and the internet, and most recently to the mobile devices that allow work to be done from anywhere and at any time. By being descriptive rather than prescriptive, ITIL has—at least in large part—avoided becoming irrelevant, despite what some critics say.
In an article for ITSM.tools, Akshay Anand, former Lead Architect of the ITIL Update Program for Axelos, said:
“ITIL 4 still includes those elements from previous versions of ITIL that remain very much fundamental to service management and ITSM. But it also provides a new digital operating model – a basis that’s both practical and flexible, which is designed to help organizations on their digital journey. Plus, the impact of technology on business and the integration of ITIL best practices with Agile, DevOps, and digital transformation all play a role in the new framework.”
What ITIL Can Do?
ITIL, being a framework and not a methodology, can assist in these areas:
By describing the overall tasks of IT and suggesting some of the practices, processes, roles, and responsibilities that can help accomplish those tasks, the ITIL framework has helped reduce errors and inconsistencies in the management of IT services, whether those services are provided by an internal IT department, or by an external Managed Service Provider (MSP).
Because ITIL has established a common language, our colleagues in other business lines will not get mixed messages. (Of course, if we use only the language of IT, they may not be getting the messages at all.)
- Risk management
By describing the interplay between business operations and information technology, the ITIL framework can assist in describing ways to identify potential risks, assess their impact, and suggest measures to mitigate them.
Businesses and other organizations are increasingly subject to a wide range of regulations and requirements. Good practices and processes align with compliance requirements, especially in areas like data protection and record keeping.
Modern businesses (and other organizations) are subject to rapid change through growth or acquisition. The non-prescriptive nature of the ITIL framework allows for scalability.
Because the ITIL framework provides a structured approach to managing IT services, it can help ease the budget burden by guiding what to think about, what needs to be included (and not), and how to articulate what is needed. This can prevent a flurry of re-work, discussions and decisions about the role of IT in the organization and the value it provides.
Because it is a framework, ITIL can be integrated with—and extended by—other frameworks and methodologies such as COBIT, SIAM, VeriSM™, KCS®, DevOps, SRE, and also by ISO and other standards for IT and cybersecurity.
While some of ITIL say it’s too bureaucratic, a closer look at its characteristics (as in, reading the books) shows that it’s quite flexible and does not create a bureaucracy in and of itself. Organizations are presumed to adapt ITIL to the way they do things; if they tend toward bureaucracy, that’s the way ITIL will be used. Two key words the ITIL authors use in relation to ITIL are adopted and adapted. We adopt ITIL when we begin using the framework to assist us, and we adapt it to our organizational needs, structure, and style.
ITIL can also assist in ensuring alignment between strategic business goals and IT by enhancing communication, according to research by Ramisa Kashanchi and Janet Toland, of Victoria University of Wellington, New Zealand:
“Strategic alignment enables organizations to choose IT applications that meet their needs and, as a result, to enhance their profitability and reduce costs…The results of the research indicate that ITIL has the potential as an effective approach in achieving alignment.”
There is also a myth or misperception that ITIL is only useful to large organizations. According to GB Advisors, “The truth is that a set of universal principles applicable in any business context governs ITIL. In other words, being highly adaptable, ITIL can be adjusted to the requirements of different types of projects and organizations."
What ITIL Cannot Do?
Let’s begin this section with what should be obvious but apparently is not, judging from the actions of some organizations: ITIL cannot solve all IT problems. ITIL is not different from any other framework; it only provides guidance to help us decide what to do but does not prescribe how we should do it and certainly does not do it for us. It is not a so-called “silver bullet” capable of producing rapid and productive change. We must adapt its guidance and do the work required to produce the desired outcomes. To put it another way, the ITIL framework is not “one size fits all.”
- ITIL Does Not Replace Skilled Professionals
To this end, most organizations begin an ITIL journey by having staff members attend ITIL training and become certified. ITIL training begins at the Foundation level. In a large percentage of organizations, it also ends there. Staff go through the training, take an exam, get their Foundation certification, and that’s the end of their road.
At this level, they have been given an overview of ITIL and its principles and practices. They are exposed to the language of IT but may not have received the instruction and guidance to help them adapt the framework to their own organization. Usually, some—but not many—of the staff will go on to learn more about ITIL and achieve higher levels of certification as ITIL Specialist, ITIL Practice Manager (new), ITIL Managing Professional, ITIL Strategic Leader, or ITIL Master (new). Staff members are most often trained according to their role in the organization, meaning they receive higher training levels only if and when they are promoted or are about to be promoted. In many cases, someone with little further exposure to ITIL other than their Foundation class and exam winds up leading the organization’s ITIL efforts.
One of the consequences of this training phenomenon is that few of the staff have an in-depth understanding of the ITIL framework or how it might benefit their specific organization. Like any framework, ITIL requires skilled professionals to take full advantage of its guidance. While many IT professionals are highly skilled technically, they may not be used to thinking in terms of governance, value streams, practices, or processes, and while the Foundation level training provides an acquaintance with these concepts, only through experience and further training can ITIL be employed to optimal effect.
- ITIL Cannot Ensure Success
An Australian ITSM consultant once shared that a customer said, “We bought ITIL, and it didn’t work,” as if ITIL were a software application or browser plugin. ITIL cannot do anything that the organization has not decided to do, planned to do, and put the necessary work into doing.
- ITIL Does Not Offer Guidance on Specific Technologies
Whether or not your organization chooses to use cloud-based applications, Artificial Intelligence, or mobile-first applications and systems is entirely up to your organization.
- ITIL Cannot Ensure Communication and Collaboration
Even though ITIL helps facilitate communication and collaboration by providing a common language, it does not guarantee that effective communication or collaboration will take place in an organization.
- ITIL Cannot “FIX” Your Organization’s Problems
Although ITIL provides a great deal of guidance for organizations, it alone cannot solve your organization’s problems. ITIL points the way, but the organization must identify and change the cultural or process issues contributing to the problems they must solve.
As consultant Doug Tedder said, “The truth is, anyone can read a student guide and learn ITIL concepts but that isn’t going to get them or their organization very far. Like we’ve said, ITIL is guidance not gospel. You need to understand how it can impact and fit into your organization.”
How to Adopt and Adapt ITIL?
Given all that we have said about what ITIL can and cannot do, what steps should an organization take to get the most value out of the framework?
- Assess Your Current State
What are your current practices, processes, and capabilities? How are they working? Where are they failing to meet goals and expectations? Do all the services IT offers have a definition and a direct connection to a business need?
- Do an Internal SWOT Analysis
Research and articulate the strengths, weaknesses, opportunities, and threats associated with your current state.
- Build Your Roadmap
Using the results of your assessment and SWOT analysis, build a detailed roadmap for how you expect your adoption of ITIL to help you and explore where you need to adapt the framework to suit your organization's needs. Which practices do you really need? How will you staff them? What kinds of cultural and behavioral changes need to occur to provide the best opportunity for revised or renewed processes to take hold?
- Obtain the Commitment of Senior Management
In most cases, this is called "management buy-in," but the buy-in is not enough when culture change is required. Look for allies among the senior managers and arm them with your assessment, SWOT analysis, and roadmap. With a consistent and well-considered plan, they are more likely to lend their assistance.
- Plan for Organizational Change
Make sure that your organizational change plan is active from the beginning.
- Build the Team
Obtain the appropriate training for those leading your efforts, and ensure the team has good leadership. The training will help develop an understanding of ITIL and its benefits and help equip the entire staff for success. As your service management program expands, the team will expand as well. This is not a project, but a sea-change in the way IT provides its services and works with other lines of business. Adopting and adapting ITIL should not be viewed as an implementation.
- Define and Document a Service Strategy Aligned with Business Objectives
This includes identifying customer needs, defining service offerings, determining service levels, and establishing financial, demand, and service portfolio management strategies.
- Design Service Processes
Based on the service strategy, design and document ITIL processes required for service management. This includes incident management, problem management, change management, service level management, configuration management, and other relevant processes.
- Adopt Processes
Roll out the designed processes gradually, starting with a pilot phase or specific areas. This approach allows testing, refining, and evaluating the processes before full-scale implementation. Engage the project team and staff in implementing to ensure buy-in and adoption.
- Monitor and Measure
Establish metrics and key performance indicators (KPIs) to monitor the effectiveness and efficiency of the implemented ITIL processes. Regularly measure and report on these metrics to identify areas for improvement and track progress toward defined objectives.
- Continual Improvement
Foster a culture of continual improvement by regularly reviewing and refining the implemented ITIL processes. Use feedback from stakeholders, lessons learned, and best practices to identify areas for optimization. Encourage innovation and adapt ITIL practices to the changing needs of the organization.
- Communication and Awareness
Communicate the benefits and progress of ITIL adoption to all stakeholders, including employees, customers, and senior management. Raise awareness about ITIL, its impact on service delivery, and the value it brings to the organization.
As the well-known business maxim says, "You cannot improve what you do not measure." How can you measure success with ITIL?
The short answer is that you can't. Being a framework and descriptive rather than prescriptive, ITIL is and should be adapted to the individual organization, and even the most ardent of ITIL evangelists will tell you that they have never seen an organization that has adopted every practice, process and bit of guidance ITIL has to offer. Organizations adopt those pieces and parts of ITIL that will be the most helpful in their estimation, so the measures should follow the same pattern. If Service Desk is an adopted practice, its key metrics will evince whether it is working well. Good Service Desk practices should result in shorter interruptions, for example, measured by a metric like Mean Time to Restore Service and faster response to interruptions by Mean Time to Respond. Change Enablement good practices should reduce the number of incidents resulting from changes, the number of failed changes, and so on for any management practices and their included processes. "Measure what matters, and know for whom it matters," says Greg Sanker, one of the authors of ITIL 4.
It should be noted that these metrics are not measuring ITIL's success but rather an organization's success as a result of adopting good practices according to ITIL's guidance. The desired result of measurement, ITIL 4 tells us, is uncertainty reduction by collecting appropriate data in context.
Most organizations categorize metrics into Critical Success Factors (CSFs) and Key Performance Indicators (KPIs); the popularity of Objectives and Key Results (OKRs) has grown recently.
ITIL is a widely used framework for service management. Historically, it has been focused on IT Service Management (ITSM), but ITIL 4, released in 2019, broadens the perspective to look at the service value system (SVS) across the entire organization. ITIL should not be confused for a methodology or set of standards. It provides guidance based on guiding principles and suggestions for good practices (although they are called best practices in ITIL).
ITIL and ITSM are not the same things; ITIL is one of the frameworks used for ITSM. ITIL is not prescriptive. It suggests what to do without instructing us how to do it. ITIL goes far beyond the Service Desk, which it lists as one of the practices. Its key aim in its most recent version is to assist us in co-creating value for our customers (our company’s customers). The key concepts about putting ITIL to work are to adopt and adapt.
Join Us on Our Journey to Revolutionize the IT Service Management and Improve the Employee Experience. Book a Meeting Today