ITIL Change Management clearly states that all Requests for Change (RFCs) must be approved and authorized in advance of implementation. The speed and effectiveness of the approval and authorization element of the Change Management Process can provide the difference between the organization being responsive to market forces, competitive and in some cases 'first to market', which in the current global economic climate may be the difference between surviving or 'going under'.
In recent years I have engaged with several organizations that have established a Change Advisory Board (CAB), but it has in some cases been to the detriment of the organization. The CAB has met on a weekly basis to review all Requests For Change in detail. Often the meetings run for a couple of hours or more and are rather tedious and onerous.
The CAB is normally comprised of knowledgeable, experienced and quite well paid members of the IT department, business and potentially chargeable third party outsourced service providers (OSPs). On the odd occasions I am invited to attend an organizations CAB, I make an educated guess at what each individual might be paid / charged by the hour around the table. By adding each of the costs together to obtain a total and then multiply by the number of hours the meeting lasts, an estimated cost for the meeting can be compiled. It can be quite surprising just how much the CAB can cost.
Working in the manner described above some organizations may be scoring an 'own goal' by incorrectly invoking the Change Advisory Board and in fact impeding the Business in doing so. ITIL proposes that RFCs are categorised at an early stage of the process. Below are four suggested categorises, which are described as:
- Service Requests - small repetitive changes for example password reset or individual desktop build
- Normal / Standard - limited impact, resource and cost, reasonably short time scales to deliver
- Significant- high impact activity or complexity that may effect several areas of the organization or business e.g. power down of a data centre for maintenance work
- Major - long duration, high complexity, large budget / cost, multitude of resources / suppliers e.g. projects or programs
By invoking the CAB for Significant and Major RFCs a more effective and cost efficient use of the various attendees time is provided. Simply by the size or scope, complexity, impact and cost implications of such RFCs approval / authorization or rejection should be provided by a broad cross-section of the organization representatives.
Immediately the effectiveness of the CAB is improved from time spent, costs incurred of such a meeting and value added. The frequency of the CAB meetings should be on an 'adhoc' basis, whereby meetings are only convened as and when a significant or major RFC(s) are presented. Details of the RFC(s) should be distributed in advance of the meeting allowing exceptions or concerns to be raised at the CAB meeting, thus expediting duration and efficiency of the meeting. All decisions and actions should be recorded in the RFC.
The majority of RFCs are those categorised as Normal / Standard RFCs and are managed on a day to day basis by individual CAB members from the various areas of IT, for example; Application, Infrastructure, Network , Data Base, Security Manager(s) or Team Leader(s). Each individual RFC is reviewed by the relevant manager(s) / team leader(s) as required and applicable. The outcome of the review will be to approve, authorise, reject or request further information for the RFC. Undertaking this approach enables changes to progress in a timely manner thus providing a responsive and supportive service that underpins the Business and the service offerings.
ITILnews welcome your comments and feedback regarding articles and experiences shared so please do not hesitate to contact us.