Service intelligence: value-added compliance

Richard Stevenson, CobbleSoft International

Photo of Richard StevensonLove, hate or tolerate, regulatory compliance is not going away any time soon. However rather than fear the beast, organisations should embrace the opportunity as a catalyst for streamlining business processes and achieving long-term cost reduction, says Richard Stevenson, CEO of CobbleSoft International.

Highly publicized corporate scandals such as Enron and Worldcom in the US have resulted in the creation of regulations such as Sarbanes-Oxley (SOX), and many other countries are now reviewing and driving tighter controls for regulating corporate processes.

Whereas the goal for publicly traded companies remains increased accountability to both shareholders and governance alike, the domino effect holds that privately held organisations, regardless of size, will also benefit from implementing like policies. Certification provides for the comfort levels of customers or potential investors with increased levels of expectation.

It is also worth noting that many of the world's largest and often monolithic companies have chosen to take compliance to the nth degree. Rather than risk censure, every document, process and employee has been swept up in a wave of rules and procedures.

Although potentially rankling the most patient of minds, this blanket adherence does provide a company wide base point. Specifically, companies in global compliance are rapidly moving towards a position of significant strategic and competitive advantage.

No longer the lowly helpdesk

The natural assumption when thinking of compliance is to relate requirements specifically to accounting controls: 'If we don't cook the books, then we are complying.' However regulations dictate accountability throughout an organisation, and nowhere has added value become more evident than with the previously lowly helpdesk.

If information technology departments ever needed a better excuse to increase visibility and quash reputations for poor service, whether deserved or undeserved, then surely this is it.

A need to work to common business objectives, coupled with visibility and accountability for compliance, means that the emergence of the service desk and service management has become the new mantra not just for IT but for the business as a whole. (Figure 1)

Offering organisations an opportunity to evolve from tactically reactive to strategically proactive, service management integrates people, processes and technology to create the best possible solutions.

Sponsorship of, and executive buy-in to, service management initiatives results not only in an efficient service desk, but also in streamlined processes and the most efficient distribution of knowledge.

Such initiatives can also be a real boon to IT departments, where the golden opportunities to automate and integrate create and sustain service intelligence (SI), thus providing long-term value to the business as a whole.

The success, as driven by IT, leads in turn to greater levels of accountability, consequently easing some of the tricky logistics of compliance while supporting key business objectives. Indeed organisations are coming to expect compliance through SI as a guaranteed value-add when choosing and implementing a software solution.

Technology vendors are, of course, rushing to promote their different tools as 'service management solutions' - or similar variations of such. In actuality the concept is a much larger umbrella, encompassing a multitude of business operations, although still centred upon the service desk.

What the implementation of a software solution does enable an organisation to do is to focus on fixing and controlling processes.

Compliance is not just about creating control documents, but also about documenting controls, and business process management (BPM) is an integral piece of the solution. It is not always necessary to reinvent the wheel either: watch for the results of others and use the successful methods yourself.

Service intelligence from best practices

Business intelligence (BI) is typically used to describe the collation of data to judge the financial health of an organisation. SI however relates to the health of the underlying infrastructure.

A measure of effectiveness: of people, process and technology. An end result of service management initiatives, SI directly and indirectly captures and reports upon process detail for accountability, for business direction and for compliance.

At the core of service management are frameworks such as the Information Technology Infrastructure Library (ITIL®). Originating from service standards defined by the British government, ITIL® is being adopted around the world as the de facto framework for service management, and software vendors are beginning to gear capabilities accordingly.

Business-savvy IT executives are beginning to realize that there is a significant economy of scale and distinct correlation between meeting compliance regulations and the implementation of service management software.

Short-term value derives from the reduction in the time and resource required, both in IT and the user community, while long-term value is created through results such as the elimination of process redundancy.

Don't fear the beast

Realization comes when one considers that compliance regulations and service management policies identify many of the same goals. Both suggest frameworks enabling research and implementation of best practices - strategic initiatives built on common sense for competitive advantage.

Both implement accountability and audit trails, while neither actually specifies the process or service detail. Therefore it remains a key requirement of software solutions to provide flexibility in configuration while providing control in process.

Historically compliance efforts have focused on assets and processes. Service management now gives IT an opportunity to fully address compliance by defining and delivering the piece that has been missing - service.

While some solutions provide options to define simple service catalogues, others enable configuration of centralized meta data repositories with corresponding service requests. Regardless of the type of request, auditors need to know at the end of the day who ordered what, how it was delivered or executed and who actually approved it.

Furthermore, leading vendors are beginning to realize that the service concept can be applied to the entire organisation - not just IT - and are building that vision into their software.

The rapid pace of change during the last 10 years typically resulted in heterogeneous environments - a mishmash of hardware and software bundled together. Further, many organisations have allowed lines of business to do their own thing, breeding redundancy.

Service management provides an opportunity to overcome those issues, by providing a single point of contact with a centralized repository for both human and automated interaction.

Features such as dynamic APIs enable real-time service intelligence - whereby monitoring of hardware, networks, databases and applications can generate alerts via the APIs when thresholds are exceeded. The result is that it becomes easier to manage, easier to audit and easier to comply.

Self-service compliance

Most vendors are still working through the concepts of controls for distributed compliance and processes, while others have yet to transition to a web-based architecture. There are very few service desk solutions that enable an organisation to hit the ground running.

As business opportunities expand beyond traditional realms, global or distributed operations can create havoc in terms of compliance, including instances where an organisation has a distributed workforce: home-based or remote location employees that create additional compliance issues.

This is where the vision of web-based, self-service applications rises to the fore - service management solutions that empower the entire community, thus encouraging accountability and responsibility.

Such solutions provide capabilities for documented audit trails for ongoing monitoring of controls, automatic incident notification controls, plus predefined application controls along with documented instructions for action.

There is no longer any question that web-based, self-service management solutions increase productivity and reduce costs, yet at the same time add significant value to the compliance process. As best practices evolve to incorporate basic compliance strategies, the future of your organisation may depend upon your ability to adapt quickly to the evolution.

Richard J Stevenson is co-founder and CEO of CobbleSoft International Ltd, a privately-held developer of web-based service management software, headquartered in the state of New York.

His IT career spans the management of mainframe-based finance systems at the London Stock Exchange, several years travelling the world supporting multi-currency systems for an international oil company and, following Oracle ERP implementations, becoming an evangelist for the development of realtime, integrated data marts and data warehouses. Please visit www.cobblesoft.com

November 2006