Branham

White Papers

Enterprise Change Management

Written by
Fariba Anderson, Partner

October 2006

Download the PDF version of this white paper here

 

 

An Old Cliché or the New Reality

Change is the one constant that organizations can count on. It is change that enables organizations to take advantage of market and social opportunities to deliver value to their stakeholders. In today’s technology driven economy, organizations of all types and sizes find themselves more dependent on IT to successfully execute their mandate. The concept of enterprise change management is becoming the tenet of all standards.

The pervasive nature of IT has imposed an environment whereby a Business change requires one or multiple changes to the IT environment and vice versa. The days where changes to either Business or IT environments were limited to a specific area are long gone. More and more changes in the IT environment cause the Business to re-visit its processes and adjust accordingly. There are very few changes that Business can entertain without considerations for the IT environment.

The phenomena of interdependency and interoperability of IT and Business environments is not new. What is new is the increase in undesirable and intolerable situations where:

  • A decision to alter an aspect of the IT environment results in negative implications on the viability of the Business processes as a whole or in part.
  • Business cannot entertain any change without taking into account the requirements for modifying some aspect of the IT environment regardless of the size, urgency or type of change.

Recent events within our own experiences and that of the public domain verify that organizations can no longer manage change without an encompassing framework that takes into account both IT and Business implications. To this end, many organizations are leveraging industry best practices and tightening up their change management processes to minimize and preferably eliminate the negative implications of a change while maximizing on the promise of change. One of the byproducts of managing change methodically is that any request for a change regardless of its size, urgency or type will take longer. This outcome reflects the nature of a typical process and often is confused with red tape and bureaucracy. Therefore organizations have reached the conclusion that circumvention of their methodical change management process is a must-have as otherwise the process can become a source of liability. This challenge is further acknowledged by the industry as most best practices support circumvention of change management processes in the name of flexibility and urgency. After all, what good is a pristine change management process if the organization cannot effectively react to the competitive threats, market opportunities, social demands and regulatory requirements.

The challenge with both emergency-based and method-based approaches towards change management is in the expectations that both approaches will fail unless they are 100 percent successful. This black and white view is a common theme among most organizations and the direct outcome of the ever-increasing interdependency and interoperability of Business and IT environments. Both IT and Business find themselves in situations where neither party can tolerate delays or failed outcomes.

Interdependency and interoperability are the major contributors to the need for an enterprise change management framework that addresses organization risk tolerance. This requires a comprehensive framework that can address any aspect of change and determine its implications on both the Business and IT environments proactively. This whitepaper was developed to specifically address such a requirement and provide the reader with:

  • An overview of industry best practices and The Manta Group approach for managing change through governance, project portfolio management, service managements and organization change management.
  • The Manta Group Enterprise Risk Management Model (ERMM)© which provides organizations with a risk-based approach to manage the dynamics of both IT and Business changes without sacrificing speed or stability while improving organization insight.

 

An Overview of Industry Best Practices for Change Management

Industry best practices for change management can be summarized in four leading standards defined by IT Governance Institute, Project Management Institute, Service Management Institute and Kotter Leadership and Change Management. These standards in their own right are very powerful and do address most aspects of enterprise change management ranging from governance imperatives for strategic management of change to task-based instructions.

Control Objectives for Information and related Technology (CobiT) is the platform that IT Governance Institute has established to provide enterprises with a comprehensive framework to manage all aspects of IT dynamics. IT Governance Institute leverages its network of global IT organizations within both private and public sectors to continuously improve CobiT. Through 34 control objectives, CobiT 4.0 (Figure 1) provides a comprehensive framework for managing change through all aspect of IT processes while the control objective Manage Change (Figure 2) provides a set of well defined key goals and key performance indicators.

Project Management Body of Knowledge is published by Project Management Institute (PMI) and recognized globally as one of the most comprehensive and widely available project management methodologies.

PMBOK® is an internationally recognized standard (IEEE STD 1490-2003) and provides the fundamentals of project management applicable to a wide range of projects within the information technology sector as well as other sectors such as construction, engineering and automotive. PMBOK® has five basic processes and nine knowledge areas (Figure 3) that are specifically designed to ensure effective management of the changes which a project will introduce into the organization.

IT Service Management Forum (itSMF) has adopted ITIL® (the IT Infrastructure Library) as the most widely and globally accepted methodology to IT service management. ITIL® provides a cohesive set of best practices, drawn from the public and private sectors internationally. The twelve ITIL® processes (Figure 4) are designed to provide enterprises with a comprehensive qualifications scheme, accredited training organizations, and implementation and assessment tools. Specifically ITIL® Manage Change process (Figure 5) provides the best practice framework for the organization to manage change through a set of standard processes, roles and metrics.

No investment in technology and process can ever yield the expected return without the investment in people. John P. Kotter Eight Steps to Transform Your Organization (Figure 6) focused on the leadership principles for managing change and addresses the human element.

 

Figure 1: CobiT 4.0 - CobiT 34 Control Objectives

Figure 1: CobiT 4.0 - CobiT 34 Control Objectives

 

Figure 2: CobiT 4.0 Manage Change

Figure 2: CobiT 4.0 Manage Change

 

Figure 3: PMBOK®

Figure 3: PMBOK®

 

Figure 4: ITIL®

Figure 4: ITIL®

 

Figure 5: ITIL® Change Management

Figure 5: ITIL® Change Management

 

Figure 6: Kotter Change Management

Figure 6: Kotter Change Management

1. Establish a Sense of Urgency

  • Examine market and competitive realities
  • Identify and discuss crises, potential crises, or major opportunities

2. Form a Powerful Guiding Coalition

  • Assemble a group with enough power to lead the change effort
  • Encourage the group to work as a team

3. Create a Vision

  • Create a vision to help direct the change effort to Transform
  • Develop strategies for achieving that vision

4. Communicate the Vision

  • Use every vehicle possible to communicate the new vision and strategies Organization
  • Teach new behaviors by the example of the guiding coalition

5. Empower Others to Act on the Vision

  • Get rid of obstacles to change
  • Change systems or structures that seriously undermine the vision
  • Encourage risk taking and nontraditional ideas, activities, and actions

6. Plan for and Create Short-Term Wins

  • Plan for visible performance improvements
  • Create those improvements
  • Recognize and reward employees involved in the improvements

7. Consolidate Improvements and Produce Still More Change

  • Use increased credibility to change systems, structures, and policies that don't fit the vision
  • Hire, promote, and develop employees who can implement the vision
  • Reinvigorate the process with new projects, themes, and change agents

8. Institutionalize New Approaches

  • Articulate the connections between the new behaviors and organizational success
  • Develop the means to ensure leadership development and succession

 

The Manta Group Approach

No two customers have identical challenges and implementation of any generic model of best practices can quickly turn into an empty promise. Specifically, the challenge with industry best practices for change management lies in the degree of adoption and adaptation of CobiT, PMBOK®, ITIL® and Kotter. With this challenge in mind, The Manta Group developed the RAPID Approach (Figure 7) to transforms “a generic best practices” into “a specific right practice” to effectively address the unique characteristics of our customers. RAPID stands for Robust Vision (Figure 8), Assessment (Figure 9), Plan & Promote Change (Figure 10), Implement Change (Figure 11), and Diligent Evaluation (Figure 12).

RAPID enables rapid adoption of best practices for enterprise change management:

  1. To maximize on the power of Governance for enterprise change management processes, the Manta Group CobiT Assessment tool (Figure 13) provides the know-how to assess both the implications and maturity of 34 CobiT control objectives and supporting 215 detailed objectives. The tool enables organizations to assess both their current capabilities and as well the desired state for enterprise change management while considering all aspects of IT through workshops.
  2. One of the major instigators of change is projects. PMBOK® is the known industry standard for management of projects while ITIL® Change Management process is the IT defacto standard for all aspects of IT change management including projects. Manta Group’s pragmatic approach towards implementation of PMBOK® and ITIL® is designed to optimize change management processes for high performance organizations.
  3. Leadership principles for change management are fundamental elements of enterprise change management models. The Manta Group use of Kotter Change Management principles provides the organization with the opportunity to assess the human side of change and ensure that it is set for success.

 

Figure 7: The Manta Group Approach

Figure 7: The Manta Group Approach Figure 8: RAPID Robust Vision

 

Figure 8: RAPID Robust Vision

Within the Robust Vision, the Manta Group transformation experts assist the organization to outline the characteristics of the desired working environment needed to effectively meet business demands.
1. Create an IT vision/mission statement backed with principles and policies that reflect the current and future business priorities and demands through the engagement of business users. 3. Validate the vision/mission statement, principle and
policies through vetting sessions with stakeholders and determine short term priorities versus long term priorities.
2. Verify the horizon of the vision/mission statement,
principle and policies through best practices and
industry standards. 		4. Communicate the validated vision/mission statement, principle and policies to stakeholders and establish consensus for the desired future state.

 

Figure 9: RAPID Assessment

Assessment is designed to provide a comprehensive assessment of services and solutions offered today across both the capital and operating budgets.

1. Assess People, Process and Technology and specifically answer the following questions:

  • What services are currently provided?
  • What technologies are used to deliver the services?
  • What processes/standards are used to deliver the services?
  • Who delivers IT services and what are the skill/competency requirements at individual and team levels to meet job requirements?
  • How much do the services cost (i.e. budget vs. actual) and how much should it cost as per industry benchmarks and standards?
  • What is the IT strategy for service delivery, technology adoption/renewal, process/standard adherence, skill/competency renewal, cost containment?

3. Assess the current organization capabilities and constraints and answer the following questions:

  • What is the size and organization structure?
  • What is the mandate and responsibility of individuals and teams?
  • What performance indicators and objectives are in place at individual and team level?
  • What are the skills and competencies at individual/team levels?
  • What is the exposure of tacit knowledge and reliance on scarce expertise?
  • What is the morale of the organization and are there any specific employee surveys that can be used to ascertain employee morale?

2. Assess the demand for IT services and specifically answer the following questions:

  • Who uses IT services and what is the benefit to them?
  • What is the perception of users for IT services?
  • What processes/metrics are in place to measure and improve user perceptions?
  • What processes are in place to measure the effectiveness and efficiency of IT services and determine its value to business?
  • What processes are in place to ensure that investment in IT (capex and opex expenditure) is meeting current and future business demands?

4. Use the assessment information in step 1 to 3 to build a SWOT model based on facts to determine:

  • IT strengths – areas where IT performance is meeting or exceeding expectations
  • IT opportunities – areas where IT performance can be significantly improved with limited risk
  • IT weaknesses – areas where IT performance is found to fall short of expectations and requires major overhaul by IT
  • IT threats – areas where IT performance is found to be a source of liability and require significant changes that could or could not be within IT control. The Manta Group Risk Analysis Framework (figure 8) provides a detailed approach to assess IT risks

 

Figure 10: RAPID Plan & Promote Change

Plan and Promote Change specifies distinct actions/projects that the organization needs to undertake in order to mitigate the gaps between today’s working environment and future state. A key component of Plan and Promote is the communication of changes and their impact to stakeholders in an inclusive and proactive manner enabling an environment of stakeholder engagement.

1. Determine the delta initiatives between what is delivered (as-is) and what is expected (to-be) and specifically answer the following questions:

  • What are the specific gap characteristics of value/benefit?
  • What is the total cost of ownership for improved services including cost to business for changes introduced by the technology?
  • What services could be simplified and realigned?
  • What services levels are in place vs. what services levels should be in place?
  • What is the level of user-communication in terms of content, frequency, effectiveness?
  • What are the leadership and organization requirements for bridging the gap?

2. Assess the delta initiatives against the current organization capabilities & constraints to determine leadership and organization requirements and as well the scope, impact, cost and benefits changes required at technology, process and skill level for IT and business users.

3. Develop the business case for required IT and business changes and define specific projects to design new processes and new organizational changes that will reduce risk and increase rewards of implementing new technologies.

4. Identify and define new roles and accountabilities for new processes and new technologies.

5. Determine key goal indicators, key performance indicators and incentives for the roles and responsibilities needed to execute the changes.

6. Validate delta initiatives based on their business case, project scope, organization changes, business processes changes and leadership requirements.

7. Determine key goal/performance and incentives for the leadership structure and business users.

8. Develop plans to implement change initiative with the following considerations:

  • Ensure business “buy-in” regarding their new roles and accountabilities to IT
  • Determine training requirements
  • Identify key stakeholder groups and establish the leadership structure
  • Define messages for each stakeholder group
  • Determine the resistance and involve them where possible
  • Determine the vehicle for delivering the messages
  • Establish feedback mechanisms to determine how the messages are being received
  • Analyze the sources of threats and vulnerabilities affecting the performance of IT by utilizing The Manta Group Risk Analysis Framework

 

Figure 11: RAPID Implement Change

Implement Change includes the execution of detailed plans with emphasis on quick wins to create and sustain the momentum.

1. Develop implementation plan

2. Establish implementation team

3. Execute the plan including training and communication

4. Baseline metrics

5. Roll-out new processes

6. Track metrics over time

7. Establish actions for outlined risk by using The Manta Group Risk Analysis Framework

8. Report on performance and vulnerabilities affecting the performance of IT by utilizing The Manta Group Risk Analysis Framework

 

Figure 12: RAPID Diligent Evaluation

Diligent Evaluation provides the mechanism for the organization to review the output of the implementation phase and apply the learning D within the RAPID solution framework in a cyclical manner.

1. Analyze metrics for positive/negative trends

2. Compare actual to target metrics

3. Identify areas of deficiency

4. Determine priorities for improvement

5. Submit process improvement plans for approval

6. Establish a continuous improvement process

 

Figure 13: CobiT Assessment Tool
The Manta Group CobiT Assessment Tool

Figure 13: CobiT Assessment Tool

 

The Manta Group Enterprise Risk Management Model for Change (ERMM)©

The goal of Manta Group Enterprise Risk Management Model for Change (ERMM©) is to provide organizations with the fundamental constructs to proactively manage the implications of any change independent of size, nature and origin. Organizations that adopt ERMM© are able to adapt and adopt change management best practices such as ITIL® to meet the demands of their specific IT and Business environments. This is primarily due to the insight an organization can gain about its own risk tolerance through ERMM©. Every change inherently brings about an element of risk that often is not on the organization radar until after the fact. ERMM© provides organizations with an enterprise-centric model to assess the risk of any change, based on organization’s unique priorities, demands and challenges.

ERMM© is comprised of two-tier assessment so that an organization can establish a set of standard indicators to measure the risk of any change from both IT and Business perspectives:

  • The macro level risk assessment model enables an organization to leverage its historical experience for both IT and Business risks while taking into consideration that change will fall into different categories unique to the organization. Figure 14 provides an example of IT and Business risks for a set of change categories with a specific score assignment. The score assignment is a simple tool to aid the organization to leverage their experience level to differentiate and validate the risk statement. The power of macro level risk assessment resides in its intent to capture the organization experience from both IT and Business perspectives in a standardized manner. The macro level risk assessment targets the risks inherent in any change. Such risks are the by-product of IT and Business environments and impact success of any change.
  • The micro level risk assessment model (Figure 15) is designed to provide a detailed analytical approach for assessing the residual implications of change from both the Business and IT perspectives. Similar to macro level risk assessment, the score assignment differentiates and validates the stated risk statement. The macro level risk assessment enables the organization to build various models of risk assessment to specifically address the unique and divergent needs of federated organizations. This is important where various Business and IT units within a federated model carry the accountability for change management processes as it pertains to their specific mandate. The macro level risk assessment provides for a standardized system of risk assessment while accommodating the inherent need for independence that various Business and IT units must have in order to successfully operate within a federated environment.
  • The combination of macro and micro level assessment is then used to ascertain the risk of any change in terms of impact, likelihood and exposure (Figure 16). The score assignment established at the macro and micro level assessment is used to determine impact, likelihood and exposure for any change based on the set of standardized macro and micro level risk statements. Figure 17 outlines four examples where the risk of each change is assessed for both Business and IT in a standardized manner.

 

Figure 14: Macro Level Risk Assessment

Figure 14: Macro Level Risk Assessment

 

Figure 15: Micro Level Risk Assessment

Figure 15: Micro Level Risk Assessment

 

Figure 16: Risk Assessment Model
In terms of Impact, Likelihood and Exposure - ERMM©

Figure 16: Risk Assessment Model

 

Figure 17: Risk Assessment Results
For Business and IT Risks - ERMM©

Figure 17: Risk Assessment Results

 

Summary

Success of any organization within the public or private sector across the domestic or global economy is directly correlated with the organization’s ability to thrive on change. An enterprise change management framework that enables an organization to manage change effectively becomes a source of differentiating advantage. Change by its nature represents risk and organizations can no longer afford to manage risks of a change through ad hoc approaches with reliance on individual judgment to manage the enterprise risk. To manage the risk of change, organizations need to embrace:

  • Industry best practices for change management that suit their needs best and ensure that governance of change management processes remains intact and the fundamental foundation for success
  • The concept of enterprise risk management and a system of risk assessment that eliminates dependency on individuals' tolerance for risk.

Enterprise change management is a vast topic and as such organizations need to apply prudent business acumen to ensure that investment in a enterprise change management framework yields the expected benefits. The concept of an enterprise risk management model provides organizations with the business insight needed to implement the "right" set of change management processes to support organization risk tolerance. Enterprise risk management model for change management is the foundation of enterprise change management and a source of significant differentiating advantage.