ITIL, the IT Infrastructure Library, entered the North American consciousness just in time to help shift the focus from putting technology first to putting business first. It's a change that amounts to a seismic jolt to the culture of insurance company IT departments.The 30-odd volumes of ITIL, which are slated for an update next month, provide a common language for IT staffs and a framework for honing IT processes. For most insurers on these shores, the idea of ITIL gained significant momentum in 2004 and reached critical mass in 2005, IT people say.
Suddenly, external auditors expect answers to ITIL-related questions. Almost overnight, demand has swelled for consultants who tutor IT staff members for ITIL certification exams. For the first time, IT managers scan the resumes of prospective employees for ITIL credentials. ITIL has even entered the university curriculum.
On the other side of the Atlantic, however, ITIL seems anything but new. A government agency in the United Kingdom published the first version of ITIL in the '80s, basing at least some of the best practices on a set of books from IBM. Apparently, UK bureaucrats had tired of substandard work from contractors and were ready to dispense advice.
Their brainchild is sometimes misunderstood as an instruction manual for running an IT department, users say. The truths of ITIL work only when massaged to fit a particular company, according to the insurance IT people farthest along on their IT journeys.
"You have to fit it into your world and make it work for you," says Andy Abramczyk, manager of IT information services for Erie Insurance Group, Erie, Pa. His company began using ITIL in 2002.
Companies usually begin their ITIL initiative by calling in pros to teach classes. After completing a course, employees take exams for certification at the foundation, practitioner or master levels.
Once ITIL has been in place for a while, IT managers can rate progress on a scale of one to five. For many, Level 3 seems appropriate, because Levels 4 and 5 can cost too much to achieve.
A NEW IMMIGRANT
One of the most dramatic effects of ITIL has been its capacity to help IT departments shift their thinking.
Until recently, bands of IT techies came up with innovations and then tried to apply their handiwork to the company's needs. Now, those same teams strive to understand what the business side of the company needs and only then endeavor to figure out how technology can help accomplish it.
"We're all about services-not servers," says Pete Corrigan, assistant vice president of infrastructure services/data centers at Allstate Insurance Co., Northbrook, Ill. The service movement got under way there in 2003, just as ITIL was becoming a buzzword at the company, he says.
At State Farm Insurance, Bloomington, Ill., IT people began adopting ITIL-like best practices in the late '90s and launched their first official ITIL project in 2001, according to Sue Jensson, who serves there as component director with responsibility for service management. As with Allstate, State Farm IT people want to turn their attention to business.
"The thing that we're focused on is to enable that alignment to the business through our architecture efforts," says Jensson.
At Citizens Property Insurance Corp., which has headquarters in Tallahassee, Fla., ITIL became a factor in mid-2005. ITIL soon helped Citizens become yet another place where the IT focus changing from technology to business, says Robert Sellers, director of technology and infrastructure.
"The executive management team have said technology isn't the answer-it's the business requirements that will drive what we do-not the other way around," says Sellers. "That has been a significant change in the last few months. It's a culture shift."
COMMON LANGUAGE
ITIL also reshapes IT culture by improving communications, says Dave St. Clair, Allstate director of availability management. "It's really given us a common language," he says.
St. Clair's colleague Corrigan agrees, explaining that words and phrases like "incident," "problem management" and "service level management" now mean the same thing to everyone in the organization.
Finding a common language has become a theme with just about everybody involved in ITIL, notes Craig Weber, senior analyst in the insurance practice at Boston-based Celent, LLC, yet the forces that bring companies to ITIL vary.
Allstate, for example, viewed ITIL as a subset of the strategy that called for running IT as a service delivery organization, says Corrigan.
For State Farm, ITIL represented a path to renewed rigor in IT administration, says Jensson. "We had a very disciplined structure in our old main frame-only days and we wanted it back," she says.
Citizens, which was created by the state of Florida as a property insurer of last resort, needed help in handling runaway growth, says Curt Overpeck, senior vice president of information technology. Two straight horrific hurricane seasons had caused the company to expand from 350,000 policies in force to 1.3 million.
To help handle that expansion, the company was bringing in "a significant amount of technology rapidly," says Overpeck's colleague Sellers. Citizens turned to ITIL to fill a need for "processes and procedures for those implementations."
Overpeck also was reacting to inquisitive auditors who were backed by increasingly stringent regulation. "Once you realize that the audit community seems to be embracing these standards as a measure of control, efficiency and governance," he says. "That causes you to take note."
Perhaps that reaction to regulation became the common factor among companies making the decision to wade into ITIL.
"We use it extensively for the Sarbanes audits that we get hit with every year," says Erie's Abramczyk. "We're able to easily respond to any questions or any potential issues. It's all because we have these things implemented."
Sellers of Citizens put it this way: "Finance and IT are so closely tied together that it became critical to have a way to prove we were, in fact, in compliance."
USING ITIL
Whatever the reason for taking up ITIL, companies invariably introduce the best practices a piece at time, usually beginning with what nearly everybody refers to as "long hanging fruit."
By first tackling the areas of IT where success will probably come most quickly, a department can score a victory that helps win support throughout the organization.
Erie, for example, began with incident management and moved on to change management, says Abramczyk. After building a solid process in the operations group, it was moved out to all of IT in that area, he says, adding that "two of the next processes we want to look into are service level management and capacity."
State Farm started with change, incident and problem processes, says Jensson.
Citizens began with change management, says Sellers. "That was an area where we needed some discipline and some rigor," he says. Subsequently, the company has begun moving into other areas.
Biting off a piece at a time works best at first, says Allstate's St. Clair, but eventually it's essential to begin connecting the different areas.
"Every single process improves another process or makes another one worse," says St. Clair. "The better you conduct incident management and capture data, the better you'll do problem management."
Sometimes, ITIL brings quantifiable results. At Erie, for example, ITIL helped propel the first-contact resolution rate from the industry standard of about 85% to a new level of 95%, Abramczyk says.
Often, though, companies see and feel the results of ITIL but can't apply numbers. If the IT department is reducing the number of errors, for example, help desk call volume may not decrease, says Abramczyk. The difference is that the calls concern normal functions, not problems.
Although he did not provide numbers, Corrigan says ITIL has helped Allstate reduce the mean time to repair, while helping IT post some of the highest availability numbers ever.
'MATURITY' RATINGS
In the quest for quantification, IT people can turn to self-assessment that yields a "maturity" rating of one to five.
"We do regular assessments-once or twice a year-and we allow that to dictate strategy going forward," says Allstate's St. Clair.
He says that at Level 2 processes have been documented well enough that they are repeatable but still rely on the knowledge and intuition of key employees. At Level 3, the work is well-defined.
Sellers of Citizens says he thinks of Level 1 as chaos and Level 2 as reactive. "Frankly, you want to get above Level 2 to have some piece of mind," he says. He describes Level 2 as an "adrenaline rush" of new business or technology issues. In Level 3 work is carried out according to plan. "If you can get there, a little sanity comes in," he says.
ITIL and the maturity rating system have helped Allstate IT work better with internal auditors, says St. Clair. "The big thing we wanted to do with our auditors was move away from interpretation and really have them evaluate us on execution," he notes.
IT people also stress the importance of developing homegrown assessments. "We have constantly tried to balance the internal validations with the external validations," says St. Clair.
To assess the ITIL work, St. Clair relies upon a key question: "So what?" What good comes of a database if no one has a use for it, he asks rhetorically. He challenges colleagues to "show the value of what you're doing."
State Farm works to determine cost and return on investment, "while also applying the in-house criteria of right service, right cost, right time and right quality," says Jensson.
No matter how good the internal and external assessments, the time needed to usher in ITIL can vary, says Erie's Abramczyk. "The nice thing about ITIL is you can wrap what you already have around it and then work your systems to the processes you create," he notes. "It wasn't much more than a year to a year and a half before we started seeing some good things."
Citizens took the "better part of six months to get processes identified, written, documented, distributed and deployed to the point where people were following it," says Sellers.
"The first project ran for 21 months," says State Farm's Jensson. "The project covered changes to process as well as changes to the automating tools. That was really challenging for our user community to absorb because we changed so much on them so fast."
"It's just hard work, and it takes time," concludes Allstate's Corrigan. "You need to be patient."
Patience doesn't require loneliness, however. IT people generally work in teams when they take on ITIL.
"There are six of us - from each part of our IT organization," says Erie's Abramczyk. "That's just the core group. As we move forward and want to make changes to processes, we bring in people closer to the day-to-day and discuss it with them."
"You have got to have a dedicated group that continues to go after it to make sure it stays alive," says St. Clair of Allstate.
Bringing together a team has the added benefit of reducing competition among staffers for resources, St. Clair says. He declines to say how many people serve on such teams but says they share power across all organizations.
Who should IT put on the team? Corrigan suggests drafting people with a strong interest in documentation.
No matter how strong or the adept the team becomes, it remains vital to appoint a single person to take "ownership" of ITIL, the IT people say.
"You really need someone who has a vision and can create that strategy around a long-term implementation," says Corrigan. Allstate succeeded in finding the right person, he says, "and once we did that is when we really gained momentum."
The right "owner" can lead by example, says Overpeck of Citizens. Employees get the message of ITIL's importance when "they see the boss personally spending time on this, making sure it gets implemented right," he says.
OVERCOMING RESISTANCE
Ownership and teams can prove important when employees resist the jarring changes wrought by ITIL, says Abramczyk. "Any time you try to put in some official processes, some people are set in their ways and it's hard to get those people to change."
"There are certain folks who have done it the same way for ten years," notes St. Clair. "They may say, 'Why do I now have to stop and slow down and open up a change record?' Some will drag their feet and say, 'I don't have to do this.'"
According to Allstate's Corrigan: "People like to do what they've always done - When you introduce formalized processes, sometimes they view it as additional work or overhead."
One way to win over employees is to show them why ITIL makes sense. "You need to be able to demonstrate the value of the change and get their enrollment and enlistment," says Corrigan.
Showing them the ITIL process eases the pain of their roles and responsibilities, say State Farm's Jensson.
Managers can begin by making their expectations clear, says Overpeck. "Everyone in the organization needs to understand that it is supported from the top and it's really an expectation," he says.
"It can't be optional," say Allstate's St. Clair.
Education helps win converts, too, and State Farm has had some success with experiential learning, says Jensson. She describes this as simulating the processes in action. "These are tough concepts to read out of a book or see on a PowerPoint presentation," she says.
Another key to success lies in rounding up enough funding, says Allstate's Corrigan. "We eventually came to understand that dedicating the resources was necessary," he says.
Determining how much it all costs can prove slippery. "The cost of the projects and value-add is not a very easy direct answer," notes Jensson.
As processes improve, more work is accomplished and some costs thus could go down, notes Sellers of Citizens. His colleague Overpeck says, "We look upon this as an investment rather than a cost."
Whatever its price, ITIL's third version-slated for publication next month-should add to the canon. "We're looking forward to seeing the rest of that story," says Jensson.
