September 12, 2014 at 17:11About the Benefits of Due Diligence for IT Outsourcing
Decently surprised when faced with the Due Diligence stage in the tender documentation for outsourcing IT services. The surprises in the competitive procedures always cause a certain strain, since they can mean that you have to quickly rebuild the usual service-process design, and this is akin to how the child put together a giant puzzle of small and difficult to distinguish parts. Previously, it always seemed to me that the Due Diligence procedure is used to assess the value of a company before buying it or as part of an “ipiotic” project. In essence, this is an assessment of the reliability and commercial attractiveness of a future transaction. Well, it should have looked like this: smart consultants and analysts come to the company, poke annual reports, check forecasts, assess risks and issue their verdict. We, as an outsourcing partner, went through this procedure, however, not when evaluating a company, but as part of an IT tender. It was rather a technical Due Diligence.
In life, the things that you come across for the first time are most remembered: therefore, probably, the impressions of childhood are the most vivid. So it was with Due Diligence: I came across this procedure for the first time, got memorable impressions and now, if the interlocutor is not averse, I can exchange experience with him ...
What would I do when evaluating the reliability of a service company, the quality of future service, the commercial attractiveness of a future transaction? I would look at the organization of the processes, receive references for interviews and Q&A sessions, look at the calculations for the resources allocated to the project, formulate requirements for managing the quality of the service, and compress it at a cost. By the way, regarding the cost calculations (or project costs), in the case described by me, Due Diligence, everything was even more interesting. As in a complex questionnaire, when you are asked the same question in different forms: the cost of each type of service, the hourly rate of specialists, the cost of servicing a single object (workstation, server, MFP), the cost of the service for a fixed load and the cost if it is exceeded , possible additional costs in connection with the expansion of the contract in the context of facilities and service lines, compensation payments in case of early termination of the contract for each of the lines, etc., etc. I think it’s not necessary to explain that managing such a calculation model turned out to be daunting, and if you are mistaken in any of the “calculation exercises”, then this immediately affects the result and the reliability of the whole calculation.
How does the auditor evaluate the level of maturity of service processes:
In a word, a sea of questions with limited time for preparing answers, like in a blitz tournament ... Another interesting question from the auditor: how is it planned to measure the quality of services since the start of the project, during the transition period. The set of ordinary direct meters - service availability, response time and resolution time, implementation of backup policies and recovery checks - was expanded due to the schedule for providing an extended reporting option, meeting the deadlines for the development of a number of specific operational documents, criteria and deadlines for the implementation of the Transition Plan, deadlines and the quality of the total inventory, the pace of acquisition of the operational team, etc.
To answer such a list of questions, you have to sweat ... Something, of course, is used in everyday life, some things need to be finalized before an external show, and some sections have to be thought over for a long time ... I will give an example. The future customer was ready to stimulate our work to improve the quality of service: within the agreed SLA implementation range, he wanted to see a constant trend towards improving SLA performance and conditionally “pay extra” for this work. It turns out that it was necessary not only to declare the struggle for quality, but quite seriously, on a regular basis, to carry out work on the redistribution of load, changes in the organization of processes and measurable improvement in quality.
The resource-cost model used by us should, inter alia, take into account the service optimization process: the gradual transfer of the load on incoming service requests to the first line of the Service Desk and self-service portal; well, the classic reduction in the cost of maintenance (or cost) due to the acceleration of processes, the accumulation of knowledge about the serviced system, and, as a result, the reduction in the size of the servicing team.
Question to us: how do you plan to take an inventory on time? It is clear that in capable hands there are always software and hardware scanners that allow you to collect and save the required sets of attributes. But, in addition to the usual configuration parameters of IT assets, something else was required of us. Namely: add additional features to the inventory (being owned, leased or used under license), indicate the organization that is financially responsible for this asset. All this had to be done in terms of business units.
It was necessary to carry out a policy of reducing operational risks step by step: access control (life is simpler when it comes to the availability of a configuration unit, but in truth, everyone is interested in the availability of a service level), control over capacity utilization, ensuring the continuity of services and information security measures . According to practical steps, it was necessary to deploy and configure: monitoring, reservation of critical resources, planning for additional capacities, behavior plans for threats (accidents) and a set of protection tools (IS).
It became clear that it was necessary to create a single conceptual field for both sides. In difficult cases of 100% mapping of the service to the requirements, it is not always possible to achieve, and then the question arises of the Service Catalog, when the parties at the stages of the negotiation process can compose a cost-balanced service delivery matrix. In particular, we were faced with the fact that we had to distribute and group resource costs in the form of blocks: Infrastructure Management, Service Delivery Management, Service Support Management and Asset Management.
Another linguistic nuance: the system for registering calls and internal quotas for reaction / execution time is configured to work with three levels of urgency for incoming calls - “Very urgent”, “Urgent” and “Not critical”. And the client would like to expand the processing rules at the expense of another fourth class of urgency, and also take into account a 4-level matrix with indicators of the degree of impact of incidents on the system.
We declare: “we are setting up a“ health model ”for configuration items and services. The Relationships model used, built on the basis of CMDB data, allows you to track the impact on the business services of planned changes or incidents. ”Looks great. But what can happen? We are trying to formulate one of the conditions for fulfilling the SLA: “The maximum speed of receipt of web-requests is at least ....”. In practice, it turns out that it was necessary to agree on the percentage of requests with a processing time of less than 1 second. and separately stipulate the condition with on / off at the time of measurement of this processing indicator. It seems that all the words are familiar, but the general vocabulary is built gradually.
Move on. The future customer asks for a document of the Operational Objectives level, which will explain the definition of the basic service concepts (Service BaseLine) and then become part of the Service Level Agreement. In particular, this is a convenient moment to determine what there is basic monitoring (to present “health models”), and, as an option, to describe what actions are taken by the 1st or 2nd support lines in case of certain events from the monitoring system, How does the escalation process go? Here are questions: what experience does the Service Manager have, what level of detail is the Service Improvement Plan preparing.
Actually, returning to the title: what was the benefit to us all the same? First of all, with the help of an external impartial glance, you can notice blurry contours on your usual service “landscapes” and rush to correct them. I would take the above approach to Outsource best practice, since we got a slice of the assessment of our readiness for a slightly different model of service delivery, and the bar of given requirements clearly indicated the professional advancement of the people who prepared them. As another reason, I can add that I had to think about introducing customizable modeling tools and managing my own costs, because it is problematic to “push around” in a price competition without such a model.
PS In the end, Due Diligence was mutual, and the “holes” in the processes were visible not only with us, but also with the second side ....
In life, the things that you come across for the first time are most remembered: therefore, probably, the impressions of childhood are the most vivid. So it was with Due Diligence: I came across this procedure for the first time, got memorable impressions and now, if the interlocutor is not averse, I can exchange experience with him ...
What would I do when evaluating the reliability of a service company, the quality of future service, the commercial attractiveness of a future transaction? I would look at the organization of the processes, receive references for interviews and Q&A sessions, look at the calculations for the resources allocated to the project, formulate requirements for managing the quality of the service, and compress it at a cost. By the way, regarding the cost calculations (or project costs), in the case described by me, Due Diligence, everything was even more interesting. As in a complex questionnaire, when you are asked the same question in different forms: the cost of each type of service, the hourly rate of specialists, the cost of servicing a single object (workstation, server, MFP), the cost of the service for a fixed load and the cost if it is exceeded , possible additional costs in connection with the expansion of the contract in the context of facilities and service lines, compensation payments in case of early termination of the contract for each of the lines, etc., etc. I think it’s not necessary to explain that managing such a calculation model turned out to be daunting, and if you are mistaken in any of the “calculation exercises”, then this immediately affects the result and the reliability of the whole calculation.
How does the auditor evaluate the level of maturity of service processes:
- He looks in the calculation tables and makes a preliminary conclusion, according to which of the models - resource or resource-service - the contractor builds the service processes.
- He asks to demonstrate the TASK templates in the Trouble Tickets system: what tags are used in them.
- Clarifies how requests are routed between different directions and providers; Which consoles does the support service use for operations? how response time and query resolution time are quoted.
- He asks what the disaster recovery plan looks like.
- Requests to show reporting on KPI for the 1st and 2nd support lines, etc.
In a word, a sea of questions with limited time for preparing answers, like in a blitz tournament ... Another interesting question from the auditor: how is it planned to measure the quality of services since the start of the project, during the transition period. The set of ordinary direct meters - service availability, response time and resolution time, implementation of backup policies and recovery checks - was expanded due to the schedule for providing an extended reporting option, meeting the deadlines for the development of a number of specific operational documents, criteria and deadlines for the implementation of the Transition Plan, deadlines and the quality of the total inventory, the pace of acquisition of the operational team, etc.
To answer such a list of questions, you have to sweat ... Something, of course, is used in everyday life, some things need to be finalized before an external show, and some sections have to be thought over for a long time ... I will give an example. The future customer was ready to stimulate our work to improve the quality of service: within the agreed SLA implementation range, he wanted to see a constant trend towards improving SLA performance and conditionally “pay extra” for this work. It turns out that it was necessary not only to declare the struggle for quality, but quite seriously, on a regular basis, to carry out work on the redistribution of load, changes in the organization of processes and measurable improvement in quality.
The resource-cost model used by us should, inter alia, take into account the service optimization process: the gradual transfer of the load on incoming service requests to the first line of the Service Desk and self-service portal; well, the classic reduction in the cost of maintenance (or cost) due to the acceleration of processes, the accumulation of knowledge about the serviced system, and, as a result, the reduction in the size of the servicing team.
Question to us: how do you plan to take an inventory on time? It is clear that in capable hands there are always software and hardware scanners that allow you to collect and save the required sets of attributes. But, in addition to the usual configuration parameters of IT assets, something else was required of us. Namely: add additional features to the inventory (being owned, leased or used under license), indicate the organization that is financially responsible for this asset. All this had to be done in terms of business units.
It was necessary to carry out a policy of reducing operational risks step by step: access control (life is simpler when it comes to the availability of a configuration unit, but in truth, everyone is interested in the availability of a service level), control over capacity utilization, ensuring the continuity of services and information security measures . According to practical steps, it was necessary to deploy and configure: monitoring, reservation of critical resources, planning for additional capacities, behavior plans for threats (accidents) and a set of protection tools (IS).
It became clear that it was necessary to create a single conceptual field for both sides. In difficult cases of 100% mapping of the service to the requirements, it is not always possible to achieve, and then the question arises of the Service Catalog, when the parties at the stages of the negotiation process can compose a cost-balanced service delivery matrix. In particular, we were faced with the fact that we had to distribute and group resource costs in the form of blocks: Infrastructure Management, Service Delivery Management, Service Support Management and Asset Management.
Another linguistic nuance: the system for registering calls and internal quotas for reaction / execution time is configured to work with three levels of urgency for incoming calls - “Very urgent”, “Urgent” and “Not critical”. And the client would like to expand the processing rules at the expense of another fourth class of urgency, and also take into account a 4-level matrix with indicators of the degree of impact of incidents on the system.
We declare: “we are setting up a“ health model ”for configuration items and services. The Relationships model used, built on the basis of CMDB data, allows you to track the impact on the business services of planned changes or incidents. ”Looks great. But what can happen? We are trying to formulate one of the conditions for fulfilling the SLA: “The maximum speed of receipt of web-requests is at least ....”. In practice, it turns out that it was necessary to agree on the percentage of requests with a processing time of less than 1 second. and separately stipulate the condition with on / off at the time of measurement of this processing indicator. It seems that all the words are familiar, but the general vocabulary is built gradually.
Move on. The future customer asks for a document of the Operational Objectives level, which will explain the definition of the basic service concepts (Service BaseLine) and then become part of the Service Level Agreement. In particular, this is a convenient moment to determine what there is basic monitoring (to present “health models”), and, as an option, to describe what actions are taken by the 1st or 2nd support lines in case of certain events from the monitoring system, How does the escalation process go? Here are questions: what experience does the Service Manager have, what level of detail is the Service Improvement Plan preparing.
Actually, returning to the title: what was the benefit to us all the same? First of all, with the help of an external impartial glance, you can notice blurry contours on your usual service “landscapes” and rush to correct them. I would take the above approach to Outsource best practice, since we got a slice of the assessment of our readiness for a slightly different model of service delivery, and the bar of given requirements clearly indicated the professional advancement of the people who prepared them. As another reason, I can add that I had to think about introducing customizable modeling tools and managing my own costs, because it is problematic to “push around” in a price competition without such a model.
PS In the end, Due Diligence was mutual, and the “holes” in the processes were visible not only with us, but also with the second side ....