Chapter 12: General management practices – ITIL® 4 Essentials: Your essential guide for the ITIL 4 Foundation exam and beyond, second edition


In today’s climate of digital transformation, the lines between what is an ‘IT’ practice or process and what is a ‘business’ practice or process are blurred. All areas of the organisation must work together for it to be able to deliver the services its customers want, at an appropriate level of quality and at the right speed. For example, some organisations that have adopted Agile software development methods now find that they are struggling to deliver value because their procurement or budgetary practices do not align with an iterative and incremental way of working.

As part of this transformation, IT ways of working are also extending into business departments (often referred to as enterprise service management (ESM)) and IT is adopting good practices from the business. An example of this is the widespread adoption of Agile ways of working outside of software development teams, and the use of service management tools to track and update personnel information.

The ITIL general management practices are examples of domains that have both an IT and a wider business relevance. For example, supplier management has relevance for both IT and non-IT suppliers. Where the IT department has developed effective ways of working, these should be shared with the rest of the organisation. Where the rest of the organisation has developed effective ways of working, IT teams should seek to adopt them.

Continual improvement

The ITIL 4 Foundation syllabus requires in-depth study of continual improvement; other practices only require familiarity with the practice purpose and some key definitions. Some practices are entirely excluded from the ITIL Foundation syllabus. Watch out for the symbols in each practice section if you’re preparing for your ITIL 4 Foundation exam.

Denotes syllabus-related content.

“The purpose of the continual improvement practice is to align the organization’s practices and services with changing business needs through the ongoing improvement of products, services and practices, or any element involved in the management of products and services.”

Continual improvement records improvement opportunities in the continual improvement register (CIR). This can be a written document, spreadsheet or database. It allows improvement ideas to be logged, prioritised, tracked and managed. Some ideas are never implemented because of cost or timing issues. Each idea is:




Implemented if appropriate


Continual improvement needs to happen at all levels of the organisation:

Leaders must embed continual improvement and create a culture that allows it to thrive.

The continual improvement practice will be accountable for continual improvement and will promote it across the organisation.

All staff will participate in continual improvement; it must be seen as part of everyone’s role.

Suppliers and partners should also contribute to improvement initiatives; this is often included in their contracts, which describe how improvements are reported and measured.

Continual improvement activities include:

Encouraging continual improvement across the organisation;

Securing time and budget for continual improvement;

Identifying and logging improvement opportunities;

Assessing and prioritising improvement opportunities;

Making business cases for improvement action;

Planning and implementing improvements;

Measuring and evaluating improvement results; and

Coordinating improvement activities across the organisation.

There are many different methods and techniques that continual improvement can use. It’s important to select the right technique for the right situation, rather than trying to use them all at once. Methods and techniques include:


Multi-phase project

Maturity assessments


Balanced scorecard

Incremental or Agile improvements

Quick wins

SWOT analysis (strengths, weaknesses, opportunities and threats)

The continual improvement model

Figure 11 shows the continual improvement model:

Figure 11: The continual improvement model11

The continual improvement model provides a high-level guide for improvement initiatives. It allows organisations to focus on customer value and link back to their vision. Following the steps in the model allows work to be divided into manageable sections, so small goals are achieved and momentum is maintained. Improvement is not a one-off activity – as one improvement initiative completes, another begins.

Practice considerations

What needs to be fixed or improved in an organisation can be a very subjective matter. Everyone will have a different opinion about what’s wrong and what needs to be fixed first, based on the services they use and their own experience and world view.

Service provider organisations are as blameworthy as customers and users in this area. They make assumptions about what needs to be fixed and what’s important to their consumers, without having all the information they need.

Following an approach like the continual improvement model provides structure for improvement activities. The first time you follow the model, it can feel laborious, manual and frustrating, but it should get you to the desired result. The next time you follow the model, it will be a bit easier, and it will get easier and easier with each iteration. Eventually, this iterative approach to improvement will become part of your culture and normal ways of working.

There are few feelings worse than standing in front of senior management presenting something based on inaccurate or incomplete data. Use the model to make sure your data stacks up, and test your findings on your peers before you take them to the management team.

Putting continual improvement to work

To make continual improvement work in your organisation, here are some important points to consider.

Continual improvement includes cultural change: the primary mistake made when implementing continual improvement is to allocate staff to roles and think ‘job done’. Continual improvement needs to run through every activity and every role in the organisation. If continual improvement is seen as a team rather than an organisation-wide practice, the team will quickly become a dumping ground for everything hard and problematic.

Continual improvement does not just apply to live services: improvements made during development can be extremely effective. For example, it is widely accepted that making corrections to a service during design is much more cost-effective than fixing a service that has gone live. Continual improvement also applies to all four dimensions of service management, not just to services themselves.

Don’t jump to conclusions: many organisations start by implementing something that they think will lead to improvements. They don’t carefully assess what is wrong or what needs to be done, because they assume that they already know. This is dangerous and can lead to resources being wasted and IT appearing arrogant.

Effective continual improvement relies on a balanced set of measurements: service provider organisations need to measure the emotional, intangible indicators (for example, customers who ‘just aren’t happy’) and the tangible facts (for example, ‘time to complete a transaction’). Both areas are required to get a holistic view of overall service performance.

But… don’t get carried away with the measurements: modern technology allows us to measure every element of a service, producing far more data that we are equipped to handle. Focus on a few, meaningful measurements and expand from there, if you need to. The more mature the service management organisation, the less it tends to measure.

Architecture management

“The purpose of the architecture management practice is to provide an understanding of all the different elements that make up an organization and how those elements interrelate, enabling the organization to effectively achieve its current and future objectives. It provides the principles, standards and tools that enable an organization to manage complex change in a structured and Agile way.”

Architecture management provides visibility and coordination. As Peter Drucker famously said, “you can’t manage what you can’t measure.” We could add: you can’t measure what you can’t visualise. Architecture management as a practice addresses multiple domains:






The architecture types are:

Business architecture: allows the organisation’s capabilities to be compared with its strategy to identify gaps.

Service architecture: provides a view of all services and interactions between services.

Information systems architecture: provides a view of the logical and physical data and information assets of the organisation, including how they are managed and shared.

Technology architecture: defines the software and hardware infrastructure of the organisation.

Environmental architecture: describes external factors affecting the organisation, and environmental controls. This could include a PESTEL analysis.

Practice considerations

Enterprise architecture is often viewed as a complex practice and, in some organisations, is seen as having a purely technical focus. From an ITIL 4 perspective, effective architecture management is essential, as it will underpin many of the decisions made and the activities carried out within the SVS.

When new services are being developed or existing services are being changed, architecture management can help to provide ‘blueprint’ information to support effective decision making. Architecture management input into portfolio decisions can include:

Architectural directives/policies;

Advice on existing architecture, and any opportunities and limitations; and

Information about the impact of changes and possible dependencies.

A good first step with architecture management is to identify what information already exists and where (and, of course, whether it’s up to date!). There may already be defined architecture roles and information that you can access. Next, make sure architecture management is integrated with decision-making processes and is able to provide input at appropriate times. Many benefits can be realised from effective architecture management; for example, having a clear technology roadmap prevents money and time being wasted on inappropriate technical initiatives.

Information security management

“The purpose of the information security management practice is to protect the information needed by the organization to conduct its business. This includes understanding and managing risks to the confidentiality, integrity and availability of information, as well as other aspects of information security such as authentication (ensuring someone is who they claim to be) and non-repudiation (ensuring that someone can’t deny that they took an action).”

An effective information security practice will include:




Risk management


The controls established by an organisation need to balance:

Prevention – making sure that security incidents don’t occur.

Detection – detecting incidents that couldn’t be prevented quickly and reliably.

Correction – recovering from incidents.

The information security management practice must balance protecting the organisation with a pragmatic approach to keeping it secure. If the controls in place are seen as restrictive, staff will actively avoid them, creating a greater risk than might perhaps be posed by slightly looser controls.

Information security management is a practice that spans the entire organisation. Technological controls can be used (for example, two-factor authentication), but people and their behaviour are the most essential area of focus. Many security breaches are behaviour related, and social engineering is often used in security testing and planning exercises. For example, tests might include asking staff to let someone into a building without a key card, because they’ve forgotten a vital document.

Practice considerations

Many service management practices and processes are implemented in silos, and information security management is often no exception. It’s common for someone to be put ‘in charge’ of security and then left to get on with it. Without management support, they may feel like they are being given an impossible task, trying to get other staff to follow the policies and procedures they are implementing.

Management backing is essential for this process. Staff may be resistant to changing their behaviour. It can be hard to achieve cultural change with a bottom-up implementation –top-down direction and support from management is needed. Identifying any relevant legislation and regulations that affect your organisation can be helpful to make the case for information security management; clearly communicate why information is important, along with the consequences of a possible breach.

Considering security at the design stage can be extremely helpful. If a service goes live with security measures built in, there will be less manual work to do later.

A lot of information security management is automated. Access management for services, audit trails, etc. all support effective information security management. We should not, however, rely on automation alone to implement information security management – the biggest danger to any organisation is usually the person sitting at the desk.

Knowledge management

“The purpose of the knowledge management practice is to maintain and improve the effective, efficient and convenient use of information and knowledge across the organization.”

Knowledge is an intangible asset for an organisation. The knowledge management practice will provide a structured approach to:

Defining knowledge

Building knowledge (including capturing knowledge)

Reusing knowledge

Sharing knowledge

Many factors affect the knowledge management practice, including the size and complexity of the organisation. Knowledge management might include paper records and spreadsheets, or complex automated solutions with functionality including search, natural language processing and the ability to ‘rate’ articles.

Knowledge is information presented in context. An effective knowledge management practice ensures that the right person receives the right information, in the right format, at the right level and at the right time.

Practice considerations

Think about your own organisation. If you need to find out how to carry out a task, how much work does that involve? Is knowledge easily accessible? Do you have to ask people, or is it stored in a system or spreadsheet? Consider how much time you and your team spend rediscovering knowledge.

Knowledge management is one of the most nebulous areas of service management. Knowledge exists in so many forms and so many places in an organisation – the idea of bringing it all under control can be difficult to imagine.

Organisations need to think creatively when it comes to knowledge management. How are staff sharing knowledge right now? They might be using systems or services that have previously been thought of as personal, such as social media.

It’s common to find cultural barriers hampering your knowledge management implementation. Some staff members like to hold on to knowledge to make themselves feel valuable, safe and needed. The knowledge management strategy will have to address incentives for staff to share knowledge – it could even be included as part of individual objectives.

Too much knowledge is as damaging as too little. You might have experience of situations where knowledge bases are put in place that quickly fill up with duplicated, incorrect or irrelevant information. Proper knowledge management will prevent the organisation being overwhelmed by content.

Analysing the cost of poor knowledge management can be a good way to build a business case for improvements. For example, many consultancy organisations with which I’ve worked have had poor knowledge management. Each engagement is treated as a new project, with knowledge assets being recreated from scratch. This all consumes billable hours. Creating standard, reusable assets to support consultancy engagements should be a simple idea to sell, but again, you might find politics and knowledge hoarding get in your way.

Measurement and reporting

“The purpose of the measurement and reporting practice is to support good decision-making by decreasing the levels of uncertainty. This is achieved through the collection of relevant data on various managed objects and the valid assessment of this data in an appropriate context. Managed objects include, but are not limited to, products and services, practices and value chain activities, suppliers and partners, and the organization as a whole.”

Most organisations manage a range of metrics from high-level organisational objectives to lower-level, operational and component metrics. Organisational goals and legislative and regulatory requirements will drive the metrics that are implemented, including:



Competitive advantage

Customer retention

Compliance (with legislation and regulations)

Critical success factors (CSFs) and key performance indicators (KPIs) can be agreed and implemented to help assess performance against these organisational goals.

A CSF is “a necessary precondition for the achievement of intended results”. A KPI is “an important metric used to evaluate the success in meeting an objective”.

Goodhart’s law applies to measurement and reporting: “When a measure becomes a target, it ceases to be a good measure.”

Organisations need to continually review the metrics they have in place to make sure they are not driving poor behaviours or creating unintended effects. Linking KPIs to organisational goals and value – and applying KPIs to teams rather than the individual – can help reduce any negative impact.

Most organisations present the data they collect in reports or dashboards. Data should be presented with a purpose in mind: to inform, or to support decision making or prioritisation.

Practice considerations

Measurement and reporting has undergone significant change in the past 5–10 years. Looking back, many organisations were stuck in a monthly reporting cycle, with staff members spending hours producing reports, often including printing and binding them only to find they were glanced at or ignored in management meetings.

Now, reporting tends to be just in time and at a glance. A report that tells you what happened last week will feel out of date, let alone one that looks back over four weeks. Managers and team members want to be able to see what is happening now, and understand how trends are building up over time.

Spend some time assessing the reporting in your organisation:

Are reports shared widely or only circulated to a few people?

Is unnecessary manual reporting taking place?

Are reports being used?

What ad hoc reports are requested?

Using reporting and dashboards to make performance visible can help ensure everyone is ‘on the same page’; this encourages communication and collaboration between teams.

Finally, reflect on this quote from E.M. Goldratt (author of The Goal): “Tell me how you measure me, and I will tell you how I will behave.”

Organisational change management

“The purpose of the organizational change management practice is to ensure that changes in an organization are smoothly and successfully implemented, and that lasting benefits are achieved by managing the human aspects of the changes.”

Change in an organisation will affect people, including:

How they work

How they behave

Their role

Organisational change management (OCM) works to:

Gain acceptance and support for changes;

Remove or reduce resistance to change;

Eliminate or address adverse change impacts;

Provide training and awareness; and

Carry out any other activities to support a successful transition.

OCM will be active throughout the whole of the SVS, whenever change is affecting people. OCM will establish and maintain:

Clear and relevant objectives for the change

Strong and committed leadership

Wiling and prepared participants

Sustained improvement

OCM activities include:

Creating a sense of urgency

Stakeholder management

Sponsor management



Resistance management


Accountability for OCM should not be transferred to an external supplier; someone within the organisation should remain accountable. External experts may be used to support OCM if the skills don’t exist within the organisation.

Practice considerations

There are many tools and techniques that you can use to support change management efforts.

Kotter’s eight-step model is popular:

1.Create a sense of urgency

2.Build a guiding coalition

3.Form a strategic vision and initiatives

4.Enlist a volunteer army

5.Enable action by removing barriers

6.Generate short-term wins

7.Sustain acceleration

8.Institute change

Lewin’s change management model is also frequently used:

Unfreeze the organisation


Refreeze the organisation

OCM thinking is also evolving in the world of digital transformation, and many practitioners are focused on treating OCM as an ongoing state of permanent change, rather than a series of projects. To quote change expert Karen Ferris: “Change is the new black! To survive in today’s reality, adaptive leadership and relentless evolution are vital.”

However, as Antoine de Saint-Exupéry said: “A goal without a plan is just a wish.” All the change techniques in the world won’t help unless you can take people along with you. Consider previous changes in your organisation and whether they have been successful or not. Look at your culture, your structure and how long employees have remained with the organisation. To quote the ITIL principle, “start where you are. Plan for reality and be prepared for possible resistance.”

Portfolio management

“The purpose of the portfolio management practice is to ensure that the organization has the right mix of programmes, projects, products and services to execute the organization’s strategy within its funding and resource constraints.”

Portfolio management includes making the strategic decisions that balance organisational change and business as usual. The practice activities include:

Developing and applying a framework to define and deliver the portfolio of products, services, programmes and projects to support strategies and objectives;

Defining products and services and linking them to agreed outcomes;

Evaluating and prioritising product, service, project and change proposals;

Implementing a strategic investment appraisal and decision-making process for portfolio decisions;

Analysing and tracking investments to identify value;

Monitoring the performance of the portfolio and adjusting it to meet organisational priority changes; and

Reviewing portfolios to assess progress, outcomes, costs, risk, benefits and strategic contribution.

The scope of portfolio management includes:

Product/service portfolio – the complete set of products and services managed by an organisation, both new and planned.

Project portfolio – provides a view of all authorised projects.

Customer portfolio – maintained by the relationship management practices, recording the organisation’s customers.

Practice considerations

Portfolio management relies on accurate information to be successful. If new services are commissioned and the portfolio management is not informed, the service portfolio will be out of date very quickly. The practice needs ongoing resources and care after it is established.

It is important to make sure the practice is involved in the full lifecycle of products and services all the way through to retirement. It’s dangerous to focus solely on new services. Many organisations continue to spend money and time on old services that don’t deliver value and could be retired.

Portfolio management needs to have a clear understanding of strategic objectives. A service that delivers value is a service that meets business objectives. Service value can only be assessed if portfolio management actually understands the business objectives. A poor relationship with the business will be very damaging for this practice.

Project management

“The purpose of the project management practice is to ensure that all projects in the organization are successfully delivered. This is achieved by planning, delegating, monitoring, and maintaining control of all aspects of a project, and keeping the motivation of the people involved.”

A project is “a temporary structure that is created for the purpose of delivering one or more outputs (or products) according to an agreed business case”.

Projects can be used as a vehicle to deliver a significant change to an organisation. They might be standalone, or part of a larger programme or portfolio of changes.

Projects may be delivered using an Agile or a waterfall approach:

Waterfall – works well when requirements are known upfront, and where the definition of work is more valuable than the speed of delivery.

Agile – works well when requirements are uncertain or likely to evolve, and where speed of delivery is prioritised over the definition of precise requirements.

Project management can help organisations balance:

Maintaining current business operations;

Transforming business operations as the market changes; and

Continually improving products and services.

Practice considerations

Traditional project management practices are well documented in the PRINCE2® publications issued by AXELOS. The Project Management Institute (PMI) also offers guidance and support for project managers. Agile project management practices are documented in PRINCE2 Agile (published by AXELOS) and Agile Project Management (published by the Agile Business Consortium).

In my experience, the main reasons that projects fail are:

Unclear objectives/deliverables

Lack of resources

Unmanaged changes to project scope or deadlines (for example, scope creep)

These risk factors will apply to both an Agile and a waterfall environment. The role of the project manager is still essential, and a good project manager can help a project to be successful by maintaining a focus on expectation setting and good communication.

In some organisations, employees feel torn between their business-as-usual (BAU) work and project work. If this is the case for you, seek clarity from your line manager about where your time is best spent.

Relationship management

“The purpose of the relationship management practice is to establish and nurture the links between the organization and its stakeholders at strategic and tactical levels. It includes the identification, analysis, monitoring and continual improvement of relationships with and between stakeholders.”

The relationship management practice will ensure that:

Stakeholders’ needs and motivations are understood, allowing effective prioritisation;

Stakeholder satisfaction is high and there is a constructive relationship between the organisation and stakeholders;

Customer priorities are established and articulated, in alignment with business outcomes;

Products and services facilitate value creation for service consumers and the organisation;

The organisation is facilitating value for all stakeholders; and

Conflicting stakeholder requirements are identified and mediated.

Relationship management needs to include all relevant stakeholders. Many organisations focus on consumers and customers, but suppliers, partners, employees, etc. are all significant.

Practice considerations

Relationship management is often implemented as a quick fix when customer satisfaction is low. To be effective, the practice needs to be involved throughout the SVS. The practice should be proactive and involved early on, not brought in at the end when things go wrong.

If a service provider organisation has a poor relationship with its customers, relationship management might struggle to improve the situation immediately. Patience is required – things will only improve when the customer trusts the service provider organisation and shares information.

Relationship management will only be effective if it is seen as a neutral area. If the customer believes the practice always favours the service provider organisation, or vice versa, it will not be effective. Relationship management staff need to be ethical and responsible. Sometimes they will have to deliver tough messages, but it’s better to tell a hard truth than to mislead either party.

For many organisations, relationship problems develop because the customer can’t explain what they want in IT terms and regard the IT staff as speaking ‘techie speak’. Relationship management can provide a useful translation service.

Applying relationship management to supplier and partner relationships is growing in importance. Once the contract is signed, relationship management can be applied to situations where things need to be slightly different. A good relationship leads to ‘give and take’ on both sides that can avoid costly and lengthy contractual renegotiations.

If you’re interested in relationship management, take a look at the Business Relationship Management Institute website:

For partner and supplier management, read more about service integration and management and the role of the service integrator, starting with the SIAM Body of Knowledge information at:

Risk management

“The purpose of the risk management practice is to ensure that the organization understands and handles risks effectively. Managing risk is essential to ensuring the ongoing sustainability of an organization and creating value for its customers. Risk management is an integral part of all organizational activities and therefore central to an organization’s SVS.”

Risk is often viewed as something negative, but it is also associated with opportunity. Failing to take an opportunity (or being unprepared for it) can also be a risk, which needs to be avoided.

Risk management will create a portfolio of risks, which map to the project, product, customer and service portfolio. Effective service management creates products and services that are opportunities to identify and capture value, rather than risks associated with unfulfilled demand. Risk management needs to balance the cost of addressing a risk against the potential impact of the risk. This will be partly dictated by the organisation’s strategy and culture; an innovative organisation will be more willing to accept the risk of failure if it leads to new products and services.

Effective risk management will:

Identify risks

Assess risks

Treat risks in an appropriate manner

There are some principles that apply specifically to risk management:

Risk is part of the business – not all risks can or need to be avoided.

Risk management must be consistent across the organisation.

Risk management culture and behaviours are important.

Further information on risk management can be found in ISO 31000:2018, which states that the ‘purpose of risk management is the creation and protection of value’.

Practice considerations

As with most of the ITIL practices, there is a strong ‘people’ element in risk management:

If leaders don’t treat risk management as important, the rest of the organisation won’t see it as a priority.

If managers are punished for delivering bad news, they will be reluctant to report risks.

If staff don’t understand the organisation’s risk appetite, they may take unnecessary risks during their work.

Creating a risk log can be a useful exercise to try to understand how the organisation perceives risk and its level of tolerance. You could try this exercise with your team, or with a group of stakeholders with a common interest:

Describe each risk and its potential impact.

Allocate a probability score.

Allocate an impact score.

This will give a risk score based on the ‘impact x probability’ scores.

Describe a possible mitigation plan.

Re-score the risk if the mitigation plan was already in place.

This exercise might raise some risks that surprise you! It is a useful way to see which risks need to be addressed as a priority, and to identify if there are any quick wins you can implement to mitigate them. Make sure each risk also has a unique number, a date when it was raised, an owner and a status.

Service financial management

“The purpose of the service financial management practice is to support the organization’s strategies and plans for service management by ensuring that the organization’s financial resources and investments are being used effectively.”

Service financial management supports decision making by the organisation’s governing body and management. The practice is responsible for budgeting, costing, accounting and charging activities:

Budgeting/costing: focuses on predicting and controlling income and expenditure within the organisation.

Accounting: accounts for how money is being spent.

Charging: invoices service consumers (where relevant).

Practice considerations

Some organisations believe that their overall organisational financial management process is sufficient, and do not invest in service financial management. In my experience, this is a mistake. Service financial management will break down the cost of IT services in more detail than the organisational financial management process, which will lead to better IT investment decisions in the future.

Service financial management can be complicated to implement. General IT staff will not usually have the skills required, so they will need training or support from staff with financial qualifications and experience.

Many organisations are constantly trying to reduce the cost of providing IT services. Service financial management should focus on cost optimisation rather than cost cutting. Cost optimisation looks at the most efficient way to provide the services required by the business, not cutting a set percentage off the IT spend year on year. Costs can only be cut so far before service quality suffers.

Organisations that have adopted Agile ways of working may find their development practices and their financial practices are in conflict. For example, an Agile project might start with a minimum set of requirements and enough information for the first sprint; this won’t help in an organisation that demands detailed business cases and 12-month plans to sign off any expenditure. It’s important to make sure that any conflict between practices is identified and addressed.

Strategy management

“The purpose of the strategy management practice is to formulate the goals of the organization and adopt the courses of action and allocation of resources necessary for achieving those goals. Strategy management establishes the organization’s direction, focuses effort, defines or clarifies the organization’s priorities, and provides consistency or guidance in response to the environment.”

An organisation’s strategy defines desired outcomes, so that resources, capabilities and investments can be prioritised to deliver them. The practice ensures that the strategy is:





The objectives of strategy management are to:

Analyse the organisation’s environment to identify opportunities;

Identify constraints that could affect business outcomes;

Decide and agree the organisation’s perspective and direction, including vision, mission and principles;

Establish the organisation’s perspective and position with regard to customers and competitors;

Ensure the strategy is translated into tactical and operational plans; and

Manage changes to the strategy and related documents.

Strategy provides the overall direction for the organisation and is normally set at the senior management and governing body level. Strategy as a practice is evolving to become more fluid and less fixed; changes in technology, for example, can quickly invalidate a five-year plan.

Practice considerations

Strategy management can be challenging to understand for most employees because it requires executive involvement. If an attempt at ‘strategy’ is made at a lower level by junior employees, it will not have the authority needed and is more likely to fail.

Very reactive organisations will also find this a difficult practice to implement, if they allow short-term decisions to override the longer-term strategy. For example, an organisation that constantly defers to customers who demand specific solutions will find it difficult to follow a strategic path.

The measures applied to an organisation’s strategy management capabilities must look at how well the strategy is integrated into the organisation as a whole. For example, is it reflected in the tactical and operational plans and procedures?

Supplier management

“The purpose of the supplier management practice is to ensure that the organization’s suppliers and their performances are managed appropriately to support the seamless provision of quality products and services. This includes creating closer, more collaborative relationships with key suppliers to uncover and realize new value and reduce the risk of failure.”

Supplier management activities include:

Creating a single point of visibility and control to ensure consistency;

Maintaining a supplier strategy and policy, and contract management information;

Negotiating and agreeing contracts and arrangements;

Managing relationships and contracts with internal and external suppliers; and

Managing supplier performance.

The supplier strategy (often referred to as the sourcing strategy) defines the organisation’s plan for how and where it will use suppliers. The options include:

Insourcing: using resources internal to the organisation.

Outsourcing: using external suppliers.

Single source or partnership: procurement from a single supplier that supplies all elements of the service, or which acts as a service integrator to manage other suppliers on behalf of the organisation.

Multi-sourcing: using more than one supplier.

Suppliers are selected and evaluated based on:

Importance and impact



Supplier management process activities include:

Supplier planning

Evaluating suppliers and contracts

Supplier and contract negotiation

Supplier categorisation

Supplier and contract management

Warranty management

Performance management

Contract renewal and/or termination

Service integration and management

As organisations rely on more and more suppliers, it can prove challenging to manage them, particularly when things go wrong. Service integration and management (SIAM) is a management methodology that uses a service integrator role to coordinate service relationships across all suppliers.

Service integration and management might be done by staff within the organisation or by an external organisation.

Practice considerations

If your organisation doesn’t already have a centralised supplier management practice, get ready to do some detective work. It’s likely that individual teams and departments have been allowed to make their own agreements at the operational and commodity level, so there will be contracts throughout the organisation and no single point of ownership.

It’s essential to start with a sound supplier management policy. This will set staff expectations about how they need to behave when selecting a new supplier, and why. Once this is in place, the situation will improve.

Some customers have found themselves trapped with a supplier or a contract that was negotiated in the past and just doesn’t work. It’s important to try to recover the situation as far as possible or check the cost of early termination if the relationship has broken down irrevocably.

If you’re looking to enter into a contract with a supplier for all or part of service provision, be clear about exactly what you want. Too many contracts are based on a fuzzy understanding of what’s needed, with extra services added at additional cost once the initial contract is in place. Getting the right agreement in place will save time, money and misery in the future.

Workforce and talent management

“The purpose of the workforce and talent management practice is to ensure that the organization has the right people with the appropriate skills and knowledge and in the correct roles to support its business objectives. The practice covers a broad set of activities focused on successfully engaging with the organization’s employees and people resources, including planning, recruitment, onboarding, learning and development, performance measurement, and succession planning.”

Workforce and talent management helps to make sure that an organisation has the right people in place to meet its strategic objectives and to support organisational velocity. Effective workforce and talent management will:

Reduce backlogs

Improve quality

Avoid rework caused by defects

Reduce wait times

Close knowledge and skill gaps

Workforce and talent management supports the creation of an effective people strategy, which will help identify roles, knowledge, skills and attributes required by the organisation. It will also help make sure the organisation has appropriate personnel to support future growth and take advantage of opportunities.

The increasing use of external resources and suppliers as part of service delivery has led to a wider scope for workforce and talent management. Table 22 defines some of the key terms related to workforce and talent management.

Table 22: Workforce and Talent Management

Organisational velocity “The speed, effectiveness and efficiency with which an organization operates. Organizational velocity influences time to market, quality, safety, costs and risks.”
Competencies “The combination of observable and measurable knowledge, skills, abilities and attitudes that contribute to enhanced employee performance and ultimately result in organizational success.”
Skills “A developed proficiency or dexterity in thought, verbal communication or physical action.”
Knowledge “The understanding of facts or information acquired by a person through experience or education; the theoretical or practical understanding of a subject.”
Attitude “A set of emotions, beliefs, and behaviors towards a particular object, person, thing or event.”

Workforce and talent management activities include:

Workforce planning


Performance measurement

Personal development

Learning and development

Mentoring and succession planning

Practice considerations

Most ITSM professionals are ‘knowledge workers’ in the ‘knowledge economy’. New ways of working need new ways of managing people, from recruitment through to development and reward systems.

Some of the considerations for workforce and talent management include:

A move towards flexible/home working – do employees need to be on site? Does the company need an office? How do we communicate with and manage remote workers and virtual teams?

What does productivity look like? Knowledge workers need space to think and to be creative, so standard productivity measures might not apply.

How are we developing staff? Is a three-day training course once a year still effective? How do we encourage an attitude of continual personal development, and give people time to do it?

Notice the move from the language of ‘human resources’ to ‘workforce and talent management’. Increasingly, the perception is that resources are ‘dumb’ things: money, computers, etc. If we treat our people as resources, they will behave like resources.

11 ITIL® Foundation, ITIL 4 edition, figure 4.3.