Using Change Management to Catch Issues Before Impact to Business
With quite a few of its fundamental building blocks now decades old, change management has turned out to be one of the most researched and studied elements of the infrastructure management discipline. With so much research along with years of practical application, one might have thought that effective management of change would already be in place in IT companies and the businesses they serve.
Companies today heavily rely on change control processes to manage IT related changes. However, these processes can only really be handled properly when IT change professionals are aware they are happening, understand the consequences and that the changes are properly noted. The problems arising when change management is not handled carefully are as follows:
- The scope, dynamics, and pace of change is so wide and fast that processes do not ensure that required information is available for making a well informed decision related to these changes and then making sure the changes are implemented effectively.
- As the value of the change control procedure is not visibly apparent to all involved parties, those outside the realm of IT operations can consider this to be a superfluous bureaucratic exercise, leading to unplanned and undocumented changes with negative consequences
Environments and system configurations are being manually updated by both administrators and end users. Sometimes these activities are performed correctly, and sometimes not. When they're not, it's unlikely that the problem will be identified and resolved before a business impact and failure occurs. Since IT lies at the core of every modern day business, there is a justifiable concern that the environment might not be able to continue meeting the needs of the business.
Change Control: Limitations
ITIL (IT Infrastructure Library) Service Support processes defines change management and change control as:
- Change Control: This process makes sure that all the changes are controlled. This would include recording, submission, decision making, analysis and also the approval of the change.
- Change Management: This effort is responsible for managing and controlling requests to make changes in the IT infrastructure or any other aspect of IT services, to help promote benefits in business and minimize the risks of disruption to the service.
Change control focuses on prioritizing and approving planned changes to the infrastructure. IT professionals, facing constant change on a daily and even more frequent basis, can consider formalized change control as an administrative burden, which restricts their ability to quickly adapt to the rapid changes in complex technology environments. Following the change control protocols for many routine changes seems like a pointless formal ritual which acts as a hindrance to getting the work done. While a vast majority of the changes may be routine changes, which probably do not have any great impact on the business, there are changes that can have major impact on operations.
According to primary research performed by Enterprise Management Associates (EMA), 60% of all critical system and application outages are caused by inappropriate changes. That is changes that were not authorized which occurred outside of an established process and were not identified until after the environmental failure occurred. According to EMA, roughly 35% of failures that occur are due to changes that were authorized but caused unexpected problems. There are very few reasons why failures should occur at all. Really it's only when changes are introduced that the potential for unforeseen failures increases. This is why by identifying and proactively preventing inappropriate changes, organizations can dramatically increase the chance of catching issues before they turn into incidents.
The impact on the infrastructure as well as the organization (both outside and inside of IT) may not always be light. It is in such cases that mere change control falls short as it does not have the appropriate tools to manage complex, high volume changes.
Changes that are poorly prioritized can result in uninformed decisions receiving the go ahead, with impact to areas of the business that had not been expected.
Driving Change While Maintaining Control
Many IT organizations have recognized the complex impact that infrastructural changes have on the enterprise. The key here is to manage infrastructure changes and not just control it.
There are tools for requirement management, for project management, for development, for test management, software configuration management and so on, but you don't have the tools that will ensure control of the change, analysis of the change, and validation of the change, through the entire path. Not only over the development process but also for what happens when the change is actually deployed. What happens to the changes that take place in production and operations, how do they get back reflected into the pre-production steps of the application lifecycle process. That is a toolset that is definitely missing.
The important aspects of change management that make it effective are efforts for assessing the impacts and ensuing ramifications of a change. With this knowledge, IT operations can coordinate and communicate activities, evaluate options, approve implement processes and take informed decisions.
So do you need to choose between keeping control and allowing agility? This concern over ensuring IT performance can sometimes lead organizations to lock down the environments with excessive controls. Where all changes need to be identified, tested, monitored and approved. Although, this sledgehammer approach can effectively reduce the number of change errors, it comes with a price. The more control you exert over an environment, the slower the enterprise is able to implement environment improvements and respond to business objectives. Conversely, environments that introduce rapid changes without control processes as part of their change management, greatly increase the risk of environmental failures. What businesses need are resources and the system configuration utility that will effectively allow them to drive change in their environment without inhibiting business agility, and remaining in control.
The major difference between change control and change management is that, whereas change control seeks to ensure approval and recording of the changes, change management should take into consideration the overall impact on business and keep track of all changes happening in the environment. Properly tooled change management where the impact of the change can be quickly identified in an automated fashion allows IT professional to focus on the decisions for maintaining IT operations at the highest level, and not just if a change should be implemented.