• Skip to main content
  • Skip to primary sidebar

This view of service management...

On the origin and the descent of managing services. We put meat on the bones.

  • Kanban Software
  • Services
    • Kanban Software Solutions
    • Consulting & Coaching
    • Training and Seminars
  • Posts
  • Events
    • Events – Agenda View
    • Events – Calendar View
  • Publications
    • Our Publications
    • Notable Publications
    • Quotes
  • About us

The diversity of risk management

18 December 2014 by Robert Falkowitz Leave a Comment

In another article, I spoke of vision management and risk management as the two pillars upon which organizations reside. As I have already spoken about vision, let’s take a minute to examine risk in the context of service management in a little more detail.

Risk, or uncertainty of results, is at the heart of every management activity. If things worked simply, reliably and predictably, our management efforts could focus much more on vision. But even the best services are only 99.9999% sure. That means in a world with 500 million tweets per day, 500 will be in error; with 1 million disks in a global search provider’s infrastructure, several hundred will be down—at best! We rejoin the CEO who said, “20% of our marketing efforts are effective; if only I knew which 20%!”

The general approach to managing risk is to identify a framework for all risk management activities. This high level framework is then applied to various categories of risk. In this way, the governance function of an organization has a ready means for determining if the various types of risks in those categories are being handled appropriately. In addition, the framework allows the organization to express in concrete terms its levels of tolerance for risk. Risk tolerance is then applied in each discipline used for risk management.

Several dozen disciplines have been identified in various frameworks as the core of managing services. In the following table, the principal entities at risk that are managed using the discipline, the key risks to those entities, and several examples of strategies used to control those risks are described. Insofar as the  subject matter of this table is the entirety of service management, it cannot possibly be complete. I hope, however, to provide an overview of the main features of risk control in service management.

Here is an illustration of how the table might be used. Availability management is a discipline concerned with risks in the reliability, maintainability and serviceability of service systems and their components, and consequently the services delivered using those service systems. Reliability of a component, for example, is at risk because we can never be sure when that component will cease to function as required. For example, service management would be quite simple if we knew for a fact that a computer would function for precisely three years, then fail. But this is not the case. Instead, there is a certain distribution of probability that it will fail at any given moment. If we knew that a computer would fail in three years, then our control strategy would either be replacement of that computer just before failure, or perhaps some maintenance program. But, since there is a significant possibility that it will fail at any time from its first installation on, we look to other strategies to control that risk. These strategies, such as redundant architectures, would serve to mask the effects of the failure.

Each entity has its particular risks and those risks each have their own types of control strategies. As mentioned, there is hardly any limit to the applicable strategies, so the table provides only several typical strategies for each risk.

DisciplineEntity ManagedRiskExamples of Control Strategies
Access ManagementService accessGap between authorized access and actual access to servicesAccess logging, automated granting and revoking of access
Access ManagementData accessGap between authorized access and actual access to dataAccess logging, automated granting and revoking of access
Access ManagementComputer accessGap between authorized access and actual access to computersAccess logging, automated granting and revoking of access
Access ManagementApplication accessGap between authorized access and actual access to applicationsAccess logging, automated granting and revoking of access
Availability ManagementServiceabilityServiceability of systems and componentsContracts, training, tests
Availability ManagementReliabilityReliability of systems and componentsSystem modeling, redundant architecture, training, agreed specifications, tests
Availability ManagementMaintainabilityMaintainability of systems and componentsAgreed specifications, standards, defined procedures, training, tests
Capacity ManagementPerformanceUnderstanding the relationship of service demand to service levelsCommon and special cause analysis
Capacity ManagementLoadsPredicting future loadsCommon and special cause analysis
Capacity ManagementFundingFunding capacity appropriatelyCapacity planning
Catalogue ManagementCustomer expectationsMismatch between customer expectations and customer perception of servicesCatalogue publication, integration of catalogue data in ordering systems
Change ManagementResourcesMisallocating resources to changesPrioritization
Change ManagementChangesPerforming changes slower than requiredModeling, process simplification
Change ManagementChangesCausing disruption or incidents as a result of changesImpact analysis, calendaring, mitigation plans
Configuration ManagementSystemsInaccurate or unavailable information about systems resulting in inappropriate or untimely management decisionsControl process, verification and audit, modeling
Configuration ManagementComponentsInaccurate or unavailable information about components resulting in inappropriate or untimely management decisionsControl process, verification and audit, modeling
Continuity ManagementCatastrophesPotential for loss of the means of production of a serviceBusiness impact analysis, customer continuity plans, etc
Customer Relationship ManagementCustomer satisfactionGap between the intentions of the service provider and the satisfaction of the service consumerSatisfaction surveys, complaint handling, performance reviews
Customer Relationship ManagementCustomer expectationsGap between the service provider’s intended service utility and warranty and the expectations of the customer regarding utility, warranty and riskSales visits, performance reviews
Demand ManagementDemand for servicesGap between expected demand for services and actual demand for servicesCustomer Relationship Management, analysis of economic cycles, analysis of business news
Deployment ManagementApplication installationsUntimely installationAutomation of package distribution and installation; application streaming; thin client architecture
Deployment ManagementApplication installationsDisruption of usersPull installations (see also Untimely installation)
Deployment ManagementApplication installationsInconsistent installationsPackaging, automation
Event ManagementEventFailure to recognize the significance of eventsCorrelation, rule-based event analysis
Financial ManagementSupplier and customer paymentsPayment defaults and inaccuraciesContract management, automation, aging analysis
Financial ManagementResourcesMisallocation of financial resourcesBudgeting, reforecasting
Financial ManagementInvoicingInvoice timeliness and and inaccuraciesContract management, automation
Financial ManagementFundingTreasury shortfallsBudgeting, reforecasting, loans
Improvement ManagementService systemsMismatch between evolving service provider capabilities and evolving customer expectationsKanban, lean methods
Incident ManagementPrioritiesFailure to align incident resolution priorities with customer prioritiesImpact analysis
Information Security ManagementUser authenticityUncertainty that the declared identity of a user is the same as the real identity of the userAnalysis of use patterns, technical access controls
Information Security ManagementInformation repudiationUncertainty in roles played in the creation, modification or deletion of informationUser authenticity controls
Information Security ManagementInformation integrityInformation full or partial corruptionTransactional systems
Information Security ManagementInformation confidentialityInformation visible to unauthorized personsAccess management
Information Security ManagementInformation availabilityInformation not available when required (or available when not required)Various technical, procedural and organizational controls
Knowledge ManagementKnowledge itemsTimeliness, availability and accuracy of knowledge itemsAutomation, systems integration
Problem ManagementResourcesAllocation of resources to non-value adding activities (for resolving incidents)Impact analysis, cause analysis, solution ROI analysis
Problem ManagementImprovementsFailing to identify the most cost-effective improvementsROI analysis
Problem ManagementCausesFailure to identify causes by using intuition or impressions, rather than analysisProcedures; structured and semi-structured analysis methods
Release ManagementRelease scopeScoping releases appropriatelyRelease policies, agile development and projects, kanban
Service Demand ManagementService demandsMismatch between customer entitlement and fulfillment and between service act value and customer expectationsAutomation, self-service
Service DesignStrategiesFailure to take strategies into account in service designsCommunications plans, stakeholder involvement in design activities
Service DesignService systemMismatch between service system structure or dynamics and customer requirementsTesting management, agile and lean approaches, user story management
Service Level ManagementService agreementsGap between customer expectations and both service agreements and service system capabilitiesTuning of agreements
Service Level ManagementService actsGap between customer expectations and agreements and service actsCustomer relationship management
Service Portfolio ManagementResourcesAlignment of resource allocation to strategiesDemand management
Strategy GenerationVision and missionFailure to energize and motivate stakeholdersI guess top management just needs to be in contact with, understand and respect all members of the organization; otherwise, you can fire anyone who does not toe the line. icon_wink
Strategy GenerationService system patternsMismatch between strategies and capabilities, mismatch between strategies and customer expectationsBusiness Relationship Management, capabilities assessments
Strategy GenerationMarket positioningMispositioning of provider organization with respect to its competitionGame theory
Strategy GenerationDevelopment plansMismatch between the plan and the capabilities of the organizationCritical success factor analysis
Supplier ManagementSuppliersGap between supplier contracts and supplier capabilitiesRedundant suppliers, short-term contracts, long-term contracts, analysis of supplier health
Test ManagementService systemsCreating solutions that do not meet requirementsTest plans, acceptance criteria, test automation
Summary
Article Name
The diversity of risk management
Description
Risk management may be understood as a collection of disciplines, each of which manages an entity and each entity is subject to specific risks.
Author
Robert S. Falkowitz
Publisher Name
Concentric Circle Consulting
Publisher Logo
Concentric Circle Consulting

Filed Under: Risk management, Service Management Tagged With: risk, risk control, risk management framework, risk mitigation

Subscribe to our mailing list

Click here to be the first to learn of our events and publications
  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • xing
  • YouTube

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Kanban eLearning

Kanban training online

Recent Posts

  • Verbs, nouns and kanban board structure
  • The role of the problem manager
  • The Three Indicators

Tag Cloud

problem ITIL bias kanban knowledge work service management tools resource liquidity Incident Management impact incident histogram lean management process knowledge management manifesto change management process definition tools agile rigidity cause flow Cost of Delay waste automation flow efficiency service manager service request context switching priority leadership process metrics kanban training kanban board ITSM manifesto for software development risk incident management tools lean value stream
  • Kanban Software
  • Services
  • Posts
  • Events
  • Publications
  • Subscribe
  • Rights & Duties
  • Personal Data

© 2014–2023 Concentric Circle Consulting · All Rights Reserved.
Concentric Circle Consulting Address
Log in

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}