• Skip to main content
  • Skip to primary sidebar

This view of service management...

On the origin and the descent of managing services. We put meat on the bones.

  • Kanban eLearning
  • Services
    • Kanban Software Solutions
    • Consulting & Coaching
    • Training & Seminars
  • Posts
  • Events
    • Events – Agenda View
    • Events – Calendar View
    • International Service Management Calendar
  • Publications
    • Our Publications
    • Notable Publications
    • Quotes
  • Subscribe

The diversity of risk management

18 December 2014 by Robert Falkowitz Leave a Comment

In another article, I spoke of vision management and risk management as the two pillars upon which organizations reside. As I have already spoken about vision, let’s take a minute to examine risk in the context of service management in a little more detail.

Risk, or uncertainty of results, is at the heart of every management activity. If things worked simply, reliably and predictably, our management efforts could focus much more on vision. But even the best services are only 99.9999% sure. That means in a world with 500 million tweets per day, 500 will be in error; with 1 million disks in a global search provider’s infrastructure, several hundred will be down—at best! We rejoin the CEO who said, “20% of our marketing efforts are effective; if only I knew which 20%!”

The general approach to managing risk is to identify a framework for all risk management activities. This high level framework is then applied to various categories of risk. In this way, the governance function of an organization has a ready means for determining if the various types of risks in those categories are being handled appropriately. In addition, the framework allows the organization to express in concrete terms its levels of tolerance for risk. Risk tolerance is then applied in each discipline used for risk management.

Several dozen disciplines have been identified in various frameworks as the core of managing services. In the following table, the principal entities at risk that are managed using the discipline, the key risks to those entities, and several examples of strategies used to control those risks are described. Insofar as the  subject matter of this table is the entirety of service management, it cannot possibly be complete. I hope, however, to provide an overview of the main features of risk control in service management.

Here is an illustration of how the table might be used. Availability management is a discipline concerned with risks in the reliability, maintainability and serviceability of service systems and their components, and consequently the services delivered using those service systems. Reliability of a component, for example, is at risk because we can never be sure when that component will cease to function as required. For example, service management would be quite simple if we knew for a fact that a computer would function for precisely three years, then fail. But this is not the case. Instead, there is a certain distribution of probability that it will fail at any given moment. If we knew that a computer would fail in three years, then our control strategy would either be replacement of that computer just before failure, or perhaps some maintenance program. But, since there is a significant possibility that it will fail at any time from its first installation on, we look to other strategies to control that risk. These strategies, such as redundant architectures, would serve to mask the effects of the failure.

Each entity has its particular risks and those risks each have their own types of control strategies. As mentioned, there is hardly any limit to the applicable strategies, so the table provides only several typical strategies for each risk.

DisciplineEntity ManagedRiskExamples of Control Strategies
Access ManagementService accessGap between authorized access and actual access to servicesAccess logging, automated granting and revoking of access
Access ManagementData accessGap between authorized access and actual access to dataAccess logging, automated granting and revoking of access
Access ManagementComputer accessGap between authorized access and actual access to computersAccess logging, automated granting and revoking of access
Access ManagementApplication accessGap between authorized access and actual access to applicationsAccess logging, automated granting and revoking of access
Availability ManagementServiceabilityServiceability of systems and componentsContracts, training, tests
Availability ManagementReliabilityReliability of systems and componentsSystem modeling, redundant architecture, training, agreed specifications, tests
Availability ManagementMaintainabilityMaintainability of systems and componentsAgreed specifications, standards, defined procedures, training, tests
Capacity ManagementPerformanceUnderstanding the relationship of service demand to service levelsCommon and special cause analysis
Capacity ManagementLoadsPredicting future loadsCommon and special cause analysis
Capacity ManagementFundingFunding capacity appropriatelyCapacity planning
Catalogue ManagementCustomer expectationsMismatch between customer expectations and customer perception of servicesCatalogue publication, integration of catalogue data in ordering systems
Change ManagementResourcesMisallocating resources to changesPrioritization
Change ManagementChangesPerforming changes slower than requiredModeling, process simplification
Change ManagementChangesCausing disruption or incidents as a result of changesImpact analysis, calendaring, mitigation plans
Configuration ManagementSystemsInaccurate or unavailable information about systems resulting in inappropriate or untimely management decisionsControl process, verification and audit, modeling
Configuration ManagementComponentsInaccurate or unavailable information about components resulting in inappropriate or untimely management decisionsControl process, verification and audit, modeling
Continuity ManagementCatastrophesPotential for loss of the means of production of a serviceBusiness impact analysis, customer continuity plans, etc
Customer Relationship ManagementCustomer satisfactionGap between the intentions of the service provider and the satisfaction of the service consumerSatisfaction surveys, complaint handling, performance reviews
Customer Relationship ManagementCustomer expectationsGap between the service provider’s intended service utility and warranty and the expectations of the customer regarding utility, warranty and riskSales visits, performance reviews
Demand ManagementDemand for servicesGap between expected demand for services and actual demand for servicesCustomer Relationship Management, analysis of economic cycles, analysis of business news
Deployment ManagementApplication installationsUntimely installationAutomation of package distribution and installation; application streaming; thin client architecture
Deployment ManagementApplication installationsDisruption of usersPull installations (see also Untimely installation)
Deployment ManagementApplication installationsInconsistent installationsPackaging, automation
Event ManagementEventFailure to recognize the significance of eventsCorrelation, rule-based event analysis
Financial ManagementSupplier and customer paymentsPayment defaults and inaccuraciesContract management, automation, aging analysis
Financial ManagementResourcesMisallocation of financial resourcesBudgeting, reforecasting
Financial ManagementInvoicingInvoice timeliness and and inaccuraciesContract management, automation
Financial ManagementFundingTreasury shortfallsBudgeting, reforecasting, loans
Improvement ManagementService systemsMismatch between evolving service provider capabilities and evolving customer expectationsKanban, lean methods
Incident ManagementPrioritiesFailure to align incident resolution priorities with customer prioritiesImpact analysis
Information Security ManagementUser authenticityUncertainty that the declared identity of a user is the same as the real identity of the userAnalysis of use patterns, technical access controls
Information Security ManagementInformation repudiationUncertainty in roles played in the creation, modification or deletion of informationUser authenticity controls
Information Security ManagementInformation integrityInformation full or partial corruptionTransactional systems
Information Security ManagementInformation confidentialityInformation visible to unauthorized personsAccess management
Information Security ManagementInformation availabilityInformation not available when required (or available when not required)Various technical, procedural and organizational controls
Knowledge ManagementKnowledge itemsTimeliness, availability and accuracy of knowledge itemsAutomation, systems integration
Problem ManagementResourcesAllocation of resources to non-value adding activities (for resolving incidents)Impact analysis, cause analysis, solution ROI analysis
Problem ManagementImprovementsFailing to identify the most cost-effective improvementsROI analysis
Problem ManagementCausesFailure to identify causes by using intuition or impressions, rather than analysisProcedures; structured and semi-structured analysis methods
Release ManagementRelease scopeScoping releases appropriatelyRelease policies, agile development and projects, kanban
Service Demand ManagementService demandsMismatch between customer entitlement and fulfillment and between service act value and customer expectationsAutomation, self-service
Service DesignStrategiesFailure to take strategies into account in service designsCommunications plans, stakeholder involvement in design activities
Service DesignService systemMismatch between service system structure or dynamics and customer requirementsTesting management, agile and lean approaches, user story management
Service Level ManagementService agreementsGap between customer expectations and both service agreements and service system capabilitiesTuning of agreements
Service Level ManagementService actsGap between customer expectations and agreements and service actsCustomer relationship management
Service Portfolio ManagementResourcesAlignment of resource allocation to strategiesDemand management
Strategy GenerationVision and missionFailure to energize and motivate stakeholdersI guess top management just needs to be in contact with, understand and respect all members of the organization; otherwise, you can fire anyone who does not toe the line. icon_wink
Strategy GenerationService system patternsMismatch between strategies and capabilities, mismatch between strategies and customer expectationsBusiness Relationship Management, capabilities assessments
Strategy GenerationMarket positioningMispositioning of provider organization with respect to its competitionGame theory
Strategy GenerationDevelopment plansMismatch between the plan and the capabilities of the organizationCritical success factor analysis
Supplier ManagementSuppliersGap between supplier contracts and supplier capabilitiesRedundant suppliers, short-term contracts, long-term contracts, analysis of supplier health
Test ManagementService systemsCreating solutions that do not meet requirementsTest plans, acceptance criteria, test automation
Summary
Article Name
The diversity of risk management
Description
Risk management may be understood as a collection of disciplines, each of which manages an entity and each entity is subject to specific risks.
Author
Robert S. Falkowitz
Publisher Name
Concentric Circle Consulting
Publisher Logo
Concentric Circle Consulting

Filed Under: Risk management, Service Management Tagged With: risk, risk control, risk management framework, risk mitigation

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • xing
  • YouTube

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Kanban eLearning

Kanban training online

Recent Posts

  • The Three Indicators
  • Visualization of Configurations
  • How to increase visualization maturity

Tag Cloud

risk rigidity impact waste service manager kanban board knowledge work manifesto for software development agility kanban ITIL knowledge management incident management tools flow Service Management bias process definition Cost of Delay service management tools flow efficiency lean management change control service request urgency problem automation statistical control chart priority incident process metrics manifesto change management resource liquidity adaptive case management agile lean Incident Management context switching value stream cause
  • Kanban eLearning
  • Services
  • Posts
  • Events
  • Publications
  • Subscribe
  • Rights & Duties
  • Personal Data

© 2014–2021 Concentric Circle Consulting · All Rights Reserved.
Concentric Circle Consulting Address
Log in

This site uses cookies . You accept those cookies when you continue to use this site. Cookie policyAllow cookiesNo 3rd party non-functional cookiesCookie policy
You can revoke your consent any time using the Revoke consent button.Change cookie settings