Axelos recently released the first ever ITIL Maturity Model based on concepts used in the ITIL 4 framework. Since the release of the model and its accompanying ITIL Maturity Assessment, our team of certified ITIL Assessors has received a lot of questions from IT leaders who have attended our various webinars and Q&A sessions on the subject.
To no one’s surprise, their questions were thoughtful, nuanced, and very much worth sharing. This article tackles about three dozen of them, grouped by category under the following headings (use the links below to jump to specific sections):
- Business issues addressed by the ITIL maturity model
- Types of ITIL maturity model assessments
- Other types of maturity assessments
- Moving from ITIL v3 to ITIL 4
- Getting started
- What to expect during the assessment
- The report and beyond
- Getting certified
Let’s get started!
Business issues addressed by the ITIL Maturity Model
Can you tell me more about the ITIL Maturity Model and how it’s applied?
The ITIL 4 Service Value System
Axelos’ ITIL maturity model is the world’s first and only objective IT Service Management (ITSM) assessment tool based on concepts developed as part of the ITIL 4 framework. The model allows an IT organization to comprehensively assess its current state of ITSM without internal or external bias. Findings are typically used to identify and prioritize ITSM weaknesses, so leadership knows where to focus resources and improvement efforts and/or can track progress associated with an improvement initiative already underway.
Although the focus of the ITIL maturity model is the IT organization and ITSM, it can go well beyond merely assessing individual processes or practices. In fact, an organization can use the model to assess the larger IT ecosystem including elements such as culture, governance, improvement and innovation, and how processes interact with each other. In other words, the ITIL maturity model can be used to evaluate the entire Service Value System (SVS). Not one size fits all, and the ITIL maturity model has three types of assessments to accommodate different needs (more on this below).
The assessment is conducted by a certified and accredited Axelos Consulting Partner (ACP) to ensure an independent perspective is provided by an experienced ITSM professional.
We have new leadership at our organization and are beginning to undergo a digital transformation and core upgrades (and standardizing more processes). How can the ITIL maturity model help us with our digital transformation?
The ITIL maturity model has a place in supporting both IT improvement programs and digital transformations.
“Traditional” relationship amongst Business, Digital, and IT Strategy
Before anybody was using the term “digital transformation,” the apex of success for many IT teams was becoming a trusted partner that supported the business. That usually meant ensuring IT processes were effective, efficient, and meeting the needs of internal business customers. It also involved closely aligning IT strategy with larger organizational/business strategy since, traditionally, business strategy, IT strategy, and digital strategy were seen as different. For organizations that have not yet undergone digital transformation, the ITIL Maturity Assessment can be used to ensure that IT governance, practices, and workflows support the larger organization.
Strategy in a Digital Organization
These days, everyone is talking about digital transformation, a term that can mean different things to different people. The ITIL 4 publication Digital and IT Strategy (DITS) defines it this way: “The use of digital technology to enable a significant improvement in the realization of the organization’s objectives that could not feasibly have been achieved by non-digital means.” Several team members at Beyond20 co-edited and co-wrote this important publication, and we are big believers in how a combination of digital technology and business strategy can transform an organization.
In a fully digitized organization, digital and IT strategies exist within business/enterprise strategy – there is no daylight between them.
When leveraging the ITIL maturity model in the context of a digital transformation, do not focus too narrowly on the “digital” (whatever that term has come to mean in your organization). Let your larger business strategy guide IT to identify those areas that will bring the greatest value and determine how best to use the tools and technology at your disposal.
Although it may seem unsettling at first, a leadership change is a great opportunity for you: when leadership changes, everything can change. Now is the best time to consider what a digital transformation could mean for your organization and how an ITIL Maturity Assessment can ensure IT is ready to support or drive the changes that will enable success. Embrace this time as an opportunity to reconsider your digital and IT strategy and reprioritize what you are trying to achieve based on your larger business/enterprise strategy.
How does the ITIL Maturity Model help a service provider become a more valued business partner?
As our organizations grow and change, so do our internal customers’ needs. A key reason to use the ITIL Maturity Model is to support a team’s continual improvement efforts by identifying areas where the organization is misaligned with the business’ evolving needs and where improvements to IT can yield the greatest benefit to business customers. The model presents a holistic view of the IT ecosystem, starting with understanding value from the customer’s perspective. Additionally, leadership can leverage the model to track progress of existing improvement initiatives and benchmark their results against similar organizations.
Do you have to have formally adopted ITIL as a framework to get value from the new assessment model? How does this model positively effect business initiatives and outcomes?
The Four Dimensions of Service Management
Prior experience with ITIL is not a requirement to conduct an assessment, as the ITIL Maturity Model does not evaluate an organization’s adoption of or adherence to ITIL guidance. Instead, it assesses an organization’s service management capabilities regardless of the ITIL guidance or best practices referenced. The assessment focuses heavily on concepts from ITIL 4, such as the Four Dimensions of Service Management and the Service Value System, each of which apply even if your organization does not have a formally documented SVS. Ultimately, it is about how your organization co-creates value with your stakeholders. In other words, even if you are not formally leveraging ITIL 4, these concepts exist in your organization in some way, shape, or form.
Will an assessment help my team understand the relationship between maturity and performance?
The whole point of assessing your maturity is to get a baseline of where you are right now with respect to a particular component of the Service Value System or practice and map it against your potential. But really, these assessments will help you to build the roadmap that will get you to where you want to be. In the spirit of the ITIL Guiding Principle, Start Where You Are, a successful assessment will show you:
- What you are doing well
- What you are not doing
- What you can improve
With this crisp, precise guidance, you (or we) can build the improvement plan that will get you to the level of maturity your organization needs to function effectively and efficiently.
Workforce and Talent Management is big challenge for many organizations. It’s great to hear that it’s part of ITIL 4 and is one of the practices that can be evaluated.
Agreed! A robust Workforce and Talent Management Practice extends far beyond HR and recruiting and can go a long way toward keeping your valuable workforce engaged, involved, and in place for years to come. When organizations get it right, it guides them to focus on ensuring people have a solid workplace with clear career and development paths and myriad options for the future. All of these things are considerably more important than the salary number in their offer letter.
On that note, another people-related, practice we are excited to see the maturity assessment include is Organizational Change Management (OCM). OCM focuses on the people side of change – understanding stakeholders’ attitudes toward change and preparing them for the journey. Even the best technical solutions, despite excellent project management leadership, can fail miserably if we forget to bring the people along for the ride. There is a great old saying that sums this up in just a few words: “Project management prepares the solution for the organization while OCM prepares the organization for the solution.” Too often, organizations leave people for last when it comes to addressing change – it’s critical to the success of initiatives of any size that real time and energy is focused on getting the team aboard and giving them the information they need to embrace it and charge forward.
How does the ITIL Maturity Model assess the current state in a DevSecOps environment?
The ITIL 4 Maturity Model is not specific to DevSecOps, per se. However, certain practices such as Change Enablement, Release Management, Deployment Management, Software Development, Infrastructure Management, and IT Security Management help provide insight into an organization’s practices around agility and resilience. Additionally, a Comprehensive assessment (more on different assessment types below) looks at the cultural aspects of an organization. As you may already know, Agile and DevSecOps are at least as much about culture and mindset as they are about specific practices, ceremonies, and tools. ITIL in Agile/Lean/DevOps environments works – and an assessment can help you achieve it.
Types of ITIL Maturity Assessments
What are the different types of ITIL maturity model assessments?
There are three basic types of ITIL Maturity Model assessments: a comprehensive assessment, a high-level maturity assessment, and a selected practices assessment. The table below describes some of the key similarities and differences.
Types of ITIL Maturity Assessments
Does the ITIL Maturity Assessment help assess our progress with our ongoing ITSM improvement program? Does it help us assess progress and adoption of our IT service management tool or enterprise service management platform (ITSM or ESM)?
A comprehensive assessment is the best fit for this scenario, as it looks at five major aspects of the IT business model (AKA Service Value System): Guiding Principles, Governance, Service Value Chain, Practices, and Continual Improvement. As such, the comprehensive assessment provides the most holistic understanding of how your ITSM program is progressing. All ITIL assessments (Comprehensive, High-Level Maturity, and Selected Practices) consider how technology and automation is being leveraged. In short, an assessment will give you a good sense of where you are currently getting value from your ITSM or ESM platform.
Other types of maturity assessments
What other methodologies can you use for an ITSM assessment other than ITIL?
Right now, only ITIL 4 and ISO/IEC 20000 offer anything like a formal evaluation for service management, and even these two differ. ITIL 4 measures maturity on a scale similar to CMMI (Capability Maturity Model Integration) while ISO/IEC 20000 requires a formal pass/fail audit to judge compliance with the standard. While there are other frameworks, like MOF and VeriSM, they do not offer formal maturity assessments and evaluations as ITIL 4 does now.
How is the ITIL maturity assessment different than CMMI?
The ITIL Maturity Assessment is tailored to IT Service Management and includes specific maturity and capability criteria. It can objectively and specifically assess the entire IT ecosystem as well as individual practices. CMMI is a venerable tool used to assess process improvement. It has general applicability but is not adapted specifically to ITSM. As mentioned above, the ITIL maturity model and CMMI share a similar maturity and capability scale.
As a CMMI veteran I know that some government organizations placed a requirement in contract proposals that a company could not bid unless they were assessed at a certain CMMI level. I wonder if this is happening with ITIL?
Since the ITIL 4 maturity model and the related assessments are still quite new, we have not seen them stipulated as a requirement in contract proposals… yet. What we have seen quite a bit of lately is potential clients coming to us as a result of the government in their respective countries beginning to include more ITIL and ITSM requirements in their standards for working with industry partners. Stay tuned on this one.
How is the ITIL maturity assessment different than the COBIT 2019 Performance Management Model?
The ITIL Maturity Assessment is tailored to IT Service Management and addresses governance as one of many components in the IT ecosystem. COBIT 2019 performance management is focused solely on governance but does not specifically address ITSM.
How is the ITIL maturity assessment different than an ISO20000 audit?
The ITIL Maturity Assessment provides an objective assessment of the maturity and practice capabilities of IT. By contrast, ISO/IEC 20000, like all ISO standards, is a pass-fail evaluation rather than a maturity assessment. An organization undergoing an ISO/IEC 20000 audit must satisfy all requirements to pass. There are no degrees or partial passing; it is an all or nothing event.
The ISO/IEC 20000 standard has always performed a function for the service management community that is quite different from that of ITIL. ISO/IEC 20000 offers a set of highly specific, auditable and prescribed activities an organization must follow to prove compliance. A revision to the ISO/IEC 20000 standard came out in 2018. This update was more of an internal revision, bringing the format of the standard and some of its vocabulary in better harmony with other ISO standards.
The ITIL 4 certification is a very different acknowledgement of an organization’s performance of service management. In all its iterations, ITIL has provided the service management community a collection of best practices and ideas that organizations can choose for themselves and implement as they see fit. It also serves as a maturity assessment rather than as a “yes” or “no” compliance tool.
Additionally, the evaluation criteria for the two are quite different. ISO/IEC 20000 concentrates on much more operational, process-and-procedure oriented elements, evidence, and reporting while the ITIL 4 Maturity Assessment, at its highest level, concentrates on how all aspects of service management coordinate under the ITIL 4 Service Value System, which is strategic in its orientation. The ITIL 4 Maturity assessment assigns scores from Level 1 (work is completed but the purpose and objectives of the SVS in scope are not always achieved) to Level 5 (the SVS is optimized and focused on continual improvement).
Moving from ITIL v3 to ITIL 4
I’ve done a previous assessment for the organization I’m working with…it was two years ago. I’m looking to do another assessment to gauge progress and to better embed ITIL 4. Is the new ITIL maturity model assessment the best way to go or should I use the same tool we were using two years ago so I can compare apples to apples?
Use the new ITIL maturity model. It is better to evaluate the right thing using the right tool.
Prior to the ITIL 4 Maturity Model Assessment, other maturity models, such as the ITIL v3 Self-Assessment and CMMI, provided a helpful but more narrow view of IT maturity. The ITIL Maturity model shines because it is based on ITIL 4 concepts and provides a much more comprehensive understanding of the larger IT ecosystem rather than adherence to a specific domain or standard. So much so that an organization need not leverage any guidance from ITIL to obtain an actionable assessment. The ITIL Maturity Model measures results – not simply the processes used to get to results.
Even beyond all that, two years is a long time in IT. It is worth performing a new assessment using the latest and greatest tools.
How do you measure maturity in an organization that needs to transition from ITIL v3 concepts such as governance and control to ITIL 4 concepts such as enablement and value?
The great thing about the new ITIL 4 Maturity Model is that it can work even with enterprises that have not yet formally embraced any version of ITIL. Since ITIL, through all its versions, has always focused on logical actions and logical organization, the assessment concentrates on what things these enterprises are doing and how they are doing them. The ITIL Model provides concrete and objective practice success factors and criteria. With this in mind, the idea of assessing an organization based on the actual outcomes carries quite a bit more weight than on whether or not the actions pertain more to ITIL v3 or ITIL 4. This can serve as a universal maturity model, regardless of which, if any, service-management doctrine is in use.
To respond to this question from another point of view, in the ITIL v3 era, we often recognized standardized and repeatable process as the gold standard for IT success. To be sure, repeatable process and process governance still has its place and can be valuable. However, in the ITIL 4 era, we recognize that process (even great process) can become its own silo. The Maturity Assessment uses the Four Dimensions of Service Management concept and value streams (in other words, the intersection between processes) as a way to unearth the real value of processes — that is, helping customers get their jobs done and creating and maintaining beneficial services and products.
ITIL v3 was criticized for providing “best practices” which practitioners adopted “straight out of the book” instead of adapting them to meet their organizations’ needs. ITIL 4 appears to have been drafted to avoid this criticism and focuses more on “good practices” or “best ideas.” How is this dealt with in the maturity model?
That’s a great way to state it and a great question. I would even take it one step further and say that ITIL 4 is about taking those ideas and making sure we work in concert with our customers (value co-creation) to achieve the best outcomes. If our customers don’t end up with the results that they need, we as a service provider have failed them. If we have amazing processes and our customers aren’t delighted with the products or services they receive day in and day out, our efforts have been wasted. From a maturity model perspective, certain practices include criteria regarding whether they are implemented in a uniform way (where it makes sense). However, the maturity model does not focus on strict application of ITIL guidance. Instead, it focuses on how you leverage service management to achieve organizational, customer, and IT goals.
Getting started with the assessment
I’ve been doing assessments for the last twelve years to identify road map improvements. With the shift in ITIL, I want to see what the different areas of assessment are to best identify how to mature and sustain seamless performance and repeat success. How do I know the right scope for the assessment?
One of the most important things to consider prior to beginning an assessment is defining the scope. Without a doubt, a comprehensive assessment provides the most insight into the overall IT ecosystem. Even if you pursue a comprehensive assessment, it is critical to determine which aspects of governance are in scope and which practices will be reviewed. A seasoned consulting partner can help you identify a scope that will help you understand the current state and ultimately generate prioritized recommendations that are the most valuable and actionable.
The Zone of Confluence
Although many organizations start by assessing core ITIL Practices such as Incident Management, Service Request Management, Change Enablement, Service Desk, and Problem Management, this is not always warranted. ITIL recommends scoping an assessment around strategic focus areas such as business alignment and integration, organizational resilience, organizational agility, and operational excellence. Each strategic focus area is associated with a set of primary and supporting practices which can be included as part of the scope.
By contrast, an organization undergoing a digital transformation may consider focusing on practices that support the transformation. For example, at Beyond20, we developed a concept called the Zone of Confluence to help identify practices that support both the customer experience and IT operations positions (without making trade-offs) in a digital transformation.
In other cases, an organization focused on becoming more agile or using DevOps may choose a different set of practices to investigate such as Change Enablement, Software Development, Release Management, Deployment Management, and Configuration Management.
How do we perform a maturity assessment when resources are limited?
When the budget is tight and resources are already stretched, it is necessary to make some trade-offs. After all, you not only want to assess the current state, you also need to have the budget and resources to act on recommendations and implement improvements. While a comprehensive assessment provides the most in-depth assessment, it also tends to be the priciest investment and requires a greater level of commitment and resources than the high-level maturity assessment or the selected practices assessment. If you are not ready for a comprehensive assessment, the high-level maturity assessment and the selected practices assessment are plausible alternatives. For example, you could conduct a high-level maturity assessment to understand the overall IT ecosystem but focus on just three key practices. Or you could conduct a selected practices assessment of five core practices and use the balance of your budget to implement targeted recommendations.
How big of an endeavor is this for my team?
This depends on the type of assessment performed. If you decide to only look at how a few ITIL 4 practices are functioning, it may require an hour or so from each of your key team members to be interviewed about how things are working from their perspective. They may also need to pull some documentation to validate a specific level of maturity. On the other hand, if you are performing a comprehensive assessment that analyses Guiding Principles, Governance, Service Value Chain, and Continual Improvement in addition to practices, the level of effort can be more considerable. In this case, the assessor will likely want to interview more team members, staff from outside of IT, and even customers.
The amount and quality of other evidence, such as documentation, is also likely to be greater in this case. A successful assessment is a prime example of what ITIL 4 talks about with value co-creation – both the assessor and your organization need to make an investment to achieve an optimal result. A great assessor will do a lot of the heavy lifting in consolidating, organizing, and analyzing findings and writing up the assessment report. The ITIL Maturity Model is not meant to be a heavy lift for team, but rather to illuminate what’s working well and flag areas that need attention.
Implementing assessment recommendations can be a bigger lift, but a good assessment partner has a team of professionals that can bear some of the load by helping you prioritize and implement recommendations.
What does “maturity” mean in the context of the ITIL assessment?
The assessment promotes greater objectivity than in the past by standardizing criteria at each maturity level. No longer do we need to rely solely on the subjective and relative judgment of the assessor regarding what maturity means at a particular level.
The five maturity levels are very similar to the CMMI Maturity levels (indeed, they are virtually identically named):
Service Value System Maturity Levels
In addition to rating overall SVS maturity, individual practice capability can be assessed on a similar 1-5 scale.
Note: It is important to realize that not every organization needs to achieve level 5 maturity with every aspect of the Service Value System, nor with every practice. The maturity model helps to assess where your organization is weak, but each organization will decide for themselves appropriate levels of maturity to aspire to in the pursuit of accomplishing larger IT and business objectives.
What to expect during the assessment
How can I get my team involved in really owning and appreciating the assessment process?
When teams don’t feel like they are part of the process, they may perceive the assessment as being done to them and not with them. This can lead to suspicion and resentment. As discussed above, this is where a healthy dose of organizational change management can be extremely helpful.
At a minimum, we should prepare our teams for the assessment by having them involved in scoping and explaining to them the purpose of the assessment and its intended outcomes. We should make it clear that the assessment is not punitive; nor is it be used for individual performance evaluations or salary adjustments. Team members should also be involved in the assessment in a hands-on way by participating in interviews and focus groups, having their work observed or shadowed, taking surveys, and providing important documentation. Ideally, practice owners, service owners, and practice and service practitioners should be interviewed and/or surveyed. Other key team members include IT leadership (ideally, the CIO), business leaders outside of IT, and even trusted customers. In an assessment for an organization undergoing a digital transformation, the CEO should be part of the assessment.
Of course, the assessment itself is only one step of the journey. Once you understand what’s working (and what’s not) and have a sense of actions to take to mature as a team and organization, your team should be involved in ongoing coaching, process design workshops, training, and other improvement activities that turn assessment recommendations into reality. It’s just like with a fitness coach. You may have a sense of your level of fitness; however, it takes accountability and hard work to make a fitness plan work well and to see results from it.
What level of data quality does my organization need to have to conduct an assessment?
There are not many organizations that are completely satisfied with the quality of data they use to make decisions. Likewise, few clients have perfect data at the outset of an assessment. This should not prevent you from beginning. Obvious areas where high data quality is useful are when examining practices such as the Service Desk, Incident Management, and Service Request Management. Even so, there are organizations with relatively little high-quality data that they can extract from aging or immature ITSM systems. It’s true that this will likely impact the quality of the assessment for certain areas. However, keep in mind that each management practice lists several practice success factors and metrics to determine practice capability. And qualitative data (e.g., customer satisfaction scores) are just as important as high-quality quantitative data. Quite often, an assessment may help to point out where targeted improvements in data quality would lead to better decision making.
Can you show us an example of the questions you’d ask when assessing a practice?
Each element of the ITIL Service Value System and each practice comes with an objective and tailored set of questions or maturity/capability statements. More specifically, each practice has two to four practice success factors (PSFs) and a number of criteria associated with each. Additionally, each criteria is associated with one or more of the four dimensions of service management. Here are a few examples from the Service Request Management Practice:
Sample Practice Success Factor
The assessment report and beyond
How can I interpret the maturity scores in the assessment report?
The ITIL Maturity Assessment will provide you with a maturity score (or, for practices, a capability score), a written description of what evidence the score is based on, and what the organization is currently doing in this area. Based on this information, we help our clients to decide which level of maturity makes sense for their needs and how to get there. Not every organization needs to have all practices functioning at a level 5 – this is expensive and could be a distraction from more important initiatives. With the assessment in hand, we can then advise you on which levels of functional maturity are needed to allow your organization to deliver value to your customers as effectively and efficiently as possible.
Does the model call out, based on an assessment score, what the organization should do next to get a higher score next time?
Once your organization knows where it stands, IT leadership should identify where they want to be on the maturity scale. Beyond20 specializes in working with organizations to create the roadmap/improvement plan that will get them to this future state and provides the consulting services to get them there.
Once you’ve identified maturity opportunities, how do you deliver on those items?
Our team of certified assessors will first send a preview copy of the assessment to our sponsor at your organization to examine. This exchange can include answering questions and even making modifications before a larger report-out meeting. When ready, we will arrange a meeting to formally present the findings to the sponsor and other key stakeholders. An important part of this meeting will be discussing next steps, including an improvement plan and roadmap. Beyond20 maintains an extensive portfolio of training and consulting services to get your organization to the desired state.
What level of organizational sponsorship do I need for an assessment to be successful?
The higher, the better. Ideally, the CIO should sponsor the assessment and be actively involved – creating a sense of urgency with your teams, participating in interviews and focus groups, explaining how the results of the assessment will be used. High-level sponsorship is so important that organizations undergoing a digital transformation would be wise to involve the CEO in the assessment. An executive who sponsors the assessment is much more likely to support funding and implementing any improvement recommendations.
Getting certified with the assessment
Does an Axelos Consulting Partner have to administer the assessment? Can we conduct the assessment on our own?
Only certified Axelos Consulting Partners can deliver ITIL Maturity Model assessments. While a self-assessment may have some value in terms of identifying limited opportunities for improvement, performing one can still be time-consuming. More than that, it is not possible to objectively assess oneself. An Axelos Consulting Partner provides an independent perspective.
What benefit does an Axelos Consulting Partner bring?
A major benefit of hiring a certified assessor from an ACP is gaining an objective, independent, and unbiased view of your organization. Further, external assessors have seen dozens of similar organizations and how they’re working and can provide experience and perspective.
To become certified, the ACP needs to demonstrate longstanding experience with ITIL and its assessors need to meet stringent requirements, including providing significant details about their professional and consulting experience and passing a rigorous ITIL Maturity Model exam. Additionally, only ACPs have access to the materials Axelos makes available to conduct the assessment, and Axelos will only certify assessment results when an ACP is involved.
What sort of certificates or validations are associated with an assessment?
If you choose, your ACP can send the assessment report to Axelos for review and validation. Axelos provides three types of concluding documents:
- Maturity level certificate – Issued for comprehensive assessments. The list of the in-scope practices is stated on the certificate.
- Maturity statement of result – Issued for maturity assessments that exclude practice capability assessment or include fewer than seven practices. A supporting capability assessment report is provided.
- Capability statement of result – Issued for each practice assessed. Issued after a practice capability assessment or in addition to a maturity certificate or statement of result.
The maturity level certificate for comprehensive assessments is deemed current for three years, though some organizations perform a mini re-assessment on an annual basis to assess progress. The maturity statement of result and capability statement of result are important documents, but they are not as comprehensive and do not carry as much weight as the maturity level certificate. These documents do not carry an expiration date.