The uselessness of ITIL process maturity assessment
I'm looking at a "classic" process maturity assessment done by a consulting firm for a client, and what a useless document it is. I'm not saying who sent it to me or why or where from. That isn't important here because so many assessments are similar. Compare yours.
The report analyses 8 practices. It doesn't say why those eight. ITIL has 27 or so, COBIT about 40. They are a typical eight: Incident, Request, Problem, Change, SACM, SLM, Knowledge, Catalogue.
It tells the client they suck. Maturity not much above 1 in all of the practices. Is this a problem? What are the risks? Does it matter at the client site? The report doesn’t say.
It offers five high-level recommendations and about 8 recommendations for each of the 8 processes. That's nearly 70 recommendations, all of them hard. It offers no way of prioritising them and no roadmap for addressing them. That's in the next paid engagement. So what have you told me? That we suck. We knew that - that's why you are here. How much we suck, and what a huge task we have ahead of us to not suck. Well, that's really going to help launch a programme.
There is zero discussion of the organisational context, what their goals are. Why do they need to improve? What do they want to achieve? There is very little discussion of any conditions specific to the site.
The only positive I can find is that the assessment used the ITIL PMF (Process Maturity Framework) which has dimensions of vision, culture, people and technology as well as process.
You've just spent 10% of your improvement budget for a slap in the face and you are no further forward. People pay for this?
I'm convinced that in most cases ITIL maturity assessments are a useless waste of money.
- Most consultants crank the client through a generic sausage machine that takes no account of the client's own goals and priorities.
- Many assessments stop short of offering any more than a kick in the teeth. Value is extra.
- Capability maturity is a meaningless metric when deciding what to do until we understand what maturity we need and why. Risk and value are far more useful first metrics than maturity for designing or measuring improvement programmes. And many assessments don't even measure capability maturity (TIPA, PMF, ISO20000 do): they measure management maturity using CMM, which is yet another step abstracted from useful reality.
- We usually use ITIL as a reference framework (a best-practice benchmark) for improvements, so we shouldn't also be using it as a measurement instrument. I wrote long ago about how cultish it is to measure the improvements made by using a body of knowledge (BoK) by measuring with the same BoK. You sucked at ITIL but by using ITIL you now suck less at ITIL. Gosh. Are we delivering more value? Are customers more satisfied? Did we cut costs? Have we reduced organisational risk? These are more meaningful metrics.