About the benefits of Due Diligence for IT outsourcing
Decently surprised when faced with the stage of Due Diligence in the tender documentation for outsourcing IT services. Surprises in competitive procedures always cause a certain amount of strain, since they can mean that you have to quickly rebuild a familiar service-process structure, and this is akin to how a child fold a giant puzzle of small and difficult parts. Previously, it always seemed to me that the Due Diligence procedure was used in assessing the value of a company before purchasing it or as part of an “ip” project. In essence, this is an assessment of the reliability and commercial attractiveness of a future transaction. Well, it should have looked like this: smart consultants and analytics come to the company, they rake up annual reports, check forecasts, assess risks and render their verdict. We, as an outsourcing partner, did undergo this procedure, however, not when evaluating a company, but as part of an IT tender procedure. It was rather a technical Due Diligence.
In life, the most memorable are the things you come across for the first time: therefore, probably, the most vivid impressions of childhood. So it was with Due Diligence: I came across this procedure for the first time, got memorable impressions and now, if the interviewee doesn’t mind, I can share my experience with it ...
What would I do when assessing the reliability of a service company, the quality of the future service, the commercial attractiveness of the future deal? I would look at the organization of processes, get references for interviews and question-answer sessions, look at the calculations for the resources allocated to the project, formulate requirements for managing the quality of service, and press on costs. By the way, about the cost calculations (or project costs), in the case of Due Diligence I described everything was even more interesting. As in a complex questionnaire, when you are asked in different forms the same question: the cost of each type of service, the hourly rate of specialists, the cost of servicing a single object (workplace, server, MFP), the cost of service at a fixed load and the cost when it is exceeded , possible additional costs in connection with the extension of the contract in the context of facilities and areas of service, compensation payments for early termination of the contract in each of the areas, etc., etc. I think it is not necessary to explain that it turned out to be very difficult to manage such a calculation model, and if you are mistaken in one of the “calculation exercises”, this immediately affects the result and reliability of the entire calculation.
How the auditor assesses the level of maturity of service processes:
In short, a sea of ​​questions with limited time to prepare answers, as in a blitz tournament ... Another interesting question from the auditor: how, since the start of the project, during the transition period, it is planned to measure the quality of services. A set of conventional direct measures — availability of services, response time and resolution time, implementation of backup policies and recovery checks — was expanded to include a schedule for providing an extended reporting option, meeting deadlines for developing a number of specific operational documents, criteria and deadlines for implementing the Transition Plan, deadlines and the quality of the total inventory, the rate of acquisition of the operational team, etc.
')
To answer such a list of questions, you have to sweat ... Something, of course, is used in everyday life, some things need to be finalized before an external display, and some sections have to think for a long time ... I will give an example. The future customer was ready to stimulate our work to improve the quality of service: within the agreed range of SLA performance, he wanted to see a constant trend towards improving SLA indicators and conditionally “pay extra” for this work. It turns out that it was necessary not only to declare the struggle for quality, but quite seriously, on a regular basis, to carry out work on the redistribution of workload, changes in the organization of processes and a measurable improvement in quality.
The resource-cost model used by us should, among other things, take into account the process of optimizing the service: a gradual transfer of the load on incoming service requests to the first line of the Service Desk and the self-service portal; well, and the classic reduction in the cost of maintenance (or cost) due to the acceleration of processes, the accumulation of knowledge about the system being serviced, and, as a result, the reduction in the size of the servicing team.
Question to us: how do you plan to make an inventory in a specified time? It is clear that in the right hands there are always software and hardware scanners that allow you to collect and save the required attribute sets. But, in addition to the usual configuration parameters of IT assets, something was demanded from us. Namely: add additional signs to the inventory list (being owned, leased or licensed), indicate the organization that is financially responsible for this asset. All this had to be done in the context of business units.
Gradually, it was required to pursue a policy of reducing operational risks due to: control over accessibility (life is simpler when it comes to accessibility of the configuration unit, but in truth - everyone is interested in the availability of the service level), control over utilization of capacities, ensuring continuity of services and information security measures . According to practical steps, it was required to deploy and configure: monitoring, reservation of critical resources, planning for the provision of additional capacities, plans of behavior in case of threats (accidents) and a set of protection tools (IB).
It became clear that you need to create a single conceptual field for both parties. In complex cases, it is not always possible to achieve a 100% mapping of a service to requirements, and then the question arises about the Service Catalog, when the parties at the stages of the negotiation process can put together a cost-balanced service delivery matrix. In particular, we were faced with the fact that we had to postpone and group resources-costs in the form of blocks: Infrastructure Management, Service Delivery Management, Service Support Management and Asset Management.
Another linguistic nuance: the system of registration of appeals and internal quoting of the response / execution time used by us is set up to work with three levels of urgency of incoming appeals - “Very urgent”, “Urgent” and “Uncritically”. And the client would like to expand the processing rules at the expense of another, fourth-class urgency, and also take into account the 4-level matrix with indicators of the degree of impact of incidents on the system.
We declare: “we customize the“ health model ”for configuration elements and services. The used Relationships model, built on the basis of CMDB data, allows you to track the impact on business services of planned changes or incidents that occur. ”.Looks great. But what can happen? We are trying to formulate one of the conditions for the implementation of SLA: "The maximum speed of web requests is not less than ....". In practice, it turns out, it was necessary to agree on the percentage of requests with a processing time of less than 1 second. and separately stipulate the condition with the on / off at the time of measurement of this indicator processing. It seems that all the words are familiar, but the common lexicon is being built gradually.
Go ahead. The future customer asks for an Operational Objectives document that will clarify the definitions of the Base Service Service concepts and then become part of the Service Level Agreement. In particular, it is an opportune moment to determine what basic monitoring is (provide “health models”), and, alternatively, describe what actions are taken by the 1st or 2nd lines of support in the event of certain events from the monitoring system, how is the process of escalation. Here are the questions: what experience does the Service Manager have, what level of detail does the Service Improvement Plan prepare?
Actually, returning to the title: what was the use for us after all? First of all, with the help of an external, unbiased look, you can see blurred outlines on your usual service “landscapes” and rush to correct them abruptly. I would take the above-described approach to Outsource best practice, since we got a cut of our readiness for a slightly different model of service delivery, and the bar of stated requirements clearly indicated the professional advancement of the people who prepared them. As another argument, I can add that I had to think about introducing customizable tools for modeling and managing my own costs, because “pushing” in a price competition without such a model is problematic.
PS In the end, Due Diligence was mutual, and the “holes” in the processes were visible not only in our country, but also in the other side ...
In life, the most memorable are the things you come across for the first time: therefore, probably, the most vivid impressions of childhood. So it was with Due Diligence: I came across this procedure for the first time, got memorable impressions and now, if the interviewee doesn’t mind, I can share my experience with it ...
What would I do when assessing the reliability of a service company, the quality of the future service, the commercial attractiveness of the future deal? I would look at the organization of processes, get references for interviews and question-answer sessions, look at the calculations for the resources allocated to the project, formulate requirements for managing the quality of service, and press on costs. By the way, about the cost calculations (or project costs), in the case of Due Diligence I described everything was even more interesting. As in a complex questionnaire, when you are asked in different forms the same question: the cost of each type of service, the hourly rate of specialists, the cost of servicing a single object (workplace, server, MFP), the cost of service at a fixed load and the cost when it is exceeded , possible additional costs in connection with the extension of the contract in the context of facilities and areas of service, compensation payments for early termination of the contract in each of the areas, etc., etc. I think it is not necessary to explain that it turned out to be very difficult to manage such a calculation model, and if you are mistaken in one of the “calculation exercises”, this immediately affects the result and reliability of the entire calculation.
How the auditor assesses the level of maturity of service processes:
- He looks at the calculation tables and makes a preliminary conclusion on which of the models — resource or resource-service — builds the service processes of the contractor.
- Requests to demonstrate the TASK templates in the Trouble Tickets system: which tags are used in them.
- Find out how requests are routed between different directions and executors; what consoles support service uses for operating activities; how the response time and request resolution time are quota.
- Asks what the disaster recovery plan looks like.
- Requests to show KPI reporting for the 1st and 2nd support lines, etc.
In short, a sea of ​​questions with limited time to prepare answers, as in a blitz tournament ... Another interesting question from the auditor: how, since the start of the project, during the transition period, it is planned to measure the quality of services. A set of conventional direct measures — availability of services, response time and resolution time, implementation of backup policies and recovery checks — was expanded to include a schedule for providing an extended reporting option, meeting deadlines for developing a number of specific operational documents, criteria and deadlines for implementing the Transition Plan, deadlines and the quality of the total inventory, the rate of acquisition of the operational team, etc.
')
To answer such a list of questions, you have to sweat ... Something, of course, is used in everyday life, some things need to be finalized before an external display, and some sections have to think for a long time ... I will give an example. The future customer was ready to stimulate our work to improve the quality of service: within the agreed range of SLA performance, he wanted to see a constant trend towards improving SLA indicators and conditionally “pay extra” for this work. It turns out that it was necessary not only to declare the struggle for quality, but quite seriously, on a regular basis, to carry out work on the redistribution of workload, changes in the organization of processes and a measurable improvement in quality.
The resource-cost model used by us should, among other things, take into account the process of optimizing the service: a gradual transfer of the load on incoming service requests to the first line of the Service Desk and the self-service portal; well, and the classic reduction in the cost of maintenance (or cost) due to the acceleration of processes, the accumulation of knowledge about the system being serviced, and, as a result, the reduction in the size of the servicing team.
Question to us: how do you plan to make an inventory in a specified time? It is clear that in the right hands there are always software and hardware scanners that allow you to collect and save the required attribute sets. But, in addition to the usual configuration parameters of IT assets, something was demanded from us. Namely: add additional signs to the inventory list (being owned, leased or licensed), indicate the organization that is financially responsible for this asset. All this had to be done in the context of business units.
Gradually, it was required to pursue a policy of reducing operational risks due to: control over accessibility (life is simpler when it comes to accessibility of the configuration unit, but in truth - everyone is interested in the availability of the service level), control over utilization of capacities, ensuring continuity of services and information security measures . According to practical steps, it was required to deploy and configure: monitoring, reservation of critical resources, planning for the provision of additional capacities, plans of behavior in case of threats (accidents) and a set of protection tools (IB).
It became clear that you need to create a single conceptual field for both parties. In complex cases, it is not always possible to achieve a 100% mapping of a service to requirements, and then the question arises about the Service Catalog, when the parties at the stages of the negotiation process can put together a cost-balanced service delivery matrix. In particular, we were faced with the fact that we had to postpone and group resources-costs in the form of blocks: Infrastructure Management, Service Delivery Management, Service Support Management and Asset Management.
Another linguistic nuance: the system of registration of appeals and internal quoting of the response / execution time used by us is set up to work with three levels of urgency of incoming appeals - “Very urgent”, “Urgent” and “Uncritically”. And the client would like to expand the processing rules at the expense of another, fourth-class urgency, and also take into account the 4-level matrix with indicators of the degree of impact of incidents on the system.
We declare: “we customize the“ health model ”for configuration elements and services. The used Relationships model, built on the basis of CMDB data, allows you to track the impact on business services of planned changes or incidents that occur. ”.Looks great. But what can happen? We are trying to formulate one of the conditions for the implementation of SLA: "The maximum speed of web requests is not less than ....". In practice, it turns out, it was necessary to agree on the percentage of requests with a processing time of less than 1 second. and separately stipulate the condition with the on / off at the time of measurement of this indicator processing. It seems that all the words are familiar, but the common lexicon is being built gradually.
Go ahead. The future customer asks for an Operational Objectives document that will clarify the definitions of the Base Service Service concepts and then become part of the Service Level Agreement. In particular, it is an opportune moment to determine what basic monitoring is (provide “health models”), and, alternatively, describe what actions are taken by the 1st or 2nd lines of support in the event of certain events from the monitoring system, how is the process of escalation. Here are the questions: what experience does the Service Manager have, what level of detail does the Service Improvement Plan prepare?
Actually, returning to the title: what was the use for us after all? First of all, with the help of an external, unbiased look, you can see blurred outlines on your usual service “landscapes” and rush to correct them abruptly. I would take the above-described approach to Outsource best practice, since we got a cut of our readiness for a slightly different model of service delivery, and the bar of stated requirements clearly indicated the professional advancement of the people who prepared them. As another argument, I can add that I had to think about introducing customizable tools for modeling and managing my own costs, because “pushing” in a price competition without such a model is problematic.
PS In the end, Due Diligence was mutual, and the “holes” in the processes were visible not only in our country, but also in the other side ...
Source: https://habr.com/ru/post/236631/
All Articles