Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: Helen1854
New Today: 49
New Yesterday: 81
Overall: 143468

People Online:
Visitors: 99
Members: 0
Total: 99

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ® ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - ITIL Segregation of duties
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ITIL Segregation of duties

 
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion
View previous topic :: View next topic  
Author Message
matrix1
Newbie
Newbie


Joined: Nov 21, 2006
Posts: 2

PostPosted: Wed Nov 22, 2006 7:37 am    Post subject: ITIL Segregation of duties Reply with quote

Hi,

I would like to know if there is a segregation of duties table in ITIL or any information showing that change manager cannot be a programer, incident manager cannot be a security admin...

Thank you,
Kate
Back to top
View user's profile
Fabien
Senior Itiler


Joined: Sep 27, 2005
Posts: 207

PostPosted: Wed Nov 22, 2006 9:19 am    Post subject: Reply with quote

Hi Kate,

There isn't such a thing in ITIL. You may be able to find bits of information related to that from some other authors though. It pretty comes down to common sense though.

Since this is a question that is particularly important for smaller organizations, one good source of information for this is the "Small Scale Implementations" book, by Sharon Taylor and Ivor Macfarlane, ISBN: 0113309805
_________________
BR,
Fabien Papleux

Accenture
Technology Consulting | Service Excellence
Red Badge Certified

Twitter @itilgeek
Back to top
View user's profile Send e-mail Visit poster's website MSN Messenger
Guerino1
Senior Itiler


Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Wed Nov 22, 2006 12:20 pm    Post subject: Reply with quote

Hi Kate,

You probably won't find such a mapping because it can't scale down to smaller companies/enterprises, where they can't afford separate resources for separate functions. In smaller enterprises, one person must wear many hats and would instantly violate such a mapping, and hiring more resources is almost never an option. Also putting such a mapping in writing might make the OGC liable for many negative outcomes.

Best Regards,
_________________
[Edited by Admin to remove link]
Back to top
View user's profile Send e-mail Visit poster's website
matrix1
Newbie
Newbie


Joined: Nov 21, 2006
Posts: 2

PostPosted: Wed Nov 22, 2006 11:47 pm    Post subject: Reply with quote

thank you
Gael
Back to top
View user's profile
peppermint
Itiler


Joined: Oct 20, 2006
Posts: 31
Location: Ireland

PostPosted: Thu Nov 23, 2006 8:14 pm    Post subject: Reply with quote

There is one recommendation though: if you can avoid it, it's highly advised to appoint separate Incident and Problem Managers, because of the conflict of interest between the two processes.

pep
Back to top
View user's profile
mirghani
Newbie
Newbie


Joined: Mar 18, 2006
Posts: 4

PostPosted: Fri Nov 24, 2006 4:30 am    Post subject: Reply with quote

ITIL avoids such extreme segregation of duties to satisfy its integrative purpose. ITIL philosophy advocates a continuum called “Process Path”, where there is one process owner accountable, but there are other process owners that are responsible and/or authorized. As clearly stated in SS book that authority can be delegated, but not accountability. However, we can see clear dynamism and in some cases transformation in such accountability, for example an incident that transformed into problem management which moves into change management and finally gets into release management with full support of configuration management. In such case, if ITIL “completely” segregates the solution, it will defeat its purpose of processes integration. Everyone contributes and communicates. However, some processes activities may enforce some sort of semi-segregation. For instance although ITIL recommends the planning and implementation of Configuration Management, Change Management and Release Management to be in parallel, but the configuration manager cannot be the same as change manager, because there will be no auditing for the changed CIs, and the CMDB will immediately goes out of order.
_________________
Sodiri
Back to top
View user's profile
Fabien
Senior Itiler


Joined: Sep 27, 2005
Posts: 207

PostPosted: Fri Nov 24, 2006 2:53 pm    Post subject: Reply with quote

Keep integration at the process design level and be mindful that certain roles do conflict with one another intentionally. It's an audit trick.

The Incident Mgr and Problem Mgr roles are good examples. However, 'Small Scale Implementation' will say that sometimes you cannot split even these roles. If that is the case, you need to choose the person *very* carefully and design your processes so they don't overlap. Make sure that the chosen person is fully aware of what role he/she plays at any given point.
_________________
BR,
Fabien Papleux

Accenture
Technology Consulting | Service Excellence
Red Badge Certified

Twitter @itilgeek
Back to top
View user's profile Send e-mail Visit poster's website MSN Messenger
Ed
Senior Itiler


Joined: Feb 28, 2006
Posts: 411
Location: Coventry, England

PostPosted: Sat Nov 25, 2006 12:13 am    Post subject: Reply with quote

mirghani wrote:
For instance although ITIL recommends the planning and implementation of Configuration Management, Change Management and Release Management to be in parallel, but the configuration manager cannot be the same as change manager, because there will be no auditing for the changed CIs, and the CMDB will immediately goes out of order.


mirghani Sorry - I cannot let this pass -

If you look, you will see that in the real world in many smaller companies the Configuration Manager and the Change Manager are one and the same person - it is in my case.

This is for the reason that Frank so cogently states - There is not the option to hire another person.

I want to scream 'Utter Rubbish'

Regards

Ed
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3305
Location: London, UK

PostPosted: Sat Nov 25, 2006 3:24 am    Post subject: Reply with quote

There is no requirement for any of the roles in ITIL to be separate persons.

There is recommendations about problem and incident managers not being the same person but the reason for that is to ensure that the two processes stay separate

In small organization, Service Support & Delivery may be done by a team of 1 person.

As long as that person can 'separate' the processes, ITIL does not care.

As for Change, in my Not So Humble Opinion, Change Configuration and Release can be done by 1 person. As to the audit concerns, if the 1 person has built in processes untilization 2 'different people' confirming audits, then there is no issue I see
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
mirghani
Newbie
Newbie


Joined: Mar 18, 2006
Posts: 4

PostPosted: Sun Nov 26, 2006 12:33 am    Post subject: Reply with quote

Ed,

As I clearly indicated, “inherently” there is no lucid segregation of duties in ITIL that prevents a manager to control any combination from the ten processes. This viewpoint is supported by the ITIL process continuum concept. However, the nature of certain process activities dictate the separation of duties, when possible.

It is a simple layman logic, if your company doesn’t have the ability to hire separate managers for the two processes. Then you don’t have a choice, let the change manager be a configuration manager, but there is a price the company will pay one day. Nonetheless, it is your best option and you cannot do better than that. In fact, it would be a bad idea to dismiss a critical ITIL process because you want to segregate duties.

Finally, If you are a “change and configuration team leader” then I assume that there is a team that you lead. The proper organization structure, in such case is to establish yourself as the owner of both processes and delegate the management responsibilities to any other two members. You are accountable, they are responsible. If you don’t have team members to lead, then there is no need for you to be a team leader. ITIL is not a religion, it is a framework that offers flexibility. So make use of it.
_________________
Sodiri
Back to top
View user's profile
Guerino1
Senior Itiler


Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Sun Nov 26, 2006 1:55 am    Post subject: Reply with quote

Hello Mirghani,

Please find my comments, embedded, below...

Quote:
It is a simple layman logic, if your company doesn’t have the ability to hire separate managers for the two processes. Then you don’t have a choice, let the change manager be a configuration manager, but there is a price the company will pay one day. Nonetheless, it is your best option and you cannot do better than that. In fact, it would be a bad idea to dismiss a critical ITIL process because you want to segregate duties.


Actually, most small companies don't know that they're performing Problem Management but actually tend to do it far better than large companies. All companies must track their defects, issues, disruptions, in some way, shape, or form. If they don't, they can't compete and survive. What we've found is that while most smaller enterprises don't know that they're following ITIL practices, they actually perform "better" Problem Management because they're smaller and can see and manage all Problems more effectively than a larger enterprise.

Also, we've seen large companies make the same person, both, the Incident Manager and the Problem Manager and have great success in doing so. It is very simply, if you hold that one person accountable for both and ask for proof that will impact his/her performance reviews and/or bonus, you will most likely (and pleasantly) find that one person "can" perform both.

Quote:
Finally, If you are a “change and configuration team leader” then I assume that there is a team that you lead. The proper organization structure, in such case is to establish yourself as the owner of both processes and delegate the management responsibilities to any other two members. You are accountable, they are responsible. If you don’t have team members to lead, then there is no need for you to be a team leader. ITIL is not a religion, it is a framework that offers flexibility. So make use of it.


I would be careful about dictating what the proper organizational structure is or isn't. ITIL doesn't do so. Different enterprises have different needs to solve. And, there are always multiple ways to skin a cat. There is no one organizational structure that is right or wrong. They're just "different". And, there are many people that are becoming very familiar with ITIL, who are beginning to understand that ITIL is loaded with flaws and contradictions.

What we're finding, more often than not, is that people that support ITIL religiously (to the letter) have typically not implemented much ITIL, at all, and have not run into the many problems and challenges that an enterprise will face, while trying to implement it. Yes, ITIL is a framework but it is also a framework full of flaws and contradictions. Be careful to follow it or quote it blindly. It is, by far, not the perfect answer and all recommendations should always be tempered with common sense and a dose of realilty.

I hope this information helps.

Best Regards,
_________________
[Edited by Admin to remove link]
Back to top
View user's profile Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest © 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.