Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: CKXM
New Today: 11
New Yesterday: 70
Overall: 143500

People Online:
Visitors: 72
Members: 2
Total: 74 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Why Perform Config Management Audit
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Why Perform Config Management Audit

 
Post new topic   Reply to topic    ITIL Forum Index -> Configuration Management
View previous topic :: View next topic  
Author Message
anand_sankhe
Newbie
Newbie


Joined: Aug 08, 2007
Posts: 1

PostPosted: Thu Aug 09, 2007 1:15 am    Post subject: Why Perform Config Management Audit Reply with quote

I am preparing a management report that will act as a means of explaining to every one in IT department whay we perform Config Management audits.
While I personally know the reason for performing such audits, would anybody help me point to a few points that describes why such an audit should be performed?

Thanks
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3305
Location: London, UK

PostPosted: Thu Aug 09, 2007 3:17 am    Post subject: Reply with quote

Then you should use your reason for the audit ... sarcasm off .. on by default.

The premise behind Configuration Management

P I C S V

Plan
Idenity
Control
Status Accounting
Verify

It is the only way to ensure you have what you say you have and where they are.
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
Pappa
Newbie
Newbie


Joined: Jul 20, 2007
Posts: 2

PostPosted: Fri Aug 10, 2007 10:05 pm    Post subject: Why audit? Well, what if you don't? Reply with quote

The OGC manual is very clear on audits:

"The configuration audits should check in addition that Change and Release records have been properly authorised by Change Management and that implemented Changes are as authorised. Configuration audits should be considered at the following times:
1. Shortly after implementation of a new Configuration Management System
2. Before and after major changes to the IT infrastructure
3. Before a software release or installation to ensure that the environment is as expected
4. Following recovery from disasters and after a "return to normal"(This audit should be included in the contingency plan)
5. at random intervals
6. In response to the detection of any unauthorised CI's
7. At regular intervals

There you have it. Ofcourse, OGC is best practices and mind the word "should be considered". But, lets see what happens if you do not audit. Any idea on how your CMDB performs? Is it 80% accurate, or 90% or maybe even 30%. Do you get a lot of incidents as result from changes that have not had a proper impact analysis? Does it cost a lot of time to recover those "errors"?

The question is not "do I have to audit?" But "how am i going to perform an audit in an efficent way?".
Back to top
View user's profile
dboylan
Senior Itiler


Joined: Jan 03, 2007
Posts: 189
Location: Redmond, WA

PostPosted: Sat Aug 11, 2007 12:28 am    Post subject: Reply with quote

You should also perform audits to ensure that the organization is compliant to the Configuration Management process. When measuring Key Performance Indicators (KPIs), you should measure against:

Value (show me the money)
Performance (how fast or how many)
Quality (how well or accurate)
and Compliance (are we doing what we are supposed to be doing)

And all of your process should have some representation of metrics from each of these categories. A CMDB audit is a key Compliance measurement.
Back to top
View user's profile
Guerino1
Senior Itiler


Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Sun Aug 26, 2007 4:02 pm    Post subject: Reply with quote

Hello Anand,

Your management, if they're like most management, won't care about what the OGC has to say or why IT thinks you should be auditing your configurations.

Very simply, in order to make it worth "their" while, you will need to break things down in terms of concepts they will understand. I recommend you use drivers such as:

- Minimization/Reduction of Costs associated with poor quality of work
- Risk of poor corporate brand perception, based on customer and market interpretation of corporate capability
- Minimization of labor execution costs through proof of automation
- Proof of control over inventories to ensure optimized spend and appropriate depreciation
- Etc.

The truth is that if you're a mature enterprise, you will have automated most of your processes for things like builds (excluding physical infrastructure), deployments, installations, instantiations, executions, rollbacks, administrative monitoring, etc. Each piece of any one of these processes should have "expected configurations" that can be compared to "actual configurations".

Remember, your leaders think in terms of "money", not "IT". And, to most leaders, IT is an expense. Therefore, focusing on what's important to them will help them understand the need for it. If you focus on what's important to you, your team, or the OGC, you run a strong risk of not getting the support you will need from your leadership.

My Best,

Frank Guerino, CEO
TraverseIT
On-Demand ITIL
Back to top
View user's profile Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Configuration Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.