Problem Management & Risk

General discussion on all aspects of the IT Infrastructure Library (ITIL)
Post Reply
User avatar
snertos999
Newbie
Newbie
Posts: 4
Joined: Sun Aug 06, 2017 8:00 pm

Tue Aug 08, 2017 10:43 am

1st post, please be kind!
I working as the Problem policy lead for a large public sector organisation in Wales. (As well as other Service Management duties)
I am in the process of reviewing and updating the statuses we currently use with the help of a stakeholder group drawn from across the organisation.

One of the statuses I want to remove is 'Approved Risk' which tends to be used when a proposed fix for a Problem is put on hold. (Usually for resource reasons)
I don't personally see it as a true Problem lifecycle status as the true status of the Problem is being 'masked' by selecting this.

There is currently a Risk field selectable within the Problem record itself which has risk types such as Clinical, Business & Organisational etc but there is no risk score attached to this selection.

My take on risk is that there is a potential for something to go awry and if it does, this then becomes an issue.
If you are logging a reactive Problem, surely the risk is now an issue as it has happened already.
I understand the argument for selecting a risk type and score if you are logging a proactive Problem record as the risk has not yet been realised (Issue)

Any advice and guidance greatly appreciated.


User avatar
UKVIKING
ITIL Expert
ITIL Expert
Posts: 3636
Joined: Fri Sep 15, 2006 8:00 pm
Location: London, UK

Tue Aug 08, 2017 2:57 pm

First. how are you using Problem management
If you are following ITIL standards, then PM comes in two aspects

1 - Reactive PM - where there is an unknown root cause of a or multiple incidents that needs to be investigated
2 - Proactive PM - find all the weak links in the IT Structure including SPoF

PM is really only concerned with identifying the unknown cause; thereby, solution development or build is not really PM per se

For example, the issue may be the OS on the particular hardware; so once that is identified; then some one else has to decide if the OS gets upgraded if the HW can support then OS or merely live with the issue.

You need to state in the PM policy the following

_ what work that the team or resources can do
_ create a triage / problem record acceptance of things.
_ what does not get done and a review process

the last will deal with the resource issue

Frankly, PM does not care about the risk per se

Service Level Management does
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
User avatar
snertos999
Newbie
Newbie
Posts: 4
Joined: Sun Aug 06, 2017 8:00 pm

Thu Aug 10, 2017 6:24 am

Thanks for the advice John.
Yes we do follow ITIL and are an accredited ISO 20000 organisation.
I am trying to mature the process, particularly the proactive side of Problem Management.
I see your point regarding Risk. The responsibility for this should pass to another part of the business, possibly the Risk management group and/or senior management if there is a Critical Problem that requires resourcing to resolve through Change management.
Post Reply