Capability: ITIL/COBIT-based Management Process

On This Page

Introduction Introduction
Requirement: Optimizing Processes Requirement: Optimizing Processes


Best practice processes must be defined for all tasks highlighted in the Infrastructure Optimization Model in order to receive maximum benefit and performance. The following table lists the high-level challenges, applicable solutions, and benefits of moving to the Dynamic level in ITIL/COBIT-based Management Process.




Business Challenges

Lacking knowledge of IT service costs and benefits

IT staffing, development, and retention models not in place

IT Challenges

Infrastructure engineering lacks known standards



Implement availability management procedures

Improve financial management of IT services

Standardize infrastructure engineering processes

Formalize IT service continuity management

Implement best practice workforce management

Business Benefits

Cost structure of IT services is known and managed

IT staffing is more stable

Plans in place to maintain service continuity

IT Benefits

IT investments are easier to validate

Knowledge is preserved in the IT organization

The Dynamic level of optimization requires that your organization has defined procedures for availability management, financial management, infrastructure engineering, IT service continuity management, and workforce management. In addition to these new disciplines, the Dynamic level carries the expectation that all IT services participate in continuous improvement programs and are regularly assessed and improvements are made according to business or organizational needs.

Requirement: Optimizing Processes


You should read this section if you do not have formalized processes for financial management, availability management, IT service continuity management, workforce management, security management, or infrastructure engineering.


Infrastructure optimization goes beyond products and technologies. People and processes compose a large portion of an organization’s IT service maturity. A number of standards and best practice organizations address the areas of people and process in IT service management. Microsoft Operations Framework (MOF) applies much of the knowledge contained in the IT Infrastructure Library (ITIL) and Control Objectives for Information and related Technology (COBIT) standards and makes them actionable and achievable for Microsoft customers.

Phase 1: Assess

The goal of the Assess phase in operations management is to evaluate the organization’s current capabilities and challenges. To support the operations assessment process, Microsoft has developed the Microsoft Operations Framework (MOF) Service Management Assessment (SMA) as part of the MOF Continuous Improvement Roadmap, and a lighter online version called the MOF Self-Assessment Tool.

Figure 10. MOF Continuous Improvement Roadmap

Figure 10. MOF Continuous Improvement Roadmap

The MOF Service Management Assessment is focused on enhancing the performance of people and IT service management processes, as well as enabling technologies that improve business value. All recommendations generated as a result of the SMA are detailed and justified in business value, and a detailed service improvement roadmap is provided, supported by specific key performance indicators to monitor progress as improvements are implemented.

Phase 2: Identify

The results of the MOF Service Management Assessment form the basis of the Identify phase. The Assessment will often expose several areas of potential improvement in IT operations. During the Identify phase, we consider these results and prioritize improvement projects based on the business need. Tools and job aids are included in the MOF Continuous Improvement Roadmap to assist with this prioritization.

Phase 3: Evaluate and Plan

The Evaluate and Plan phase for operational improvement relies on the identified and prioritized areas for improvement. The MOF Service Improvement Program (SIP) guidance enables this phase. SIP is split into two major areas of focus: specific MOF/ITIL process improvement and service improvement guidance. This guidance is delivered through a tool that assists users in identifying their specific trouble points, provides focused guidance for remediation, and is supported by key performance indicators to measure process improvement.

Recommended Processes for Moving to the Dynamic Level

The recommendations in this section are based on common issues found at the Rationalized level and areas of improvement sought by the Dynamic level. These are only recommendations and may be different for your specific organization or industry.

The Rationalized level begins to incorporate measures for predictability and can be evaluated based on predefined targets. In order to enable performance tracking, IT operations have reached a proactive state of control with a focus on monitoring. At the rationalized level, the IT operation is on par with other business operations and, therefore, has similar accountability for performing against pre-defined service level agreements. Accountability and measurability also mean that management expects the IT operations to improve at the same level as other business operations.

The Dynamic level goes to the final step where IT becomes a leading business operation. At this stage, the IT operation has in-depth knowledge of activity-based costing and can accurately predict the impact of each additional investment. This predictability allows the IT operation the freedom to determine where resources are allocated. Monitoring, operating, and changing procedures are seamless, allowing for maximized agility and continuous operational improvement through advanced automation.

Microsoft provides Microsoft Operations Framework (MOF) as an iterative model for defining and improving IT operations. MOF defines service management functions (SMFs) as logical operational functions within an IT organization. The SMFs are grouped together into four broad areas: Changing, Operating, Supporting, and Optimizing. This guide highlights areas to improve that are typically found in organizations at the Rationalized level of optimization:

These SMFs represent the MOF Optimizing Quadrant and are the remaining topics for process improvement. Optimizing SMFs omitted from this discussion are Service Level Management, Security Management, and Capacity Management since they were requirements for the Rationalized level and were discussed as a requirement for the Desktop, Device and Server Management capability previously in this guide.

Depending on the organization, improvements to these service management functions might or might not have the greatest impact on operational effectiveness and improvement. We recommend that your organization at a minimum completes the online self-assessment, and preferably a full Service Management Assessment, to identify the most important areas requiring process or service improvements.

Phase 4: Deploy (Availability Management)

Availability management is concerned with the design, implementation, measurement, and management of IT infrastructure availability to ensure that stated business requirements for availability are consistently met. In particular:

  • Availability management should be applied to all new IT services and for established services where service level requirements (SLRs) or service level agreements (SLAs) are established.

  • Availability management can be applied to IT services that are defined as critical business functions, even when no SLA exists.

  • Availability management can be applied to the suppliers (internal and external) that form the IT support organization as a precursor to the creation of a formal SLA.

  • Availability management considers all aspects of the IT infrastructure and supporting organization that may affect availability, including training, skills, policy, process effectiveness, procedures, and tools.

The Availability Management SMF consists of three main processes and a number of subprocesses. In order to deploy best practice Availability Management, the following tasks and processes should be followed:

  • Define service level requirements.

  • Define critical customer functions.

  • Define availability objectives.

  • Propose availability solution.

  • Identify major IT service components

  • Design for availability.

  • Availability risks and countermeasures.

  • Life cycle management needs.

  • Design for recovery.

  • Incident life cycle.

  • Designing for customer satisfaction during outages.

  • Management processes.

  • Formalize operating level agreements.

For more detailed information on each task and process, see the Microsoft Operations Framework Availability Management Service Management Function.

Phase 4: Deploy (Financial Management)

The objective of the financial management process is the sound management of monetary resources in support of organizational goals. Financial data provides the expense, or cost, side of the equation for making business decisions regarding changes in the IT infrastructure, systems, staffing, or processes. A properly functioning financial management process helps IT managers to make better-informed decisions for IT planning and investment.

The goals and objectives of financial management are to be able to fully account for the cost of IT services, to attribute the costs to the services delivered to the organization’s customers so that the costs can be recovered, to aid in decision making by understanding the cost of IT services, and to provide business cases for changes to IT services based on a sound understanding of the costs involved.

Proper financial management of the IT department provides management with visibility of computing costs. Cost visibility provides benefits including:

  • IT provides services within budgets that are negotiated with customers.

  • The costs of providing an agreed-to level of service are trackable and understandable.

  • The IT department can trace costs and report the origin of costs to customers and executive management.

  • Customers are fairly charged for the services being provided and the prices charged are more predictable.

  • The IT department is able to compare the cost of providing services to the costs charged by outside vendors.

  • Accurate cost data will assist the business unit in the preparation of accurate and realistic bids and proposals.

  • Accurate cost data is necessary to optimize operations.

Successful implementation of best practice financial management comprises four main processes and a number of subprocesses, which are listed below.

Cost accounting

  • Service level agreements

    • Service level agreement and financial management

    • Tracking performance

    • Renegotiating the service level agreement

    • Components of a service level agreement

  • Cost classification

    • Setting up accounts

    • Capital costs

    • Operational costs

    • Direct costs

    • Indirect costs

    • Fixed costs versus variable costs

  • Cost categorization

  • Cost units

  • Depreciation

  • Cost accounting methods

    • Cost-by-customer accounting method

    • Cost-by-service accounting method

    • Activity-based costing

    • Request for change review and approval

Project investment appraisals

  • Net present value

  • Payback period

  • Return on investment

  • Total cost of ownership

  • Real cost of ownership (RCO)

    • Measurement

    • Management

    • Managerial reports


  • Budgeting benefits

  • Budget inputs

    • Service level agreements

    • Customer requirements

    • Internal cost inputs

    • Trends

  • Budget types

    • Operating budget

    • Capital budget

  • Budgeting methods

    • Prior year budgeting

    • Zero-based budgeting

  • Budget review

Cost recovery

  • Transfer pricing methods

    • At cost

    • Cost plus

    • Flat rate plus premium

    • Market rate

  • Billing

For more detailed information on each task and process, see the Microsoft Operations Framework Financial Management Service Management Function.

Phase 4: Deploy (Infrastructure Engineering)

Consistent standards across an IT organization improve interoperability, reduce risk of deployment failures, and facilitate governance. Infrastructure Engineering (IE) is the process of collecting, creating, and managing standards and policies for IT services and infrastructure. Through implementation of the Infrastructure Engineering formalized processes, organizations will:

  • Develop standards, policies, benchmarks, and guidelines for managing the infrastructure now and in the future, maximizing availability, supportability, and operability.

  • Provide guidance and control to ensure that solutions are operable at the appropriate level and to optimize timing for new solution design and changes.

  • Ensure that the infrastructure in use, including the technology and common application portfolios (for example, standard desktops) align to the business strategy and direction.

  • Measurably improve their management of the infrastructure environment.

  • Provide for a means of verifying quality assurance (QA) for all infrastructure development at the planning and authorization stages.

  • Maintain a cost-aware approach to the selection of strategic technology solutions and reduce unnecessary costs.

Infrastructure Engineering will take the lead in identifying and normalizing existing standards and policies and determining the need for new ones. The IE SMF has responsibility for managing the development of standards and policies, typically through internal or external subject matter experts.

An organization that implements best practice Infrastructure Engineering should have the organizational capabilities in place to be able to complete and maintain the following:

  • Discover current standards and policies.

  • Define categories of standards, processes, and policies that align with their IT organizational structure.

  • Define an effective suite of standards, processes, and policies for common IT activities.

  • Implement and maintain a change management process.

  • Apply the standards and policies for design, development, and deployment tasks.

The breadth and depth of the standards and policies that are developed and applied may vary from organization to organization, depending upon the maturity level to which other MOF service management functions have been adopted.

In implementing the Infrastructure Engineering process, a setup activity is initiated to define the scope of the infrastructure environment and to determine how best to manage it using defined policies and standards. Regulation of the infrastructure through the use of these standards can be as passive or active as the organization needs, although it is suggested that the use of established policies and standards be enforced at the Change Initiation Review, as a minimum.

Infrastructure Engineering Process Flow

The development and application of consistent IT policies and standards across an organization is accomplished through the following process, which is described in detail in subsequent sections.

Define the Infrastructure Environment

A clear and thorough definition of the infrastructure environment is key to its successful and subsequent management. This process provides guidance on how to define the environment and determine the desired scope of environmental components to be regulated. It also examines how to categorize elements of the infrastructure into sensible groupings to allow effective utilization of standards and policies.

Collect and Define Policies and Standards

The use of policies and standards to control evolution of the infrastructure helps to maintain a stable and effectively aligned IT organization. This process provides guidance on collecting and documenting the policies and standards that exist across the infrastructure and defining new ones where necessary, looking in particular at key inputs that will ensure the best fit for the organization now and several years into the future.

Apply Policies and Standards for Infrastructure Guidance

The creation of policies and standards adds real value only if they are used effectively to provide guidance and control over the integrated infrastructure environment. This process examines how policies and standards should be applied in developing a new requirement or a change to the infrastructure. The process also describes an alternative for dealing with situations that fall outside the need for a standard or policy by taking a controlled approach to exceptions.

Maintain Policies and Standards

Because the policies and standards are created across all the processes and IT personnel roles, it is important to ensure that they are maintained effectively and kept accessible to all potential users.

For more detailed information on Infrastructure Engineering, see the Microsoft Operations Framework Infrastructure Engineering Service Management Function.

Phase 4: Deploy (IT Service Continuity Management)

Major IT outages occur outside the realm of availability and incident management. IT Service Continuity provides best practices and guidance to support business continuity through the implementation of effective IT service recovery procedures.

Many factors affect the availability of an IT service such as hardware failure, environmental issues, and human error. A hardware failure, such as a broken power supply or disk drive, is one of the most obvious factors to consider. If the only power supply to a server fails, then this might cause the whole IT service to be lost. Dual redundant power supplies attached to the server can be employed to mitigate some of this risk. If power to the whole computer room or data center is disrupted, battery backup systems can be employed to cover the short time it might take to start up a standby generator. Exposures such as these are referred to as availability risks and the actions we might take to mitigate them are called countermeasures.

Risks to availability also exist within processes and procedures and also arise out of human error. If a poorly tested change is introduced that inadvertently prevents users from connecting to the IT service, then the complete service is unavailable until access is restored. If the production database is accidentally overwritten with last night's backup data instead of a new backup being performed, this can have catastrophic consequences on availability. Countermeasures, such as carefully designed testing and release procedures and appropriate staff training plans, can also be employed to help mitigate these risks. When these mitigation plans fail, contingency plans must be invoked.

Availability management and service continuity management are closely related in this respect as both processes strive to eliminate risks to the availability of IT services. The prime focus of availability management is handling the routine risks to availability that can be reasonably expected to occur on a day-to-day basis. Where no straightforward countermeasures are available or where the countermeasure is prohibitively expensive or beyond the scope of a single IT service to justify in its own right, these availability risks are passed on to service continuity management to handle.

Service continuity management is concerned with managing risks to ensure that an organization's IT infrastructure can continue providing services in the event of an unlikely or unanticipated event. This is accomplished through a process that analyzes business processes, their impact on the organization, and the IT infrastructure vulnerabilities that these processes face from a myriad of possible risks. This requires a great deal of research to be conducted with diligence to identify all critical business processes and their vulnerabilities.

This task begins by dividing the effort into three phases: define the service level objectives, propose a solution to meet those objectives, and formalize the written agreements and contingency plan. Each phase has tasks and deliverables associated with it that assists in determining cost-effective solutions. The deliverables need to be maintained as active documents and updated as needed.

Service continuity management consists of four main processes and a number of subprocesses as described in the following list.

Acquire service level requirements

  • Identify information technology service layers

    • Service

    • Application

    • Middleware

    • Operating system

    • Hardware

    • Local area network

    • Passive components

    • Hubs, switches, and routers

    • Network interface cards

  • Facilities

    • Edifice

    • Environmental controls

    • Physical security

    • Fire suppression

    • Human convenience

  • Egress

    • Security

    • Water

    • Sewage

    • Gas

    • Electricity

    • Internet access

  • Identify risks to each information technology service layer

Propose contingent solution

  • Design for failover

  • Outsourced services

  • Facilities

Formalize operating level agreements

Formalize the contingency plan

  • Definition of contingency levels

  • Escalation and notification procedures

  • Startup and shutdown procedures

  • Communications methods

  • Status reporting requirements

For more detailed information on IT Service Continuity Planning and associated operator role clusters, see the Microsoft Operations Framework Service Continuity Planning Service Management Function.

Phase 4: Deploy (Workforce Management)

Skilled IT personnel are crucial to the evolution of an efficient IT organization. Their recruitment, training, readiness, compensation, and retention are discussed as part of Workforce Management. Best practice workforce management should be observed at all levels of optimization; it becomes a defined discipline at the Dynamic level, meaning that the success of defined goals in workforce management are tracked and measured to ensure continuous improvement.

Key goals and benefits of workforce management include:

  • Correct staffing levels to meet the needs of the computer production environment and the business needs.

  • Staff with the appropriate level of technical skills.

  • Retention of staff.

  • A reduction in absence due to stress and sickness.

  • Skill sets suitable for coping with a changing environment, products, and services.

  • Clear and well-understood career paths and growth opportunities.

  • Ability to absorb contract staff seamlessly.

  • An ergonomic working environment.

Workforce management is concerned with recruiting and retaining staff to meet the needs of the operations organization. This is dependent upon the size, IT architecture, and the specialized needs and sophistication of the organization. It is also dependent on the organizational model implemented within the organization.

Workforce Management Considerations
Staffing Levels and Skill Sets

Once the IT architecture and specialist needs are understood, then workforce management must understand the business needs, based on the SLA and the computing requirements of the organization, before it can establish the correct level of staffing requirements. Understanding the correct staffing and skill levels needed is an ongoing process so that staff or skill shortages do not occur unexpectedly.

Hiring the right staff who possess the appropriate skill sets and who will work well as part of a team is the main responsibility of the human resources manager.

Having the right staff with the appropriate skill sets can be achieved by ensuring that staff members are rewarded for their contributions. In addition, providing excellent training schemes (training profiles should exist for each job description), certification programs, and enhanced career prospects and career paths increases hiring success. (Such policies and programs should be established before problems arise and staff loses occur.)

One of the most critical (and most often neglected) aspects of managing a workforce is the process of conducting an ongoing skills inventory of the staff. Taking a regular inventory of current skill sets across the operations workforce helps identify areas of weakness.

Employee Retention

A stable workforce is crucial to maintaining service levels. Employee retention is the cornerstone of workforce stability. It also leads to increased productivity over time and improved customer service. An effective workforce plan is therefore needed to retain employees (reduce turnover) by using proactive retention techniques that give the employee incentives to remain in the workforce. Hiring the right people is of no value if the organization cannot retain them over time.

Employee Absence

The human resources manager should use consistent attendance management policies to deal effectively with unplanned absence. The policies should clearly define expectations of attendance and proper notification procedures, as well as the disciplinary measure(s) that will be taken against staff who are absent beyond tolerable limits. In order for this policy to be credible and successful, it needs to be communicated to all staff and applied uniformly throughout the organization.

Absence can be planned or unplanned and may not necessarily reflect poor health by the person who is absent. Whether planned or unplanned, employee absence has a detrimental effect on the services provided by the entire workforce to the organization. Nevertheless, employee absence is a reality in any workforce and needs to be accepted and planned for.

Performance Management

The human resources manager must develop a high-quality performance management system for the support staff by giving them specific goals to attain—goals that are measurable, appropriate, and fully support the SLAs. He or she must ensure that all employees understand the goals and that the employees obtain feedback in order to develop their goals.


The workplace environment can play an important role in the retention of service and support staff. Since personnel availability is key to the success of an efficient and service-oriented workforce, employees are often required to stay at their workstations for extended periods. A functional workspace that provides for elements like acoustic balance, ergonomic workstations, and an efficient and clean overall atmosphere increases employee satisfaction and their feelings of "wanting to be there."

External Resources

Contracted resources may form part of a short- or long-term staff augmentation; familiarizing them with company policies and procedures provides a seamless and trouble-free staff augmentation experience.

It is the responsibility of the human resources manager to ensure that every support professional, whether internal or external, has a clear understanding of the support organization's goals, processes and procedures, tools, success and measurement metrics, and measurement process.

Workforce Management Processes

Workforce management consists of six main processes and a number of subprocesses, which are described in the following list.

Crafting an operations organization

  • Determining staffing requirements

    • Operations organization makeup considerations

    • Predicting staffing levels

  • Hiring and retention considerations

    • Attracting, developing, and keeping strong IT operations staff

  • Proper employee orientation

  • Job descriptions

  • Workforce skills assessment

  • Workforce retention management

  • Workforce absence control

Workforce performance considerations

  • Individual and group objective setting

  • Performance monitoring and metrics

  • Performance measurement

  • Performance evaluation

  • Reward and recognition considerations

Considerations for external resources

Maintaining a ready and reliable workforce

  • Employee readiness considerations

  • Operations professional training considerations

  • Balancing training with support requirements

  • Environmental considerations

Employee safety

For more detailed information on Workforce Management, see the Microsoft Operations Framework Workforce Management Service Management Function.

Further Information

For more information on this topic, go to the Microsoft Operations Framework Optimizing Quadrant guidance on Microsoft TechNet or search for “MOF Optimizing.”

Topic Checkpoint



  • Implemented best practice Availability Management.


  • Implemented best practice Financial Management.


  • Implemented best practice Infrastructure Engineering.


  • Implemented best practice IT Service Continuity Management.


Implemented best practice Workforce Management.

If you have completed the steps listed above, your organization has met the minimum requirement of the Dynamic level for the ITIL/COBIT-based Management Process capability of the Infrastructure Optimization Model.