Audit of Demand and Relationship Management

Executive summary

What we examined

The objective of this audit was to provide assurance that appropriate controls, processes and functions had been defined for Shared Services Canada (SSC) to proactively manage the demands of, and relationships with, its partners and clientsFootnote 1 .

The scope of the audit included the controls, processes and functions within the Information Technology Infrastructure Library (ITILFootnote 2 ) service lifecycle related to demand and relationship management with SSC’s partners and clients. Controls and processes in place from April 2014 to April 2015 were assessed against the ITIL Maturity Model.

Why it is important

Approximately 1,300 information technology (IT) employees from Public Works and Government Services Canada transferred to the new department in the summer of 2011. An additional 5,000 IT and internal services employees from 43 other federal organizations were transferred in November 2011. This experienced workforce operates under a new business model, one that encourages partnerships and that is based on service excellence, innovation and value for money.

Demand and business relationship management are critical parts of service management at SSC. The Department has based service management, including processes for demand and relationship management, on the ITIL service lifecycle. At the time that this audit was launched, SSC was engaged in a number of parallel policy and process activities that were prerequisites to the development of a Service Management Strategy.

What we found

We found that SSC established an initial framework for controls, processes and functions for the management of service demand and partner relationships; however, it had not reached a higher level of process maturity to manage service demands and meet the requirements of its partners and clients.

Strategy management for IT services, service portfolio management, financial management for IT services and demand management were in the early stages of maturity. SSC documented and communicated a strategy management process as well as a service portfolio. However, there was no process to assess the effectiveness of the enterprise service strategy and processes and service portfolio processes have not been consistently followed. An Enterprise Cost Management Framework was being developed during the audit examination. SSC’s demand management function was being tracked using various tools and systems; service requests were received through multiple channels and there was no process in place to communicate updates on the status of services.

Business relationship management and service catalogue management had reached a moderate state of maturity. Standardized business relationship management processes were used to communicate information to SSC’s partners and clients. SSC published its initial service catalogue March 31, 2015.

Finally, capacity management was assessed at the time as absent; there was no centralized capacity management function in place and SSC had not developed a capacity plan. We also found that SSC did not have a centralized service management information management system to allow for information sharing and the development of service metrics.

Developments outside of Audit Scope Period

Immediately following the scope period of the audit, in April 2015, SSC re-aligned a number of business functions, including those for demand management, relationship management, service design and service delivery. Following the realignment:

  • SSC’s Strategy branch was given responsibility for relationship management; acting as the primary point of contact for partners and clients, they will voice partner concerns, educate, advocate, engage and manage expectations
  • demand management was made the responsibility of the Service Management and Data Centres branch who engages partners on the technical front, triaging requests, sequencing activities, recovering costs and building solutions
  • service delivery and design became a multi-branch initiative involving the cooperation of many employees across SSC. Ongoing communication between all branches in SSC is necessary for demand and relationship management processes to be effective

The April 2015 reorganization of the Department demonstrated SSC’s commitment towards developing a more mature process framework to proactively manage its integrated service function.

The audit work was completed by 2016 but due to changes within the Office of Audit and Evaluation at SSC, the report was not finalized. As a result in 2017 it was decided to do a full follow-up review of all outstanding management action plans before the publication of the audit report. Subsequent changes were not applied to the overall findings presented in the audit; however, recommendations and management responses were adjusted to better reflect recent circumstances.

As a result of this review, the Office of Audit and Evaluation found that all elements of the management action plans were complete with the exception of one, concerning the implementation of a Customer Relationship Management Tool. Overall management has implemented sufficient improvements to address the recommendations made in this audit report through:

  • the establishment of a multi-year service management strategy
  • the establishment of appropriate governance processes (the Service and Project Review Board and the Account Management Board)
  • an organization structure has been put in place to support implementation and ongoing service management process management
  • performance metrics including operational and service reviews have been established in alignment with the broader departmental performance management framework
  • the introduction and implementation of the Enterprise Business Intake and Demand Management to standardize demand management
  • the SSC service catalogue was implemented as the single window for SSC service information and processes established to communicate and maintain the catalogue management process
  • a client feedback process was established to collect information to improve on service delivery
  • a process maturity assessment was conducted and SSC management prioritized the management of demand, tracking of business requests and implementation of standardized tools and processes

Of important note is that in the longer term, the implementation of a new Information Technology Service Management system (ITSM), currently under development, will integrate and enhance SSC’s ability to manage this critical aspect of its operations.

The Office of Audit and Evaluation plans to conduct a follow-up audit of Demand and Relationship Management as part of its 2017-2020 risk based audit plan.

Sharon Messerschmidt
Chief Audit and Evaluation Executive

Background

The Government of Canada established Shared Services Canada (SSC) on August 4, 2011, to modernize how the federal government manages its information technology (IT) infrastructure in order to better support the delivery of programs and services to Canadians.

As mandated by the Shared Services Canada Act, SSC is supporting business continuity and improving IT operations for 43 federal partner departments and agencies. That responsibility includes keeping the mission critical systems operational across the government. Approximately 1,300 IT employees from Public Works and Government Services Canada transferred to the new department in the summer of 2011. An additional 5,000 IT and internal services employees from 43 other federal organizations were transferred in November 2011. This experienced workforce operates under a new business model, one that encourages partnerships and that is based on service excellence, innovation and value for money.

This audit was approved by the President of SSC after being recommended by the Departmental Audit and Evaluation Committee as part of the 2014–2017 Risk-based Audit and 2014–2019 Evaluation Plan.

Demand and business relationship management are critical parts of service management at SSC. The Department has based service management, including processes for demand and relationship management, on the Information Technology Infrastructure Library (ITIL) service lifecycle. ITIL provides a cohesive set of best practices, drawn from the public and private sectors internationally, which have been adopted by individuals and organizations across the world to align IT services with the needs of business (ITIL v.3, 2011 edition).

SSC’s demand management processes involve receiving service requests from 43 partner organizations and 137 client organizations. These requests come from three main sources: end users, departmental Chief Information Officers (CIO) (managed as projects, these requests are generally more complex and larger in scope) and requests generated internally by SSC employees. Some requests are completed on a cost recovery basis while others assumed by SSC. Some examples of typical requests include: increasing server capacity, setting up IT workspaces during a building relocation, and purchasing and setting up telecommunication devices or teleconference facilities.

SSC’s relationship management is complex; our partners and clients span a range of demographics and support a variety of industries from weather forecasting to security/policing. SSC provides a range of support and services to small clients with less than 50 employees and large partners with more than 50,000 employees. Understanding the needs of these partners and clients and maintaining positive working relationships is essential for SSC to succeed in delivering its mandate.

In April 2015, SSC realigned a number of business functions, including those for demand management, relationship management and service design and delivery. Following the realignment, SSC’s Strategy branch became responsible for relationship management; acting as the primary point of contact for partners and clients, they will voice partner concerns, educate, advocate, engage and manage expectations. Demand management was made the responsibility of Service Management and Data Centres (SMDC) Branch, who engages partners on the technical front, triaging requests, sequencing activities, recovering costs and building solutions. Service delivery and design is a multi-branch initiative involving the cooperation of many employees across SSC. Ongoing communication between all branches in SSC is necessary for demand and relationship management processes to be effective.

Objective

The objective of this audit was to provide assurance that appropriate controls, processes and functions have been defined for SSC to proactively manage the demands of, and relationships with, its partners and clientsFootnote 3 .

Scope

The scope of the audit included the controls, processes and functions within the ITIL service lifecycle related to demand and relationship management with SSC’s partners and clients. Controls and processes in place from April 2014 to April 2015 were assessed against the ITIL Maturity Model.

Methodology

During the planning of the audit, we:

  • interviewed managers and technical experts
  • reviewed relevant documents, including flowcharts, reporting dashboards, decision‑making committee’s terms of reference, functional guidance and action plans
  • mapped processes, controls and risks
  • interviewed SSC’s partners in small, medium and large departments

Field work for this audit was substantially completed by May 31, 2015.

The ITIL process maturity framework (PMF) which provides a common, best practice process maturity assessment approach widely used in the IT industry, was used as the main tool to assess the maturity of the service management in the organization. ITIL V.3 is the Framework used by SSC for IT service delivery. The organization strives to achieve a proactive service supply, with services being supplied ahead of demand rather than being demand-driven. The ITIL Service Management practices are based on the idea of achieving service quality and considering services to be assets from which the customer gains value. ITIL standards also contain a PMF, which can be used to measure the maturity of the Service Management process as a whole.

Based on our risk assessment, and in consultant with process owners, we selected seven ITIL processes within the lifecycle stages of “service strategy” and “service design” and applied the ITIL maturity model high-level self-assessmentFootnote 2 to obtain a rating of the Department’s functions related to demand management. The high-level assessment is designed to provide maturity score ratings to 0.5 of a decimal place. The seven processes covered by our assessment were:

  • Strategy management for IT services
  • Service portfolio management
  • Financial management for IT services
  • Demand management
  • Business relationship management
  • Service catalogue management
  • Capacity management

Based on the results of the ITIL Maturity Model high-level assessmentFootnote 2 , each of the six lifecycle processes was assigned a level of maturity:

  • Level 0: absent (chaos)
  • Level 1: initial (reactive)
  • Level 2: repeatable (active)
  • Level 3: defined (proactive)
  • Level 4: managed (pre-emptive)
  • Level 5: optimized

We expected to find that SSC would be at a Level 3 for each of the seven processes.

Figure 1: process maturity frameworkFootnote 4
Graphical representation of the process maturity framework
Figure 1 - Text version

Figure 1 is a graphical representation of the ITIL process maturity levels with each level placed higher and to the right of the previous one to represent progression and increased maturity:

Levels 1 through 5 are each represented by a labelled blue square box while level 0 is a represented through text. The axis of the graph are not labeled but point upwards and to the right indicating an upwards and to the right maturity progression. Vertical grid lines space the boxes at equal intervals. Each maturity level box is placed in increasing order on the graph: level 0 (absent) is located below the horizontal axis between the origin and the first grid line, level 1 (initial) is located with its lower edge on the horizontal axis and one grid line away from the origin, level 2 (repeatable) is located two grid lines away from the origin with its left lower corner touching the level 1 (initial) box’s right top corner. Level 3 (defined), level 4 (managed), and level 5 (optimized) are similarly placed in relation to each other, with each box’s lower left corner touching the previous box’s right top corner.

Statement of Assurance

Sufficient and appropriate procedures were performed and evidence gathered to support the accuracy of the audit conclusion. The audit findings and conclusion were based on a comparison of the conditions that existed as of the date of the audit, against established criteria that were agreed upon with management. This engagement was conducted in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing. At the time of the audit practice inspection had not been conducted.

Detailed Findings and Recommendations

Strategy Management for Information Technology Services

To best support the business needs, IT services should be managed from an enterprise perspective. The strategy management process defines and maintains perspective, position, plans and patterns related to services, as well as management of the organization’s services. Executive accountability and responsibility is critical to the success of this process. In addition, each business unit needs to buy in and support the strategyFootnote 5 .

We expected the strategy management process at SSC to be managed proactively. This included having a documented strategy that was communicated internally and externally, with exceptions to the process being logged and used as a basis for improvement.

We found that strategy management for IT services was a Level 1.5 (between initial and repeatable).

SSC had a strategy management process which was documented and communicated by means of a “Functional Direction for the following enterprise services: Data Centre, Telecommunications, Distributed Computing, Cyber and IT Security”. This Functional Direction outlined SSC’s transformational initiatives aimed at improving IT across the Government of Canada. The strategy management for IT Services at SSC was based on the principle of increasing business value of the IT services delivered. The process was also directly related to all the services contained within the service portfolio, including customer-facing services and supporting services.

The Functional Direction was updated following a bi-annual cycle of gathering feedback; the latest Functional Direction version 4.0 was slated for release June 2015. The Functional Direction was linked to the SSC website and with each iteration of service transformation the size of the Functional Direction is reduced, as services are dropped off the Functional Direction when added to the Service Catalogue. While a process was in place to gather internal feedback, there was no external process in place to gather feedback from partners.

The importance of conforming to SSC’s IT service strategy was communicated to employees with the issuance of each new update to the Functional Direction. There was an exception process documented in the Functional Direction but there was no tracking of exceptions or evidence to support that the exception process was being regularly followed across all service portfolios. To rectify this issue, the Chief Operating Officer has escalated the exception approval to the Assistant Deputy Minister level, but there was still no central tracking of exceptions in place, as they were tracked by service lines.

In order for SSC to achieve a proactive process, there is a need to define service strategy objectives and metrics to assess process performance against agreed process targets. In addition, an exception tracking process is required to ensure that the process is followed consistently and the impact of any exceptions assessed. This can be accomplished by developing a multi-year departmental service management strategy which includes an annual progress reporting in alignment with the Management Accountability Framework and the Treasury Board (TB) Policy on Service requirements.

Recommendation 1

The Senior Assistant Deputy Minister, Strategy, should develop a multi-year departmental service management strategy, which includes regular reporting against agreed performance objectives and targets.

Management response

Management agrees with this recommendation.

At the time that this audit was launched, SSC was engaged in a number of parallel policy and process activities that were prerequisites to the development of a Service Management Strategy. These included development of a Service Lifecycle management Framework, implementation of a Service Authorization Process, and re-designing the departmental Extranet to facilitate its evolution towards an interactive On-line Service Catalogue containing essential information required by SSC customers, such as service expectations for standardized services.

The Department has completed a number of policy, process and governance documents that address service management, including the Service Management Framework, Functional Direction, and Operational Service Management Manuals. A multi-year departmental service management strategy is currently in development to provide the over-arching view of how these different elements interact to ensure quality delivery of services. The service management strategy will also address SSC commitments in response to the 2014–15 Management Accountability Framework assessments on the Service Area of Management and will align with the requirements of the TB Policy on Service.

Recommendation 2

The Assistant Deputy Minister, Data Centre Services, should develop a centralized process to track and report to senior management exceptions to SSC’s Functional Direction. The Senior Assistant Deputy Minister, Strategy, should evaluate or determine the impacts of these exceptions on SSC’s Transformation Programs.

Management response

Management agrees with the recommendation. During the course of this audit, the Government of Canada adopted new principles affecting how exceptions to SSC’s Functional Direction are handled. These new principles reflect a change in the Government of Canada’s posture with respect to investment in legacy infrastructure services and solutions, while affecting SSC cost recovery practices. For this reason, tracking and reporting exception decisions to senior management has become even more critical.

Data Centre Services branch’s management agrees to develop a centralized process to track and record exception decisions made to directives within SSC’s Functional Direction document. Decisions and reports will be included as part of a repository that will be made available to Service Management Branch and all Service Leads to support their regular reporting to senior management on the impacts of these decisions to SSC’s service delivery.

Decisions arising from the Weekly Functional Direction (FD) Exception Process Review Committee will be communicated via the distribution of the Meeting Decisions to senior management within 24 hours of each meeting. In addition, results of FD Exception Review decisions will be incorporated into the Enterprise Business Intake Tracking System as part of the corporate record for each Exception Request. This will enable the Service Strategy- Analytic and Benchmarking team to provide regular reporting to senior management on the impacts of FD exceptions on SSC Transformation Program.

Decisions will be included as part of a repository that will be made available to internal business processes – such as demand management. Regular reporting to senior management of the impacts of these decisions to SSC’s service delivery will be incorporated as part of the process.

Service Portfolio Management

Service portfolio management is a dynamic method for governing investments in service management across the enterprise and managing them for value. A service portfolio is the complete set of services that are managed by SSC and describes these services in terms of business valueFootnote 6 .

We expected that service portfolio processes were documented and carried out consistently across portfolios, performance metrics were defined and reported internally and externally allowing for the proactive management of business functions.

We found that service portfolio management was a Level 1.5 (between initial and repeatable).

SSC’s service portfolio was documented and followed a regular review and updating process. The services list had been approved by SSC management and contained service definitions, interdependencies and a break-down of services between “partner-facing services” and “technical (enabling)” services.

SSC’s organizational service lines were realigned April 1, 2015, from a partner portfolio model to a service portfolio model. Process activities and decision making were not consistently undertaken within and across portfolios, particularly with regard to legacy systems. Portfolios were not using a standardized set of tools to record decisions, cost services and monitor transactions. With the exception of incident reporting, service metrics were not consistently collected or reported by portfolio.

To reach a proactive level of maturity, SSC’s service portfolios will need to follow documented, consistent and repeatable processes and develop service metrics to measure the efficiency and effectiveness of processes.

Recommendation 3

The Chief Operating Officer (COO) should establish governance processes to ensure alignment with strategic and service objectives.

Recommendation 4

The Senior Assistant Deputy Minister of Service Delivery and Management, should implement consistent procedures for service management across SSC.

Management response

Management accepts this recommendation. Key organizational changes have been implemented since April 2015 to better position SSC to deliver Service Management excellence. Service management resources were first consolidated into a single organization; a new Service Delivery and Management Branch was then established with the mandate to evolve service management practices and processes across the Department.

Steps are being taken to advance SSC’s enterprise service management capability. An end-to-end Information Technology Service Management (ITSM) process maturity assessment was completed in 2015, which led to the establishment of the Service Management Transformation Program. Core to this Service Management Transformation Program is the ITSM Roadmap Implementation Project, which will include investment in a state-of-the-art ITSM tool and the services of an industry leader to accelerate improvements to SSC’s enterprise service management processes. A Process Centre of Expertise has been established within the Branch as part of the Project and will provide oversight and support for the ongoing evolution of Service Management processes.

Recommendation 5

The Senior Assistant Deputy Minister, Service Delivery and Management, should develop performance metrics which are regularly reported to senior management.

Management response

Management agrees with the recommendation.

In the context of performance metrics, SSC will establish a systematic approach for service reviews incorporating operational and financial performance metrics as they become available. This will ensure appropriate actions are taken to improve service delivery and to support continual service improvement. Conducting regular service reviews will be an important component of this approach.

SSC will continue to strive to enhance its operational performance reporting through improvements to service standards, data scope and quality. Service reporting will evolve as performance metrics are defined through their service lifecycle and data availability is enhanced with the adoption of a new state of the art ITSM Tool and implementation of mature service management processes through the ITSM Roadmap Implementation Project.

Financial Management for Information Technology Services

Financial management provides the value of IT services, the value of the assets underlying the provisioning of those services and the qualification of operational forecastingFootnote 7 .

We expected the financial management process for IT services at SSC to be managed proactively. This included having a documented costing framework, with accurate costing metrics, and automated tools to ensure efficiency and consistency of processes.

We found that financial management at a Level 1.5 (between initial and repeatable).

We found that the process roles and responsibilities for the financial management of IT services were assigned and documented. However, we identified weaknesses with the current state of the costing aspect of the financial management process, in particular, regarding cost recovery. Few areas had defined costing requirements and there was no centralized costing guide. This led to inconsistent costing of business requirements and inconsistent decision making on when to charge partners for services. A project charter has been developed to establish an Enterprise Cost Management Framework (ECMF) and the draft conceptual costing model had been approved by the Senior Management Board.

While there were plans to include unit cost measures in future service listings, the Finance directorate had difficulties obtaining metrics and cost drivers from SSC’s service portfolios necessary for the development of the costing model.

To achieve a proactive level of financial management for IT services, SSC will need to implement its ECMF to allow for the consistent costing services and cost recovery decision making, and regularly update the framework based on service portfolio updates and stakeholder feedback. In addition, ITIL recommends that financial management works in conjunction with capacity management to align budgets with service demands and organization capacity plans. SSC has not yet developed an enterprise-wide capacity plan (see Capacity Management section); an SSC-wide capacity plan integrated with financial, resource management and partner planning would allow more proactive management of SSC partners’ needs.

Auditor’s note: In consultation with Corporate Finance, a recent assessment has indicated that the main deficiencies in this area have been addressed and no longer require a recommendation to resolve the issues. Audit work was not performed to determine whether the ITIL score would have improved in order to maintain the assessment as at the time the audit was conducted.

Demand Management

The purpose of demand management is to understand and influence customer demand for services and the provision of capacity to meet these demands. At a strategic level, this can involve analysis of patterns of business activity and user profiles. At a tactical level it can involve use of differential charging to encourage customers to use IT services at less busy timesFootnote 8 .

We expected to find that demand management was managed proactively, including processes to track and provide updates on all service requests, measure performance, provide training and receive feedback from partners. We expected that decision making was consistent and centralized, and that there were procedures for the regular reporting of service demands.

We found that demand management was a Level 1.5 (between initial and repeatable).

Multiple channels existed to receive service requests and SSC’s demand management function was being tracked using various tools and systems. Management considered these systems and tools to be interim solutions which should be replaced by centralized tracking and a single service window for partners and clients into SSC. Due to the lack of centralized intake and tracking, SSC was unable to produce a consolidated reporting of all service demands or analyze patterns of business activity. There was a risk that requests could get lost between tracking tools.

Standardized methodology and a centralized decision-making point for business intake have not yet been established. Decision-making roles and responsibility for previous decision-making committees were unclear; work is being done to clarify these roles and responsibilities. A lack of training and resources at the operational level also impacted the ability of the demand management function to make timely, effective and efficient decisions.

Updates on the status of services were often achieved through informal discussions; there were no automated tools to receive updates on the status of services and no channels for direct feedback from partners. Partners interviewed expressed frustration that they received little feedback from SSC and did not know how long it would take to receive a given service. Feedback is planned to be received from partners by involving partner CIOs in discussions about prioritization of resources and requirement of ranking for demand requests; however, these feedback strategies are not yet implemented.

For SSC to achieve a proactive level of demand management, a standardized intake process, with consistent, repeatable decision making and recognized roles and responsibilities are needed. ITIL processes are required to receive regular updates on the status of services and report these back to partners and clients. A lack of metrics, such as the measuring of business activity, leads to an incomplete picture of SSC’s demand-related needs and activity. Complete and quality information is required for analyzing patterns of business activity. Deviations from the demand forecasts should be reviewed and reported to reduce the impact of future deviations and, in conjunction with capacity management, balance resources to meet fluctuations in demand.

Recommendation 6

The Senior Assistant Deputy Minister, Service Delivery and Management, should develop, communicate and monitor standardized demand management processes consistent with SSC’s service strategy.

Management response

Management agrees with this recommendation. SSC’s enterprise demand management function, which was created April 1, 2015, will evolve to a centralized model with a standardized methodology and a centralized decision-making function.

This will be achieved through the development of standard triage and prioritization criteria and the implementation of a triage review committee. The achievement of the management action plan tasks will result in a standardized demand management process that will be consistent with SSC’s service strategy and will be communicated across the organization. This process, in particular, will be under continuous improvement until such time as enterprise tools are in place.

Recommendation 7

The Senior Assistant Deputy Minister, Service Delivery and Management should implement a single service window into SSC that will allow the centralized tracking of requests

Management response

Management agrees with this recommendation. SSC will continue to evolve and promote the SSC Service Catalogue that is in place on the Serving Government website. The Service Catalogue is the single source of service information and portal for end-users.

In order to be more efficient, effective and responsive to customer requests, SSC will leverage e-enablement solutions and innovative technologies such as Cloud Management to allow faster access to services and consistent service delivery. The goal is to have a self-serve catalogue supported by the procurement and implementation of a state-of-the-art ITSM Tool with associated tracking and reporting capability.

Business Relationship Management

Business relationship management is the process by which business managers establish strong relationships with customers through communication, input to service portfolio management and ensuring that the IT service provider is satisfying the business needs of its customers. Business relationship management is key to understanding customer business needs and outcomesFootnote 9 .

We expected to find that business relationship management was managed proactively, consistent processes were employed to communicate with partners and clients, standardized reporting templates were used, adequate training was provided to business relationship managers, inter-process dependencies were recognized and performance was measured then reported to both internal and external stakeholders.

We found that business relationship management was a Level 2 (repeatable/active).

Following the April 1, 2015 reorganization of the Department, SSC appointed account executives to be in charge of the business relationship management, to collect information on upcoming partner needs and to act as the primary point of contact for partners. Partner meetings were held regularly using a common agenda and partners were requested to participate in the planning service needs. We found that SSC had documented standard process templates but they were not used consistently. We sampled four departments and expected to find each of four required documents; we found that one of them was not prepared for a department. Dashboard reports of activities and performance were produced, reviewed and regularly reported to internal and external stakeholders.

We found that, prior to the April 1, 2015 reorganization of the Department, communication between relationship managers and partners was inconsistent. Some relationship managers did not have a good understanding of the tasks, activities, outcomes and constraints of SSC’s partners and stakeholders. Following the realignment, SSC established 13 new account executive positions to act as the primary point of contact between SSC and its partners. These account executives will provide a more intimate view on the priorities of our partners.

To achieve a proactive level of business relationship management, tools to collect information and analyse business patterns should be used to share information across SSC. Account executives will need to fully understand the tasks, activities, outcomes and constraints of their partners, as well as other internal and external stakeholders. A regular review of service outcomes, value of services and customer feedback gathered by account executives would enhance SSC’s business management function.

Recommendation 8

The Senior Assistant Deputy Minister, Strategy, should collect feedback from SSC’s partners and clients to ensure their needs, priorities and constraints are being understood by account executives and used to improve service delivery processes.

Management response

Management agrees with the recommendation.

During the course of this audit, SSC re-aligned a number of key customer-facing functions as a means of improving responsiveness and increasing the support that the department provides to both partners and clients. For this purpose: a customer satisfaction feedback program was launched as a mechanism for gathering input from SSC partners and clients and driving continuous improvement within the Department. While accountability for Demand Management and Business Intake processes moved from what was formerly the Relationship Management team into a newly formed organization, called Service Delivery Management, the SSC Account Team concept was adopted, on the basis of which function of the Account Executive role was created as part of the Account Management function.

Building on the new account executive model, SSC will continue to conduct regular reviews with partners and clients to: plan, manage and respond effectively to their emerging needs including business requirements and management of agreements; improve on processes that provide status of key projects and service requests; identify key issues and concerns; determine user satisfaction with SSC services; and increase partner collaboration with SSC.

Service Catalogue Management

The purpose of service catalogue management is to provide a single source of consistent information on all of the agreed services, and ensure that it is widely available to those who are approved to access it. The service catalogue includes information about deliverables, prices, contact points, ordering and request processesFootnote 10 .

We expected to find that SSC had a published, up to date service catalogue that was proactively managed to ensure it was reliable, accurate, and met the needs of its partners and stakeholders.

We found that service catalogue management was a Level 1.5 (between initial and repeatable).

SSC published its initial service catalogue March 31, 2015. Available to partners and clients on SSC’s Serving Government website, this catalogue outlined the initial 14 services and related activities offered by SSC.

Processes to add new services or major updates to the catalogue have been documented in the service lifecycle artefact map which outlined the review approval processes. However, processes needed to achieve a proactive level of management for the service catalogue (e.g. reviews, approvals, customer feedback and metrics) have not been fully documented, communicated and implemented. The review and approval process for minor updates has not been defined and approved. A process is currently underway to gather internal and external feedback on SSC’s initial service catalogue. Metrics and costing have not yet been included in SSC’s service catalogue; however, plans have been made to define a unit cost of measure for every service with the intent to gather volumetric data.

SSC will need to define, communicate and consistently implement these feedback, review and approval processes to achieve a more mature, proactive state of service catalogue management and to maintain an accurate service catalogue.

Recommendation 9

The Senior Assistant Deputy Minister, Service Delivery and Management, should define, communicate and implement the process to maintain the service catalogue, based on information technology, business and partner / client needs.

Management response

Management agrees with this recommendation and has taken the steps to develop the service catalogue management process. The process is tied to the Service Management Framework and defines the management of information and contents, provides linkages to internal provisioning of ITSM tool, with an end-state vision of the Service Catalogue in mind. A supporting evolution strategy will also ensure that the catalogue matures in alignment with industry practices, the ITSM Roadmap Implementation Project (new tool and processes), Account team and customer requirements, and service line strategies and designs.

Capacity Management

Capacity management is a critical aspect of service management which has a direct impact on the availability of services and assists in the planning of short-, medium- and long-term business requirements by considering all resources required to deliver the IT service. An analysis of business requirements and customer outcomes provides the predictive and ongoing capacity indicators needed to align capacity to demandFootnote 11 .

We expected to find that roles and responsibilities for the capacity management process at SSC were clearly defined, metrics for capacity planning had been defined within the service portfolios and results were being reported to management and external stakeholders.

While SSC has recognized the need for a capacity management function, it has not yet achieved an initial level of maturity as per the ITIL PMF; we found that capacity management was a Level 0.0 (absent).

The April 2015 reorganization of the Department saw the capacity management function being assigned to the SMDC branch; however, no one has been assigned responsibility for capacity management. Some processes for capacity management were previously conducted at the service portfolio level; however, the portfolios have since been realigned and any methods formerly used to collect, record or apply information remain decentralized, inconsistent and undocumented. SSC’s ability to collect and analyze information for capacity management is hindered by the lack of a standardized tool to collect, capture and disseminate information across its service portfolios and branches. Most processes to collect this standardized information on services or service metrics across service portfolios remain at the conceptual stage.

The development of a capacity management function is necessary for SSC to prioritize and allocate resources to balance service delivery needs of partners while delivering its core mandate of transforming the Government of Canada’s IT infrastructure. There are plans to develop two new Government of Canada committees to discuss enterprise business strategic interests and, through collaborative prioritization, match business demand to collective capacity. An enterprise-wide capacity plan would help SSC to internally prioritize partner projects and assist these new committees in alignment of Government-wide demand to SSC’s capacity.

Recommendation 10

The Senior Assistant Deputy Minister, Service Delivery and Management, should ensure there is a centralized capacity management function within SSC to gather information from each client, create and analyze metrics for service capacity, inform service delivery managers of overall service constraints, and develop and communicate a capacity plan.

Management response

Management agrees with this recommendation. An ITSM process maturity assessment was completed in 2015, which provided a current state assessment of SSC ITSM processes and informed SSC’s ITSM Roadmap Implementation Project.

Based on the results of the assessment, processes including capacity management are being prioritized according to best practice approaches. The development of ITSM processes will be pursued in releases based on value, risk and interdependencies.

Overall Finding – Information Management

An important aspect of a proactive level of maturity is the ability to collect standardized information and measure performance using a range of metrics. To be effective, this information should be stored within a centrally controlled and maintained repository.

We found that many of the functions assessed lacked centralized systems and tools to collect standardized information and performance metrics. As a result, few processes had defined metrics, targets or regular reporting functions in place. The definition and development of standardized reporting tools and metrics would allow SSC to better assess performance, identify efficiencies and meet stakeholder needs.

Recommendation 11

The Chief Operating Officer should oversee the selection and implementation of centralized information systems and/or tools for: decision making; the collection, distribution and analysis of partner and client information; service metrics; and performance reporting.

Management response

The selection and implementation of a centralised tool will align to the ITIL Framework and will support and enable the effective reporting and management at an enterprise level.

SSC continues to evolve to enterprise services, enterprise service delivery practices and enterprise service management process and procedure and will adopt a tooling approach that will establish single authoritative sources of data to support reporting and management.

Conclusion

The objective of this audit was to provide assurance that appropriate controls, processes and functions have been defined for SSC to proactively manage the demands of, and relationships with, its partners and clients.

We found that SSC had laid an initial framework for controls, processes and functions for the management of service demand and partner relationships; however, it had not yet reached a proactive level of process maturity to manage service demands and meet the requirements of its clients and partners.

Figure 2: results of ITIL assessment
Audit Criteria Maturity Results Level
Strategy Management for IT Services 1.5 Initial - Repeatable
Service Portfolio Management 1.5 Initial - Repeatable
Financial Management for IT Services 1.5 Initial - Repeatable
Demand Management 1.5 Initial - Repeatable
Business Relationship Management 2.0 Repeatable
Service Catalogue Management 1.5 Initial - Repeatable
Capacity Management 0.0 Absent

We found that most ITIL processes reviewed had initial maturity level requirements in place. As most processes were in initial stages, we found weaknesses in terms of process activities being fully documented and consistently performed according to process documentation.

Strategy management for IT services, service portfolio management, financial management for IT services and demand management were between an initial and a repeatable stage of maturity. SSC has a documented and communicated strategy management process; however, there is a need to define service strategy objectives and metrics to assess the performance of the service management strategy.

SSC’s service portfolio was documented and followed a regular review and updating process; service management processes across portfolios were not consistent and service metrics will have to be developed to measure efficiency and effectiveness.

An ECMF was being developed for the financial management of IT services. To ensure proper development and updating of the framework, metrics and cost drivers from SSC’s service portfolios are required.

SSC’s demand management function was being tracked using various tools and systems; however, there was no process to communicate updates on the status of services. A standardized intake process, with a process for partners to receive regular updates on service status, is required.

Business relationship management had reached a repeatable state of maturity. Standardized business relationship management processes were used to communicate information to SSC’s partners and clients. Tools to collect partner feedback in addition to information to analyse business patterns are needed to improve service and relationship management processes.

SSC published its initial service catalogue March 31, 2015. Processes to update this catalogue should be documented, communicated and implemented in order to maintain its relevance.

Capacity management was assessed as absent. The development of a capacity management function and capacity plan is necessary for SSC to prioritize and allocate resources.

In addition to the seven ITIL processes reviewed, we also found that SSC did not have a centralized service management information management system to allow for information sharing and the development of service metrics.

To become more proactive, SSC needs to ensure compliance with the processes it has defined which will allow the performance of consistent processes. The April 2015 reorganization of the Department has demonstrated SSC’s commitment towards developing and implementing controls and functions based on the ITIL methodology to proactively manage the demands of, and relationships with, its partners and clients. However, work remains to be done to achieve a fully proactive and integrated service function.

Developments Outside of the Audit Scope Period

Immediately following the scope period of the audit, in April 2015, SSC re-aligned a number of business functions, including those for demand management, relationship management, service design and service delivery. Following the realignment:

  • SSC’s Strategy branch was given responsibility for relationship management; acting as the primary point of contact for partners and clients, they will voice partner concerns, educate, advocate, engage and manage expectations
  • Demand management was made the responsibility of the Service Management and Data Centres branch who engages partners on the technical front, triaging requests, sequencing activities, recovering costs and building solutions
  • Service delivery and design became a multi-branch initiative involving the cooperation of many employees across SSC. Ongoing communication between all branches in SSC is necessary for demand and relationship management processes to be effective

The April 2015 reorganization of the Department demonstrated SSC’s commitment towards developing a more mature process framework to proactively manage its integrated service function. In addition, other organizational changes and developments outside of the audit scope period  are worthy of mention including:

  • SSC has implemented a multi-year customer satisfaction feedback initiative, which is a key element of the Service Management Strategy. In December 2015, a questionnaire was launched to obtain feedback on service delivery from the CIOs of partner organizations. This questionnaire will be completed annually to capture trends in service delivery performance and engagement practices over time
  • In October 2015, the Service Management and Data Centres Branch was reorganized into two distinct branches: Service Delivery and Management and Data Centre Services. One branch now focuses on service management while the other continues to focus on the task of consolidating and modernizing data centres. This shift provides a more focused senior-level leadership to the service management and data centre functions

The audit work was completed by 2016 but due to changes within the Office of Audit and Evaluation at SSC, the report was not finalized. As a result in 2017 it was decided to do a full follow-up review of all outstanding management action plans before the publication of the audit report. Subsequent changes were not applied to the overall findings presented in the audit; however, recommendations and management responses were adjusted to better reflect recent circumstances.

As a result of this review, the Office of Audit and Evaluation found that all elements of the management action plans were complete with the exception of one, concerning the last recommendation regarding the implementation of a Customer Relationship Management Tool. Overall management has implemented sufficient improvements to address the recommendations made in this audit report through:

  • the establishment of a multi-year service management strategy
  • the establishment of appropriate governance processes (the Service and Project Review Board and the Account Management Board)
  • an organization structure has been put in place to support implementation and ongoing service management process management
  • performance metrics including operational and service reviews have been established in alignment with the broader departmental performance management framework
  • the introduction and implementation of the Enterprise Business Intake and Demand Management to standardize demand management
  • the SSC service catalogue was implemented as the single window for SSC service information and processes established to communicate and maintain the catalogue management process
  • a client feedback process was established to collect information to improve on service delivery
  • a process maturity assessment was conducted and SSC management prioritized the management of demand, tracking of business requests and implementation of standardized tools and processes

Of important note is that in the longer term, the implementation of a new Information Technology Service Management system (ITSM), currently under development, will integrate and enhance SSC’s ability to manage this critical aspect of its operations.

The Office of Audit and Evaluation plans to conduct a follow-up audit of Demand and Relationship Management as part of its 2017-2020 risk based audit plan.

Annex A: Audit Criteria

The following audit criteria were used in the conduct of this audit:

  1. Strategy management for IT services
  2. Service portfolio management
  3. Financial management for IT services
  4. Demand management
  5. Business relationship management
  6. Service catalogue management
  7. Capacity management

Annex B: Acronyms

ADM
Assistant Deputy Minister
CIO
Chief Information Officer
COO
Chief Operating Officer
DCS
Data Centre Services
DG
Director General
ECMF
Enterprise Cost Management Framework
IT
Information Technology
ITIL
Information Technology Infrastructure Library
PMF
Process Maturity Framework
SADM
Senior Assistant Deputy Minister
SDM
Service Delivery Management
SSC
Shared Services Canada
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: