7.4 Benefits and possible problems

7.4.1 Benefits

The real value of IT assets is generally much greater than their capital value because of the part these assets play in supporting the provision of quality IT services. The consequential loss to the organisation if these services are not provided can be very great.

Configuration Management contributes to the economic and effective delivery of IT services by:

• Providing accurate information on CIs and their documentation. This information supports all other Service Management processes, such as Release Management, Change Management, Incident Management, Problem Management, Capacity Management and Contingency Planning. For example, if a new product is available that requires a minimum configuration, Configuration Management can provide information for upgrade planning and replacements.
• Controlling valuable CIs. For example, if a computer were stolen then it would have to be replaced. Configuration Management helps IT management to know what its assets are supposed to be, who is responsible for their safekeeping, and whether the actual inventory matches the official one.
• Facilitating adherence to legal obligations. Configuration Management maintains an inventory of all items of software within an IT infrastructure. CIs that come to light, via configuration audits or calls to the Service Desk, that are not on this list are not authorised and may well have not been paid for. Illegal copies can easily be identified, for erasure or destruction.
• Helping with financial and expenditure planning. Configuration Management provides a complete list of CIs. It is easy to produce from this list expected maintenance costs and licence fees; maintenance contracts; licence renewal dates; CI life expiry dates; and CI replacement costs (provided that this information is stored). By providing this information Configuration Management contributes to IT directorates' financial planning.
• Making software Changes visible. Such Changes can be used to trigger investigations by IT management into possible Changes that may be needed for data protection, licence management and regulatory compliance.
• Contributing to contingency planning. The CMDB and secure libraries facilitate the restoration of IT service in the event of a disaster, by identifying the required CIs and their location (provided, of course, that they are themselves properly backed-up - see Paragraph 7.6.6.).
• Supporting and improving Release Management. Configuration Management information supports the roll-out across distributed locations by providing information on the versions of CIs and Changes incorporated into a Release.
• Improving security by controlling the versions of CIs in use. This makes it more difficult for these CIs to be changed accidentally, maliciously, or for erroneous versions to be added.
• Enabling the organisation to reduce the use of unauthorised software. Unauthorised software and non-standard and variant builds all increase complexity and support costs, and so any reduction in their occurrence should bring benefits to the organisation.
• Allowing the organisation to perform impact analysis and schedule Changes safely, efficiently and effectively. This reduces the risk of Changes affecting the live environment.
• Providing Problem Management with data on trends. Such data will relate to trends in Problems affecting particular CI types, e.g. from particular suppliers or development groups, for use in improving the IT services. This information on Problem trends supports the proactive prevention of Problems.

7.4.2 Possible problems

Possible problems faced in Configuration Management are:

• CIs are defined at the wrong level with too much detail (so that staff become involved in unnecessary work) or too little detail (so that there is inadequate control).
• Implementation is attempted without adequate analysis and design. The end result is, consequently, not what is required.
• Tactical schedules are over ambitious. Configuration Management may be perceived as a bottleneck if adequate time is not built into schedules to allow staff to carry out their duties. When Changes and Releases are being scheduled, past experience of the time taken to complete Configuration Management activities should be taken in to account. IT management needs to be proactive in providing automated facilities for activities on the critical path and to make it clear that time should be allowed for Configuration Management.
• Commitment is lacking. Without a firm commitment to the processes from managers, it is difficult to introduce the controls that some staff would prefer to avoid. Examples of poor Change Management and Configuration Management can often convince managers of the need for better control.
• The process is perceived to be too bureaucratic or rigorous. Consequently, individuals and groups use this as an excuse for not following the process.
• The process is routinely circumvented. Some people will try to circumvent Configuration Management in the interests of speed or with malicious intent. Attempts should be made to overcome this problem by making such people aware of the benefits of Configuration Management.
• Processes are inefficient and error-prone. This is often the case where manual processes are in use. In almost all cases it is advisable to choose an automated solution from the outset.
• Expectations of what the tool can do are unrealistic. Staff and managers may expect a Configuration Management tool to deliver a total solution and end up blaming the tool for processes or people that appear insufficient for the task.
• The chosen tool may lack flexibility. Problems can occur when the Configuration Management tool does not allow for new requirements or does not support all CI categories.
• Configuration Management has been implemented in isolation. If Configuration Management is implemented without Change Management or Release Management, it is much less effective and the intended benefits may not be realised.
• Expectations of what the Configuration Management process can do are unrealistic. Asset and Configuration Management cannot and should not be expected to make up for poor project management or poor acceptance testing. Poorly controlled installations and test environments will affect the quality of Releases and result in additional Incidents, Problems and Changes, which will in turn require additional resources.
• Proper configuration control is not in place. For example, Configuration Management may be difficult where Users have the ability to purchase, download and install software from the Internet.