According to a 2005 Gartner report[i], “IT change management is a formalized process with documented procedures and work flows…. The goal is to enable controlled changes while preserving the integrity and service quality of the production environment.” An important part of this process is the Change Advisory Board (CAB), whose charter is to review requests for change and ultimately, either approve or reject such requests for change. Let’s examine the top 10 reasons why a CAB might reject a change request.
1. REQUIRED APPROVALS NOT ATTACHED
Any IT change control process worth its salt will require approval for a change from someone other than the change submitter. Typically, each major subsystem, or even application, is assigned an “owner,” who is responsible for approving every change to the subsystem or application. This type of structured procedure keeps the chain of responsibility intact and prevents unannounced or unauthorized changes from disrupting a production environment.
2. NO BACK-OUT PLAN INCLUDED
Another basic part of any sensible change control process is the inclusion of a back-out or fallback plan. With any proposed change to a controlled IT environment, there is always a chance that some unforeseen circumstance may prevent the successful implementation of the change, whether it be large or small. A clear statement of how to return the environment to its original, pre-change state is a critical component of every well-planned change.
3. REQUEST SUBMITTED PAST STATED DEADLINE
In any operative enterprise or organization, IT change management is a continuous process that evolves with the needs of the company. In order to manage change effectively and smoothly, everyone must comply with his or her deadlines so that other people responsible for other steps of this continuous process have a reasonable amount of time to properly perform their function.
For example: at Company A, software changes are managed on a weekly basis; therefore, a reasonable deadline would be that all changes scheduled for next Monday be submitted by Friday at noon, so that they can be reviewed at the weekly Friday 2:00 p.m. Change Meeting.
If some such logical schedule is not followed, chaos is sure to ensue.
4. EVIDENCE OF SUCCESSFUL TESTING NOT INCLUDED
Another vital requirement of a well-managed change system is that all change requests must include associated and relevant testing evidence. Change to a controlled environment should not ever be made “on faith.” There are, of course, situations where the exact actions that will occur in the controlled environment cannot be performed in the test environment (like sending money to a client), but all changes should be simulated to the utmost degree possible to reduce the likelihood of errors in the controlled system. Change requests with no testing evidence attached should be rejected by the CAB – except where special and well-understood circumstances apply.
5. IMPLEMENTATION INSTRUCTIONS MISSING OR INCOMPLETE
To standardize and further automate your change process, you will need a plan that describes what the change action is. Some companies refer to this plan as an implementation plan. Regardless of what you call it at your company, you will need this plan. As your organization changes over time, the implementation plan should evolve with such changes. Moreover, it also has to capture all the standard change actions that have occurred company-wide. It is the responsibility of the change requester to add the required information to the plan. It is the responsibility of the CAB to assure that the plan is valid before anyone tries to act on the instruction it contains. In sum, it makes perfect sense that an incomplete implementation plan will cause a change request to be rejected.
6. REQUESTED IMPLEMENTATION DATE IS IN A FREEZE PERIOD
Most organizations will block off certain days every month when any normal changes to the controlled environment are disallowed. For instance, the change blackout period might be the end of each month when the company is closing out its financial records for the month. During such a period, only emergency changes are permitted, and any such emergency change usually requires a high-level approval in order to move forward.
The requirement of high-level approval accomplishes 2 objectives:
1) Assures that senior managers are aware of the change
2) Discourages the misuse of the emergency change method by those who somehow did not complete a process on time.
7. REQUESTED CHANGE COLLIDES WITH ANOTHER SCHEDULED CHANGE
Another important function of the CAB is to prevent colliding change requests from being teed up at the same time.
Example: The owners of System A are not fully aware of the plans and activities of System B.
Over time, the CAB should become sufficiently aware in all of the company’s systems that it can help prevent changes in one system that would negatively affect another.
Example: System A produces output that is used by one or more other systems in the company.
Therefore, a planned change in System A might cause a problem in some downstream system that the owners of System A might not have considered. The CAB can reject a change request when it detects such a situation.
8. REQUIRED CAVEATS/LANGUAGE NOT INCLUDED IN APPROVAL
A particular company may require that certain statements are included in every change approval form. A federally regulated company may require, for example, that the Sarbanes-Oxley compliant controls be included in all change approval forms. The lack of adhering to such controls would be a valid reason for rejecting a change request.
9. PROPER REQUEST ROUTING INFORMATION NOT SPECIFIED
A well-designed IT change request will include instructions that tell an analyst what group the change request should be sent to—that is, who will actually do the work described on the change form. Without such information, the change request cannot be processed and should be returned to the requester.
10. CAB DECIDES THAT A REQUEST IS NOT COST-EFFECTIVE
The CAB can operate at a number of different levels. In addition to processing the daily requests for change to existing processes, the CAB can also evaluate the cost-effectiveness of large, capital-intensive changes. Some companies reserve such reviews for changes with an estimated cost over “X” dollars. If the CAB decides that the proposal is not cost-effective, the project would be stopped.
The 10 issues described above are just some basic characteristics of a well-designed change process. To delve deeper into ITIL-based change management, try the change management section at IT Library .
[i] Gartner, Inc., Optimize Change and Configuration Management With People, Processes and Tools by Ronni Colville, Patricia Adams, Kris Brittain, August 3, 2005.
Tags: CAB, Change Advisory Board, Change Management, Change management Approval, Infrastructure Changes, IT Change, IT Lists, ITIL, Top 10
UFC 107 In The BookS!!!!! YYYYEEAAAAHh
Hi and thanks for a intriguing web site. I thank you what you write.
Highly impressed with this post.
Great article. There’s a lot of good information here, though I did want to let you know something – I am running Mac OS X with the current beta of Firefox, and the layout of your blog is kind of quirky for me. I can read the articles, but the navigation doesn’t work so great.
I really liked reading your post!. Quality content.