Who is responsible for Authorising request for change as a part of change management process?

Who is responsible for Authorising request for change as a part of change management process?

Photo Attribution: VectorMine/Shutterstock.com

The ITIL Guru sat at his desk, looking over the latest additions in the Continuous Improvement Register (CIR). As a review board member, he liked what he saw. More and more IT staff contribute improvement ideas, making him feel good about the progress. The phone rang.

 "ITIL Guru. How may I assist you today?"

"This is Michael. The CIO requested that I come to her office tomorrow. She wants me to take over the role of Change Manager. Her text does not appear clear about the new Change Enablement practice. Can you help me to make a good impression?"

"Michael, I am always happy to help explain ITIL.

Changing the Practice Name is a Continuous Improvement

"As you recall, in ITIL version 3, the practice (or process) name was Change Management. In January 2019, Axelos released ITIL 4. At this time, Axelos changed the practice name to Change Control. And then, in January 2020, Axelos again changed the name to Change Enablement. I do not see any ambivalence here, and I am happy to adopt Change Enablement as continuous improvement. Change Management never managed changes. That was left to Project Management. However, for the purpose of this explanation, we will continue to include the more common name of Change Management.

Purpose of the Change Management (Enablement) Practice

"The purpose of the change practice has never deviated. It has always been to maximize the number of successful service and product changes by ensuring a risk assessment, authorizing changes to proceed, and managing the change schedule.1"

"Thank you for clearing up the name change. I want to make sure we follow ITIL's best practices in everything. Is Change Enablement responsible for business changes as well?"

"No. There is another practice for that. ITIL calls that practice Organizational Change Management. 'The purpose of Organizational Change Management is to ensure we implement changes in the organization smoothly and successfully, and that we manage the human aspects of the change.'2"

The Starting Point: The Change Manager Role in Change Management

The Change Manager's roles are:

  1. To assign the correct Change Authority to each type of change
  2. Enable the change to happen, and
  3. Manage the change schedule."

"What you must know is there are three Change Types and three Change Authorities."

Change Type

Change Authority

Standard Change

Change Manager

Normal Change

Change Advisory Board (CAB)

Emergency Change

Emergency Change Advisory Board (ECAB)

Three Change Types are the Key to Change Management Efficiency

"There are only three types of changes. That is all you need!"

Standard Change

Characteristics:

  • Low risk
  • Pre-authorized
  • Well-understood
  • Fully documented (i.e. work instructions)
  • Implemented without needing additional authorization
  • Proven history of never causing an incident (optional)3

"A Standard Change is my favorite. The change authority for Standard Changes is the Change Manager. The Change Manager determines what criteria they require to make a change a Standard Change. A best practice is to set an IT goal of eighty percent of all changes are standard changes. When meeting the CIO, ask her to make this the IT goal and make it 80% for every IT functional team."

Why are Standard Changes the key to successful Change Management?

The advantages of Standard Changes:

  1. With the majority of Changes Standard, it means less overhead for the Change Management/Enablement Practice allowing the Change Advisory Board (CAB) to concentrate on high-risk changes (Normal Changes)
  2. For the functional teams, no delays waiting for approval
  3. Increased speed of changes as proven and documented changes is more efficient
  4. Customer satisfaction improves when IT implements changes faster with no errors
  5. IT can execute service requests that change the live environment faster by linking a Request for (Standard) Change document to the service request
  6. Standard Changes are NOT on the change schedule since they do not impact the environment

Examples of a Standard Change:

  • Life cycle replacement of devices
  • Replacement of a failing device with an identical model and configuration
  • Patching (when tested beforehand)
  • Application monthly/quarterly releases
  • Firewall changes (i.e., to block an IP to address security incident
  • New DNS entries
  • Restarting/rebooting in a high-availability environment
  • New hire onboarding

The Emergency Change is change enablement's answer to a SWOT team

"Emergency Changes are changes implemented as soon as possible.4"

Characteristics of Emergency Changes:

  • Emergency changes are NOT on the change schedule
  • Expedited assessment and authorization assigned to the Emergency Change Advisory Board (ECAB) ensure speed
  • As far as possible, Emergency Changes should be subject to the same testing, assessment, and authorization as Normal Changes
  • There may be a separate change authority for Emergency Changes, typically including a small number of senior managers who understand the business risks involved5
  • A best practice is for the ECAB to identify the root cause of the Emergency Change. The objective is to reduce and eliminate Emergency Changes caused by not following procedures (i.e., skipped preventative maintenance)
  • A high-priority incident often requires an Emergency Change to restore normal operations as quickly as possible

"The IT goal for Emergency Changes should be to a reduction in the frequency over time. With the direction of the CIO, each IT functional team should set a plan to reduce Emergency Changes."

Change Management/Enablement Approves Normal Changes for Execution by the Project Management Practice

"With Standard Changes automated through Change Enablement because they are pre-approved, and Emergency Changes fast-tracked past the detailed scrutiny, Change Enablement can concentrate on Normal Changes.

"The Change Advisory Board (CAB) is the change authority for all Normal Changes. The degree of scrutiny depends on the scope, risk, and priority. The Change Manager often chairs the CAB. 

"Once authorized and scheduled, the Project Management practice executes all Normal Changes."

How to Use the RACI Matrix Model for Effective Change Management Roles and Responsibilities

"The RACI acronym stands for Responsible, Accountable, Consulted, and Informed. Use these to understand the various roles and responsibilities in effective Change Management/Enablement:"

Who is responsible for Authorising request for change as a part of change management process?

Change Management Roles & Responsibilities Defined

What does a Change Manager do?

  • Maintaining Change Management/Enablement system, including policies, processes, systems, metrics, and procedures used across the entire IT business and adheres to all regulatory requirements
  • Continuous improvement identifies opportunities for process, measurements, and systems to improve Enablement services' effectiveness and efficiency
  • Works closely and communicate effectively with users and stakeholders of the change process to drive the improvements
  • KPIs and metrics ensure service quality objectives, governance compliance, and responsiveness
  • Attends all CAB meetings
  • Ensures updates to Change Management/Enablement documentation
  • Provide information and reports on change implementations, successful and failed changes
  • Conduct Post Implementation Reviews (PIR) on successful and failed changes as required for continuous improvement

What does a Change Management/Enablement Analyst do?

  • Register, categorize and prioritize changes after conducting a thorough analysis
  • Conduct risk analysis before submitting it for CAB approval
  • Maintain a balance between the business need for immediate change and the necessity of ensuring the stability of existing systems
  • Document and publish the CAB - MOM (Minutes of the Meetings)
  • Reroute misdirected changes promptly
  • Identify changes that need special attention or escalation
  • Draft and send out communications to ensure that all relevant stakeholders know procedures

What does the Change Advisory Board (CAB) do?

  • Responsible for making decisions on whether or not the RFC would bring positive results, value to the organization, reduce manual efforts, and reduce costs.
  • Approve or reject changes based on:
    • The risk to IT services and business services
    • The impact of a difference on availability, performance, security, compliance, and SLAs
    • Provision of procedures
    • Test plans defined
    • Test results gathered
  • Discuss previously failed, rolled back, and backed out changes to understand what went wrong
  • Prepare for CAB meetings by circulating RFCs within their group and coordinating feedback
  • Review RFCs and recommend whether they should be authorized
  • Review successful and failed changes
  • Review unauthorized changes(i.e., changes without approved RFC)
  • Review the change schedule and help identify conflicts or resource issues
  • Review the Projected Service Outage (PSO) and provide feedback on the impact of planned outages

"As you can see, Michael, Change Management/Enablement efficiency is critical to keeping IT in alignment with business demands and opportunities. ITIL's term for this is Governance. Change is how the company continues to make continuous improvement happen. The more efficiently change occurs, the faster the organization improves.

"I wish you well with the new position. I am sure you will have more questions. I am always here for you."

Footnotes:
1. ITIL Foundation ITIL 4 Edition, AXELOS GLOBAL BEST PRACTICE, 2019, p. 118
2. Ibid, p. 89
3. Ibid, p. 119
4. Ibid, p. 119
5. Ibid, p. 119

Who is responsible for change request?

The change requestor is the individual responsible for preparation and submittal of Change Requests (CR). The change requestor ensures that the change request form (CRF) is properly completed and submitted in the required time window for the change to get approved.

Who is responsible for change management process?

Change managers—sometimes also known as change coordinators—are typically responsible for managing all aspects of IT changes. They prioritize change requests, assess their impact, and accept or reject changes. They also document change management processes and change plans.

Who is responsible for approving a change within the organization ITIL?

Change Advisory Board (CAB) CAB, along with Change manager is responsible for final review; approval and authorizing a change . They have the authority to re-asses the risk level or impact level.

Which approval is mandatory to proceed with a change implementation?

The Change Management Approval Gate. This approval needs to occur before implementation and is being done either via a CAB (for major and significant changes) or by the change manager (for minor changes).