Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021
ISO-20000-ITIL-blog

ISO 20000 & ITIL® Blog

ITIL and ISO 20000 Budgeting and controlling Part II – A decision-making tool

When I started exploring ISO/IEC 20000, one of my thoughts was – it’s an IT Service Management standard. And immediately I thought of incidents, changes, service assets… but I didn’t have high expectations regarding financial management. It turned out that I was wrong. ISO/IEC 20000 sets requirements for budgeting and accounting for services (see the blog post “ISO 20000 – The perfect way to improve IT services” to find out more about ISO/IEC 20000). There are not too many of them, but they are clear, concise and, I would say – just enough.

But, before I begin, let me remind you to first read part of this blog series: “ITIL and ISO 20000 Budgeting and controlling Part I – Know your business”, where you will find an explanation of budgeting, budgeting procedure, and charging. Although it describes budgeting and controlling in general, it’s a good read to gain further understanding of ISO/IEC 20000 requirements.

Budgeting setup

In ISO/IEC 20000, budgeting is bundled with accounting. That’s logical, because to be able to budget, you need to know the costs and cost structure of your services. And, according to ITIL, the definition of accounting is “the process responsible for identifying the actual costs of delivering IT services, comparing these with budgeted costs, and managing variance from the budget.” So, first you have to master accounting of the services, and then you can start with budgeting.

One thing is certain – ISO/IEC 20000 does not cover all details about budgeting and accounting. There are many requirements that must be fulfilled, but details lay outside the Service Management System (SMS). The SMS is a management system to direct and control the service management activities you perform. But, information like level and detail of the information needed for the budget, form used to collect the data, budgeting period, etc. are set by the financial department or CFO. So, you will have to establish a strong interface with them.

But, that’s not all. Other business units are also important, because the standard requires you to budget licenses, etc. for the services you provide. Take, for example, a desktop service: you have to budget the number of licenses needed for, e.g., an operating system. And you don’t know how many people a business unit plans to employ in the next business year. So, you have to get that information from them.

Basically, the purpose of the budgeting according to ISO/IEC 20000 requirements, is to enable you to control the financial aspect of the services, as well as changes and improvements to those services.


How to deploy budgeting and accounting

Similar to ITIL, ISO/IEC 20000 “likes” policies. A policy is your tool to set the scope, apportioning of indirect costs, and financial control and approval.

While setting the scope, you must consider the following:

  • Assets. You have to know exactly what you need to provide your services. That might include components, licenses, personnel costs, externally supplied services, etc. Also important are the costs of shared resources. For example, you have a Service Desk and you know which services they support. So, Service Desk costs will be budgeted in the scope of the supported services. But be careful – don’t go too deep into the details, because too much information can be difficult to maintain, and may not be that useful.
  • Expenses. There is a difference between capital investments (Capex) and operational expenses (Opex). So, IT services should be managed (from a financial point of view) from one place, the SMS.
  • Overhead. These are costs that can’t be allocated in full to a specific service, customer, cost center, or person – but you have to consider them, allocate, and budget accordingly. One more thing: overhead costs include facilities costs. That include your office space, but, also very important, include your data center and alternative location (needed for IT Service Continuity Management).

ISO/IEC 20000 requires that you define the overall cost of your service. This will include direct and indirect costs. It’s easy with direct costs. For example, you have one server that is only used to run e-mail service with admin who administers only that service. It’s easy to allocate the cost of the server and admin to e-mail service. But, how do you distribute the costs of, e.g., managing the SMS or the cost of the IT department’s management?  Allocating their costs must be defined – it’s usually part of financial department guidelines. Put those two types of cost together, and you have the cost of your services.

Does ISO 20000 require controlling? Yes. You have to have controlling and financial approval in place. This means that you have to monitor conformance to budgeted costs and provide approvals accordingly. Contrary to budgeting, this is an ongoing process. Tools or templates will help you do the controlling, and well-defined and controlled processes will manage financial approvals.

What to do with it?

It’s simpler that you think. Budgeting and accounting are your decision-making tools. Once you have all information, then you control “the game.” And you won’t get into a situation where you have more questions than answers.

So, ISO/IEC 20000 and financial management (or, using wording from the standard – Budgeting and accounting for services) are going along.  Even more, let me use wording from the standard – there is no overhead in requirements. As I said in the beginning: clear, concise and just enough.

You can also check out this free download of the Project Proposal for ISO 20000 Implementation (Word) template to see an example of how to budget for the project.

Advisera Branimir Valentic
Author
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.