Of the 26 ITIL v3 2011 processes, two have measurable returns on investment. The other 24 are very hard to sell to upper management because the value produced by those processes can be very hard to quantify in real-world dollars. Look at Change Management. Most organizations implement Change Management because they had some very disruptive events surrounding poorly planned or implemented Changes. Does having a mature Change Management process ensure you will not have problematic Changes that cause significant business disruptions? No. At most it will reduce the risk of Service outages due to Changes. Some people look at the number of Change related Incidents before and after implementing Change management to prove that the process is cost effective, but who is to say that the reduction in Incidents isn’t just the maturation of the tools used to implement production Changes? And don’t get me started on Configuration Management. Yes, there are many very useful outcomes from implementing a full-fledged CMDB, but what is the $ value and at what cost?

Fortunately, there are two ITIL processes that lend themselves completely to ROI calculations: Availability and Problem Management.

Availability is easy. The business says that downtime costs them $X amount per minute/hour/day and IT comes up with a solution that is cost justifiable to limit the downtime. If the downtime only costs $100 for a full day’s outage and only occurs at most once a month, then IT is going to have a very hard time coming up with a cost justifiable solution to prevent a full day’s downtime. More likely, the business will say that for every minute a critical system is down, the company will lose $10,000 in revenue or the like. In which case it’s pretty easy to come up with a solution to ensure minimal downtime at a reasonable (when compared to the downtime costs) expense.

Problem Management is similarly easy to cost justify. Look at reoccurring Incident (or Service Request) costs. Project those costs over a year. There is your annual budget to implement a permanent fix to prevent that specific type of issue from ever happening again (or perhaps implement something to minimize the cost of the issues when they do occur again).

A good example of this is the bane of the Service Desk: Password resets. For me to determine the cost of password resets to the company, I first need to determine what are the resources used to address these issues. Since there are no asset costs (no need to replace a server, switch, etc.), all I need to do is calculate the cost of the personnel involved for each request. Let’s assume the fully loaded cost of a Service Desk Analyst is $50/hr. What, you may ask? $50/hr. works out to $130K/year. Who pays SD employees that kind of cash? I didn’t say calculate the salary of the employees, but the fully loaded cost. The fully loaded cost of an employee is actually somewhere between 50% and 100% above their salary. This takes into account insurance, taxes, savings plans, equipment, office space, etc. Health insurance alone can be a 15% addition to their base salary.

A Service Desk Analyst who resets a user’s password and then stays on the phone with them to ensure they login in successfully probably takes around 5 minutes to answer, assist the user, log the ticket, and then do any after-call activities. Five minutes of a SD Analyst’s fully loaded time equates to about $4.00.

An employee who needs their password reset probably will spend about 10 minutes in total. The time it takes to lock their account, get frustrated, call the SD, wait in queue, and then finally speak to the SD Analyst and get back to work. For simplicity sake, we will say that the user’s fully loaded cost is also $50/hr., but because they are not being productive during that time period, the actual cost to the company is higher. We pay our employees on the expectation that their cost to company will produce a return on investment. Most companies expect a 100% return on that investment. Instead of just the direct $50/hr. cost, their lack of productivity when they should have been making money for the company equates to two times their fully loaded direct cost.

Fully Loaded Direct Cost + Lost Productivity Cost = $100/hr.

So $100/hr. at 10 minutes of one employee’s direct cost and lost productivity equates out to about $16.50.

If we add the fully loaded SD Analyst cost and the employee cost together we come up with roughly $20 per password reset.

Let’s say the SD Analyst takes 60 calls a day and half of those calls are password resets. 30 calls a day at $20 per call = $600 per day per SD Analyst.

If your Service Desk has 20 Analysts who work 50 weeks a year, 5 days a week, the annual cost to the company of password resets is $3,000,000.

Of course you can’t eliminate the cost of password resets (unless you eliminate passwords entirely), but you can look at the various variables listed above and minimize them. What if you could implement a system that allowed the employee to click a link, and within 10 seconds they would get a text on their mobile phone with a code that would let them select a new password. You could eliminate the Service Desk engagement and reduce the employee time from 10 minutes to 6. This would take the annual cost of password resets from $3,000,000 to $1,500,000 – a one and half million dollar savings a year!

Other solutions might have less reduction in savings, but not require technology. If the SD Analyst simply reset the password and then disengaged the customer (hoping they won’t call right back), you might reduce the SD engagement time from 5 minutes to 2 minutes netting an almost $500,000 savings with no capital investment (an increase in Performance at the cost of Quality).

Anyway, you can see how the cost of those common Requests and Incidents can really add up when considering fully loaded costs of the employees involved and the lost productivity cost to the business when end users are prevented from performing their jobs. This is how Problem Management can budget cost justifiable solutions for both major and minor issues. And truthfully, isn’t this is really what senior management is looking for when implementing best practices?