There are so many differing metrics potentially used within IT management today that it is challenging not only to decide which metrics to gather and analyze but which metrics to communicate to drive desired outcomes.

The old axiom “what gets measured gets done” stands true. In most IT organizations, a fairly straight path may be drawn between outcomes and the measurements that drove them.  If IT managers measure specific activities or activity in general, the result will be more of that activity. If the measurements focus on business outcomes, then IT activities that support those outcomes result.

I saw some interesting trends in a global cross industry study I was able to lead last year of ITSM initiatives within over 400 large enterprise IT organizations. While all ITSM initiatives should deliver value, not all did! The study focused on ITSM initiatives that produced value.  Some of the key metrics related findings included:
•    IT managers have so many metrics in play that there is a clear challenge in driving desired results.
•    IT cost and IT productivity metrics are most commonly used
•    Leading IT organizations are starting to put more emphasis on Quality of Service, Business Unit Outcomes and Business productivity metrics.
The trend toward an IT focus on business contribution and business productivity measurement is encouraging. IT does not exist merely to serve itself. Measuring IT costs or IT productivity alone will not measure the right outcomes or produce the behavior and decision making that the business needs. Businesses invest in IT to produce improved business outcomes. 

Consider the following scenario. IT costs represent 5% of the overall business operating cost. Cutting IT costs by 50% will reduce overall business operating costs by 2.5%.What risk does this produce to the business that relies on IT services for business productivity and access to vital business and customer information? In this scenario, cutting IT costs in half, will reduce business operating costs by 2.5% and put 95% of the business (the non IT part that relies on IT services for work force productivity) at greater risk than it had previously. Reducing the quality or reliability of IT services is a greater risk for business disruption.  In the midst of the economic downturn and at the height of economic uncertainty, leading IT organizations and ITSM programs that did produce value demonstrated an increasing tendency to measure business productivity as well as the quality and reliability of IT services.

Not all IT organizations or ITSM programs focused on business outcomes. So what should you measure and what should you communicate? After you determine what you need to measure, you need to downselect to what you should communicate based on the outcomes your customer and stakeholders want you to produce based on their specific desired outcomes.

What should you measure? While there are now a few books on the subject of metrics, I have not seen a full and complete handling of the subject for IT managers. I would suggest starting from basics when establishing the full scope of what you can measure. ITIL trained people usually start by thinking about cost and quality related metrics. COBIT trained people think about performance and outcome metrics (i.e. KPI’s and KGI’s).  RISK-IT trained people think about risk indicators (KRI). Lean and Six Sigma people think about Key Cost Indicators (KCI) and a short list of additional key indicators (KCI, KQI, KPI, KGI and KRI). Each of these approaches is useful.

What I have observed is that if you “mash up” all the bodies of knowledge there are five categories of metrics that can be considered for every IT process, activity or service. These measurements are also fractal in that the five categories can be applied to any process purpose, as well as outcomes, activities, information work products and interfaces. They can be applied to all IT services as well. All these bodies of knowledge have good coverage of these metrics. They also match nicely with the ISACA/ITGI CGEIT domains of resource, value, performance strategy and risk. (Information Systems Audit and Control Association, IT Governance Institute and “Certified in the Governance of Enterprise IT”)

What are the five?
•    Cost – KCI or Key Cost Indicators. Ask what can be measured to enable tracking of costs.
•    Quality - KQI – Key Quality Indicators. Ask what can be measured to track quality or defects or the impact of those defects. Usually both defects and variance are critical indicators of quality.
•    Performance – KPI – Key Performance Indicators. Ask what metrics can be used to track the activities that need to be performed.
•    Outcome- KGI – Key Goal Indicators. Ask what the desired business outcomes are as well as what any outcome would be for having performed the activities well or poorly. KPI’s alone are insufficient because just doing activities does not mean that you are getting where you need to go.
•    Risk – KRI - Key Risk Indicators. Ask what can be measured that would provide early warning to risks that your customer cares about. IT managers should think more about the business risk of IT actions rather than merely risk to IT. Changing a hard disk in a server is changing the configuration of a business process, so it’s a business outcome that is at stake.

After determining what you need to measure to enable you to have the visibility and control that you need to manage, the final filter is to downselect to the few metrics that your customers and stakeholders care the most about and be sure you communicate and drive outcomes they want achieved. You then actively inspect what they expect. You can’t manage what you can’t measure. So enable your management capability by measuring costs, quality, performance, outcome and risk. Then serve your customers and stakeholders well by ensuring that you communicate and lead with a focus on the key metrics that will achieve their desired outcomes. What gets measured gets done, so measure, manage and communicate your way to success.