Process Compliance Metrics

10 January 2016 by Robert Falkowitz 5 Comments

Process Metrics are Key

It is well known that ITIL® describes four types of process metrics:
process efficiency, process effectiveness, process progress and process
compliance [see, in particular, the discussion in Service
Design, §3.7.5]. However, given the ambiguities of this terminology,
it is not always evident to débutants how these types may be
characterized and used. If efficiency and effectiveness are relatively
easy to understand, progress and compliance are less easy to
comprehend. Because a good understanding of metrics is a key
underpinning of good management, it is worth looking at what these
types really imply. In this article, I will discuss process compliance.

Process Compliance as a Metric Type

ITIL describes the process compliance metric type as

Compliance of the process to governance requirements, regulatory

requirements and compliance of people to the use of the process.

Hiding behind this all too brief enumerative description is a very wide
array of controls concerning different life cycle phases and widely
varying types of governance. We may eliminate the problem of using
a term to define itself and generalize the description of the process
compliance metric as:

The definition of how to measure the respect by a process of the

controls placed on it.
 Fig. 1: Process compliance refers to
controls in several layers.
The controls might be external to the service provider organization,
such as governmental regulations or industry standards. They might be
internal to the service provider organization, but external to the
process itself. And they might be controls that are internal to the
design of the process itself. And, as we shall see, we may assess the
definition of the process as well as the execution of the process.

Given this definition, we see that the list of “controls” provided by

ITIL consists, first of all, of an active agent that truly control a
process (the process owner); next, of the references the controller
uses to perform the controls (policies, objectives, documentation); and
finally the measurements that are compared to the reference values
(feedback). Missing from ITIL’s list are the technical agents that may
control a process autonomically (typically, software tools); the
measurements of the process activities themselves (and not just the
output); the measurement of the inputs (whose volume can be
compared to the volume of outputs); and the assessment of the
outcomes at the process’ customers that were fostered by using the
process. These outcomes may indicate if the objectives of the process
were appropriately defined.
Fig. 2: Flow of information in the control of processes (tuning and
improvements not indicated)¹
Compliance and Conformity
Living in an age of semantic lassitude, we should clarify what we
mean by “compliance”, in an effort to overcome the indolent
indifference to the meanings of words that characterizes so many
people. Too, many organizations have developed idiosyncratic uses of
the term “compliance”, leading to divergent understandings of what it
means. It is worth distinguishing compliance from conformity as a
way of clarifying our understanding.