MAL Sample2

© The Official ITIL Accreditor 2012. The Swirl logo™ is a trade mark of the Cabinet Office. ITIL® is a registered trade mark of the Cabinet Office. ITIL MALC Case Study 1 v1.1.

This document must not be reproduced without express permission from the Accreditor. Page 1 of 7

ITIL® Qualification:

MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE

Case Study 1, version 1.1

CASE STUDY BOOKLET This booklet contains the case study upon which at least 8 of the 10 examination questions will be based. Within each question paper either 8, 9, or 10 questions will be based upon the case study. Within the Question Booklet, any questions which state 'Please refer to the case study' are based upon this case study. You are strongly advised to refer to the case study when answering these questions. Failure to do so may result in experienced candidates selecting incorrect answers. Questions which state 'This question does NOT use the case study' do not use the case study, and may be answered without reference to it. The case study describes an organizational situation and necessarily only provides a limited amount of information. Where information is not provided (for example the case study may give no information about a particular ITIL role or process), it should not be assumed that the role or process or other aspect is absent in the organization. Nor should it be assumed that it is present in the organization. When such information is important for any examination question, then it will be clearly specified in the question-specific scenario on the question paper. No assumptions should be made based on the absence of information in the case study.

© The Official ITIL Accreditor 2012. ITIL MALC Case Study 1 v1.1. This document must not be reproduced without express permission from the Accreditor.

Page 2 of 7

Case study to support the

ITIL Managing across the Lifecycle Examination Background A bank specializes in banking services for individuals and companies. The bank offers its services through branch offices across the country and also through automated teller machines (ATMs), and telephone and online banking. The bank has operated in its country of origin (HQ country) for many years and has recently expanded its operations into overseas countries. The bank offers several different types of accounts, including savings, loans, credit cards and cheque accounts. All the accounts can be accessed by visiting a branch, by internet or by telephone. Internet and telephone banking have been increasingly successful in the domestic market and the bank hopes to deliver more innovative online products and service offerings internationally. Changing world economics have opened up opportunities for the bank, and recent initiatives have included:

• acquisition of banks in other countries, to expand international operations and widen its customer base

• partnerships with other financial institutions such as insurance companies, to widen the range of services to the bank's customers

• extended hours of operation and a broader range of products through its wider international coverage.

The bank's strategy is to integrate activities and share services and functions with the recently-acquired overseas banks where possible. The bank has already started selling and providing services in these markets. The partnerships that the bank has established with other financial institutions are strong and the bank works closely with these partners. The bank has a business strategy, undeclared to its partners, to take the lead in these partnerships. In particular, the bank wishes to take the lead in designing and developing new banking services, and in marketing and selling them to the bank's own customers. The bank also sees opportunities in marketing and selling its products to its partners' end-customers. To support this strategy the bank has made a significant financial investment and commitment in terms of professional banking staff and organizational support in these areas. Banking services The bank supplies a range of banking service packages to its customers. The following banking services are considered to be critical components of these service packages, critical both to the bank's business operation and to support the bank's customers:

• 24-hour automated teller machine (ATM) service • 24-hour customer call centre (telephone banking and enquiry line) • 24-hour internet banking (now the most vital for personal (non-business) banking customers) • 24-hour global payments service (electronic, inter-bank bank payments, usually large

amounts) • Branch service (local branches which customers can visit to access their accounts) • Third-party sales support service (usually delivered to independent financial advisers on their

own laptop computers; without this service they cannot sell directly to their clients) • Regulatory service (changes to interest rates and other aspects of customer agreements

which have to be notified to customers within a set period).


Page 3 of 7

Other, less critical banking services are also provided, including:

• Statement production (provision of account statements on a regular schedule and in response to customer requests)

• Marketing and customer offers (notification and operation of various offers which enhance other services).

Company structure The high level company organization is set out in the attached organization chart. There are eight divisions, each with a divisional director reporting to the chief executive officer (CEO). The business executive board comprises the CEO plus the eight divisional directors. The company's divisions work closely together, with collaboration on specific projects often crossing divisional boundaries. The five banking divisions are:

• Retail banking division - focusing on the banking services • Customer delivery division - responsible for the interfaces with the bank's customers,

including managing the branches and the ATM network • Industry liaison division - responsible for working with delivery partners such as other ATM

providers, foreign exchange, credit card companies • Financial products division - non-core banking services offered by the bank, including new

financial products such as the insurance offerings • Global banking division - a division into which the recently-acquired overseas banks report

until they are integrated into the bank's operations. Additionally there are three non-banking divisions:

• Marketing division - covering marketing of the generic brand and specific products • Shared services division - this division consolidates the support services which have evolved

over time within each operational division and includes the departments of human resources (HR), finance, IT and facilities

• Security division - covers security, audit, risk and compliance and is responsible for the bank's security policy and for adherence to legislation, data security and physical security requirements and business continuity. It is also responsible for the bank's global risk management policy.

The chief information officer (CIO) used to report to the chief financial officer (CFO), but now they both report to the CEO via the shared services divisional director. This change happened a year ago when the shared services division was formed. Corporate vision and business strategy The corporate vision is firmly focused on expansion. Based on this vision, the business executive board has set targets to be achieved by the close of the next financial year. The current financial year will close six months from now so these targets are to be achieved 18 months from now, and will be measured against the current position. Some of the targets are listed below:

• In the bank's HQ country, to have as a customer base 10% of the retail banking market (currently 7%)

• To increase income from internet banking by 70% • To increase the income from customers living outside the HQ country by 50% • To achieve a 5% increase in corporate profit.

Part of the business strategy is to integrate and automate business and IT operations within company constraints that include legislation, regulatory, financial and security constraints.


Page 4 of 7

Challenges, issues and risks The commitment to expansion has created some direct and immediate challenges, including:

• Language and time-zone concerns, as the bank acquires and partners with companies in other countries

• Cultural and organizational issues - this has especially shown itself in the different levels of expectation for IT support between the different countries and acquired companies.

All the banking divisions and the marketing division rely on their ability to monitor current performance and predict future demand. They depend heavily on the accuracy of management information and the underpinning IT services. Recently there have been issues with integration of management information across the business units. As with all banks, there is a large amount of legislation - both national and international - that has to be complied with. Additionally the bank is committed to conforming to the national banking code of conduct, drafted collectively by the HQ country's major banks. A company risk register is maintained and recent additions include:

• An operational risk related to an information security breach in the online banking service • All IT hardware maintenance within the HQ country is outsourced to a single supplier which

was not profitable in the last financial year. IT structure The IT department is made up of five units, each headed by a manager.

• IT strategy unit, which includes IT strategy, planning and IT finance teams • Applications unit, which includes teams for application design, procurement, and

development, as well as application maintenance and support • Operations management unit, which includes an operations control centre, responsible for

controlling the operation of both applications and IT infrastructure - it also includes the service desk function, incident and problem teams, as well as the technical management team, responsible for developing and supporting the IT infrastructure

• Service implementation unit, which includes the change management team • Service quality unit, which includes the service improvement manager.

IT infrastructure The bank has built up a server environment consisting of rack mount and blade servers. Some of these are clustered to provide high availability for critical IT services. Some are configured as virtual machines, but others are not. In an effort to reduce capital expenditure and increase the utilization of hardware, the bank has established a new policy of 'virtual first' meaning all new services will be virtual unless the application requires otherwise. The bank manages this infrastructure in its own physical data centre with connectivity to branches in the HQ country via dedicated data links provided by a third-party supplier. Connectivity to offices outside the HQ country is provided by a third-party supplier via internet wide area network (WAN) links. The bank has set up a virtual private network (VPN) to ensure appropriate levels of security. Some direct management of the branch IT infrastructure remains with the customer delivery division. Some direct management of the overseas banks' IT infrastructure remains with the overseas banks within the global banking division. IT services The banking services are underpinned by IT services. Some IT services, including the desktop service and the management information (MI) service, support many different banking services. Other IT services, such as the ATM management service, only support a single banking service. The IT


Page 5 of 7

services have been developed with a good level of collaboration between business and IT staff. This has worked well, although it is acknowledged that effectiveness and economy could be further improved by increased involvement of IT staff in developing new and changed banking services. Some IT development is outsourced and there is a policy that application software is purchased whenever possible rather than developed in-house. For example, accounting applications, stock control applications and desktop applications are all based on commercial, off-the-shelf (COTS) software. IT service management (ITSM) situation Due to the nature of the business, ITSM is well integrated into the company. An integrated ITSM toolset is used to support ITSM processes.

Service strategy The CIO and IT strategy unit work closely with the business with the aim of delivering relevant and up-to-date IT services. There is a well-maintained IT service catalogue, easily accessible to staff, showing the IT services available. The service portfolio, however, is not formally maintained, although relevant information is available via business change request records and development records. Financial control within the IT department is comprehensive at a high level, but only limited information is known as to the detailed cost of individual IT services and the usage by each customer. Service design Banking staff are actively involved in the IT service design activities undertaken by the application unit, and good relationships exist between staff in the applications unit and staff in other divisions. The applications which support the bank's products are either developed by the applications unit, or purchased from third-party suppliers and customized by the applications unit. The applications unit maintains these systems, in collaboration with third-party suppliers where appropriate. Approximately 60% of the work of IT service design is delivered by short-term contract staff working in the applications unit. Service level agreements are in place, with negotiation beginning during the service design stage and extending through the service transition stage. A remote back-up site is available to deliver continuity of critical IT services in the event of a disaster. There is an IT service continuity policy that requires that all critical IT services be designed to deliver IT service continuity via this route. Service transition It is difficult to secure the involvement of internal customers in the implementation of new and changed IT services, although they are willing to be involved in IT service design. Once internal customers have specified what they want, they expect the IT department to deliver the IT service without their further involvement. Operational changes are well-managed, with strict control over access to the live IT services, but there is no formal change evaluation process to provide support for the evaluation of significant changes, and customer involvement with IT service transition is minimal. Software testing is well-established, although it is almost totally focused on software functionality. This has caused issues in the past with new IT services being hard to support and requiring further effort to make them work after the IT services are operational.


Page 6 of 7

Service asset and configuration management is focused on detailed data from automated discovery tools. The incident and problem teams do not feel this data helps them to diagnose issues easily. Knowledge management is mostly carried out informally. There is a formal communication plan to keep staff up-to-date on new policies and requirements. There is awareness that, as the bank expands, the management of data and information will become increasingly important. Six months ago HQ internal users received the roll-out of two updates to the standard desktop build, which is a major component within the desktop service. One was an important security update and the other was an update to the management information (MI) application that was considered critical for financial end-of-year reporting, and is also a component of the MI service. These two deployments were done at the same time and resulted in significant incidents for HQ staff. Service operation The service desk function and the incident management process are well-established and effective. Problem management tends to be reactive rather than proactive. Business questions (how-to questions) are handled by separate business support teams within each of the main business divisions. There is a process to manage service requests which is supported by service request software to enable direct ordering of certain service catalogue items by business users. There is a central operations control centre in the HQ country which controls the operations of both applications and IT infrastructure (apart from certain management activities for the branch IT infrastructure, which are carried out locally by the branches themselves). Traditionally the operations management unit staff have focused on IT service operation stage activities and have not been involved with service design stage or service transition stage activities. While the plan is to integrate IT from the acquired businesses into the bank wherever possible, there have been difficulties in integrating the staff, IT and the acquired companies with the existing bank staff and structure. This has resulted in management focusing more attention on IT operations. Continual service improvement There is a well-established company culture of improvement, demonstrated by availability of investment funding for improvement projects throughout the bank, including the IT department. Formal IT service improvement is under the supervision of the service improvement manager, a senior member of the service quality unit. The service improvement manager has difficulty getting staff to collaborate in focusing improvements at a service level. Most IT staff members tend to undertake process improvement without considering service measurement.


Page 7 of 7

ORGANIZATION STRUCTURE DIAGRAM

Divisions

Departments Heads of Department

Units

CEO

Shared services Marketing Security Industry

liaison Financial products

Retail banking

Customer delivery

Global banking

IT department CIO

HR department HR manager

Finance department

CFO

Facilities department

Facilities manager

IT strategy unit (including planning &

finance)

Applications unit (including design,

procurement, development, maintenance,

support)

Service implementation

unit (including change

management)

Operations management unit (including ops. control centre, service desk,

incident mgt., problem mgt., technical mgt.)

Service quality unit

(including service improvement

manager)

© The Official ITIL Accreditor 2012. The Swirl logo™ is a trade mark of the Cabinet Office. ITIL® is a registered trade mark of the Cabinet Office. ITIL MALC Sample2 QUESTION BOOKLET v5.1.

This document must not be reproduced without express permission from The Accreditor. Page 1 of 16

Version 5.1 (Live) Owner – The Official ITIL Accreditor

ITIL® Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE Sample Paper 2, version 5.1 To be used with Case Study 1 Gradient Style, Complex Multiple Choice QUESTION BOOKLET Gradient Style, Complex Multiple Choice 120 minute paper 10 questions, Closed Book Instructions

1. All 10 questions should be attempted. 2. All answers are to be marked on the answer grid provided. 3. You have 120 minutes to complete this paper. 4. You must achieve 35 or more out of a possible 50 marks (70%) to pass this

examination.

© The Official ITIL Accreditor 2012. ITIL MALC Sample2 QUESTION BOOKLET v5.1. This document must not be reproduced without express permission from The Accreditor.

Page 2 of 16 Version 5.1 (Live) Owner – The Official ITIL Accreditor

Question One Please refer to the case study The business has asked for a significant change in order to improve the internet banking IT service. The change will improve the warranty level of the service package, including the enabling WAN service, which is provided by a third-party supplier. There are no technical changes to interfaces or dependencies. You are responsible for the design of the overall service solution. You have verified that all inputs from the service strategy lifecycle stage are present and acceptable. Which one of the following answer options is the BEST approach to ensure that the overall service solution will achieve an improved warranty level for the Internet banking IT service? A. • Create a design co-ordination process and use this for a consistent approach to service

design activities, ensuring that all elements of the service design package are addressed. • Use the service level management and supplier management processes to develop agreed

service level requirements and the associated service level targets, which the changed service must be designed to achieve.

• Work with availability management, capacity management, IT service continuity management and information security management to define service level targets that relate to their areas of responsibility and to validate that the targets are realistic.

B. • Use the service catalogue process to provide accurate information about the existing internet

banking IT service, its interfaces and dependencies. • Work with the relevant supplier manager for the WAN to establish that the underpinning

contract will support the service level requirements. • Work with the service level manager to define availability, capacity, IT service continuity and

information security service level targets.

C. • Finalize the service level targets for the internet banking IT service during service design. • Work with the technical specialists responsible for availability, capacity, IT service continuity

and information security of the enabling services to ensure that the service level targets can be achieved.

• Plan to work with the technical specialists to update service level targets when the service has been live for the initial service period and service measurements are available.

D. • Initiate the development of a service model to ensure that technical specialists understand

the structure and dynamics of the changed service. • Work with the technical specialists to develop and validate service measures to underpin the

service level targets defined in the service model, and ensure that the day-to-day operation of relevant processes match service level targets.

• Work with the supplier manager to establish a disaster recovery site to ensure that availability targets in the service design package can be met.



Question Two Please refer to the case study You are the design co-ordination process manager. You have reviewed the IT service management (ITSM) capabilities and resources for the desktop service and the management information (MI) service. A review has also been completed of the changes that were carried out to these IT services over the last six months. It included a review of the service requirements. The key findings are as listed below:

1. Some service requirements were missing and this led to unexpected warranty issues in early life support. One deployment resulted in significant incidents for HQ staff.

2. Although the desktop service design package (SDP) is generally good, the plans did not include resource requirements for additional incident and problem-handling. There were no metrics or acceptance criteria for changes in incident volumes during early life support.

3. There is no evidence of feedback on the SDP from the service desk and IT operations staff. There is a risk of alienating key support and operations staff during periods of change and a risk of increasing staff resistance to change.

4. The configuration items (CIs) within the MI application are defined. However, the MI application depends on components in the desktop build that are not uniquely identified as dependent CIs. This has resulted in failed changes for parallel deployments of the desktop build for a security update and an update to the MI application.

5. Configuration item (CI) information for the desktop build is good and accessible to the technical management team. However, this information is not shared and is not accessible to other teams.

The CIO has asked you to recommend improvements to ensure that similar implementations planned for the next few months will be successful. The improvements should cover all of the key findings and should be able to be introduced quickly, to avoid similar problems in future. Which one of the following answer options describes the BEST set of improvements given the situation and key findings? A. • Measure key metrics and report these against predicted levels before and during any

deployment. Use these to set acceptance criteria during service transition. • Train support staff to use the existing service asset and configuration information to perform

their roles. • Involve IT support staff, customers and user representatives in reviewing the service design

package (SDP) and in service rehearsals.

B. • Complete the review of the service requirements. • Review and improve the acceptance criteria for service transition, as the warranty of the

service is difficult to support. • Improve the change management process by using formal change evaluation to evaluate

similar parallel deployments.

C. • Review the business and IT strategy and the definition of the SDP. • Perform a strategic review of the desktop service and MI service. The review should ensure

that all service requirements are defined. • Develop a policy of improvement and set up an implementation project for the IT function.

This will enable improvements in measurement and reporting of incident volumes and user expectations.

Question continues overleaf



Question continued D. • Hold review meetings with customers, user representatives and IT support staff throughout

the service design lifecycle stage and during service rehearsals. • Agree exit criteria for early life support in the SDP, including measures for incident volumes. • Define configuration items (CIs) for the desktop deployment and dependent CIs in parallel

deployments. Provide IT staff with access to quality configuration information in order for them to diagnose incidents and problems easily.



Question Three Please refer to the case study As the bank has pursued its expansion strategy, investment in IT services has proven more and more difficult to manage. Both the shared services director and the CIO are concerned that costs are rising without clear visibility into the source of the costs or the value to the bank of the expenditure. There is significant concern that key bank services may be compromised if IT is not investing in the right areas. This concern is supported by the recent online banking information security breach. The CEO has indicated that not all the IT staff members brought into the bank as a result of the acquisition of other banks can be retained and that the IT department will be required to make significant cuts unless business justification for staffing levels can be provided. You are the manager of the newly-formed service management office (SMO). You have been asked by the CIO to analyse the situation and define a plan to ensure that the costs of service provision will be consistently aligned with overall bank priorities now and in the future. Which one of the following answer options represents the BEST course of action to recommend? A. The service portfolio should be formalized, starting with the information already available in the

service catalogue and other sources. Existing business interactions should be matured into formal business relationship management with a focus on understanding the needs of the various customer groups and the overall needs of the business. Meanwhile IT needs to work with all appropriate business areas to put in place methods and metrics to determine the total cost of each service as well as its value to the business. Classifying services as 'core, enhancing or enabling' can be used initially to understand, and eventually to quantify, the business outcomes supported by each service.

B. The IT organization should focus on service costing to determine the way funds are being expended now. This will include working with the business to determine which services cost the most and why. Then meetings should be held with the individual customer groups to review the services and to determine which services they believe to be most important to their work activities. The services in the service catalogue should be classified as 'core, enhancing or enabling' to support better budgeting decisions. Operational metrics should be created to allow collection of service-specific data and management information for continual service improvement.

C. An inventory of IT services should be created, classifying them as representing money spent,

value added or value realized. IT should then hold meetings with customers to review the current services and to determine which services they believe to be most important to their work activities. Service design practices need to be reviewed and revised to ensure that the relative importance of new or changed services is properly reflected in service designs and the resulting service design packages. Service provider value capture should be embedded into the design of all services and service changes.

D. You propose beginning by working with the business and IT to classify the services in the service

catalogue as 'core, enhancing or enabling' as a first step in understanding and communicating the role of each service in business activity. The service portfolio management process should then be reviewed and revised to ensure that the contribution of each IT service to business activity is clearly understood. Existing data should be used to create preliminary cost information on an individual service basis and to identify opportunities for continual service improvement from a cost perspective. IT should then work with the Finance division to develop an approach to comprehensive service costing.



Question Four Please refer to the case study You are the service improvement manager. Together with the change management process owner, you are planning a set of tactical improvements to the way IT changes will be handled in the next six months. Key drivers for the improvements are:

• There have been recent incidents following unauthorized changes to the branch infrastructure.

• It is important that a new IT service now under development achieves its required performance. This new IT service will support a new business-critical insurance service.

The current change authorization model for IT is:

Which one of the following answer options is the BEST proposal for TACTICAL improvements to the way IT changes are handled? A. • Consider refresher training for the customer delivery division and key resources from new

acquisitions. • Establish country IT change advisory boards at level 1 to speed up handling of IT changes,

with these country boards reporting into the business executive board. • Implement a change evaluation process. • Expand testing of utility for new and changed services.

B. • Review the change management process and ensure that the branch IT infrastructure is within scope.

• Check that each change authority has the right representatives. This should include the customer delivery division and representatives from IT suppliers and new acquisitions.

• Introduce the key elements of a change evaluation process. • Increase focus on warranty during testing, and include representatives from the financial

products division.


Change authority Level of risk/impact Level 0 Business executive board High risk/impact and/or high cost

Level 1 IT steering group Change has an impact on multiple IT services or divisions

Level 2 Change advisory board (CAB) or emergency CAB (ECAB)

Change has an impact on a local group

Level 3 Change manager Low risk change

Level 4 Local authorization Standard change



Question continued C. • Introduce a service management toolset to increase visibility into changes and their impact

on live services. • Reduce the number of change authority levels, and specify that the new insurance service is

handled at a lower level to reduce time-to-market. • Extend the existing change evaluation process for level 1 and level 2 changes in the

customer delivery and shared services divisions. • Implement a knowledge management process to optimize use of data and to improve

efficiency across business divisions.

D. • Evaluate the change management process within the shared services division and ensure on-going control over live services in operation.

• Check that the users of the change management process have completed training. Consider refresher training for suppliers and teams where there have been change-related incidents.

• Make adjustments to the change authorities, such as ensuring that a customer delivery division representative is an active member of level 2.

• Assess operational readiness during testing, particularly related to support after go-live.



Question Five Please refer to the Case study To support the bank’s ambitious expansion plans, the CIO is keen to increase the quality of the IT services that underpin the business activities. A critical success factor is improving the bank’s IT service management capability. Customer satisfaction surveys and service design packages (SDPs) were identified as service improvement suggestions but they are not yet widely used. However the bank is improving its process for major changes that involve significant cost, risk or organizational impact, and the bank has just started to capture customer satisfaction survey measurements. You are the service improvement manager. In further support of the current quality initiative the CIO has asked you to analyse the following additional service improvement ideas and to recommend the four suggestions that should be considered next. The list below shows the additional service improvement ideas:

1. Ensure that each SDP fully documents all required testing of service utility. 2. Plan to incorporate customer satisfaction targets into the service level agreements (SLAs). 3. Introduce the principles of balanced design for major changes as part of the service design

lifecycle. 4. Implement a continual service improvement (CSI) register to record and prioritize service

improvement suggestions and ensure that associated KPIs are identified. 5. For each implementation of a new service carry out a customer satisfaction survey with

business representatives. 6. Create an SDP for each major change and include a definition of each stage of the transition

with suitable entry and exit criteria. 7. Increase the amount of utility testing for all products and IT services before release and

deployment. 8. Reduce the number of new service support issues by introducing involvement from the

business and service implementation unit at the service design stage. Which one of the following is the BEST set of four improvements to consider next? A. 1, 4, 5, 7. B. 2, 3, 4, 6. C. 3, 4, 5, 8. D. 1, 5, 7, 8.



Question Six Please refer to the case study The service level manager worked with the business to agree the following service level targets for each of the relevant IT services supporting the bank’s targets:

• High availability (99.99%+) • High customer satisfaction (4 or above on a scale from 1-5, where 5 is the highest) • Reduction in service costs of 20%.

You have been asked to perform a strengths – weaknesses – opportunities – threats (SWOT) analysis of IT service management within the bank considering the above service level targets. Which one of the following answer options represents the MOST appropriate SWOT analysis of IT service management within the bank, given the service level targets in the scenario and in the context of the overall case study? A. Strengths: 1. Dedicated physical servers to prevent cross-

service impact from incidents. 2. Business and IT are strictly separated to

support good governance. 3. Standardized IT support as “one size fits all”.

Weaknesses: 4. Issues with integration of management

information across the business units. 5. Insufficient commitment of staff and finance

for dealing with suppliers. 6. Insufficient network security.

Opportunities: 7. Implementing an integrated service

management toolset. 8. Actively involving banking staff in service

design.

Threats: 9. Reducing co-operation between business

divisions. 10. Focusing on overseas business could

threaten bank's success in domestic market.

B. Strengths: 1. Strict control over access to live services. 2. Good service desk and incident management

process. 3. Well-established culture of improvement.

Weaknesses: 4. Inadequate software testing. 5. Insufficient data for diagnosis by incident and

problem teams. 6. Limited financial information on cost of

individual services.

Opportunities: 7. Available funding for improvement projects

across both business and IT. 8. Business strategy to integrate and automate

business and IT operations.

Threats: 9. Infrastructure management outside of the

shared services division. 10. Language, time-zone and cultural issues.




Question continued C. Strengths: 1. Remote back-up site exists for service

continuity. 2. IT department has a unit focused on service

quality. 3. The business and IT work closely together.

Weaknesses: 4. No formal change evaluation. 5. Missing proactive element of problem

management. 6. Lack of a formally maintained service

portfolio.

Opportunities: 7. Acknowledgement that effectiveness and

economy could be improved by involving IT staff more in developing new and changed business services.

8. Costs of virtualization solutions are reducing.

Threats: 9. Handling of business questions by business

support teams. 10. Changes in legislation.

D. Strengths: 1. Well-maintained IT service catalogue easily

accessible to staff. 2. Service request software supports direct

ordering of services. 3. Negotiation of service level agreements

during service design and service transition.

Weaknesses: 4. Dependence on the knowledge of short-term

contract staff. 5. The operations control centre covers both

applications and infrastructure. 6. Service asset and configuration management

provides detailed data from automated discovery tools.

Opportunities: 7. Purchasing as opposed to developing

software. 8. Renegotiating contract with external WAN

provider.

Threats: 9. Security breaches and denial-of-service

attacks. 10. High turnover from low employee

satisfaction.



Question Seven Please refer to the case study The shared services division has been asked to cut costs substantially. A new project has just been approved to identify the cost of individual IT services and usage by each customer. However the chief information officer (CIO) believes that the bank needs to focus on the value to the business of the IT services, in addition to the cost of service provision. The CIO is preparing a presentation for the bank’s senior management team. These are all customers of the IT services. The purpose of the presentation is to influence the senior management team to consider the value to the business from IT services. From the following answer options, which one is the BEST description of the characteristics of value in the context of the case study and scenario? A. Value is defined by customers and does not depend on what was delivered. A key characteristic

of value is defining it in terms of the business outcomes that are achieved, and measuring value through financial returns and cost savings. The delivery of the bank’s corporate vision will be the ultimate measure of value in 18 months’ time. This will depend on the percentage increase in income generated from internet banking and from customers living outside the HQ country. Value can also be realized through the delivery of business outcomes and solutions within company constraints such as legislation, regulatory, finance and security.

B. Value is defined by customers and they will make the ultimate decision about whether an IT

service is valuable. Customers will select an affordable mix of features and make the final choice about what is valuable to them. Customers do not always measure value in financial terms, as some services are not designed to produce revenue. Value can be measured by meeting some other organizational objective, such as human resource management or a social responsibility programme. Value is defined in this financial year for the next financial year and may change if the business and IT strategies change.

C. Customers decide whether an IT service is valuable. They will select a service or product that

represents an affordable mix of features at a price they are willing to pay in order to realize the desired business outcome. A key characteristic of value is the achievement of objectives. At the bank, value can be measured though financial returns, such as the percentage increase in income generated from internet banking and from customers living outside the HQ country. Value can also be measured by the achievement of the objective to integrate and automate business and IT operations. Value will change over time as circumstances change and each new or changed IT service is used.

D. Customers decide whether an IT service is valuable. An affordable mix of features is important as

a customer will make the final choice about what is valuable to them. Customers within the bank are likely to measure value in financial terms and may indicate how much they are prepared to pay for a service that helps them to realize the desired business outcome. An IT service may also be designed to achieve other organizational objectives, such as integration and automation of business and IT operations within company constraints, e.g. legislation, regulatory and security constraints.



Question Eight Please refer to the case study In the last few months, there have been major incidents for the internet banking IT service. There were serious SLA breaches with the underpinning contract for the WAN service in 50% of the countries outside the HQ country. The CIO is concerned that these issues and current operational risks will have a negative impact on the business strategy. The critical success factors (CSF) for service level management for IT services are:

• Manage the quality of IT services • Manage the availability and reliability of the IT services • Deliver the agreed IT services at affordable costs.

The extract of the measurement framework grid that applies to the management of the internet banking IT service and the WAN service is shown below: Row KPI Measurement Target 1 Increase in customer

perception and satisfaction with IT service quality

Customer perception and satisfaction survey results

10% increase in customer perception and satisfaction with IT service quality

2 Percentage improvement in overall end-to-end availability of the IT services

End-to-end availability based on availability of components that make up the service. Availability of the web servers, network availability, application availability

2% increase in availability of IT services in each country

Which one of the following options is the BEST suggestion for maintaining or improving these key performance indicators (KPIs)? A. Do not change the KPIs, as they provide adequate support for the CSFs. B. Add KPIs:

• Reduction in the impact and number of business transactions lost due to IT failures • Reduction in the number of service breaches caused by suppliers • Reduction in the number of risks caused by a security breach of an IT service • Decrease in the costs associated with IT service provision.

C. Add KPIs:

• Increase in customer satisfaction with the availability of service • Reduction in the number of incidents caused by suppliers • Reduction in the number of security breaches and security incidents • Decrease in the cost of incident resolution.

D. Add KPIs:

• Reduction in service level breaches for customer-facing services and supporting services • Reduction in the number of incidents that cause downtime • Reduction in the number and impact of security breaches and security incidents • Decrease in the cost of incident resolution.



Question Nine This question does NOT use the case study A government project is in progress to introduce a service for public voting, available over the internet to all citizens during elections. The objective is for 40 percent of votes to be registered electronically within five years. The project is expected to lead to average yearly cost savings of 60 percent, mostly in the form of staff reductions and increased efficiency in the administration department responsible for running elections. The project fulfils an election pledge and is being sponsored by the present government. There are several groups who are not very enthusiastic about the changes, including employees within the affected department and their union representatives. The debates leading up to the decision to initiate the project have also led to a lot of media and general public interest, and it is imperative that appropriate stakeholder management is in place to ensure project success. The new service is currently being designed by an external vendor. In preparation for the next stage of the project, the service transition team is working with the service design team to ensure that stakeholder interests have been identified. The following is the (simplified) power impact matrix for the service transition:

Which one of the following commitment charts MOST appropriately describes the desired situation which is to help plan the service transition in the context of the scenario?




Question continued

A. Stakeholder Not

committed No resistance

Helps it happen

Makes it happen

Project team X Security management X General public X Media X Government X External vendor X Administration department X Union representatives X B. Stakeholder Not


Helps it happen

Makes it happen

Project team X Security management X General public X Media X Government X External vendor X Administration department X Union representatives X C. Stakeholder Not


Helps it happen

Makes it happen

Project team X Security management X General public X Media X Government X External vendor X Administration department X Union representatives X D. Stakeholder Not


Helps it happen

Makes it happen

Project team X Security management X General public X Media X Government X External vendor X Administration department X Union representatives X



Question Ten This question does NOT use the case study An organization employs many people who are technically competent and who have a good service culture. However this is not the case across the whole IT department. It is felt that an overall skills and organization assessment should be undertaken to understand how to make best use of the staff and to identify where there are skills deficiencies. In the past the focus within the IT department has been on processes, with little thought given to the overall departmental structure and interfaces. Some of the IT service management (ITSM) processes are reasonably mature but further progress with them has been impossible because interfaces between processes, lifecycle stages and customers and users are not in place. It has been decided to look at the organization with a view to moving from the current structure (described as a network or stage 1 structure) to a more collaborative approach, in order to improve IT service provision. The factors driving the organizational change programme have been documented and approved by senior management. Which one of the following answer options describes the BEST set of steps to follow to meet the needs of the organization? A. 1. A full ITSM assessment should be undertaken looking at all aspects of IT service provision.

The desired organizational structure which meets the needs identified by the ITSM assessment should be determined. This will include changes to processes, roles and responsibilities. The appropriate number of people in each section will need to be clearly defined. All required roles and skills should be documented in a RACI matrix. An IT steering group will be a key component of the new structure, to ensure business needs are taken into account.

2. Implement the approved organizational structure and allocate a senior manager with appropriate organizational change experience to manage the change programme. Set up a communications project to explain what is happening and why, and to seek views from staff. Recruit additional staff if necessary to fill any skills gap and re-train staff where possible.

B. 1. An assessment of the current organization should be undertaken. All ITIL processes including current roles and responsibilities for the processes should be documented, and their maturity levels assessed.

2. The next step will be to ensure that staff members are allocated to all activities within all the processes. Where there are skill gaps, implement process training programmes to ensure that everyone has the appropriate skills to do the job to which they have been allocated. Ensure sufficient staff members are allocated to every process and recruit if necessary. All process activities should be documented, and interfaces between processes identified and also documented. The programme of change should be managed by an external consultancy company who have experience in this type of work.




Question continued C. 1. Identify the appropriate and desired organizational structure, and get senior management

buy-in. Define the required functions and departments together with the processes they will be responsible for. Define the roles and responsibilities, and the numbers of people for each role using a RACI matrix; which is an ideal tool to assist in this task.

2. The next step requires the implementation of the new organizational structure. This programme of change needs to have an overall accountable person from the senior management team, in order to manage the change. Set up a communications project to explain to staff what will happen. Recruit additional staff where necessary to fill the skills gap.

D. 1. Review the current design of the IT organization, and design an appropriate structure, taking into account the overall business and IT strategy. Define the required roles and responsibilities using a RACI matrix to assist with this task. A key component of the new structure will be the IT steering group to ensure business and IT requirements are taken into account.

2. Implementation will involve a major programme of change. Management of the concerns of staff will be vital. Commitment from the senior management team will also be important. Allocate a skilled organizational change manager to manage the change programme. Set up a communications project to inform people about plans and to enable staff views to be taken into account. Wherever possible, identified skill gaps should be filled by training and on-the-job work experience.

© The Official ITIL Accreditor 2012. The Swirl logo™ is a trade mark of the Cabinet Office. ITIL® is a registered trade mark of the Cabinet Office. ITIL MALC Sample2 ANSWERSandRATIONALES v5.1.

This document must not be reproduced without express permission from The Accreditor. Page 1 of 36

Version 5.1 (Live) Owner – The Official ITIL Accreditor

ITIL® Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE Sample Paper 2, version 5.1 To be used with Question Booklet Sample 2 v5.1 and Case Study 1

Gradient Style, Complex Multiple Choice

ANSWERS AND RATIONALES

© The Official ITIL Accreditor 2012. ITIL MALC Sample2 ANSWERSandRATIONALES v5.1. This document must not be reproduced without express permission from The Accreditor.


Answer Key:

Question Correct: 5 Marks

2nd Best: 3 Marks

3rd Best: 1 Mark

Distracter: 0 Marks

1 A B C D

2 D A B C

3 A D B C

4 B D A C

5 B C A D

6 B C D A

7 C D B A

8 B D C A

9 D A C B

10 D A C B



Answer and Question Rationale: QUESTION NUMBER One

Question Rationale The question requires the candidate to apply knowledge of the inputs, outputs and interfaces of the stages and processes in the service lifecycle to the specific situation described, in this case those that play a direct role in achieving an improved warranty for the service. The candidate must analyse answer options using information in the case study and scenario, to ensure that required warranty levels are achieved following a significant change to the internet banking service.

MOST CORRECT (5) A Positive: 1st bullet: “Create a design co-ordination process and use this for a consistent approach to service design activities, ensuring that all elements of the service design package are addressed”. The process is responsible and required for ensuring that the overall service design activities are completed successfully. Positive: 2nd bullet: “Use the service level management and supplier management processes to develop agreed service level requirements and the associated service level targets, which the changed service must be designed to achieve”. The service level management process is a consistent interface to the business for all service-level-related issues. It provides the business with the agreed service targets and the required management information to ensure that those targets have been met. Since the scenario specifies that the enabling WAN service will be affected, and is provided by a 3rd party, the supplier management process must be involved to ensure sufficient commitment from the external vendor. Positive: 3rd bullet: “Work with availability management, capacity management, IT service continuity management and information security management to define service level targets that relate to their areas of responsibility and to validate that the targets are realistic”. These are all key aspects of the warranty levels. Validating that the targets are realistic together with the relevant processes is crucial.

SECOND BEST (3) B Positive / neutral: 1st bullet: “Use the service catalogue process to provide accurate information about the existing internet banking IT service, its interfaces and dependencies”. Although information on the existing service is useful, the scenario states that there are no technical changes to interfaces and dependencies. Positive: 2nd bullet: “Work with the relevant supplier manager for the WAN service to establish that the underpinning contract will support the service level requirements”. Since the scenario specifies that the enabling WAN service will be affected, the supplier management process must be involved to ensure sufficient



commitment from the external vendor. Neutral: 3rd bullet: “Work with the service level manager to define availability, capacity, IT service continuity and information security service level targets”. Although the service level manager could provide valuable input on these service level targets, further involvement from key resources in the specified processes - availability, capacity and continuity management - should be secured in order to validate that the targets are realistic.

THIRD BEST (1) C Neutral / negative: 1st bullet: “Finalize the service level targets for the internet banking IT service during service design”. The case study says that service level agreements are in place, with negotiation beginning during the design stage and extending through transition. Finalizing the service level targets during service design undermines this established procedure. Positive / neutral: 2nd bullet: “Work with the technical specialists responsible for availability, capacity, IT service continuity and information security of the enabling services to ensure that the service level targets can be achieved”. Although it is positive that service level targets are validated, this bullet is not as strong as the equivalent bullet in answer option A, where the mentioned processes are involved in defining service level targets that relate to their areas of responsibility in addition to validating that the targets can be achieved. Neutral: 3rd bullet: “Plan to work with the technical specialists to update service level targets when the service has been live for the initial service period and service measures are available”. Again the case study states that negotiation of service level agreements ends during service transition. Updating the service level targets after an initial service period contradicts this statement.

DISTRACTER (0) D Negative: 1st bullet: “Initiate the development of a service model to ensure that technical specialists understand the structure and dynamics of the changed service”. The initial development of a service model is done in the service strategy lifecycle stage. Also the scenario states that all inputs from the service strategy lifecycle stage are present and acceptable. Negative: 2nd bullet: “Work with the technical specialists to develop and validate service measures to underpin the service level targets defined in the service model, and ensure that the day-to-day operation of relevant processes match service level targets”. Service level targets are not defined in the service model. Also, as responsible for the design of the overall service solution, it is unlikely that you will be responsible or even involved in ensuring that the day-to-day



operation of processes match service level targets. Negative: 3rd bullet: “Work with the supplier manager to establish a disaster recovery site to ensure that availability targets in the service design package can be met”. The case study states that there is a policy in place, requiring all services to be designed to deliver continuity using the existing disaster recovery site. Establishing an additional disaster recovery site is in direct violation of this policy.

Syllabus Unit / Module supported

ITIL EX: MALC02 Communication and stakeholder management ITIL EX: MALC03 Integrating service management processes across the lifecycle

Bloom’s Taxonomy Testing Level

Level 4 Analysing - The ability to use the practices and concepts in a situation or unprompted use of an abstraction. Can apply what is learned in the classroom in workplace situations. Can separate concepts into component parts to understand structure and can distinguish between facts and inferences.

Application Application – the candidate is required to apply knowledge of the inputs, outputs and interfaces of the stages and processes in the service lifecycle, particularly in service design, and evaluate various approaches to ensure that required warranty levels are achieved following a significant change to the internet banking service.

Link to Case Study The case study is primarily used to provide context for the question. The case study also provides a basis for analysis of some of the answer options.

Subjects / Categories covered

• Managing services and service management • The use of service models to aid communication on service strategy and

value creation • The inputs and outputs of processes and stages in the service lifecycle

Book Section Refs

Any 2.1.1 SS 3.4.7 – Service strategy principles – How to define services – Step 7 – Service models Any appendix 'Examples of inputs and outputs across the service lifecycle' SS 3.9 (Table 3.21) – Service strategy principles – Service strategy inputs and outputs SD 3.12 (Table 3.7) – Service design principles – Service design inputs and outputs ST 3.3 (Table 3.1) – Service transition principles – Service transition inputs and outputs SO 3.8 (Table 3.5) – Service operation principles – Service operation inputs and outputs CSI 3.12 – Continual service improvement principles – Continual service improvement inputs and outputs

Difficulty Easy



QUESTION NUMBER Two

Question Rationale This question specifically relates to MALC 04 Managing Services across the service lifecycle and it assumes knowledge of key concepts in MALC01. Case study The case study sets the scene for this question: • Six months ago HQ internal users received the roll-out of two updates to the

standard desktop build, which is a major component within the desktop service. One was an important security update and the other was an update to the management information (MI) application that was considered critical for financial end-of-year reporting, and is also an important component of the MI service. These two deployments were done at the same time and resulted in significant incidents for HQ staff.

Other relevant points are: Service transition: • Software testing is well-established, but almost totally focused on software

functionality. This has caused issues in the past with new services proving hard to support and requiring further effort to make them work after the IT services are operational.

• It is difficult to secure the involvement of internal customers in the implementation of new and changed IT services although they are willing to be involved in IT service design. Once internal customers have specified what they want they expect the IT department to deliver the IT service without their further involvement.

• No formal change evaluation is done, and customer involvement with IT service transition is minimal.

• Service asset and configuration management is focused on detailed data from automated discovery tools. The incident and problem teams do not feel this data helps them diagnose issues easily.

Continual service improvement: • There is a well-established company culture of improvement, demonstrated

by availability of investment funding for improvement projects throughout the bank, including the IT department.

Scenario – key points There are points in the scenario related to your responsibilities as the design co-ordination manager. ITIL SD 4.1.1 describes specific objectives for design co-ordination including: • Planning and co-ordinating the resources and capabilities required to design

new or changed services • Managing the quality criteria, requirements and handover points between the

service design stage and service transition • Ensuring that appropriate service designs and/or SDPs are produced and

that they are handed over to service transition as required. ITIL covers the identification of various service requirements in SD 3.4. In addition to identifying all the service requirements, the scenario specifically highlights points related to: • The service itself and its SLR or SLA (addressing warranty) • The technology components used to deploy and deliver the service • The internally delivered supporting services and components and their

associated OLAs • The performance measurements and metrics required. The key findings in the scenario should be used in evaluating the answer options. Key points are:

Key finding 1: Some service requirements were missing for each deployment and this led to unexpected warranty issues in early life support. One deployment resulted in significant incidents for HQ staff.



Involving relevant stakeholders and reviews during the service design lifecycle stage should help to identify missing requirements like warranty requirements. (ITIL SD 3.4). Key finding 2: Although the desktop service design package (SDP) was generally good, the plans did not include resource requirements for additional incident and problem handling. There were no metrics or acceptance criteria for any change in incident volumes during early life support. IT support staff said they had insufficient resources to cope with the incidents during early life support. Service requirements should define the performance measurements and metrics required. The design co-ordination process should ensure that resources are planned for additional incident handling during deployment. It should also ensure that acceptance criteria for incident volumes and measures are defined and used to manage user expectations during early life support, (ITIL SD 3.4, SD 4.1.1).

Key finding 3: There is no evidence of feedback on the SDP from the service desk and IT operations staff. There is a risk of alienating key support and operations staff during periods of change and a risk of increasing staff resistance to change. Ensuring early involvement in the service lifecycle is important for a successful deployment. The service desk and IT operations staff should be involved in the service design lifecycle stage, (ITIL ST 3.1.12).

Key finding 4: The configuration items (CIs) within the MI application are defined. However, the MI application depends on components in the desktop build that are not uniquely identified as dependent CIs. This has resulted in failed changes for parallel deployments of the desktop build for a security update and an update to the MI application. As part of identifying service requirements it is important to define the technology components used to deploy and deliver the service, (ITIL SD 3.4). The configuration dependencies between the two components of the desktop build need to be defined. Key finding 5: Configuration item (CI) information for the desktop build is good and accessible to the technical management team. However, this information is not shared and is not accessible to other teams. Quality knowledge and information enable people to perform process activities and support the flow of information between service lifecycle stages and processes, (ITIL Any 2.2.5).

MOST CORRECT (5) D This answer option includes tactical improvements that will help to ensure that similar parallel deployments will be successful. The improvements help to reduce the risk of unexpected issues in early life support. Coverage The proposed improvements and actions cover all of the key findings and improvements for related issues identified in the case study. 1st bullet – key findings 1 and 3 2nd bullet – key finding 2 3rd bullet – key findings 4 and 5 Case study This answer option offers improvement related to four points in the case study.



1st bullet. Holding review meetings with customers, user representatives and IT support staff during the service design lifecycle and service rehearsals helps with improvement for the following issues in the case study: • Software testing is well-established, but almost totally focused on

software functionality, this has caused issues in the past with new services proving hard to support and requiring further effort to make them work after the IT services are operational.

• It is difficult to secure the involvement of internal customers in the implementation of new and changed services, although they are willing to be involved with IT service design.

• No formal change evaluation is done, and customer involvement with IT service transition is minimal.

3rd bullet. “Provide IT staff with access to quality configuration information to diagnose incidents and problems easily” is an improvement that is related to the case study: • Service asset and configuration management is focused on detailed

data from automated discovery tools. The incident and problem teams do not feel this data helps them diagnose issues easily.

SECOND BEST (3) A This answer option is nearly as good as the 5-mark answer option but the

coverage of the key findings is not as comprehensive. Coverage The proposed improvements and actions cover all of the key findings and improvements for related issues identified in the case study. 1st bullet – key findings 2 2nd bullet – key findings 4 and 5 3rd bullet – key findings 1 and 3 Key finding 1 is not covered as well as the 5-mark answer option. The improvements include customers in the review of the SDP and service rehearsals but this is not as good as holding review meetings throughout the service design lifecycle stage. It does not really mitigate the risks of (a) alienating key support and operations staff during periods of change and (b) increasing staff resistance to change which is vital for successful transition. Case study This answer option offers improvement related to three points in the case study. 3rd bullet. Same points as the 1st bullet of the 5-mark answer option. 2nd bullet. “Train support staff to use the existing service asset and configuration information to perform their roles”. The case study and scenario indicate that correct configuration information is not available. This improvement is therefore not as good as the recommendation in the 5-mark answer that specifically focuses on defining the CIs for a desktop deployment and dependent components in parallel deployments. The focus on providing IT staff with access to quality configuration information to diagnose incidents and problems easily relates specifically to the case study and the scenario.

THIRD BEST (1) B This answer option is not as good as the 3 mark option.

Negative 1st bullet. This point is inconsistent with the scenario which states.” A review has also been completed of the relevant implementations which were carried out over the last six months.” Coverage



The proposed improvements and actions covers four of the key findings: 2nd bullet – key finding 2 3rd bullet – key finding 1, 2, 3 Case study This answer option offers improvement related to two points in the case study. 3rd bullet. “Improve the change management process by using a formal change evaluation to evaluate similar parallel deployments”. This helps improvement for two key issues identified in the case study: • It is difficult to secure the involvement of internal customers in the

implementation of new and changed IT services, although they are willing to be involved with IT service design.

• No formal change evaluation is done, and customer involvement with service transition is minimal.

DISTRACTER (0) C Two recommendations in this answer option are related to strategic

reviews. These points are inconsistent with the question which requires improvements that can be implemented quickly. Coverage: The proposed improvements and actions do not cover any of the key findings. Negative: 3rd bullet. The case study states that “There is a well-established company culture of improvement, demonstrated by availability of investment funding for improvement projects throughout the bank, including the IT department”. This recommendation is therefore inconsistent with the case study.


ITIL EX: MALC01 Key concepts of the service lifecycle ITIL EX: MALC04 Managing services across the service lifecycle


Level 5 Evaluating - The ability to make judgements based on criteria and standards. Can detect inconsistencies or fallacies within a process or product; determining whether a process or product has internal consistency; detecting the effectiveness of a procedure as it is being implemented. Can detect inconsistencies between a product and external criteria; determining whether a product has external consistency; detecting the appropriateness of a procedure for a given problem.

Application

Candidates need to apply their knowledge of managing services across the service lifecycle to reduce the issues in early life support and reduce the risks associated with service transition. Candidates need to assess the question and answer options in the context of the case study and scenario. The question requires the candidate to make judgements based on criteria covered within ITIL that are part of the syllabus unit and to determine the best set of opportunities for tactical improvements. The candidate is expected to detect inconsistencies or errors within the answer options, based on the case study and scenario. This includes detecting errors in the answer option such as recommending strategic reviews when the question specifically states tactical improvements.

Link to Case Study The case study provides context for the question, and also provides a basis for evaluation of the answer options. Failure to use the case study could reduce the Bloom's level utilized and could result in selection of an incorrect answer.

Subjects/ Categories covered.

• Sharing knowledge across the service lifecycle, and the use of knowledge management

• The five stages of the service lifecycle and how they interact with each other • Identification and assessment of customer and stakeholder needs and

requirements across all service lifecycle stages, and ensuring appropriate priority is given to them

• How the service design package (SDP) provides a conduit between service design, service transition and service operation



• Involve service transition in early stages of the lifecycle • Involve operations staff, business users and other relevant stakeholders in

service rehearsals Book Section Refs

Any 1.2 Context SD 3.4 - Identifying service requirements - Service requirements SD 4.1.1 - Design co-ordination purpose and objectives ST 3.1.12 - Service transition principles - Involve service transition in early stages of the lifecycle ST 4.4.5.2 - Release and deployment management - Service rehearsals

Difficulty Moderate



QUESTION NUMBER Three

Question Rationale This question is testing the candidate’s understanding of how strategy dictates value, and how value is defined and measured. It requires the candidate to evaluate how the relevance of key concepts such as 'core, enabling and enhancing' services and value terms such as “money spent, value added and value realized” apply to the situation described and to judge which concepts can be used to solve the stated issues. Criteria for answer selection include: • Recognizing that the solution must address immediate and long-term needs • Recognizing the dependencies of the proposed solution on what already

exists in the case study organization. • Leveraging existing resources and capabilities in the case study organization

and moving to create what will be needed in the future. • Recognizing that moving from a situation where very little is known even

about the cost of IT services to a situation where value is fully understood and linked back to value realized by the business itself will be a gradual evolution, not a first step.

MOST CORRECT (5) A This answer is a good balance between current and future needs. It recognizes that a service catalogue already exists and builds upon it for the future by maturing to a full service portfolio. If overall costs are to be understood and controlled, decisions related to future and not just current services must be considered. This answer also provides for consistent mechanisms for understanding business needs so that investments can be aligned with those needs. It addresses understanding costs (needed in the short term) and value (needed for long-term success). Finally, this answer recognizes that services need to be linked to business outcomes.

SECOND BEST (3) D This answer has significant merit. It leverages existing information in the service catalogue and other sources and puts in place elements to enable the understanding of the relationship between services and business activity. The primary weakness in this answer is that it focuses on cost data and, although it recommends revising the service portfolio management process, there is no evidence in the case study or scenario that such a process formally exists or requires revision. Also, it does not mention the business value of services, but rather relates services to business “activity”.

THIRD BEST (1) B The key merit of this answer is that it recognizes the immediate need to understand costs and relate them to services, not just to IT as a whole. It also seeks to understand what customers want, but this is done at an individual customer group level which fails to consider relative business importance. Finally, although it recognizes the need for the right operational data, it links this data to general continual service improvement and does not associate it with the stated short- or long-term goals.

DISTRACTER (0) C This answer recommends inventorying services, apparently not leveraging the existing service catalogue information, or the information stated in the case study as being available in the business change request and development records. It then proposes classifying the services using a method (money spent, value added, value realized) which the scenario states they have insufficient information to accomplish at this time, and it fails to identify their objectives for the classification.


ITIL EX: MALC01 Key concepts of the service lifecycle Also draws on ITIL EX: MALC03 Integrating service management processes across the service lifecycle



Application Application – The candidate is required to evaluate the actions that could be taken, based on the case study, question scenario and ITIL theory, and judge what actions are most appropriate in the circumstances.



Link to Case Study The case study is used to provide context, and as a basis for evaluation of answer options. Failure to use the case study to answer this question could reduce the Bloom's level utilized and could result in the selection of an incorrect answer option.

Subjects/ Categories covered

• Core, enabling and enhancing services • How service strategy elements dictate what constitutes value, and how value

is defined and measured • The value to business and the interfaces of all processes in the ITIL Service

Strategy publication Book Section Refs

SS 3.2.2.4 – Core, enabling and enhancing services SS 3.2.3 – Value SS table 3.5 – Examples of core, enabling and enhancing services Any 1.1.4 – Value to the business SS 4.1.3 – Strategy management for IT services – Value to the business SS 4.5.3 – Business relationship management – Value to the business SS 4.2.3 – Service portfolio management – Value to the business SS 4.2.6.4 – Interfaces

Difficulty Moderate



QUESTION NUMBER Four

Question Rationale This question requires the candidate to apply knowledge of service transition processes, particularly change management / change evaluation, and evaluate different tactical approaches to improving the handling of IT changes within the context of the scenario and overall case study.

MOST CORRECT (5) B Positive: 1st bullet: “Review the change management process and ensure that the branch IT infrastructure is within scope”. The case study says that the customer delivery division is responsible for handling the branch IT infrastructure. It is therefore vital to ensure that this is not outside of the scope of the change management process. Positive: 2nd bullet: “Check that each change authority has the right representatives. This should include the customer delivery division and representatives from IT suppliers and new acquisitions”. The customer delivery division must be involved in the change authorities, to ensure appropriate handling of changes to the branch IT infrastructure. The same applies to relevant IT suppliers, to manage these relationships effectively to ensure smooth delivery of service. Also the case study states that there have been difficulties subsuming acquisitions into the company. Participating in change authorities would support this objective. Positive: 3rd bullet: “Introduce the key elements of a change evaluation process” The case study states that there is no formal change evaluation process in place to support the evaluation of significant changes. However the scenario lists a key driver for the tactical improvements as being the need for expected performance of the new IT service supporting the new insurance service. Introducing key elements of the change evaluation process would help ensure that the service has the right and expected performance. Since the question asks for tactical improvement, the bullet does not specify a full implementation of a change evaluation process. Positive: 4th bullet: “Increase focus on warranty during testing, and include representatives from the financial products division” The case study states that the current software testing focuses almost totally on functionality. Adding testing of warranty would increase the likelihood of success of the new insurance service. Also including representatives from the financial products division, the division responsible for the new insurance service offerings, would address the current issue of only limited involvement from the business in service transition.

SECOND BEST (3) D Neutral: 1st bullet: “Evaluate the change management process within the shared services division and ensure on-going control over live services in operation”. The case study states that change management is well-developed, and that there is already strict control over access to live services. Also the recent



incidents have been related to changes to the branch IT infrastructure, which is managed by the customer delivery division. Positive / neutral: 2nd bullet: “Check that the users of the change management process have completed training. Consider refresher training for IT suppliers and teams where there have been change-related incidents”. Although it is positive to ensure sufficient training, the bullet does not mention the customer delivery division specifically, and is therefore not as strong as the equivalent bullet in the best answer option. Positive: 3rd bullet: “Make adjustments to the change authorities, such as ensuring that a customer delivery division representative is an active member of level 2” Will ensure that changes to the branch IT infrastructure receive sufficient attention and are seen in relation to other IT changes. Positive: 4th bullet: “Assess operational readiness during testing, particularly related to support after go-live” Will add to the existing practice of testing software functionality, and address the issue mentioned in the case study with transitioned services being hard to support and requiring adaptations after going live.

THIRD BEST (1) A Positive: 1st bullet: “Consider refresher training for the customer delivery division and key resources from new acquisitions”. The recent incidents have been related to changes to the branch IT infrastructure, managed by the customer delivery division. Ensuring sufficient training in this division is therefore vital to prevent further incidents. Negative: 2nd bullet: “Establish country IT change advisory boards at level 1 to speed up handling of IT changes, and have these country boards report into the business executive board”. An additional CAB on level 1 that reports into the business executive board (level 0) can bypass the IT steering group responsible for changes that have an impact on multiple services and divisions. This could reduce the visibility into the management of changes, and undermine the current governance structure. Neutral: 3rd bullet: “Implement a change evaluation process” The scenario lists a key driver for the tactical improvements being the need for expected performance of the service supporting the new insurance service. Introducing change evaluation would help ensure that the service has the right and expected performance. However the question asks for tactical improvement, while the bullet suggests a full implementation of a change evaluation process. Implementing a full change evaluation process cannot be considered a tactical change.



Neutral: 4th bullet: “Expand testing of utility for new and changed services” There is already a focus on software functionality testing. Expanding the testing of utility will likely have little impact on the issues listed in the scenario.

DISTRACTER (0) C Neutral: 1st bullet: “Introduce a service management toolset to increase visibility into changes and their impact on live services”. The case study specified that there already is an integrated service management toolset in place to support service management staff. Negative: 2nd bullet: “Reduce the number of change authority levels, and specify that the new insurance service is handled at a lower level to reduce time-to-market”. Although this specific company could have a reason for reducing the number of change authority levels from what is recommended in ITIL good practice, there is no information in either the case study or scenario indicating such a need. Also handling the new insurance service on a low change authority level would not be in accordance with the current policy in which changes with high risk/impact should be handled by the business executive board. Negative: 3rd bullet: “Extend the existing change evaluation process for level 1 and level 2 changes in the customer delivery and shared services divisions” The case study states that there is no change evaluation process in place. Neutral: 4th bullet: “Implement a knowledge management process to optimize use of data and improve efficiency across business divisions” Implementing a full knowledge management process, and thereby expanding on the current informal practices, is not a tactical improvement. Also there are no immediate indications in either the case study or scenario of why this is necessary or whether it will have an impact on the issues listed in the scenario.


ITIL EX: MALC03 Integrating service management processes across the service lifecycle ITIL EX: MALC05 Governance, roles, people, competence and the organization



Application

Application – the candidate is required to apply knowledge of service transition processes, particularly change management and change evaluation, and evaluate different tactical approaches to improving the handling of IT changes within the context of the scenario and overall case study.

Link to case study The case study is used to provide context for the question, and as a basis for evaluation of the answer options.



Failure to use the case study to answer this question could reduce the Bloom's level utilized and could result in the selection of an incorrect answer option.


• The value to business and the interfaces of all processes in the ITIL Service Transition core publication:

o Change management o Change evaluation

• The application of governance in change management, through change authorization to ensure the integrity of live services. The role of the change advisory board (CAB)

Book Section Refs

ST 4.2.3 – Service transition processes – Change management – Value to business ST 4.2.6.4 – Service transition processes – Change management – Interfaces ST 4.6.3 – Service transition processes – Change evaluation – Value to business ST 4.6.6.4 – Service transition processes – Change evaluation – Interfaces ST 4.2.5.5 – Service transition processes – Change management – Authorize change build and test ST 4.2.5.10 – Service transition processes – Change management – Change advisory board

Difficulty Moderate



QUESTION NUMBER Five

Question Rationale The question requires knowledge of the way process improvement in one stage of the service lifecycle can be beneficial to other areas. It requires the decisions to be made between short-term, reactive improvements and fundamental changes in processes which have a more sustained effect on overall service quality. The question also requires application of the theory to the case study in order to determine the correct solution. Case study points related to opportunities for improvement: a. Service design: Banking staff are actively involved in the IT service design

activities undertaken by the applications unit; good relationships exist and applications unit staff members also contribute to the development of new and changed business services.

b. Service transition: Software testing is well-established, although it is almost totally focused on software functionality. This has caused issues in the past with new IT services proving hard to support and requiring further effort to make them work after the IT services are operational.

c. Service transition: Knowledge management is mostly carried out informally. There is a formal communication plan to keep staff up to date on new policies and requirements. There is awareness that, as the bank expands, work needs to be done to better leverage data and information to improve effectiveness.

d. Service transition: No formal change evaluation is done, and customer involvement with IT service transition is minimal.

e. Service transition: Change management is well-developed with strict control over access to the live IT services.

Analysis of the suggestions 1. Ensure that each SDP fully documents all required testing of service utility. Neutral - This should certainly be part of the SDP, but it will not lead to significant improvements, as there is already good testing of service utility. The case study says "Software testing is well-established, although it is almost totally focused on software functionality". 2. Plan to incorporate customer satisfaction targets into the service level agreements (SLAs). Positive – this improvement shows an ongoing commitment to customer satisfaction and its measurement and can also lead to the capture of service improvement ideas from the customers and users that might be implemented to improve services quality. From the additional information the bank is starting to formalize the use of this type of information. (SD 4.3.5.7) 3. Introduce the principles of balanced design for major changes as part of the service design lifecycle. Positive – recognition of the fact that if changes are made to one of the three elements in a project namely resources, functionality or schedule, this will have an effect on the other two. In respect of functionality, balanced design ensures a balance between meeting the utility and the warranty requirements. It is important that service design recognizes the effect of this and the impact that this could have on other stages of the service lifecycle. From the case study (see b above) a lack of operational acceptance testing could be symptomatic of the fact that the design processes are not recognizing the need for flexibility in this area so that all required functionality is confirmed. (SD 3.3) 4. Implement a CSI register to record and prioritize service improvement suggestions and ensure that associated KPIs are identified. Positive – A CSI register allows the capture of relevant information especially the KPIs required to monitor the improvements success. This record allows for the prioritization of improvements. Currently, although the bank does invest in improvements, the case study (see c above) suggests that metrics are not being



fully utilized. (CSI 3.4) 5. For each implementation of a new service carry out a customer satisfaction survey with business representatives. Neutral – understanding business representative opinion is useful, however this does not include other stakeholders such as the users and is concentrated on very specific events, which is not as regular or comprehensive as a link to SLAs. 6. Create an SDP for each major change and include a definition of each stage of the transition with suitable entry and exit criteria. Positive – Detailing the lifecycle stages for service transition helps to put in more ‘checks’ or ‘quality gates’ to ensure that all aspects of transition are being controlled. In the case study (see d above) it states that change evaluation is not undertaken at present, this approach could be a building block for the subsequent introduction of the formal change evaluation process. (ST 4.1.5.2) 7. Increase the amount of utility testing for all products and IT services before release and deployment. Negative - This is a reactive suggestion. All the evidence in the case study (see b above) suggests that the present testing of utility of new services is being undertaken adequately. The area of concern would be warranty testing to ensure that operations management are in a position to support the new services once they were live. This only addresses part of one aspect of the balancing of resources and schedule and functionality. 8. Reduce the number of new service support issues by introducing involvement from the business and service implementation unit at the service design stage. Neutral – The suggestion is limited since it does not include operations management at the design stage, which is the area that is responsible for operational support. The case study (see a above) already highlights that there is some level of involvement from the business albeit concentrated in the applications development area (SO 9.1).

MOST CORRECT (5) B 2 Positive 3 Positive 4 Positive 6 Positive

SECOND BEST (3) C 3 Positive 4 Positive 5 Neutral 8 Neutral

THIRD BEST (1) A 1 Neutral 4 Positive 5 Neutral 7 Negative

DISTRACTER (0) D 1 Neutral 5 Neutral 7 Negative 8 Neutral


ITIL EX: MALC04 Managing services across the service lifecycle ITIL EX: MALC07 Implementing and improving service management capability


Level 4 Analysing - The ability to use the practices and concepts in a situation or unprompted use of an abstraction. Can apply what is learned in the classroom in workplace situations. Can separate concepts into component parts to understand structure and can distinguish between facts and inferences.

Application

The candidate needs to apply knowledge of managing across the lifecycle and be able to analyse improvement suggestions. The candidate needs to apply their analysis to determine the best options to improve overall service quality.

Link to Case Study The case study is used primarily to set context, and is also used as a basis for analysis of the answer options.




• Identification and assessment of customer and stakeholder needs and requirements across all service lifecycle stages, and assuring appropriate priority is given to them

• Customer satisfaction surveys • The challenges, critical success factors and risks of the service lifecycle

stages, and potential conflicts and competing issues across the lifecycle • Planning for improvement with short-, medium- and longer-term improvement

initiatives • How the service design package (SDP) provides a link between service

design, service transition and service operation Book Section Refs

SD 3.3 – Service design principles – Balanced design SD 4.3.5.7 – Service design processes – Service level management – Process activities, methods and techniques - Collating, measuring and improving customer satisfaction ST 4.1.5.2 - Service transition processes - Process activities, methods and techniques – Service transition lifecycle stages SO 9.1 - Challenges, risks and critical success factors - Challenges CSI 3.4 - Continual service improvement principles – CSI register

Difficulty Moderate



QUESTION NUMBER Six

Question Rationale The question requires the candidate to apply their understanding of SWOT analysis to ITSM in the current situation in the bank. The candidate needs to evaluate each of the points in the answer options against information in the case study and scenario, and against the service level targets. The SWOT analysis in question applies to IT Service Management (ITSM) within the bank. An appropriate SWOT analysis needs to include:

• strengths in the bank's ITSM situation • weaknesses with the ITSM situation in the bank • situations external to ITSM which give rise to opportunities for ITSM • situations external to ITSM which give rise to threats or potential issues

for ITSM in the bank.

The candidate needs to evaluate each element in the answer options in terms of: • whether it correctly meets the definition of a strength, weakness,

opportunity or threat in relation to ITSM in the bank • whether the case study and/or scenario supports it as a strength,

weakness, opportunity or threat • whether it contributes towards the desired end-state for ITSM, for

example in terms of targets in the scenario and/or the case study. None of the SWOT analyses in the answer options is a full and complete SWOT analysis of ITSM (that would be a lot larger) but the question is looking for the most appropriate, given the service level targets. Therefore points which relate to the service level targets are better than ones which don't, and an overall SWOT analysis which takes account of all the targets is desirable. Individual elements have been rated between positive - neutral - negative based on their appropriateness to assist with evaluation of answer options.

MOST CORRECT (5) B This is the best answer. All elements are valid in terms of SWOT, in terms

of the case study, and potentially have an impact on the target service levels, with balance across all the service levels. Strengths: 1. Strict control over access to live services. Positive: Valid strength. Correct according to case study (Description of service transition – “Change management is well-developed, with strict control over access to the live IT services.”). Could support high-availability target through reducing incidents following changes. 2. Good service desk and incident management process. Positive: Valid strength. Correct according to case study (Description of service operation – “The service desk function and the incident management process are well-established and effective.”). Could support high customer satisfaction target through providing good IT support and reducing downtime during incidents (also supporting high-availability target). 3. Well-established culture of improvement. Positive: Valid strength. Correct according to case study (Description of continual service improvement – “There is a well-established company culture of improvement, demonstrated by availability of investment funding for improvement projects throughout the bank including the IT department.”). Could support TCO-reduction target through identifying, communicating and implementing improvements to reduce TCO. Any improvement made towards the specified targets would be supported by this culture of improvement.



Weaknesses: 4. Inadequate software testing. Positive: Valid weakness. Correct according to case study (Description of service transition – “Software testing is well-established, although it is almost totally focused on software functionality. This has caused issues in the past with new IT services being hard to support and requiring further effort to make them work after the IT services are operational.”). Could have an impact on high-availability target through incidents following changes. 5. Insufficient data for diagnosis by incident and problem teams. Positive: Valid weakness. Correct according to case study (Description of service transition – “Service asset and configuration management is focused on detailed data from automated discovery tools. The incident and problem teams do not feel this data helps them to diagnose issues easily.”). Could reduce customer satisfaction by increasing downtime during incidents and not preventing recurring incidents. 6. Limited financial information on cost of individual services. Positive: Valid weakness. Correct according to case study (Description of service strategy – “Financial control within the IT department is comprehensive at a high level, but only limited information is known as to the detailed cost of individual services and the usage by each customer”). Could prevent both measuring and reducing service cost. Opportunities: 1. Available funding for improvement projects across both business and

IT. Positive: Valid opportunity. (While in some respects this could be seen as an internal strength, the funding decision will have been made external to ITSM). Correct according to case study (Description of continual service improvement – “There is a well-established company culture of improvement, demonstrated by availability of investment funding for improvement projects throughout the bank including the IT department.”). Could enable the introduction of improvements to availability, customer satisfaction and total cost of ownership (TCO). 7. Business strategy to integrate and automate business and IT

operations. Positive: Valid opportunity. Correct according to case study (Description of corporate vision and business strategy – “Part of the business strategy is to integrate and automate business and IT operations within company constraints that include legislation, regulatory, financial and security constraints.”). This could provide an opportunity to increase customer satisfaction and reduce TCO. Threats: 8. Infrastructure management outside of the shared services division. Positive: Valid threat. Correct according to case study (Description of shared services division – “Some direct management of the branch IT infrastructure remains with the customer delivery division. Some direct management of the overseas banks' IT infrastructure remains with the overseas banks within the global banking division.”). Could prevent high-availability target from being reached by, for example, not including the branch infrastructure in the scope of change management.



9. Language, time-zone and cultural issues. Positive: Valid threat. Correct according to case study (Description of challenges, issues and risks – “The commitment to expansion has created some direct and immediate challenges, including:

• language and time-zone concerns as the bank acquires and partners with companies in other countries.

• cultural and organizational issues. This has especially shown itself in the different levels of expectation for IT support between the different countries and acquired companies").

Could affect customer satisfaction due to varying expectations. SECOND BEST (3) C This answer is almost as good as the 5-mark answer, and all elements have

some merit. Three of the elements are less comprehensive in terms of their relevance to the service level targets and/or their validity in SWOT terms. Strengths: 2. Remote back-up site exists for service continuity. Positive / Neutral: Valid strength. Correct according to case study (Description of service design – “A remote back-up site is available to deliver continuity of IT services in the event of a disaster. There is an IT service continuity policy that requires that all critical IT services be designed to deliver IT service continuity via this route.”). Could reduce impact from major incidents / disasters to support high-availability target. However it would not provide a day-to-day facility, being there for contingency purposes, so would not contribute to the service level targets as much as some of the other strengths. 3. IT department has a unit focused on service quality. Positive: Valid strength. Correct according to case study. ("Service quality unit which includes the service improvement manager"). A focus on quality and improvement could support the targets relating to availability and customer satisfaction.

4. The business and IT work closely together. Positive: Valid strength. Correct according to case study (Description of service strategy – “The CIO and IT strategy unit work closely with the business with the aim of delivering relevant and up-to-date IT services.”). Could support implementing improvement initiatives related to availability, customer satisfaction and TCO. Weaknesses: 5. No formal change evaluation. Positive: Valid weakness. Correct according to case study (Description of service transition – “There is no formal change evaluation process...... and customer involvement with IT service transition is minimal.”). Could increase likelihood of incidents following changes, with negative impact on the high-availability target. 6. Missing proactive element of problem management. Positive: Valid weakness. Correct according to case study (Description of service operation – “Problem management tends to be reactive rather than proactive.”). Could increase downtime from incidents and increase TCO due to costly emergency improvements. 7. Lack of a formally maintained service portfolio.



Positive: Valid weakness. Correct according to case study (Description of service strategy – “The service portfolio, however, is not formally maintained, although relevant information is available via the business change request and development records.”). An improved service portfolio could impact customer satisfaction. Opportunities: 1. Acknowledgement that effectiveness and economy could be improved

by involving IT staff more in developing new and changed business services.

Positive / Neutral: This provides an opportunity. It is not completely clear from the case study whether the acknowledgement is only within the ITSM organization or from the business (external and therefore a valid opportunity in SWOT terms). Correct according to case study (Description of IT structure – “The banking services are each underpinned by IT services. These IT services have been developed with a good level of collaboration between business and IT staff. This has worked well although it is acknowledged that effectiveness and economy could be further improved by increased involvement of IT staff in developing new and changed banking services.”). This acknowledgement provides the opportunity for involving IT staff more which could support building for high availability requirements from early in the service lifecycle.

8. Costs of virtualization solutions are reducing. Positive: Valid opportunity. Relevant according to case study (Description of IT infrastructure – “In an effort to reduce capital expenditure and increase the utilization of hardware, the bank has established a new policy of 'virtual first' meaning all new servers will be virtual unless the application requires otherwise.”). Reduction in costs of virtualization solutions could have an impact on TCO towards the TCO reduction target. Threats: 9. Handling of business questions by business support teams. Positive: Valid threat. Correct according to case study (Description of service operation – “Business questions (how-to questions) are handled by separate business support teams within each of the main business divisions.”). Could prevent customer satisfaction target from being reached as the business questions would be outside of scope of established good practice for support, and business perceptions of IT service could be affected by this service which is outside ITSM control. 10. Changes in legislation. Neutral: Valid threat in terms of it being an external influence. Not mentioned explicitly in case study, and unclear whether there would be an impact on ITSM. However the bank already has a division dedicated to security, risk and compliance. There is no information indicating that changes would have specific (positive or negative) impact on the service level targets in the scenario.

THIRD BEST (1) D This answer has some good elements, and some which are less valid in terms of their relevance to the service level targets or their validity in SWOT terms. Strengths: 1. Well-maintained IT service catalogue easily accessible to staff.



Positive: Valid strength. Correct according to case study (Description of service strategy – “There is a well-maintained IT service catalogue easily accessible to staff showing the IT services available.”). However there is no information indicating that this should have a specific (positive or negative) impact on the service level targets in the scenario. 2. Service request software supports direct ordering of services. Neutral: Valid strength. Correct according to case study (Description of service operations – “There is a process to manage service requests which is supported by service request software to enable direct ordering of certain service catalogue items by business customers.”). However there is no information indicating that this should have a specific (positive or negative) impact on the service level targets in the scenario. 3. Negotiation of service level agreements during service design and

service transition. Positive: Valid strength. Correct according to case study (Description of service design – “Service level agreements are in place, with negotiation beginning during the service design stage and extending through the service transition stage.”). Having negotiation extending through service transition could make it more likely that the agreed availability target (99.99%+) can be met. Weaknesses: 4. Dependence on knowledge of short-term contract staff. Positive: Valid weakness. Correct according to case study (Description of service design – “Approximately 60% of the work of IT service design is delivered by short-term contract staff working in the applications unit.”). Could reduce quality of support and prevent increasing efficiency and the implementation of cost-reduction measures due to lack of historical knowledge. 5. The operations control centre covers both applications and

infrastructure. Neutral: Valid internal situation, though no evidence as to whether it is actually a weakness. Correct according to case study (Description of service operation – “There is a central operations control centre in the HQ country which controls the operations of both applications and IT infrastructure.”). However there is no information indicating that this should have a specific (positive or negative) impact on the service level targets in the scenario. 6. Service asset and configuration management provides detailed data

from automated discovery tools. Positive/Neutral: Valid internal situation, which involves both a strength and a weakness (see below). Correct according to case study (Description of service transition – “Service asset and configuration management is focused on detailed data from automated discovery tools.”). Could have a positive impact, and be a strength both during assessment of changes and incident management. The case study also indicates that this data is insufficient for incident and problem management teams, which could prove a weakness and have an impact on availability and customer satisfaction. Opportunities: 7. Purchasing as opposed to developing software.



Negative: This statement is an action rather than a situation, and therefore not a valid opportunity in SWOT terms. The case study indicates maximum use of purchased software. This indicates that a “buy before build” policy is already in place, and this would therefore have very limited impact. 8. Renegotiating contract with external WAN provider. Neutral/Negative: This statement is an action rather than a situation, and therefore not a valid opportunity in SWOT terms. Although renegotiating could potentially have an impact on the TCO of the internet WAN links, there is no information in the case study indicating that there is a potential for substantial cost savings in this area. Threats: 9. Security breaches and denial-of-service attacks. Positive/Neutral: Valid threat. Although always (theoretical) threats, the bank already has a division dedicated to security, risk and compliance. There is no information indicating that risk exposure in this area is not managed acceptably. Such threats would potentially have an impact on availability of service. 10. High turnover from low employee satisfaction. Negative: Not a valid threat. If there were high turnover of ITSM staff, or low employee satisfaction, then this would be a weakness rather than a threat. It would need to state an external situation which might give rise to these things in order to be a threat in SWOT terms.

DISTRACTER (0) A Most of the elements in this option are either invalid in SWOT terms, wrong in terms of the case study, or less relevant to the service level targets. Strengths: 1. Dedicated physical servers to prevent cross-service impact from

incidents. Neutral: Although this could have been a strength under different circumstances, there is a policy in place to use virtualization. 2. Business and IT are strictly separated to support good governance. Neutral/Negative: This is not entirely internal to ITSM so would not be a valid strength in SWOT terms. Although IT is part of the separate shared service division, this is not necessarily the only way to ensure good governance. In this case, the business and IT work well together, e.g. during service design. 3. Standardized IT support as “one size fits all”. Neutral: Although standardized, “one size fits all” IT support could be considered a strength; in this case there are varying expectations towards IT support stemming from cultural and organizational issues. Weaknesses: 4. Issues with integration of management information across the business

units. Positive: Valid weakness. Correct according to case study (Description of challenges, issues and risks – “Recently there have been issues with



integration of management information across the business units.”). Could prevent both reaching required customer satisfaction target and reducing TCO. 5. Insufficient commitment of staff and finance for dealing with suppliers. Negative: If it were true it would be a valid weakness. Wrong according to case study. There is full commitment to handling both partnership and suppliers due to the strategy of driving change. 6. Insufficient network security. Negative: If it were true it would be a valid weakness. Wrong according to case study, which says that the bank has set up VPN to ensure appropriate levels of security. Opportunities: 7. Implementing an integrated service management toolset. Negative: This is not a valid opportunity in SWOT terms, as it is an action rather than a situation giving rise to an opportunity. Wrong according to the case study. There is already an integrated service management toolset in place. 8. Actively involving banking staff in service design. Negative: This is not a valid opportunity in SWOT terms, as it is an action rather than a situation giving rise to an opportunity. Wrong according to the case study. Banking staff are already actively involved in service design. The issue is with involvement in service transition, but the bullet does not mention that. Threats: 9. Reducing co-operation between business divisions. Negative: This is not a valid threat in SWOT terms, as it does not state the situation which would give rise to such a threat. The case study confirms that the business divisions currently work closely together, e.g. on projects. It is not clear how this would have a direct impact on ITSM within the bank or its service level targets. 10. Focusing on overseas business could threaten bank's success in

domestic market. Neutral: Valid threat. The case study confirms the bank has had significant success in the domestic market, and is seeking to expand overseas. It is unclear however how this threat would have a direct impact on ITSM within the bank or its service level targets.


ITIL EX: MALC07 Implementing and improving service management capability





Application Application – the candidate is required to apply knowledge of the SWOT analysis and evaluate different analysis in light of information on service level targets in the scenario and overall case study.

Link to Case Study The case study is used to provide context and as a basis for evaluation. Failure to use the case study to answer this question could reduce the Bloom's level utilized and could result in the selection of an incorrect answer option.


Assessing the current situation regarding service provision: SWOT analysis

Book Section Refs

CSI 5.5.9 – Continual service improvement methods and techniques – Metrics – SWOT analysis

Difficulty Hard



QUESTION NUMBER Seven

Question Rationale The question is based on the concept of the characteristics of value described in the ITIL Service Strategy publication, and its application to the case study. Value is defined in terms of three areas: the business outcomes achieved, the customer’s preferences, and the customer’s perception of what was delivered. The value of a service can be considered to be the level to which that service meets a customer’s expectations. The characteristics of value are: • Value is defined by customers: The ultimate decision about whether that

service is valuable or not rests with the customer. • Affordable mix of features: It is possible to influence the customer’s

perception of value through communication and negotiation, but that still does not change the fact that customers will still make the final choice about what is valuable to them.

• Achievement of objectives: Customers do not always measure value in financial terms, even though they may indicate how much they are prepared to pay for a service that helps them to realize the desired outcome. Many services are not designed to produce revenue, but to meet some other organizational objective, such as social responsibility programmes, or human resource management.

• Value changes over time and circumstance: What is valuable to a customer today might not be valuable in two years.

Case study: The corporate vision is firmly based on expansion and articulates this via targets to be achieved by the close of the next financial year. The current financial year closes in six months, so these targets are expected to be achieved 18 months from now. • In their HQ country, to have as a customer base 10% of retail banking market

(currently 7%) • Increase income from internet banking by 70% • Increase income from customers living outside the HQ country by 50% • Achieve a 5% increase in corporate profit.

In addition, part of the business strategy is to integrate and automate business and IT operations within company constraints that include legislation, regulatory, financial and security constraints.

MOST CORRECT (5) C This is the BEST description, as it covers all of the characteristics of value using examples from the bank’s corporate vision that relate to the IT services.

SECOND BEST (3) D This answer is not as good as the 5-mark answer because it uses fewer examples from the bank’s corporate vision. It also misses the last characteristic –value changes over time and circumstance.

THIRD BEST (1) B This answer does not use any examples from the bank (it uses generic text from SS 3.2.3). The last sentence “Value is defined in this financial year for the next financial year and may change if the business and IT strategies change” is incorrect. Value is realized in service operation and value will change over time and circumstance, as new and changed IT services are deployed to the business and the internet banking customers.

DISTRACTER (0) A This answer option has several points that are wrong and/or weak, and it does not include any mention of how value changes over time. 1st sentence – “Value … and does not depend on what was delivered.” This contradicts ITIL: “Value needs to be defined in terms of three areas: the business outcomes achieved, the customer’s preferences, and the customer’s perception of what was delivered.” 2nd sentence – “A key characteristic of value is defining it in terms of the business outcomes that are achieved and measuring value through



financial returns and cost savings. “ Value is not measured only through financial returns and cost savings. 3rd and 4th sentence – “The delivery of the bank’s corporate vision will be the ultimate measure of value in 18 months’ time. This measure should include the increase in income generated from internet banking and from customers living outside the HQ country” is generic for the bank and is not directly related to characteristics of value from the IT services. 5th sentence – “Value can also be realized through the delivery of business outcomes and solutions within company constraints such as legislation, regulatory, finance and security” is valid but not directly related to a characteristic of value, e.g. achievement of objectives.


ITIL EX: MALC01 Key concepts of the service lifecycle


Level 4 Analysis - The ability to use the practices and concepts in a situation or unprompted use of an abstraction. Can apply what is learned in the classroom in workplace situations. Can separate concepts into component parts to understand structure and can distinguish between facts and inferences.

Application The candidate is expected to analyse the scenario and answer options using the ITIL concepts of value and characteristics of value. There are inconsistencies between some of the answer options and ITIL. The BEST answer option is based on applying the banks business objectives in the corporate vision to the right characteristics of value.

Link to Case Study The case study is used to provide context and as a basis for analysis Subjects/ Categories covered

• How service strategy elements dictate what constitutes value, and how value is defined and measured

Book Section Refs

SS 3.2.3 – Value SS 3.2.3.1 – Creating value

Difficulty Moderate



QUESTION NUMBER Eight

Question Rationale Key aspects in the case study relevant to the question are: The corporate vision is firmly based on expansion and articulates this via targets to be achieved by the close of their next financial year – in 18 months from now. Part of the business strategy is to integrate and automate business and IT operations within company constraints that include legislation, financial and security constraints. A risk due to a security breach for the online banking service appears in the company risk register. In the scenario: the CIO is concerned that the recent issues and risks will have a negative impact on the business strategy. The question is based on understanding and applying knowledge about critical success factors (CSFs) and key performance indicators (KPIs). ITIL definition of a KPI: A metric that is used to help manage an IT service, process, plan, project or other activity. Key performance indicators are used to measure the achievement of critical success factors. Many metrics may be measured, but only the most important of these are defined as key performance indicators and used to actively manage and report on the process, IT service or activity. They should be selected to ensure that efficiency, effectiveness, and cost-effectiveness are all managed.

MOST CORRECT (5) B The set of recommendations is the best combination to support the business strategy. Each recommendation is proactive and provides KPIs at the correct level.

Positive: 1st bullet: Adding the KPI “Reduction in the impact and number of business transactions lost due to IT failures” is good. It focuses on what is crucial for the bank to support the business strategy. This is a correct level of measurement and it supports the first CSF. Positive: 2nd bullet: Adding the KPI “Reduction in the number of service breaches caused by suppliers” is good. It provides a focus on third party contract targets that are essential to support global growth where the bank will depend on suppliers’ services in each country. This is a correct level of measurement and it supports the 1st and 2nd CSFs. Positive: 3rd bullet: Adding the KPI “Reduction in the number of risks caused by a security breach of an IT service” is good. It enables service level management to monitor the risks caused by security breaches for the on-line banking service. This is a correct level of measurement and it supports the 2nd CSF. Positive: 4th bullet: Adding the KPI “Decrease in the costs associated with IT service provision” is good. It focuses on what is crucial for IT to support the business strategy of the bank and target to increase profit. This is a correct level of measurement and it supports the 3rd CSF.

SECOND BEST (3) D This is not as good as the 5-mark answer because it partially covers the CSF- Deliver the agreed IT services at affordable costs. The recommendation to add the KPI “Reduction in the number of incidents that cause downtime” is a good measure but it overlaps with existing KPIs in the scenario. The recommendation for the KPI on information security is not as good as the 5-mark answer that is more proactive. Positive: 1st bullet: Adding the KPI “Reduction in service level breaches for customer-facing services and supporting services” ensures that the impact of a potential failure to the SLA targets is measured. It contributes to understanding the performance of the WAN supporting service.



Neutral: 2nd bullet: Adding the KPI “Reduction in the number of incidents that cause downtime” is a good measure but it overlaps with the second KPI in the scenario. Positive: 3rd bullet: Adding the KPI “Reduction in the number and impact of security breaches and security incidents" is good. This KPI enables service level management to monitor the information security breaches and incidents for the bank and the internet banking service. This is a correct level of measurement and it supports the 2nd CSF. Positive: 4th bullet: Adding the KPI “Decrease in the cost of incident resolution” is good. It enables service level management to monitor costs of resolving incidents for the internet banking service that will contribute to cost reduction and the 3rd CSF. This is a correct level of measurement.

THIRD BEST (1) C This is not as good as the 3-mark answer because the first bullet recommends a KPI that overlaps with both of the existing KPIs. The recommended KPI on information security is not as good as the 3-mark answer that measures the impact of security breaches and security incidents. Neutral: 1st bullet: Adding the KPI “Increase in customer satisfaction with the availability of service” is a good measure but it overlaps with the current KPIs. Positive: 2nd bullet: Adding the KPI “Reduction in the number of incidents caused by suppliers” will support the 1st CSF and the need to manage the WAN supporting service. It enables service level management to monitor incidents for the WAN service. It also supports the 2nd CSF. Positive: 3rd bullet: Adding the KPI “Reduction in the number of security breaches and security incidents” is good. It enables service level management to monitor the risks related to information security breaches for the internet banking service. This is a correct level of measurement and it supports the 2nd CSF. Positive: 4th bullet: Adding the KPI “Decrease the cost of incident resolution” is good. It enables service level management to monitor costs of resolving incidents and problems for the internet banking service that will contribute to cost reduction and the 3rd CSF. This is a correct level of measurement.

DISTRACTER (0) A This answer options does not provide any support for the 3rd CSF - Deliver the agreed IT services at affordable costs. Positive: The set of KPIs support the 1st CSF. Positive: The set of KPIs support the 2nd CSF. Negative: The set of KPIs do not support the 3rd CSF.


ITIL EX: MALC06 Measurement





Application

The candidate is required to make a judgements based on: a) Establishing a service measurement framework to ensure that what is

measured is crucial b) Problems caused by incorrect levels of measurement (too little or too

much). The judgments need to be linked to the measurements and the correct level of measurement based on criteria in the case study and scenario. The question requires the candidate to make judgments based on criteria covered within ITIL that are part of the syllabus unit. The candidate is expected to detect inconsistencies or errors within the answer options, based both on the scenario and on ITIL. The question requires analysis and judgment in selecting the best recommendation about KPIs for this particular scenario. The candidate is expected to maximize positive points and minimize the negative points whilst making a judgment about the best combination of recommendations.

Link to Case Study The case study is used to provide context and as a basis for evaluation. Failure to use the case study to answer this question could reduce the Bloom's level utilized and could result in the selection of an incorrect answer option.


• CSFs and KPIs • Design and development of a service measurement framework

Book Section Refs

CSI 5.5.1 Metrics – How many CSFs and KPIs CSI 5.5.1.1 – Qualitative KPIs CSI 5.5.1.2 – Quantitative KPIs CSI 5.4.1 – Design and develop a service measurement framework CSI 5.4.4 – Creating a measurement framework grid

Difficulty Moderate



QUESTION NUMBER Nine

Question Rationale The question asks the candidate to identify the most appropriate target commitment chart in terms of what would be desired to help plan the service transition. The key to answering the question is to identify the mismatch between the position of the various stakeholders in the power impact matrix and their respective position in terms of their current commitment. Figure 5.7 in the ITIL Service Transition core publication specifies the following:

- Stakeholders with high/medium importance and medium/high impact: Key players - need strong buy-in

- Stakeholders with medium importance and medium impact: Active consultation

- Stakeholders with medium/low importance and low/medium impact: Maintain interest

- Stakeholders with low importance and low impact: Keep informed From a commitment chart perspective:

- “Strong buy-in” requires “Makes it happen” - “Active consultation” requires “Helps it happen” (or above) - “Maintain interest” requires “No resistance” (or above) - “Keep informed” does not require a specific commitment

Based on this, the following commitment chart would be the most appropriate in this case:

Stakeholder Not committed

No resistance

Helps it happen

Makes it happen

Project team X Security management

X

General public X Media X Government X External vendor

X

Administration department

X

Union representatives

X

• The project team has high importance to the service transition and medium

impact, designating a key player who should have strong buy-in. Also, the very objective of a project team is to execute the project and deliver the change. This requires a “Makes it happen” commitment level.

• Security management has medium importance to the service transition and medium impact, describing a situation with active consultation taking place (for instance to ensure sufficient confidentiality of election results) and therefore a “Helps it happen” commitment level.

• The general public has high importance to the service transition and high impact, indicating key players. This stakeholder must accept the new service as a safe and acceptable replacement for existing, manual voting procedures, and be willing to change behaviour. The project objective of 40% of votes to be registered electronically within 5 years is absolutely dependent on this change taking place, requiring a “Makes it happen” commitment level.

• The media has medium importance to the service transition and low impact, describing a “No resistance” commitment level needed. It is easy to picture a situation where the media does have resistance to the change, with substantial coverage of potential negative impacts of the new service related to, for instance, confidentiality breaches. This could affect the usage of the



new service and prevent the project objectives from being reached. • The government has high importance to the service transition and low

impact. Overall the government is sponsoring the project and its support will be needed to drive through cost savings in the administration department, indicating a “Helps it happen” commitment level or above.

• The external vendor has high importance to the service transition and low impact, requiring a “Helps it happen” commitment level or above. The vendor is responsible for designing the new service and, as such, it could be argued that a “Makes it happen” is more appropriate.

• The administration department has low importance to the service transition and high impact, indicating a “No resistance” commitment level or above. It is difficult to achieve high commitment levels for this stakeholder, given that the change would lead to substantial staff reductions.

• The union representatives have low importance to the service transition and low impact. Given that a union could potentially argue against the decision to implement staff reductions, it would be wise to ensure that the union representatives agree to the project objectives, indicating a “No resistance” commitment level.

MOST CORRECT (5) D This answer option equals the most appropriate commitment chart as detailed in the rationale above.

SECOND BEST (3) A This answer option misses the increased commitment needed from the external vendor (in part because it is responsible for designing the new service), and overestimates the commitment needed from the government.

THIRD BEST (1) C This answer option misses the high commitment needed from the general public (as they are the ones who must adopt the new service as replacement for existing, manual voting procedures), overestimates the commitment from the media (although it could be argued that the media would be imperative to inform about the new service), and underestimates the commitment needed from the government (who is the overall sponsor of the project), the external vendor (who is designing the new service) and the union representatives (who, although being assessed both with low importance and low impact in the power matrix, could prevent cost savings related to staff reductions from being realized).

DISTRACTER (0) B For all practical purposes this answer option represents the opposite of commitment needed in this case. It vastly underestimates the commitment level needed from the project team, general public and the government, and vastly overestimates the commitment level needed from both the media and the union representatives.


ITIL EX: MALC02 Communication and stakeholder management



Application Application – the candidate is required to apply knowledge of stakeholder management methods and assess various commitment charts to ensure a successful transition of a new service.

Link to Case Study None. This question does not use the case study. Subjects/ Categories covered

• Stakeholder management and communication

Book Section Refs

ST 5.3 – Managing people through service transitions – Stakeholder management

Difficulty Moderate



QUESTION NUMBER Ten

Question Rationale This question specifically relates to organizational structure.

MOST CORRECT (5) D Has all the key points required for organizational change planning and implementation:

• takes account of overall business and IT strategy • defines required roles & responsibilities - using RACI to assist • Identifies that an IT steering group will be an important part of the

new organization • recognizes this will be a major programme of change • recognizes the concerns of staff will need to be managed • allocates a skilled organizational change manager to manage the

change programme • Communication project - enabling two-way communication • skills gaps to be covered by training, on the job experience, where

possible. The answer uses key points from organizational development and change (SS 6.1 and 6.2) as well as other ITIL references documented in the book references below.

SECOND BEST (3) A Many of the points in answer D but is not as good in the following ways:

• the assessment is based on process rather than the organizational structure

• the organizational structure is designed to align with needs from an ITSM assessment rather than the business and IT strategy.

THIRD BEST (1) C This answer has a lot of good points, and it does identify the importance of

having senior management buy-in, but is worse than the 5- and 3- mark answer for the following reasons:

• The organizational structure is not based on business or IT strategy • It does not recognize the change programme needs to be managed

by someone skilled in organizational change - 'a senior manager' may not have these skills

• Communication is one-way, telling staff but not seeking their views • Skills gaps are addressed by recruitment rather than training.

DISTRACTER (0) B This answer is based largely on process not organization. Also, using an external consultancy company to manage the programme could be appropriate though, as organization change is strategic it is not appropriate to make this conclusion without careful consideration.


ITIL EX: MALC05 Governance, roles, people, competence and the organization ITIL EX: MALC01 Key concepts of the service lifecycle ITIL EX: MALC07 Implementing and improving service management capability



Application The candidate is required to analyse the four different potential answers to select the most appropriate for this organization. The candidate must use their judgement to identify the most appropriate way for forward in light of the current situation.

Link to Case Study None. This question does not use the case study. Subjects/ Categories covered

• The challenge and application of organizational development • The role of the IT steering group in setting direction, policy and strategy for IT

services • Assessing and applying various organizational structures for service



management, and combining several perspectives in matrix organizations • Use of the RACI model to define and clarify roles and responsibilities,

particularly in interfaces between processes and between service lifecycle stages

• Stakeholder change management Book Section Refs

SS 6.1 – Organizational development SS 6.2 – Organizational change SS 6.4 – Organizational design SD 3.1.6 – IT steering group SD 3.7.4.1 – 3.7.4.2 Use of the RACI model to define and clarify roles and responsibilities, particularly in interfaces between processes and between lifecycle stages

Difficulty Moderate

Documents

MAL Sample2