Skip to content

Approaches to Change: building capability and confidence


Hello and thanks for reading.

I’ve been asked to write this blog by APMG International after speaking at their Taking Charge of Change 2016 event on April 8th in London.

As  Learning Tree International’s Lead Instructor for Change Management and Author of Achieving APMG Change Management Practitioner Certification course, I would like to start by a bit of “myth-busting”: there is no ‘silver bullet solution’ for building capability and confidence in effectively managing change!

Now, on the upside, there are many approaches, tools, techniques and lessons learned available to facilitate building the required confidence and capability.


Posted in Change Management, Qualifications.

Tagged with , , , , .

The Central Bank Heist and COBIT 5® for security

We know it but do we do it? “Cyber must stop being treated as the domain of the IT department and should be a boardroom priority”.  This quote of the 3rd March 2016 comes from the Institute of Directors (IoD).  I refer to the IoD’s findings towards the end too, because what happened to Bangladesh’s central bank, Bangladesh Bank, may be happening to us.

Two months on and the investigation into the cyber-heist at Bangladesh Bank is just about over.  The speed in reaching a conclusion is less about efficient investigating but having too little to investigate.

The reason? The central bank had no IT security, no audit trails so no trace of the criminal footprint.  (But please feel free to fess-up if it was you.)  Computing has a good article.

Officially, the Philippines, whose central bank were unwitting partners in settling some fraudulent payments, has said the hackers were Chinese, deflecting responsibility elsewhere. See The Star’s article.

Officially SWIFT, the financial sector’s mechanism of choice for transferring funds globally, “can recommend internal security measures” to its banks but does not provide “specific measures to be uniformly adopted by financial institutions to secure their networks” (see Canadian Cybersecurity Law’s article)


Posted in Certification, COBIT 5, Cyber Security.

Tagged with , , , , , , , , , , , , , , .

ISO/IEC 20000 – Why does it take so long to create or update a standard?

ISO/IEC 20000 series revision

All standards are reviewed every 5 years to assess if they remain relevant and need any improvement. After this process, some standards will be retired, some will remain as they are and some will be updated to a new edition. The series is also reviewed for the need for any new parts in the series.

It can take several years to create a new standard or to update a standard. But why does it take so long?

ISO/IEC processes

The creation or update of international standards needs to allow the views of all member countries to be taken into account.  Standards are used for many years and impact individuals and organisations so it is important that time is taken to get them right. International standards are created or updated within an ISO or ISO/IEC committee. Member countries have mirror committees (national bodies). In the UK these are BSI committees. Members of committees are technical experts in the field of the committee. Representatives from the national bodies attend the international committees.


Posted in ISO Schemes, ISO/IEC 20000.

Tagged with , , , , , , .

Zmień styl pracy swoich zespołów i myśl „zwinnie”

AgilePM Logo


Sukces przedsięwzięć podejmowanych w ramach organizacji w dużej mierze zdetermino­wany jest zaangażowaniem i stylem pracy zespołów biorących w nich udział. Wiedzę o tym fakcie posiada każdy menedżer, nie każdy jednak wie o tym, jak ważny jest to czynnik. Pro­wadzenie projektów w sposób przemyślany i adaptacyjny do nowo powstających wymagań jest podstawą do osiągnięcia założonych celów i pozostawania liderem na rynku konkurencji.

O tym, co warto wiedzieć o metodykach zwinnych i wdrażaniu metod zarządzania projekto­wego agile, w ramach struktur swojej organizacji, opowie nam Mirosław Dąbrowski, Agile coach, który na co dzień doradza kadrze menedżerskiej, w jaki sposób pracować zwinnie, oraz przeprowadza transformację organizacji w stronę zwinności.


Posted in Agile, AgilePM, Certification, Project Mgmt, Qualifications.

Tagged with , , , , , , , , .

What’s the role of a Change Manager?


This is the summary of my recent presentation at the Project Challenge expo in Birmingham. The subject was the role of the Change Manager.

Who are Change Managers?

I began by explaining that Change Manager is a developing role, with a wide interpretation. A quick search of the members list of the Change Management Institute UK came up with the following job titles that our members, all change professionals, are known by at work:

  • Communications Manager
  • Director of People
  • Employee Engagement Manager
  • Relationship Manager
  • Project Manager
  • Line Manager
  • Programme Manager
  • Customer Experience Lead
  • Business Analyst
  • Business Transformation Manager
  • Team Leader
  • Head of PMO

I am lucky because I was given my favourite ever job title recently – Chief Persuasion Officer – which I think sums up the role beautifully!


Posted in Change Management, Project Mgmt, Qualifications.

Tagged with , , , , , .

The Central Bank Heist & COBIT 5 for Risk Management

forblogAs well as making and implementing policy, central banks run various payment and settlement systems. The flow of funds include central bank money, the nation’s foreign exchange reserves, commercial bank transactions and government payments. This amounts to billions of dollars every day. A hack on a central bank is unthinkable because it is disastrous for the nation.

February 2016 saw the unthinkable happen. The largest known hack on a central bank, in this case the Central Bank of Bangladesh, took place. $81 million dollars were stolen – it could have been far worse as the attempt was for $951 million – but for one of the poorest counties in the world, it was still very, very bad.


Posted in COBIT 5, Cyber Security.

Tagged with .

ISO/IEC 27013 – integrating ISO/IEC 27001 and ISO/IEC 20000-1

Word Cloud with Quality Management related tags


ISO/IEC 27013 – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 was 1st published in 2012 based on ISO/IEC 27001:2005 and ISO/IEC 20000-1:2011.

ISO/IEC 27013 was revised and republished late in 2015 to reflect the updated ISO/IEC 27001:2013 standard, information security management system requirements and the updated ISO/IEC 27000:2014, overview and vocabulary.

ISO/IEC 27001 has been updated into the revised high level structure for management system standards in line with many other standards such as ISO 9001, ISO 14001 and ISO/IEC 22301. ISO/IEC 20000-1 is currently being revised into this new structure and is due for republication in 2018.

What is ISO/IEC 27013?

ISO/IEC 27013 has the title Information technology — Security Techniques – Guidance on the integrated implementation of ISO/IEC 27001and ISO/IEC 20000-1.

The guidance is useful for organizations who are implementing the two standards together or those who have implemented one and now wish to implement the other using an integrated management system. The standard does not contain the text of other standards and needs to be read in conjunction with ISO/IEC 27001 and ISO/IEC 20000-1.

The body of the document is 15 pages with 23 pages of annexes containing reference tables. The annexes have been considerably extended from the 12 pages of the previous edition. This is largely due to annex B, the comparison of terms, because ISO/IEC 27000 now has many more terms defined than previously.


Posted in Certification, Cyber Security, ISO Schemes, ISO/IEC 20000, IT Service Mgmt.

Tagged with , , , , , , , , , , , , .

My organization uses ITIL so why do I need ISO 20000 ?









ISO20000, or ISO/IEC 20000 to give its full name, is the international standard for IT service management. IT service providers (ITSP), internal or external, can be certified as having achieved the requirements of ISO20000 part 1. The majority of organizations who use ISO20000 also use ITIL as a framework for service management. But if you use ITIL, what extra benefits will ISO20000 bring?

The relationship between ISO/IEC 20000 and ITIL

It is important to understand the relationship between the two.  The links between ISO/IEC 20000 and ITIL[i]® are links of spirit and intent, not of control. Both serve different purposes and are therefore different in format, structure, style and detail.

Part 1 of the standard sets out what is mandatory for a service provider to achieve certification to ISO20000. It does not set out how to implement the requirements.  ITIL provides guidance on good practice – the how.  Much of the ITIL guidance would not be considered essential for all service providers. For example, not all service providers need to go through a service strategy phase in order to obtain certification for their currently running services.

Service providers can achieve conformance to the standard without using ITIL but by using other methodologies or their own techniques. There are therefore no references to ITIL within the standard. This is explained in the introduction to the standard: ‘ISO/IEC 20000-1 is intentionally independent of specific guidance. The service provider can use a combination of generally accepted guidance and its own experience.‘

Most national and international standards need to be capable of being used by many types of organisation with different structures. It is also important that an organisation does not become nonconforming if it reorganises its internal structure. Clause 1 of ISO/IEC 20000-1 covers the types of organisations: ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’


Posted in Events.

ISO/IEC 20000 part 11 published – guidance on relationship between ISO/IEC 20000-1 and ITIL




ISO/IEC TR 20000-11 Information technology – Service management – Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL® was published in December 15th 2015. This part has been developed in co-operation with Axelos, the owner of ITIL®[1].

What is Part 11?

Part 11 is the 1st in a series of parts about the relationship between ISO/IEC 20000-1 and other frameworks. Part 12 is currently being developed for CMMI-SVC and is expected to be published later in 2016. Part 13 will be started in the future for COBIT.


Posted in Certification, COBIT 5, Cyber Security, ISO Schemes, ISO/IEC 20000, IT Service Mgmt, Qualifications.

Tagged with , , , , .

COBIT 5’s grass roots and a whole lot more

COBIT 5 (Image 2) (1)We all need assurance that what we are doing is right, good and useful. Assurance counters doubt and helps build confidence. This is true of individuals, in their personal and work life. It is also true of businesses. Business leaders need to know that what they think is happening, is the case. Good governance, for the protection of all stakeholders, demands it. How do we do this in the business context? What does COBIT 5 contribute?


Posted in COBIT 5, IT Service Mgmt.

Tagged with , .