United States

Change advisory board considerations for the middle market


Your change advisory board (CAB) should be a critical component in helping your organization manage IT resources, progress against organizational objectives, and managing risk. If your company does not employ the use of a CAB it should consider doing so in the near future.  Even if your organization does leverage this component of the information technology infrastructure library (ITIL) framework, you should consider assessing its effectiveness and composition to help ensure realization of its intended benefits.

In simplest terms a change advisory board is a group of individuals whose responsibility it is to evaluate changes to your IT environment.  It is the CAB’s charter to review proposed changes for potential risks which may impact your IT environment or cause unintended results.  Said another way the intent of the CAB is to get the right stakeholders with the right skills sets reviewing, approving, or proposing alternative approaches to pending changes. 

The forum and format in which an organization chooses to implement the CAB can vary.  Changes can be reviewed and approved simply via email distribution or you can opt to have regularly scheduled, formal CAB meetings.  The complexity of your IT environment may dictate how you choose the implement a CAB. 

When standing up a new CAB or evaluating your existing process the types of changes reviewed by the board should be taken in to consideration as well.  While most ITIL disciplinarians would recommend that all changes be reviewed by the board consider your own classification of change types.  A standard classification might include emergency, scheduled, and standard changes.  If we consider right sizing the CAB process for your organization would the Board need to review standard changes?  A standard change is typically defined as a change with low risk, well understood, and is often times originated via an organization’s service request process.  If this process is well vetted, documented, and effective there may be no need to clutter the CAB process with these types of changes.

When considering the composition of the new or existing change advisory board, identify engaged senior level stakeholders.  Board membership will often include the following senior representation.  IT service, IT operations, application management, IT security, and networking.  When setting up or modifying your board structure also consider if business representation is required or should be involved based on the change requested.  CAB process participation should be mandatory and be woven in to overall performance evaluations. 

It is the CAB’s charter to approve requested changes.  Your organization can chose to delegate a single individual with this authority.  In middle market organizations, this often falls to the CIO because there is no designated role of change manager.  Another option would be to delegate decision authority to a quorum of members assigned voting rights.  The majority of changes not approved by either a single authority or a quorum do not typically go away.  It is the responsibility of the requestor of the change to refactor the approach or timing in order reduce risk and gain the CAB’s approval.

Consider the following questions when structuring or modifying the existing CAB structure optimal for your organization.  How many changes occur within your environment over the course of a year, month, or week?  Are you anticipating significant changes to your environment such as a new ERP solution or an increased dependency on integrations to support the business?  Often times you can use your own organizational history as a guide in how you structure or conduct your CAB.  An example might be whether you have experienced significant disruptions due to unintended consequences of IT related changes. 

The intent of managing IT changes via the use of a change management board is to reduce the risk that can be associated with known changes.  To measure the effectiveness or your existing CAB or determine the need to stand one up survey your own organization.  Have changes to your IT environment caused issues for your customers?  Are project initiatives regularly meeting stated timelines and milestones?