A Framework to Align Business Processes: Identification of the Main Features

Article history: Received: 21 December, 2020 Accepted: 04 March, 2021 Online: 27 March, 2021 Information and Communications Technologies are developing faster today than ever before, giving an important contribution to the global economy. Organizations in developed and developing economies explore new technologies to gain advantage and add value. That evolution also brings an increasing complexity to the organizations’ management. The alignment of organizational practices with international standards and best practices worldwide accepted in this domain is a relevant topic. To identify gaps in Information and Communications Technologies management area, a brief analysis of international standards will be considered in the state-of-the-art. Considering that Information Technology Infrastructure Library and Control Objectives for Information and related Technology are the most used in the literature review, this paper will propose an Information and Communications Technologies management framework based on those two standards. The approach pretends to solve some gaps found in process alignment, continuing improvement of Information and Communications Technologies services in the context of the organization, driving stakeholder satisfaction and cost optimization. Concluding, the final goal of this paper is to present the framework features analysed, to allow an integrative and multidisciplinary vision, leading to cost optimization, increasing communication, and stakeholder satisfaction.


Introduction
This work is an extended version of the paper [1] originally presented in 2020 at the 15th Iberian Conference on Information Systems and Technologies (CISTI).
Information and Communications Technologies (ICT) is one of the main motors of economic development in the XXI century and a success factor of strategic business evolution. In this context, the theme of ICT management and governance processes in organizations is considered relevant, especially on the alignment of organizational objectives and ICT operational efficiency and management of services based on stakeholders needs. A company must implement information technology that is oriented to customers and stakeholders to be competitive [2]. Applications have become an integral part of business strategies while creating new opportunities for alliances and collaborations [3]. Core assets of organizations, business processes shape the functioning and efficiency of organizations [4]. Process modelling guidelines are a valuable instrument for increasing the quality of process models [5], and the human factor is of great importance in Business Process Management (BPM) implementation [6]. Early involvement of stakeholders from top management to the operational level is essential for successful implementation of BPM [7]. The way processes are designed and performed affects both the quality of service that customers perceive and the efficiency with which services are delivered [8].
Managing and using IT services is considered very important for modern businesses to improve their performance [9]. The management of IT services is increasingly driven by the necessity of cost reduction and quality improvement. As a result, new organizational models have been created and implemented aiming at achieving economies of scale, while improving customer satisfaction and experience has been one of the main focuses of recent research in Service Science [10]. Information Technology (IT) grows very rapidly and affects the success of the business lifecycle of an organization [11]. The constant evolution and diversity of technologies and components used in hardware, software and communications networks [12], results on complex management and governance processes in ICT departments involving different knowledge and different teams. ICT services are always changing, seeking to respond to business' demands. The growing complexity of customer needs is one of the prevailing problems faced by IT enterprises at present. At the same time, quick response to unexpected problems and externally imposed requirements are testing the IT change management [13]. Additionally, the high availability of information technology (IT) applications and infrastructure components is a significant factor for the success of organizations because more and more business processes depend entirely on IT services [14].
The alignment of organizational practices with international standards and best practices worldwide accepted on this matter is a relevant topic. Among other frameworks and international standards, it was selected the Information Technology Infrastructure Library (ITIL) [15] and Control Objectives for Information and related Technology (COBIT) [16]. Based on those best practices, some models or frameworks are used to manage the complexity of organizations [17]. IT service delivery should be done in a cost-efficient manner. Combining ITIL and COBIT can be valuable for organizational goals. ITIL should be used to define strategies, plans, and processes, on the other hand, COBIT will be used for metrics, benchmarks, and audits [18].
ICT management and governance thematic involve multidisciplinary knowledge. This work is based on a real context analysis of stakeholders from IT support area, and related operational processes and flows. The proposed framework pretends to solve some gap alignment between ITIL and COBIT. The main goal of this paper is to identify the framework features to allow the alignment between several process areas. Operational efficiency and optimization of ITC cost of service, and to stakeholder's satisfaction are other benefits.
The paper presents 5 sections. The first section is a brief introduction to the problem under study. Section 2 presents the state-of-the-art related to this theme. Section 3 shows an overview of the initial processes. In section 4 the framework features are identified based on the processes under analysis and respective interactions. Section 5 includes conclusions and perspectives for future work.

State-of-the-Art
ITIL and COBIT are the international most implemented IT frameworks in organizations around the world. ITIL has a focus on IT departments and management services, and COBIT has a focus on organizations' objectives and business control. It was considered to analyse both ITIL and COBIT because these are the most used international best practices. It is expected the framework under construction could solve gaps found in the alignment processes of ICT services for continuous improvement, leading to stakeholders' satisfaction and cost optimization. A brief description of the international standards considered relevant to the framework is presented below.

ITIL
ITIL's best practices are oriented towards ICT Service Management through the stages defined in ITILv3, the life cycle management of ICT services are Strategy, Design, Transition, Operation, and Continual Service Improvement. Figure 1 shows the stages of ITIL related to the scope. Figure 1: ITIL v3, stages selected within the scope of this paper, adapted from [15] Stages of Service Operation (components: incident management, request management, and problem management) and Service Transition (components: change management and service asset and configuration management) are used by ICT service support. Stakeholders perceive the service value in the Service Operations stage. Data collection and analysis began with reported incidents and requests for new service: which services were more affected by incidents and why. Consequently, the analysis covered the processes, technology, and people involved. After reflecting, we concluded that the scope should not only be based on this stage but also include others, such as the Service Transition stage, to understand the changes that occur in the production environment and manage the impact in related service assets and configurations, on a day-to-day work basis with stakeholders. ITIL presents good practice guidelines for ICT service management, with scope in the life cycle of services. The implementation of this framework is complex because the literature provides only some general guidance [19]. Implementing ITIL is usually long, expensive, and risky [20], and should require an organizational change affecting procedures, functions, and common attitudes within the organization [21]. The alignment between IT business processes and business objectives is important to achieve stakeholder's satisfaction.

COBIT
COBIT [16] is a reference model of Governance and Management Objectives, allowing the alignment of ICT management with organizational and business objectives. COBIT defines the components underlying the decisions to be made, how and by whom. This model does not guide what strategies to follow, what technologies to adopt, or what the best architecture to choose. It can address results in three different roles: managers, users, and auditors. Managers seek risk assessment and control of investments; users seek the quality of services; and auditors seek to assess ICT management work. COBIT defines factors and components that should be considered by the organization to build and maintain an appropriate governance system: processes, organizational structures, policies and procedures, information flows, culture, ethics and behaviour, competencies and capabilities, services, applications and infrastructure of the organization, and not just ICT. This framework treats information and related technologies as assets, which must be managed. It presupposes a mental change in the organization, both at the level of ICT managers and business managers, and the latter is responsible for ICT related assets. Figure 2 shows the COBIT objectives related to the scope. Figure 2: COBIT, Objectives selected within the scope of this paper, adapted from [16] COBIT presents numerous objectives towards the alignment between the organization and IT. It has a transversal vision for the organization. The interceptions between ICT management objectives and organizational objectives allow the definition of metrics to achieve strategic objectives with standards. For its implementation, it requires cooperation between the different responsibility levels. This framework allows you to define a strategy to generate maximum value creation through IT investments. One of the basic elements in management is the creation of value added [22].

ITIL vs COBIT
ITIL is the framework most used for IT service management in IT departments. COBIT is the framework most used for governance and management concerning organizations' objectives. It was designed to support the audit and evaluation of IT activities. The sponsorship of the board of directors is important. IT governance has become critical to successful business operations. Many organizations implement IT governance to ensure that they align their IT strategy with the overall business goal [23]. Both can be used by different organizations' types and dimensions, and organizations usually begin implementing ITIL before implementing COBIT. ITIL and COBIT can be applied to improve the quality of service [24]. By planning a mature IT governance implementation of IT services is expected to do well and the embodiment of good IT Governance [25]. Table 1 presents ITIL and COBIT analysis.

Gaps
Does not contain detailed process maps.
Does not guide how to assess processes.
Does not define measures for process improvement.
Does not provide a "road map" for continuous improvement.
Difficult implementation.
Difficult implementation.
Does not provide working instructions.
Does not align IT processes and business objectives.
The objective of the work is to develop a framework to solve organizational problems, and gaps identified on ITIL and COBIT, in particular: describing some process maps, how to assess them and how to align IT with business objectives. Table 2 presents the alignment between ITIL processes and COBIT objectives, for the scope of this paper.  Table 2 shows that only Service Asset and Configuration process of ITIL has two different objectives in COBIT, the other processes have one corresponding in COBIT objectives.
The analysed related work has focus on: tool implementation and assignment of responsibilities [26]; tool implementation, indicators, and management metrics [27]; business process integration, patterns [28]; business process integration, an approach quality-oriented [29]; and a survey presenting the stateof-the-art about business process integration and exploring its trends [4]. The paper with the survey demonstrated that most integrated stakeholders' views are obtain by a notation. In conclusion, it can be argued that there are no business process approaches integrating the stakeholders' perspective. The proposed framework presented in this paper is oriented on the alignment of business process definition and modelling, with continuous improvement. Figure 3 presents the original processes and flows. Incident and request management process; change management process and service asset and configuration process. Incident/request management process and the service asset and configuration management process are integrated but change management process is managed in a different technological platform. The change management process is oriented to software development and managed in the enterprise project management and planning system. Without technological integration, other mechanisms were applied between the change management process and the incident/request management process, and the change management process and the service asset/ configuration management process to allow the information flow.

Identifying framework features
The objective of improving stakeholder satisfaction and optimizing costs for frontend area of service support was the basis to start the research of operational and standard literature. A project was developed to structure the information, organize resources, and control the achievement of the goals. The final phase will propose a framework for alignment and continuous management improvement within the context of ICT departments, to be validated by other organizations. In fact, knowing international best practices is not a guarantee of success because these models present what should be implemented, but not how to do it. The implementation exercise is a challenge in which many organizations fail [30].
The proposed approach is based on ITIL and COBIT frameworks yet adjusted to organizational specificities, considering literature review, and based on professional experience in the area.
The basic artifacts were directly observed for the collection of data. Third-party contracts for service support were analysed in detail, identifying resources used to perform the support function, skills and technical competencies, time-schedule allocation; technical system implemented and functionalities used to support the frontend area, number of incidents, problems and request services recorded per period, time used to solve a ticket and other data recorded that can be used to resource management; service catalogue and services available or under support; normative literature available in the organization and customers relationship; procedures and technical documentation used by technicians, and knowledge used to share relevant information.
Daily activity monitoring allows verifying procedural compliance, including attendance skills, technical knowledge, and efficiency in support; receipt of requests and records in the support system; workflow and work organization; priority management; relationships between teams of different levels of support and knowledge management. Customer complaints analysis provides an external perspective and perception of the service provided.
Literature review related with business processes management and best practices models ITIL and COBIT was carried out, informal interviews with key users, technicians, and external specialists in IT management area. Bottom-up analysis was important to find out what could be done best, which processes could be reviewed, and at what point. With the analysis of frequent points of failure, related services and the associated responsibilities matrix, adjustments could be defined and planned in the internal organizational work model. The software system used in support activities, with workflow associated with resolution of each category, the procedures in use to solve the issues and the human resources involved, were analysed to contribute to processes' review and to improve alignment for efficiency.
The "adopt and adapt" procedure is widely accepted as the best approach to ITIL [21]. With focus in the service operation' stage after analysis and validation, the operational support processes were redefined, such as incident and request management, and problem management, considering these are the support function's main processes.
As the support function is based on assets and configurations underlying the supported services, effective service management is considered essential, knowing changes are being implemented and anticipating impacts in the production environment -where the end-user support function is developed. Asset configurations and change management processes were also redefined. These are associated with the service transition stage in the ITIL framework. The approach proposes an integrative and multidisciplinary vision to standardize concepts, alignment and process improvement, procedures, operational relationships, and other communications difficulties between department areas and stakeholders. Figure 4 presents the features defined in this paper. It was identified with three main operational areas and four main processes and related flows.
The ICT Infrastructure Management area has, among others, the responsibility of specialized support of second intervention levelexpert team, which includes maintenance and technological evolution of ICT communications' infrastructures -voice and data, monitoring and administration of servers that support corporate systems, implementation and management mechanisms to control infrastructures' security -logical and physical including data centres and maintenance of ICT recovery plan in case of disaster.
Application and Systems Management area is responsible for corrective maintenance and evolution of production systems or new solutions development that respond to business or regulatory needs, managing the impact of the changes in the existing systems architecture and related interfaces.
The responsibilities of ICT Support Management area focus on the Helpdesk function, frontend team, basic resolution support the first intervention level in data network access, roll-out of workstations, and support for peripherals, software configurations, installations, and upgrades.

Figure 4 -Operational areas and related processes
Should be noted in Figure 4 that infrastructure management and application management share processes of change, asset and configuration management, and both interact with support management through the incident and request management process.
Problem management is a distinct process, which aims to solve complex situations. The concept is to activate and manage the problem as a project, bringing together the necessary technical teams with the appropriate skills and expertise, to find a satisfactory answer or resolution. From experience, it is expected that it will be impossible to solve all the problems, sometimes it could end up unsolved, with a temporary resolution or a workaround solution.
The bidirectional flow presented in Figure 4 is based on the necessary and constant feedback to optimize and adjust the processes, in a continual improvement cycle.

ICT Support Management
ICT Support Management starts on helpdesk, the frontend area of the IT department. ICT service requests and incident management require hard work for the team in terms of human relationship and flexibility in new situations adjustment. This support can be done on-site or remotely. The performance of the team is closely related to the level of technical knowledge but also the experience in the existing technology platforms in the organization. As support begins in the service, it is relevant to sensitize these resources to the theme of customer relationships, by the potential impact on the image of the department and the organization. The incident and request management process is what best translates daily operations of supporting areas. Reported incidents are classified by priority levels according to the impact and urgency of each situation. The resolution underlies the procedures and responsibilities at the different levels of intervention.
Repeated errors or incidents for which there is no known solution are managed in the problem management process lack detailed investigation and analysis, and technical experts with different skills can intervene. Control of the infrastructure components and systems that make up ICT services and their relationships is carried out in the service asset and configuration management process. In this process, changes to configurations and assets installed in production environments are managed, following solutions found for problems or newly installed assets.
Evolutionary or corrective maintenance interventions, which lead to the implementation of changes in the production environments that support the services provided, should be managed in the change management process, with the inherently associated risk management, by the disruptive impact they can cause on the services and consequent operation of the organizations.

ICT Technological Management of Infrastructures and Systems
Technological Management of Infrastructures and Systems plays a central role in the continuity of the organization itself. These teams ensure the availability of the most appropriate technological resources at every moment, helping the development and speeding up business processes.
The approach presented, having a multidisciplinary vision, powers the aggregation of several areas of knowledge, namely in ICT infrastructure management, application management, and support management areas. Security management is also incorporated, given its cross-cutting nature across all areas, and is increasingly relevant. In this context, it is considered essential an integrative approach to support the organization's business strategy, providing integrity, availability, confidentiality, and ubiquity to one of the organization's most valuable assetsinformation.
For the approach design, the ITIL and COBIT standards were analysed. The contribution of ITIL to the design of the approach will enhance the introduction of good practice in the operational management of ICT services when ITIL is well implemented, and ITIL enables organizations to provide services with great efficiency, quality, and cost reduction [31]. Framework COBIT contributes to the organization's good practices in governance, information management, and ICT management.

Improved processes
Business Process Management (BPM) is the art and science of overseeing how work is performed in an organization and it is not about improving the way individual activities are performed but about managing entire chains of events, activities, and decisions that ultimately add value to the organization, and its customers. These chains of events, activities, and decisions are called processes [8].
Processes underlying this approach aim to represent the various iterations in the context of ICT assistance. It should be noted that the processes interact with each other, depending on the situation under analysis.
The following processes were analysed: Incident and Request Management, Problem Management, Change Management, and Service Asset and Configuration Management, as shown in Figure  5. It presents the flows between the different processes involved in the operational management of IT services support. The communications between the processes are bidirectional to allow a continuous improvement. Figure 5 shows the processes within the scope of this paper.

Incident and Request Management
The Incident and Request Management Process could be the first process to be implemented [32]. This process can begin with inputs from monitoring tools or stakeholders contacted through self-service portals, emails, or phone calls. Frontend teams are working to resolve anomalies and restore the normal function of services as quickly as they can. This is the main process for IT frontend support, with direct contact with stakeholders, asking for assistance or asking for a new service. This process allows, e.g., assistance optimization and time resolution control. Through this process, the stakeholders interact with the technical team and form their opinion on the IT services performance in general [33]. Incident and request management interacts with the change management process to send feedback when some changes are needed. Incident and request management process also communicates with problem management process whenever a resolution is unknown or cannot be processed by frontend team. Figure 6 presents the primary process in the frontend support area, incident, and request management process.
Using a prioritization matrix, some incidents can be classified with high urgency and severe impact on business processes. These cases were treated as major incidents and a specific sub-process was defined.

Major Incident Management
Major Incident Management process, presented in Figure 7, is a sub-process of Incident and Request Management process, specifically defined to manage incidents with highest priority. A major incident demands a quick response from the technical team. A senior supervisor could lead the situation, control the status of resolution and be aware of risks and challenges the situation demands, managing the communication plan to the board of managers and sometimes also the communication outside of the organization. After the conscient decision, decide if or when to apply the disaster recovery plan to restore the services and put the company working again with basic resources.  The major incident process interacts with the change management process to send feedback after resolution, to avoid similar incidents in the future. The major incident process interacts with the problem management when the resolution needs deeper analysis and resolution with expert teams.

Problem Management
Through the problem management process an expert team with different skills analyse and solve complex incidents. This process interacts with incident and request management, when the frontend team cannot resolve an incident based on existing procedures or known errors, the issue is transferred to an expert team. Some inputs from the change management process can be useful to solve problems and after conclusions some data could be sent to the change management process, e.g., to document and correct errors. Every problem analysed is managed as a project, with specific tasks and schedules for each expert team. Periodic meetings are planned to discuss solutions and to align following strategies. The maturity of the teams and their knowledge of IT architecture implemented are important factors for the success of the operationalization on this process.

Change Management
The change management process ensures documentation and control of changes in software development and systems implemented in the production environment. This includes changes in software applications and other ITC configuration items such as network infrastructure and hardware that supports the systems used.  The change management process can be triggered by the problem management process, incident and service request management process, and service assets and configurations management process.

Service Asset and Configuration Management
Service asset and configuration management is a process to manage changes of infrastructure assets and other controlled assets in production environment. Multiple data are structured in a database of configuration items and the information is used to support other processes. Figure 10 presents the scheme of the Service Asset and Configuration Management process.
The service asset and configuration management process communicate with incident and request management process, when the technical support team needs to check some data to make a diagnosis e.g., equipment characteristics or software versions. Communicates with the change management process when the team update the database configuration items, e.g., manage software licenses, upgrade software versions, or manage equipment lifecycles in the production environment.  Table 3 summarizes the framework's steps developed. Alignment validation between business processes defined with strategy (managers)

Define alignment metrics and indicators between strategy and processes
The framework is under development. Table 3 presents the main steps of the initiation and planning phases. The execution, monitoring and closure phases will complete the framework.
At this moment the project lifecycle is not concluded, nevertheless it is important to refer that in the following phases, not detailed in this proposal, it could be necessary adjust the plan to reach stakeholders objectives.

Conclusions and Future Work perspectives
Currently, ICT governance and management are inseparable from Corporate Governance. Constant alignment and focus on stakeholders' needs constitutes the basis for organizations' optimization costs. ICT departments can provide solutions that enhance the business or create new business opportunities.
Based on the analysis of international best practices ITIL and COBIT we intend to contribute to aligning IT goals with business goals, a departmental but also organizational view. The framework under construction will present the mechanisms to solve some GAPs found in ITIL and COBIT, in particular: describing some process maps, how to assess them and how to align some business processes. Using ITIL to organize work and manage IT services will improve operational efficiency. Using COBIT from its top-down perspective, the alignment of business goals to IT goals can be achieved and controlled evidencing in that way IT value to business, thus enabling a multidisciplinary and integrative strategic vision.
In future work we will carry out a systematic review of the literature that analyses other approaches. Based on the contributions of this paper and the future Systematic Literature Review, it is intended to present the final proposal of framework implementation and validate it in an organizational context to achieve stakeholder satisfaction and cost optimization.