Confusion in the Ranks: IT Service Management Practice and Terminology

Abstract: The Information Technology Service Management (ITSM) movement is gaining adopters throughout the world, expanding from the 2005 ratification of International Standards Organization (ISO) ISO/IEC 20000. However, this concept grew out of older frameworks such as Britain’s IT Infrastructure Library (ITIL) and U.S. service level management (SLM). To further confuse the landscape, there are also related terms such as business service management (BSM), the Control Objectives for Information and related Technology (CobiT), and IT governance.

There is a lack of descriptive academic literature currently published, which has mainly focused on prescriptive pieces. This paper gives a background on the several contributing frameworks mentioned above, and reports on a survey U.S. IT managers to determine the extent of understanding of these terms and frameworks. The findings indicate that ITSM adoption and knowledge may be lower than some studies have indicated. There is also conceptual confusion about what constitutes ITSM, with conflation of terms and practices.

Reference: Winniford, M., Conger, S., & Erickson-Harris, L. (2009, Spring2009). Confusion in the Ranks: IT Service Management Practice and Terminology. Information Systems Management, 26(2), 153-163.


Comments: The authors used a third-party research firm to interview 364 American companies whether they are or are planning to manage IT from a services perspective, which may include ITSM, SLM, or BSM. They found that a little less than half are implementing service management, and another fifteen percent are planning to to do so. The most recognized services frameworks, in order, are SLM, ITSM and IT Governance, followed by CoBIT. Only two-thirds of organizations implementing service management recognized the term ITIL, versus one-third of those not implementing service management. An interesting finding was that even among those implementing service management frameworks, a majority could not correctly identify a service they offer (i.e. quality, which is actually a measurement of service effectiveness).

Among the reasons for not implementing service management included not enough information, costs, belief it isn’t needed, and lack of management support. Less than twenty percent admitted they didn’t want the accountability, though in my experience this number is really a great deal higher.

In my opinion this is one of the better academic studies performed in the area of IT service management. The authors identified lower support for ITSM than purported by other authors in the area. They also identified much greater confusion and much lower awareness of ITSM among practitioners and academic researchers. My own personal observations working with 50+ companies is consisent with the findings in this paper.

Exploring IT Governance in Theory and Practice in a Large Multi-National Organisation in Australia


Reference: Willson, P., & Pollard, C. (2009, Spring2009). Exploring IT Governance in Theory and Practice in a Large Multi-National Organisation in Australia. Information Systems Management, 26(2), 98-109.

Abstract: IT governance is critical to most organisations and has an influence on the value generated by IT investments. Unfortunately, IT governance is more aspiration than reality in many organisations. This research seeks to address the dearth of empirical evidence about IT governance in practice, presenting the findings of an IT governance case study in an Australian organisation. Recommendations are provided to assist organisations to maximise potential of IT governance and insights are provided for researchers.


In his book Secrets and Lies: Digital Security in a Networked World, author Bruce Schneier frequently addressed the following comment:

In theory there is no difference between theory and reality. In reality there is.

For this research the authors interviewed 28 senior IT and corporate managers at an Australian MNE in order to address two questions:

  1. What is the nature of IT governance in practice?
  2. What factors contribute to differences between theory and practice?

Their analysis of the interviews identified four major themes that do not entirely overlap with theoretical models of IT governance. For example, although IT governance models frequently deal with risk management of IT-related risks, the subject organization restricts risk management activities primarily to the area of project risk management. The research highlights the importance of visionary leadership and key players in IT-business alignment, and also introduces the importance of historical context in the governance of IT and its initiatives.

Researchers and industry frameworks, such as COBIT and ITIL, frequently document practices that have little relevance in most organizations. For example, during my implementations of CMDB at customer sites, I emphasize the importance of aligning IT service, logical, and phsysical assets with the organization through relationships in a top-down approach. In practice most organizations ignore this advice and build the CMDB bottom-up through the identification of physical assets. In other words, their most pressing concern is to manage the “thinks they can kick” in a way that won’t achieve benefits the CMDB may, in theory, provide. These differences between the theoretical and practical are important, and I would like to see more research like this that covers practical application.

A Conceptual Framework for the Integration of IT Infrastructure Management, IT Service Management and IT Governance


Reference: Knahl, M. (2009, April). A Conceptual Framework for the Integration of IT Infrastructure Management, IT Service Management and IT Governance. Proceedings of World Academy of Science: Engineering & Technology, 40, 447-452.

Abstract: The definition and use of standardized IT Management techniques and processes provide the basis for IT Service Management and IT Governance. With the establishment of de facto standard “Best Practice” reference and process models such as the IT Infrastructure Library (ITIL) or Control Objectives for IT and related Technologies (CobiT), an integrated management architecture for the provision of IT-Services built upon standards based processes and tools becomes feasible. ITIL provides a structured and widely adopted approach to IT Service Management and its processes. ITIL can further be aligned with related standards such as ISO 20000 to manifest IT Service Management practice or CobiT to support IT Governance. However IT Management processes must be developed to align with the existing IT infrastructure and operation and must be modeled around frameworks such as ITIL. This paper illustrates the key IT Management requirements and reviews the current state of the art. A case study highlights the contribution of reference models and management related tools for organizations and presents an integrated management architecture.

Comments: This paper presents a case study, saying the definition of SLA’s and KPI’s are critical to the success of the implementation, and I would have liked to have seen in details what these were. In addition, the first phase of the ITSM rollout includes Configuration Management but not Change Management. I wonder how they plan to keep the CMDB up-to-date.

Why ISACA Certifications Will Supercede ITIL

Below is a list of the top reasons ISACA’s COBIT Foundation and CGEIT certifications will become more popular than ITIL certifications. I am not suggesting the ITIL certifications will go away or be replaced by ISACA, in part because their frameworks are complementary and not entirely competitive. Nevertheless, ITIL and COBIT going in different directions, particularly ITIL doing everything wrong and COBIT doing things mostly right.

  1. ITIL V3 framework has become complicated and convoluted. Although ITIL V3 is supposed to provide clearer guidance for implementation, in most cases it is simply too complicated for organizations who still desire a piecemeal approach. Most IT practitioners still think in ITIL V2 terms (Incident, Problem, Change, Configuration) and ignore the V3 additions.
  2. COBIT is more rigorous and intellectually consistent. It lends itself easier to auditing. Many organizations wish to adhere to SOX requirements, even if they are not publicly traded. On the other hand, I haven’t yet seen an organization that desires ISO/IEC 20000 certification.
  3. ISACA documentation is more readily available to organizations at affordable prices. ITIL documentation has become expensive, and an apparent moneymaker for OGC and its related organizations.
  4. ITIL certifications (beyond Foundation) require classroom training that are mostly a moneymaking racket for APM Group and the OGC. Few will afford the $10K plus costs to obtain higher levels of certification–fewer will want to. ITIL Foundation will remain far more popular than the higher certifications, even among practitioners with significant experience with ITIL.
  5. The COBIT Foundation certification is similar in structure to the ITIL Foundation, and serves the same basic function. The two are equivalent and complementary, and COBIT Foundation will soon become as popular as ITIL Foundation. I believe this was a brilliant move by ISACA.
  6. The CGEIT requires real-world experience, in addition to a structured exam. In this way CGEIT is similar to CISA and PMI’s PMP certifications, both of which are very popular and respected.