ALLOCATION OF BEST PRACTICES

IN IT MANAGEMENT
Michael Rohloff
SRH Hochschule Berlin
Ernst-Reuter-Platz 10, 10587 Berlin
michael.rohloff@srh-hochschule-berlin.de

Abstract.
Based on an increasing professionalism and industrialization of IT the establishment of defined processes is essential for an effective IT Management. Issues how to design the IT organisation, its interfaces, and processes and areas of
responsibility are subject of sustained debate. Over the years best practice approaches evolved addressing different areas of IT Management. Overall, there
is great diversity with overlapping content and of different terminology that
complicates the use of these approaches. Therefore, a framework was developed that represents the fields of IT Management in a systematic and comprehensive manner. It assigns best practice approaches into an overall system and
describes on different levels the processes and methods for a professional implementation of IT Management.

Keywords: IT Management, IT organization, IT processes, best practices,

COBIT, ITIL, IT Service Management, IT Governance, IT Operations

Best practices in IT Management

Effective and efficient management of IT products and services is increasingly in the

focus of many companies. Changing requirements and tasks of IT require new concepts and solutions for the design of the organization and processes of IT, and the use
of appropriate methods. Over the last decades the increasing impact and changing role
of information management was always accompanied by valuable contributions in
academia. Most of this work is of conceptual nature giving guidance in the classification and understanding of core IT management tasks, like the understanding of process and approach to align business and IT (Henderson and Venkatraman 1993, 1989,
Luftmann 2003, Luftmann and Kempaiah 2007, Haes and Grembergen 2009, Kaiata
and Zualkernan 2009), or more generally the leadership function and strategic role of
IT (Ward and Peppard 2003). Also, the Governance of IT becomes central (Weill and
Ross 2005, 2004, Peppard et. al. 2009). In line with the changing role of IT and the
globalisation of markets new ways how to organize the IT function are coming into
focus (Mokhtar and Lee 2006, Rockart et. al. 2003, Ross and Feeny 2008, Rangan
2008, Peppard 1999, 1998, Peppard and Ward 1998, Peppard et al. 1999). In recent
ECIS 2014 Workshop IT Operations Management;
Tel Aviv, 8th of June 2014

years, with the emerge of design science (Hevner 2007, Hevner et al. 2004), reference
models were developed which provide domain specific knowledge for a variety of
domains (examples in Becker and Delfmann 2007, Fettke and Loos 2006).
Business responded with an orientation towards more professionalism in IT management. Within the last decade emphasis was given to identify, develop and share best
practices in a number of management fields (Colomo-Palacios 2012, Holtsnider und
Jaffe 2010, IMBOK, OGC, Laplante and Costello 2006, McKeen and Smith 2003,
Stenzel et al. 2010, Witt 2012, see AIM report for use and dissemination of management practices, also Feek 2007). Driven by practice (e.g. companies organizing interest groups and building councils or other institutional forms) a number of best practices were published and propagated in different areas of IT Management. Changing
needs of IT Management in recent years resulted in a variety of developments in
terms of business activities, organization and processes. It includes developments
like:
increased professionalism and industrialization of IT production based on standardization, modularization and concentration on core competencies (Colomo-Palacios
2012, Zarnekow et al. 2006)
a stronger service orientation and focus on the provision of IT services (ITSMF,
ITIL, Blokdijk and Menken 2009, Galup and Dattero 2010, Long 2008, Orand and
Villarreal 2011)
growing importance of governance and compliance due to new regulatory requirements, e.g. Sarbanes-Oxley (ISACA; COBIT, Almeida 2013, Calder and Moir
2009, Haes and Grembergen 2012a and b, 2009, 2004, Selig et. al. 2008, Weill and
Ross 2005, 2004, Wright et. al. 2008)
increased market orientation and positioning of IT as an independent business unit
(Tillmann 2008, Lutchen 2004)
outsourcing of IT services (Beulen et al. 2011, Kendrick 2009, Kuhlmann 2012,
Kotlarsky and Willcocks 2011, Willcocks 2009a and b, Leimeister 2010)
Thus, IT management is exposed to a dynamic environment which requires appropriate processes, procedures and methods to cope with the situation. In response a number of best practices emerged in the field. The definition and documentation of best
practices and guidelines in all areas of IT Management (see OGC, www.bestmanagement-practice.com) is a still growing discipline in practice.
The two most renowned best practices are COBIT (Control Objectives for Information and Related Technology) with the focus on IT Governance and controlling
of all IT related activities (COBIT, ITGI) and ITIL (IT Infrastructure Library) for
IT Service Management (ITIL, ITSMF 2007). Both are on the market for more than a
decade, are widespread used and cover a wide range of IT Management tasks.
Renowned and in broad use is COBIT version 4. In connection with COBIT and the
underlying ISACA organization other best practices have been developed in addition
to COBIT over the past couple of years. Areas like IT investment and portfolio
management (Val IT), and risk management (Risk IT) are addressed. In
knowledge of these parallel developments, the ISACA organisation worked on an
integration of these frameworks for governance and a redesign of the COBIT concept

and structure. COBIT 5 was released in 2012 and is now based on five principles:
meeting stakeholder needs (via a goal cascade), covering the enterprise end-to-end,
applying a single integrated framework, enabling a holistic approach, separating governance from management (COBIT 5 2012). However, most companies are still in the
process of transition to Version 5. Thus, for the framework to be introduced reference
is made to COBIT 4 und 5. The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines serve different purposes,
encompass different activities, and require different organisational structures. The
Governance follows the structure: evaluate, direct, and monitor (EDM). Management
tasks follow the activities of Plan (APO), Build (BAI), Run (DSS), and Monitor
(MEA). Based on these structure, already known from former versions, the reference
model encompasses 37 processes. Hence, it contains all the processes from version 4,
which in parts have been altered or supplemented by additional processes (see mapping in section 3).
The IT Infrastructure Library is a best practice collection for IT Service Management (ISACA, ITIL, Brewster and Mann 2012, Blokdijk and Menken 2009, Long
2008, Fry 2012, Galup and Dattero 2010, Orand und Villarreal 2011). It includes a
comprehensive and publicly available documentation for the planning, provision and
support of IT services. Over the years ITIL was continuously evolved by users, service providers, manufacturers, and consultants. It has become a de-facto standard. In
2007 ITIL version 3 was published which covers the entire life cycle of IT services in
five core books: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. The view of the life cycle of IT services
has proven successful. Hence, the structure along these five phases of the service life
cycle was kept in the ITIL Edition 2011. Adjustments were made only for the unification of structure and terminology within the processes and to improve transparency.
ITIL, because of the proliferation, is an indispensable basis for the implementation of
standardized IT Service Management processes.
A similar framework like ITIL is the Application Services Library (ASL). Already
evident by its naming, the focus of ASL is on services for Application Management.
It builds on ITIL and details Application Management issues in 26 processes (Bon
and Verheijen 2006, chapter 20, Pols and Backer 2006). Thus, both frameworks can
be used complementary (Meijer et al. 2008). The ASL is supplemented by a Business
Information Services Library (BiSL), which addresses the interface of the business
and the IT (Bon and Verheijen 2006, chapter 16, Pols and Backer 2007).
COBIT and ITIL both contribute significant in their areas of application. However,
there are content overlaps between these approaches and different terminology and
concepts are used (it results in various mapping approaches, e.g. ISACA, ITGI).
Besides the two renowned best practices and the already named Val IT and Risk
IT to cover Governance and the Service libraries ASL and BiSL which are in the
realm, there are a number of further best practices with focus on different IT Management topics Management (see OGC, www.best-management-practice.com), like
enterprise architecture management (TOGAF), portfolio management (Jeffry
and Leliveld 2004), project management (PMBOK, Prince 2, RefMod PM) and
others, which are introduced in the next section.

Approach

Although a number of best practices are available, the propagation and use is hindered
by the following situation: use of different concepts and terminology, overlapping
content but no approach covering the entire IT Management lifecycle. Often it leads
to confusion among users (Winniford et al. 2009). Some organizations behind the best
practices are even trying to claim territory (e.g. ITIL and COBIT vice versa the
Governance and Service Management field). In addition, using best practices like
ITIL challenge most organisations in implementing the best practices, causing among
others organisational change. Guidance is needed to find the right approach in implementing the different service management fields. Several studies identified problem
areas and success factors for implementing IT Service Management (Erskine 2013,
Jelliti et al. 2010, Kattenstroth and Heise 2011, Marrone and Kolbe 2011, McLean
2012, Oliveira et al. 2011, Steinberg 2006, Pollard and Cater-Steel 2009, Wu et al.
2010, Yamakawa et al. 2012).
Overall, due to the dynamic development and in parts even competitive situation
among the best practices there is change, release of new versions, redefinition, content
overlap and inconsistent terminology used (ITGI 2008, Winniford et al. 2009). All of
this impedes the use of these best practices and orientation is needed. In order to make
best use in all areas, IT managers are faced with the challenge to streamline and organize concurrent use of different best practices. It needs a comprehensive overall
system which structures all relevant areas of IT Management in a systematic manner
and integrates renowned approaches. The framework presented in this paper aims to
close this gap. Objective is a universally applicable model that represents a comprehensive and overlap-free description of IT Management tasks and thereby builds on
existing standards and best practices.
The advancement of the framework presented in this paper builds on a reference
model for IT Management which was developed in a corporate wide project at Siemens AG a couple of years ago. It was implemented in 2006 and being successfully
used the following years. To understand on which grounds the framework is built and
for details on the approach and framework design principles we recommend reading
the given reference (Rohloff 2008). Processes are dynamic and undergo changes;
especially there was broad advancement in some of the best practices meanwhile,
especially the advancement from ITIL 2 (Service Delivery and Support focus) to coverage of the entire Service Lifecycle, and the COBIT development and reorientation
of IT Governance. This is why the authors decided to take up on this framework in a
research project and rework it, accounting for the advancements in the fields over the
last years and to design it company independent.
For the redesign of the framework an expert group was formed which is composed of
IT managers with professional knowledge of best practices in the area. All experts are
involved in implementing the respective best practices in their organisations. The
advancement of the framework is based on the analysis of the developments in IT
management in academia and business as outlined in this section. Furthermore, the
development of tasks, procedures and methods of IT management in corporate practice was observed via best practice and user forums (CIO; IMBOK, ITSMF, OGC).

Framework for IT Management

An initial basis for the framework presented here was the work and experience of the
reference model for IT Service Management (Rohloff 2008). It also takes into account
the substantial advancement of ITIL Edition 2011, COBIT 5 and other newly evolved
best practices in IT management. The framework is based on the fundamentals of the
Supply Chain Operational Reference Model (SCOR). In this respect it follows the
approach to structure the processes in Plan, Source, Make and Deliver and their representation on defined levels. Thus, the process structure follows not only the SCOR
methodology but also the concept of industrialization of IT operations through implementation of production processes for IT products & services and their integration
into the supply chain (Zarnekow et al. 2006). The methodology adopted by the SCOR
model divides the model into the following process levels:
Level 0 represents the basic structure of the framework; here, the arrangement in
three process groups as shown in figure 2.
At level 1 the core processes of a process group are presented.
Level 2 introduces process categories. A process category describes criteria by
which alternative process models at level 3 are differentiated, if applicable (e.g.
different business types).
Level 3 describes the process model for a core process. This can be further detailed
at subordinate levels.
Figure 1 shows the overall structure of the framework (level 0), which allocates the
tasks of IT Management to three process groups: leadership & management, which
accounts for IT in view of an independent business, the planning & control, and the
process chain for the life-cycle management of products & services.
Each of the three process groups has its emphasis in a particular area and in all the
three process groups cover all aspects of IT Management. The corresponding topics of
allocated best practices like COBIT (COBIT 4, in bold COBIT 5), ITIL and other best
practices are mapped to the framework (see the mapping reference in table 1.) Please
note, that business process management and knowledge management, although closely related to IT Management tasks and often in responsibility of IT organisations, are
not part of this framework (expert team decision to focus on core IT tasks and not to
overload the framework).
In addition the main stakeholders are listed. All processes are tied in a relationship
management with suppliers, customers, executive management, departments and other stakeholders. Suppliers of the IT value-added are software or infrastructure manufacturer, service providers etc. The customers of products & services are users of
applications in the company or external companies and institutions. For the implementation of corporate strategy and business requirements in a business oriented IT
architecture and IT portfolio the collaboration of executives and the management of
departments with the IT is essential. The decisive instrument for communication with
the customer is the Demand Management. Here, business requirements are analyzed
and the demand is recorded and the necessary supply derived. Other external stakeholders are for example shareholders or legislation in the context of governance tasks.

Fig. 1. Framework for IT Management

The process group Leadership & Management encompasses all management

processes which develop enterprise capabilities and overarch the business execution.
The core processes are the governance, the organisation, human resources, as
well as finance and controlling (level 1):
A core process for all IT-related activities is the "Governance" (Almeida et al. 2013,
Calder und Moir 2009, Haes and Grembergen 2012, 2009, 2004, Holt 2013, Selig et
al. 2008, Wright et al. 2008). According to the IT Governance Institute (ITGI) definition, governance is the responsibility by management and executives to secure, that
the information technology contributes to the company's organizational strategy and
objectives. The COBIT process PO6 "Communicate management aims and direction"
and PO8 "Ensure compliance with external requirements" are assigned to the Governance process. Moreover, parts of the Risk IT Framework are also assigned (Risk IT,
Ackermann 2013).
COBIT 5 provides a reorganization of the governance issues and structures governance tasks in evaluate, direct, and monitor. Based on two studies executed by MIT
Sloans Center for Information Systems Research, Weill and Ross emphasize governance from the perspective of the formal allocation of decision rights and the development of an accountability framework (Weill and Ross 2005, 2004). Hence the proposed IT Governance matrix and best practice are also mapped.
The "Organization" is concerned with the organizational structure and processes of
IT. The COBIT process PO4 "Define the IT organization and relationships" is classified here. The process "Human Resources" includes all activities for the development
of personnel development and recruitment. Objective is the preservation and devel-

opment of business expertise and knowledge. The COBIT process PO7 Manage
Human Resources" is classified here (COBIT 5 APO 07).
Finance is the steering instrument tin economical terms. COBIT 5 APO 06 addresses Manage budget & costs. ITILs Financial Management is assigned here. Controlling supervises all business activities of the organization (for controlling concepts
and application in practice, see Gadatsch 2009). It is supplemented by a controlling in
the respective fields (projects, service operations, etc.). Controlling includes the
COBIT field Monitor and Evaluate (M1-M4) (COBIT 5 MEA 01-03).
The "Planning and Control" of the complete IT value chain is of great significance.
These include the tasks of Strategy, Architecture Management, Portfolio Management and control tasks with the focus on Demand Management, Service Level
Management and Project Management (level 1). Many interfaces exist between the
governance and the processes of the Planning and Control cluster. It results in content overlaps with COBIT and ITIL in subject areas like Controlling, Portfolio Management or Project Management.
The "Strategy process is the overarching goal-oriented approach to use IT to leverage business and to achieve competitive advantage (Dubey 2011). Focus is on the
development of the IT-strategy and the business / IT alignment (Henderson and Venkatraman 1989, Huang et al. 2012, Khaiata and Zualkernan 2009, Luftman 2003)).
These includes the alignment of IT strategy with corporate strategy. In addition to
strategic and competitive orientation, it also includes the planning and development of
resources and capabilities for the enterprise-wide use of IT (Buchta et. al. 2009, Niemann 2006, Segars und Grover 1998). The COBIT process PO1 Define a strategic IT
plan (COBIT 5 APO 02) is mapped here. The ITIL process "Strategy Management"
of the Cluster Service Strategy is also placed with Strategic IT Management.
Based on the strategy the Architecture Management plans and implements the
target architectures for the design of the IT landscape and IT services based on business requirements. These issues are addressed by the COBIT processes PO2 Define
the Information Architecture and PO3 Determine the technological direction
(COBIT 5 APO 03). In recent years the TOGAF approach (TOGAF, The Open Group
Architecture Framework 2010) has become popular for architecture management. The
Architecture Development Method (ADM) as part of the framework describes essential steps for the architecture management. TOGAF complements to this process.
The "Portfolio Management" includes all plans for further development and implementation of the entire portfolio of IT (products & services) and the necessary
investments (Jeffry and Leliveld 2004). It needs to be aligned to the strategy, and the
business and market developments. Essential requirements come from the definition
of target architectures and the resulting measures for their implementation. In addition, current requirements from the demand management are considered. The COBIT
process PO5 "Manage the IT investment" (COBIT 5 APO 05) addresses the IT Portfolio Management. The Val IT framework provides a structured approach to the evaluation of IT investments and portfolio management (Val IT).

Table 1. Mapping of IT best practices to the framework

CIO Process
Mapping of best practices
Framework
COBIT 5 / COBIT 4
ITIL
Leadership & Management
Governance
Evaluate Direct and
Monitor (EDM01-05)
PO6 "Communicate management aims & direction",
PO8 "Ensure compliance
with external requirements"
Organization
PO4 "Define the IT organization"
Human ReAP007 PO7 Manage
sources
Human Resources"
Finance
AP006 Manage budgFinancial Manageets & costs
ment
Controlling
Monitor and Evaluate
(M1-M4) (MEA01-03)
Planning & Control
Strategy
AP002 PO1 Define a
Strategy Managestrategic IT plan
ment for IT Services
Architecture
AP003 Manage EnterManagement
prise Architecture
PO2 Define the Information Architecture
PO3 Determine technological direction.
Portfolio ManAP05 Manage PortfoService Portfolio
agement
lio
Management
PO5 "Manage the IT investment"
Demand ManBAI01 Manage ReDemand Manageagement
quirements Definition
ment
Service Level
AP009 Manage Service
Service Level ManManagement
Agreements
agement
DS1 define service levels"
PO11 "manage quality"
Project ManBAI01 Manage Proagement
grammes & Projects
PO10 manage projects"
PO9 "assess risk"
PO11 "manage quality"
Management of Products & Services
Sourcing
Acquire and Implement
Supplier ManageAI1-AI6
ment
Service Design
BAI03-04
Service Design
DSS04-05
Service Transition
Service Operations
Service Improvement

BAI05-10

Service Transition

Deliver, Service & Support (DSS01-03), DS2 DS13

Service Operation
Service Improvement

Others
Risk IT
IT Governance matrix
(Weill and Ross)

TOGAF
ASL: ICT development Strategy

Val IT
ASL: ICT Portfolio
Management

ASL: Service Level

Management
PMBOK
Prince 2
RefMod PM

ASL: Cluster Enhancement & Renovation

ASL: Cluster Ehancement & Renovation
ASL: Cluster Maintenance & Control
ASL: Change Management

"Demand Management" covers all requirements of the business to IT and thus plays a
key role (Thiadens 2005). Manage requirements definition is addressed by COBIT
5 BAI 01 process. With the demand management closely linked is the Service Level
Management. Objective is to ensure the agreed quality of services. It defines the
requirements of customers in terms of quality of IT services in the form of defined
service levels. Customer requirements towards quality of service and commercially
reasonable solutions for the service organization are defined in form of service level
agreements (SLAs) with clear measurable objectives for the quality of the service.
These are broken down and further specified with Underpinning Contracts and
Operational Level Agreements.
Service Level Management includes settling, securing, monitoring, and controlling Service Level Agreements (SLAs). This is a key management tool at the interface
between customers and service provision. For this reason it is highlighted in the
framework as a prominent process in the "Planning and Control" cluster (ITIL assigns
it to the Service Design). The COBIT process DS1 define service levels" and partial
the process PO11 "manage quality" (COBIT 5 APO 09/11) are part of the Service
Level Management.
The "Project Management" includes the COBIT processes PO10 manage projects" (COBIT 5 BAI 01) and partly PO9 "assess risk" and P011 "manage quality". In
practice, standards for project management have been developed, which can be used
in addition here (Brewer und Dittman 2010). The Project Management Body of
Knowledge (PMBOK) for example is a comprehensive collection of project management methods which is published and maintained by the Project Management Institute
(PMI 2013, Saladis and Kerzner 2009, Stackpole 2013). Another method is Prince 2
(Projects IN Controlled Environments, Prince2). From an academic environment is
the Reference Model for Project Management (RefMod PM, Ahlemann and Riempp
2008).
The IT value chain encompasses the entire life-cycle of the Management of Products & Services. According to the SCOR model (SCOR) it is structured into the
process steps of Source, Make, and Deliver (Bolstorff and Rosenbaum 2012, Zhou et
al. 2011). To describe the process chain, ITIL and the defined IT Service Management tasks are fully applied and the ITIL terminology is used for this process group
on level 1 of the framework. Thus, the Supplier Management from the Service Design
of ITIL is mapped to Sourcing, for Make the ITIL processes "Service Design"
and "Service Transition", and for the Deliver the ITIL processes "Service Operation" and "Service Improvement" are applied.
Compared to ITIL the COBIT descriptions for these processes are noticeably poorer, but provide a good supplement regarding the success factors and metrics. The
COBIT domain "Acquire and Implement" corresponds to the process steps Make
and Source. The processes AI1 - AI6 (COBIT 5 BAI 03-10) are classified here. The
COBIT domain Deliver and Support" corresponds to the process step Deliver. The
processes DS2 - DS13 (COBIT 5 DSS 01-03) are mapped here.

Summary and Outlook

So far the framework was applied in the respective organizations of the team members and proved to facilitate the implementation of best practices across the different
IT Management tasks. The benefits of the framework are a comprehensive view of all
IT Management tasks based on a clear overall structure. The 15 processes and the
corresponding process maps provided give a first access and overview here. They
serve as a general structure and navigation to the abundant material of best practices
for IT management, which without the framework would be complex, overlapping
and hard to reveal in places. However, no experience is yet available with external use
of the proposed framework. The focus of this paper was on the structure and content
of the proposed framework for IT management. A proliferation of the framework and
use over a period of time provided, future research will address the experiences with
external use of the framework.
Presentation at the ECIS preconference on IT Operations Management will help the
propagation of the framework and foster external use. In addition, the framework may
serve as a guideline in setting the agenda for different research fields for IT operations
management.

References

Ackermann, Tobias (2013). IT security risk management. Perceived IT security risks

in the context of cloud computing. Wiesbaden: Springer Gabler.
Ahlemann, F., and Riempp, G. (2008). RefModPM: A Conceptual Reference Model
for Project Management Information Systems, Wirtschaftsinformatik (50:2), p.
88-97
AIM, AIM Report: Delivering the Promise of Management Practices, Advanced Institute of Management Research, www.aimresearch.org (called 30.03.13)
Almeida, Rafael; Pereira, Rben; Silva, Miguel Mira da (2013). IT governance mechanisms. A literature review. In: Exploring services science : 4th international conference, IESS 2013, Porto, Portugal, February 7 - 8, 2013 ; proceedings. Berlin:
Springer, p. 186199.
ASL BiSL Foundation, www.aslbislfoundation.org (called 30.03.13)
Becker, J., and Delfmann, P. (Eds.) (2007). Reference modeling: efficient information systems design through reuse of information models, Springer Berlin et
al.
Beulen, Erik; Ribbers, Pieter; Roos, Jan (2011). Managing IT outsourcing. 2nd ed.
London, New York: Routledge.
Blokdijk, G., and Menken, I. (2009). ITIL V3: How to Develop, Implement and
Enforce ITIL V3 Best practices, Emereo Pty Limited
Bon, J., and Verheijen, T. (2006). Frameworks for IT Management, Van Haren
Publishing
Bolstorff, Peter; Rosenbaum, Robert G. (2012): Supply chain excellence. A handbook
for dramatic improvement using the SCOR model. 3rd ed. New York, NY:
AMACOM American Management Association.

Brewer, Jeffrey L.; Dittman, Kevin C. (2010). Methods of IT project management.

Boston: Prentice Hall.
Brewster, Ernest; Mann, Steve (2012). IT service management. A guide for ITIL
foundation exam candidates, second edition. 2nd ed. Swindon, U.K: British Informatics Society Limited.
Buchta, D., Eul, M., and Schulte-Croonenberg, H. (2009). Strategic IT Management:
Increase Value, Control Performance, Reduce Costs, Gabler Wiesbaden
Bytheway, A. (2003). Exploring Information Management, 2003, IMBOK. Information Management Body of Knowledge, www.imbok.org
Calder, Alan; Moir, Steve (2009). IT governance. Implementing frameworks and
standards for the corporate governance of IT. Ely, UK: IT Governance.
CIO, CIO Website Business Media GmbH, www.cio.de (called 30.03.13)
COBIT. COBIT 5 framework (Control Objectives for Information and related Technology), www.isaca.org/cobit (called 30.03.13)
Colomo-Palacios, Ricardo (2012). Professional advancements and management trends
in the IT sector. Hershey, Pa: IGI Global
Dubey, Sanjiva (2011). IT strategy and management. 2nd ed. New Delhi, India: PHI
Learning.
Erskine, Pamela (2013). ITIL and Organizational Change: ITGP.
Fettke, P., and Loos, P. (Eds.) (2006). Reference modeling for business systems
analysis, Idea Group Inc. (IGI)
Fry, Malcolm (2012). ITIL Lite. A road map to full or partial ITIL implementation.
London: TSO.
Gadatsch, A. (2009). IT-Controlling Concepts and Transformation into Practice,
Business & Information Systems Engineering BISE (1:3), p. 254-262
Galup, Stuart D.; Dattero, Ronald (2010). A Five-Step Method to Tune Your ITSM
Processes. In: Information Systems Management 27 (2), p. 156167
Haes, de S. and Grembergen, van W. (2012a). Enterprise governance of IT and the
evolutions in COBIT: BIS 2012 international workshops and future internet symposium, Vilnius, Lithuania, 2012; p. 88-103
Haes, de S. and Grembergen, van W. (2012b). Business strategy and applications in
enterprise IT governance. Hershey, PA: Business Science Reference.
Haes, de S. and Grembergen, van W. (2009). An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment. In: Information
Systems Management 26 (2), p. 123137
Haes, de S. and Grembergen, van W. (2004). IT Governance and Its Mechanisms,
in: Information Systems and Control Journal 1,
Henderson, J., and Venkatraman, N. (1993). Strategic alignment: leveraging information technology for transforming organizations, IBM Systems Journal (32:1),
pp. 4-16
Henderson, J., and Venkatraman, N. (1989): Strategic alignment. A process model for
integrating information technology and business stategies. Cambridge, Mass: Center for Information Systems Research, Sloan School of Management, MIT (90s
WP, no. 89-077).
Hevner, A., March, S., Park, J., and Ram, S. (2004). Design Science in Information
Systems Research, MIS Quarterly (28:1), pp. 75105

Hevner, A. (2007). A Three Cycle View of Design Science Research, Scandinavian

Journal of Information Systems (19:2), pp. 87-92
Holt, A. L. (2013): Governance of IT. An executive guide to ISO/IEC 38500. Swindon: BCS Learning & Development.
Holtsnider, Bill; Jaffe, Brian D. (2010). IT manager's handbook. Business ed. Amsterdam, Boston: Morgan Kaufmann Publishers/Elsevier.
Huang, Sun-Jen; Wu, Ming-Shian; Chen, Li-Wei (2012). Critical success factors in
aligning IT and business objectives: A Delphi study. In: Total Quality Management & Business Excellence 24 (9-10), p. 12191240.
Iden, Jon; Langeland, Lars (2010). Setting the Stage for a Successful ITIL Adoption:
A Delphi Study of IT Experts in the Norwegian Armed Forces. In: Information
Systems Management 27 (2), p. 103112.
IMBOK. Information Management Body of Knowledge, www.imbok.org (called
30.03.13)
ISACA (2012). COBIT 5. A business framework for the governance and management
of enterprise IT. Rolling Meadows, Ill: ISACA. www.isaca-org
ISACA. Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit: A
Management Briefing From ITGI and OGC, www.isaca.org/KnowledgeCenter/Research/Documents/, (called 30.03.13)
ITGI (2008): Cobit mapping. Mapping of ITIL v3 with COBIT 4.1. Rolling Meadows: IT Governance Institute.
ITGI. IT Governance Institute, www.itgi.org (called 30.03.13)
ITIL. ITIL Edition 2011 http://www.itil-officialsite.com/ (called 30.03.13)
ITSMF. IT Service Management Forum International, http://www.itsmfi.org/ (called
30.03.13)
Jeffry, M. and Leliveld, I. (2004). Best practices in IT Portfolio Management, MIT
Sloan Management Review (45:3), spring 2004, pp. 41-49
Jelliti, M.; Sibilla, M.; Jamoussi, Y.; Ghezala, H. B. (2010). A model based framework supporting ITIL service IT management. In: Enterprise, business-process
and information systems modeling : 11th International Workshop, BPMDS 2010,
and 15th International Conference, EMMSAD 2010, held at CAiSE 2010, Hammamet, Tunisia, June, 2010 ; proceedings. Berlin: Springer, p. 208219.
Long, J. (2008). ITIL Version 3 at a Glance, Springer Berlin
Kattenstroth, H.; Heise, D. (2011). Towards a method for IT service management. In:
The practice of enterprise modeling : 4th IFIP WG 8.1 working conference, PoEM
2011 Oslo, Norway, November 2 - 3, 2011 ; proceedings. Berlin [u.a.]: Springer,
p. 178192.
Kendrick, Rupert (2009): Outsourcing IT. A Governance Guide. Ely: IT Governance
Pub.
Khaiata, M.; Zualkernan, I. A. (2009). A Simple Instrument to Measure IT-Business
Alignment Maturity. In: Information Systems Management 26 (2), p. 138152.
Kotlarsky, Julia; Willcocks, Leslie (Hg.) (2011). New studies in global IT and business services outsourcing. 5th Global Sourcing Workshop 2011, Courchevel,
France, March 14-17, 2011 : revised selected papers/ edited by Julia Kotlarsky,
Leslie P. Willcocks. Global Sourcing Workshop. Berlin, New York: Springer.
Kuhlmann, Daniel (2012). Governing IT Outsourcing Relationships. Hamburg:
Diplomica Verlag.

Laplante, Phillip A.; Costello, Thomas (2006). CIO wisdom II. More best practices.
Upper Saddle River, NJ: Prentice Hall PTR (Enterprise computing series).
Laudon, K. and Laudon, J. (2009). Management Information Systems, Pearson
Education
Leimeister, Stefanie (2010). IT outsourcing governance. Client types and their management strategies: Mnchen, Techn. Univ., PhD thesis, 2009. 1. ed. Wiesbaden:
Gabler.
Luftman, Jerry (2003). Assessing It/Business Alignment. In: Information Systems
Management 20 (4), p. 915
Luftmann, J., and Kempaiah, R. (2007). An Update on Business-IT Alignment: A
Line Has Been Drawn, MIS Quarterly Executive (6:3), p. 165-177
Lutchen, Mark (2004). Managing IT as a business. A survival guide for CEOs. Hoboken, N.J: J. Wiley.
Marrone, Mauricio; Kolbe, Lutz M. (2011). Uncovering ITIL claims. IT executives
perception on benefits and Business-IT alignment. In: Information systems and ebusiness management : ISeB 9 (3), p. 363380.
McKeen, James D.; Smith, Heather (2003). Making IT happen. Critical issues in IT
management. Chichester: Wiley (Wiley series in information systems).
McLean, Daniel (2012). The ITSM Iron Triangle. Incidents, changes and problems :
stories in transforming ITIL best practice into operational success. Ely, Cambridgeshire, U.K: IT Governance Pub.
Meijer, M., Smalley, M., and Taylor, S. (2008). ITIL V3 and ASL: Sound Guidance
for Application Management and Application Development, OGC white paper
Mokhtar Mohd. Yusof; Lee, Mei Pheng (2006). Managing IT in organisation. A multiple perspective framework. Melaka: Kolej Universiti Teknikal Kebangsaan Malaysia.
Niemann, K. (2006). From enterprise architecture to IT governance: Elements of
effective IT management, Vieweg +Teubner
OGC, Office of Government Commerce. Best practices in IT Management,
www.best-management-practice.com (called 30.03.13)
Oliveira, Pedro; Furtado da Silva, Nuno; Silva, Miguel Mira da (2011). A process for
estimating the value of ITIL implementations. In: Enterprise information systems
design, implementation and management : organizational applications. Hershey,
Pa.: Business Science Reference, p. 396411.
Orand, Brady; Villarreal, Julie (2011). Foundations of IT service management with
ITIL, Richmond.
Peppard, Joe (1998). IT in organisations. A framework for analysis. Cranfield: School
of Management (Working paper series / Cranfield School of Management / Cranfield School of Management: Working paper series, 5/98).
Peppard, Joe (1999). Bridging the gap between the IT organisation and the rest of the
business. Plotting a route: Cranfield School of Management (Cranfield working
paper, no 5/99).
Peppard, Joe; Edwards, Chris; Lambert, Rob (1999): A governance framework for
information management in the global enterprise: Cranfield School of Management (Cranfield working paper, no SWP 9/99).

Peppard, Joe; Ward, John (1998). "Mind in the gap". Diagnosing the relationship
between the IT organisation and the rest of the business. Cranfield: School of
Management (Cranfield School of Management: Working paper series, 13/98).
Pollard, Carol; Cater-Steel, Aileen (2009). Justifications, Strategies, and Critical Success Factors in Successful ITIL Implementations in U.S. and Australian Companies: An Exploratory Study. In: Information Systems Management 26 (2), S. 164
175.
Pols, R. van, and Backer, Y. (2006). Application Services Library A Management
Guide, Van Haren Publishing
Pols, R. van, and Backer, Y. (2007). Business Information Services Library A
Management Guide, Van Haren Publishing
Prince 2. PRojects IN Controlled Environments,
www.ogc.gov.uk/methods_prince_2.asp (called 30.03.13)
PMI, Project Management Institute (2008). A Guide to the Project Management
Body of Knowledge, 4th edition, ANSI/PMI 99-001-2008, PMI: Newton Square
PA
Rangan, Ashwin (2008). Tomorrow's CIO. Strategic executive conversations. 1st ed.
Palo Alto, CA: Insightful Group.
Risk IT. Framework for Management of IT Related Business Risks,
www.isaca.org/riskit (called 30.10.11)
Rockart, John F.; Earl, Michael J.; Ross, Jeanne W. (2003). Eight imperatives for the
new IT organization. In: Inventing the organizations of the 21st century, p. 297
317.
Rohloff, M. (2008). A Reference Process Model for IT Service Management, in:
Proceedings of 14th Americas Conference on Information Systems, AMCIS 2008,
Toronto, Omnipress, Madison, paper 2
Rom, A., and Rohde, C. (2007). Management accounting and integrated information
systems: A literature review. International Journal of Accounting Information Systems, 8(1), 40-68.
Ross, Jeanne W.; Feeny, David F. (2008). The evolving role of the CIO. In: Management of information systems, p. 4362.
Saladis, Frank P.; Kerzner, Harold (2009). Bringing the PMBOK guide to life. A
companion for the practicing project manager. Hoboken, N.J: Wiley.
Segars, Albert H.; Grover, Varun (1998). Strategic Information Systems Planning
Success: An Investigation of the Construct and Its Measurement. In: MIS Quarterly 22 (2), p. 139163.
Selig, Gad J.; Wilkinson, Jayne; Lefave, Richard (2008). Implementing IT Governance. Zaltbommel: Van Haren Pub. (Best Practice).
Stackpole, Cynthia Snyder (2013). A project manager's book of forms. A companion
to the PMBOK guide, 5. ed. 2. ed. Hoboken, NJ: Wiley.
Steinberg, Randy A. (2006). Measuring ITIL. Measuring, reporting and modeling the
IT service management metrics that matter most to IT senior executives. Victoria,
B.C: Trafford.
SCOR. Supply Chain Operations Reference Model, V. 11, www.supplychain.org/cs/root/home (called 30.03.13)
Stenzel, J., Cokins, G, Schubert, K. (2010). CIO Best practices: Enabling Strategic
Value With Information Technology, John Wiley and Sons

TOGAF. (2011). The Open Group Architecture Framework: Version 9.1 "Enterprise
Edition", 2011, www.opengroup.org/togaf, (called 30.03.13)
Thiadens, Theo (2005). Manage IT! Organizing IT demand and IT supply. Dordrecht:
Springer.
Tillmann, George (2008): The business-oriented CIO. A guide to market-driven management. Hoboken, N.J: John Wiley & Sons.
Val-IT. www.isaca.org/valit (called 30.10.11)
Ward, J. and Peppard, J. (2003). Strategic Planning for Information Systems Chichester
Weill, P. and Ross, J. (2005), A Matrixed Approach to Designing IT Governance,
MIT Sloan Management Review, winter 2005, pp. 26-34
Weill, P. and Ross, J. (2004), IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business Press
Willcocks, Leslie P. (2009a). Making IT outsourcing decisions. Los Angeles. SAGE
(Sage library in business and management, / ed. by Leslie P. Willcocks; Vol. 1).
Willcocks, Leslie P. (2009b): Managing outsourcing relationships. Los Angeles.
SAGE (Sage library in business and management, / ed. by Leslie P. Willcocks;
Vol. 2).
Winniford, MaryAnne; Conger, Sue; Erickson-Harris, Lisa (2009). Confusion in the
Ranks: IT Service Management Practice and Terminology. In: Information Systems Management 26 (2), p. 153163.
Witt, Tom C. (2012). IT best practices. Management, teams, quality, performance,
and projects. Boca Raton: Taylor & Francis.
Wright, Craig; Freedman, Brian; Liu, Dale (2008). The IT regulatory and standards
compliance handbook. Burlington, MA: Syngress Pub.
Wu, Ming-Shian; Huang, Sun-Jen; Chen, Li-Wei (2010). The preparedness of critical
success factors of IT service management and its effect on performance. In: The
Service Industries Journal 31 (8), p. 12191235.
Yamakawa, Peter; Obregn Noriega, Claudio; Novoa Linares, Alfredo; Vega Ramrez, Willy (2012). Improving ITIL compliance using change management practices. A finance sector case study. In: Business process management journal 18 (6),
p. 10201035.
Zarnekow, R., Brenner, W., Pilgram, U. (2006). Integrated Information Management: Applying Successful Industrial Concepts in IT, Springer Berlin et al.
Zhou, Honggeng; Benton, W. C.; Schilling, David A.; Milligan, Glenn W. (2011).
Supply chain integration and the SCOR Model. In: Journal of business logistics : JBL
32 (4), p. 332344.