http://ijece.iaescore.com From IT service management to IT service governance: An ontological approach for integrated use of ITIL and COBIT

Info 2021 Some companies have achieved better performance as a result of their IT investments, while others have not, as organizations are interested in calculating the value added by their IT. There is a wide range of literature that agrees that the best practices used by organizations promote continuous improvement in service delivery. Nevertheless, overuse of these practices can have undesirable effects and unquantified investments. This paper proposed a practical tool formally developed according to the DSR design science approach, it addresses a domain relevant to both practitioners and academics by providing IT service governance (ITSG) domain model ontology, concerned with maximizing the clarity and veracity of the concepts within it. The results revealed that the proposed ontology resolved key barriers to ITSG process adoption in organizations, and that combining COBIT and ITIL practices would help organizations better manage their IT services and achieve better business-IT


INTRODUCTION
The thinking behind the ITSM principle is to solve the difficulties associated with managing IT services in the enterprise. It has been observed that the proliferation of IT infrastructures makes companies dependent on the quality, quantity and availability provided by these infrastructures. In other words, due to the divergence in the "IT is business" or "business is IT" view, the design of IT infrastructure focuses on technology rather than a rational and efficient customer-oriented approach [1].
This paper is an attempt to fill the void, the objective is to build a collective mapping of ITSG best practices using the collection and synthesis of data from the official IT governance framework guides. This mapping needs to be formal, extensive, and reproducible so that it can be shared with applications that are smart, other areas of expertise, or IT qualified. According to [2], "COBIT alone is not sufficient to meet the requirements of business/IT coordination.
COBIT only provides a governance mode, not the information system of an organization. On the other hand, ITIL is becoming the default standard for IT management in organizations, providing a comprehensive framework for the IT service lifecycle and can help organizations improve their performance. The objective of this work is to submit an ontological approach for a combined exploitation of COBIT and

5293
ITIL practices. This approach is elaborated by respecting the research methodology of design science (DSR). The objective is to translate known practices into desirable situations via the deployment of technological artifacts. The lack of relevance of scientific research in the field of information systems for professionals has favored the birth of the concept of study in design science (DSR). A collection of concepts, methods, and approaches to conduct studies can be described as DSR methodology [3]. Its aim is to close the gap between technical awareness of the requesters and the practical knowledge of the experts. Information systems specialists can benefit through using this approach knowledge from different computer science, engineering, social science, economics and philosophy to study problems at the crossroads of computer science as well as entities [4]. As a result, organizations will be capable of dealing with critical information-related activities by creating and evaluating innovative computing artifacts [5].
DSR specifies 4 design artifacts (construction, model, method and instantiation). This contribution focuses on the construct and the model. The construct describes the terminology of the problem domain [6], while the model uses constraints to represent the current situation, the design problem, and the possible solutions [7].
The proposed control is made up of constructs and service level management artifacts. The model in this paper is defined by integrating different constructs to develop our alternative for the ITSG lifecycle. The following is how the rest of the article is organized: section 2 provides an overview of the ITIL and COBIT structures, followed by section 3 discussion of relevant work, section 4 presentation of our ITSG lifecycle ontology, and section 5 discussion of our solution's evaluation mechanisms. Finally, in section 6, we discuss the findings of our approach before coming to a conclusion in section 7.

RELATED WORKS
While it is still relatively new, the field of IT governance has its own set of skills system as well as numerous technologies and methods [8]. The quantity of IT governance best practice constructs has grown; each framework comes from a professional community with its own challenges and culture. The professional literature provides various books, catalogs, and journal guides for applying these frameworks [9].
The development of best practice frameworks such as COBIT or ITIL, as well as the publication of standards such as ISO 27001, which deals with IT security management, have resulted from the IT governance problems that are primarily discussed in management reviews. In this regard, CIGREF states in a technical publication that the diversity of IT governance principles and structures is frequently a source of conflict and misunderstanding [10].
Similarly, Samiotakis [11] highlighted a point that is marginally addressed in the literature, which is the difficulty of applying and integrating multiple IT governance standards and frameworks: according to Smirnov et al. [12] "frameworks cannot simply be combined like puzzle pieces. They were created by different people, at different times, in different places, deliverables/aspects/outcomes, with varying degrees of granularity, precision, quality and consistency" [13].
In this context, Shing et al. [13] provide ITIL v3 -COBIT 5 process mapping, according to authors: "When used together, the power of both approaches is amplified, with a greater likelihood of management support, direction, and a more cost-effective use of implementation resources". Likewise, this paper aims to provide an integrated framework of ITSG on the basis of the most widely accepted best practices frameworks COBIT and ITIL in [14]- [19]. The purpose is to provide a machine readable document for ITSG domain model. Ontology can be used to create a formal definition of domain semantics since it is a formal and explicit specification of a shared conceptualization [20].
Ontology is also described as a more formal and constructive specification. Conceptualization of sharing knowledge representation, which can build the vocabulary and its structure Work around a clearly defined consensus [21]. It aims to interweave human understanding of symbols with their machine processing capabilities. In terms of IT service management, built and created a prototype decision-making framework based on business needs for IT governance planning developed a new integration approach for representing the lifecycle of cloud-based IT services and demonstrated how to use it to simplify cloud service acquisition and use [22], [23].
Conger et al. [23] Proposed the ontology meta-model of ISO 27001 security standard, which explained its basic concepts to compare the constructed meta-model with various existing information security ontologies. Ontology for secure SLA representation (SSLA) was developed to address concerns about cloud security and privacy risk assessment [24]. The following section will present the proposed ITSG domain ontology in detail. The goal is to maximize the expressiveness, clarity, and authenticity of the concepts belonging to it [25].

PROPOSED IT SERVICE GOVERNANCE ONTOLOGY
Planning, research, construction, and testing are all phases of traditional service management models. These methodologies have been found to be very time consuming and to necessitate a significant amount of human labor, both from the user and the supplier. ITSG is very different form ITSM; COBIT 5 clarifies the differences in its principle 5 "separating governance from management" by recognizing that each serves a different purpose with different responsibilities and different activities. Since a formal definition of ITSG does not exist, choosing the best ITSG mechanisms is a difficult task. Isolated issues are resolved as they arise, and those individual solutions can often conflicting each other.
Yet, this section aims to make an ontological representation of ITSG domain supported the gathering and analysis of knowledge contained in ITG hottest frameworks. The most goal of ITSG ontology is to represent concepts of ITSG domain, also as their properties and relations. So as to develop the ITSG ontology, a set information purification, coordination, research, and presentation. The ITGI's official COBIT (ISACA, 2020) and ITIL guides were used as sources of data. Figure 1 introduces the ITSG suggested model, It is based on a mix of COBIT process: "Define and manage service levels" and ITIL process "service level management". The main objective is to separate control from management as it is highlighted by COBIT V5 principles. The service level control (SLC) is the process for establishing a shared understanding of the appropriate level of service, both consumer and provider to prevent misunderstandings or omissions, it is important to have a better understanding of roles and responsibilities. The process of recording and agreeing on service targets in service level agreements (SLAs), then tracking and updating real service levels against those targets is known as service level management (SLM). The ontological representation of each process domain is described in the subsection below. Figure 1. The proposed ITSG model

Service level control artefact
Process objective: to develop a shared understanding of the necessary level of service. Process description: The central entity type is the IT process: DS1: define and manage IT services, this process belongs to COBIT IT domain "delivery and support" and it is defined by the business objective "Establishing a shared understanding of the level of service required".
COBIT provides a maturity profile for this process based on a ranking of just six maturity level entity type elements (0 non-existent, 1 initial/ad Hoc, 2 repeatable but intuitive, 3 specified process, 4 controlled and observable, 5 optimized).
COBIT proposes a set of detailed control objectives for the control of formal SLA; it defines the aspects of SLA, the aspects of success processes, tracking, and reporting, the review of SLA and service improvement program.
COBIT expounds a set of Key goal indicators and key performance indicators for each IT process it does not, however, specify how to report these indicators. To do so, organizations must adopt other IT frameworks. In our case, ITIL framework is adopted for managing service levels. The ontological representation of service governance domain knowledge is shown in Figure 2.

Service level management artefact
The SLM artefact is designed based on the combination of ITIL SLM practices and COBIT DS1 detailed control objectives. For that aim, 3 SLM processes are developed and are presented below.

Identification of service requirements
Process Goal: Gather criteria for new IT services or changes to existing IT services from the consumer's perspective. The goal is to strengthen relationships with happy customers so that IT resources can be spent on the areas that the customer considers most important.
Application services, technical services, and professional services are the three types of services that are identified by a service name and a service description. Three service levels should be specified for each service: Gold, Silver, and Bronze. The service levels are determined by the metrics that measure the quality of the service.
The user may request a service level change during this process, according to ITIL. To do so, the user must first identify the QoS specifications, which include things like availability: (number of allowed downtimes, availability thresholds, number of interruptions allowed, procedures for announcing interruptions to the service…), performance requirements: (implementation Duration continuity: (availability to be recovered,…) required capacity for the service, response time from applications,…), and service desk (incident response time, problem response time,…).
COBIT indicates that the conditions for service should be registered and subjected to a preliminary assessment by the service level manager, so that alternatives may be validated latter by the business unit strategic. The objective is to eliminate those services that cannot be aligned with key business objectives and keep only those who can be possibly validated by the strategic business unit. The ontological representation of the SLM Process: "identification of service requirements" domain knowledge is shown in Figure 3.

Agrements SIGN-OFF and service activation
Process goal: Verify service acceptance and ensure that both the supplier and the customer sign off on service contracts. ITIL points out that once the service quality metrics are met, a contract between the service customer and the service provider is used as a basis for billing or cost allocation, and it helps explain what value customers are getting for their money. This procedure guarantees that all relevant operational compliance undertakings (OLAs) are authorised by their service operators, as well as that the receiver approves the strategic compliance agreement (SLA). The ontological representation of the SLM Process: "Agreements sign-off and service activation" domain awareness is depicted in Figure 4.

Service level monitoring and reporting
Process Goal: To enhance service quality, track achieved service levels and compare them to agreed-upon service level goals. COBIT emphasizes the importance of appointing a service level manager who is responsible for monitoring and reporting on the achievement of the established service performance standards as well as any problems encountered during processing. The service level manager initiates a service inspection session in this process, with the goal of identifying the root cause of weak areas so that remedial action (root cause resolutions) can be taken, thus enhancing potential service quality.
The service level manager can submit customer satisfaction surveys on a regular basis to find areas where work quality can be enhanced. A service level report is produced following the service level monitoring session and distributed to consumers and other relevant parties as a basis for service quality improvement measures. The ontological representation of the SLM Process: "Service Level Monitoring and Reporting" domain awareness is depicted in Figure 5.

ARTEFACT EVALUATION 4.1. Ontology taxonomy evaluation
ITSG ontology has been implemented in protégé software [26] to test the proposed ITSG artefact for inconsistency, incompleteness, and redundancy, and the credibility has been checked using the inference engines Fact++1.6.5 [27] and Pellet [28] incorporated as plug-ins in protégé software. Figure 6 shows the inferred classes that were created.

Domaine knowledge validation
The goal of the suggested ontology was enabling an ITSG system which integrates COBIT and ITIL practices dedicated to service management. In order to validate our proposed alternative domain knowledge, it is mandatory to check if ITSG key performance indicators (KPIs) provided by COBIT can be calculated through the proposed ITSG system. Jena Fuseki Server 3.4.0 was used to demonstrate our ontology-based approach for this purpose. Jena Fuseki is a SPARQL server that uses the SPARQL protocol over HTTP to provide REST-style SPARQL HTTP updates, SPARQL queries, and SPARQL updates. The ontology data was populated using Protégé tools. This is then translated to XML/OWL format and submitted to Jena Fuseki Server to be sorted as a dataset.

RESULTS AND DISCUSSION
In general, governance refers to an organization's ability to monitor and normalize its activities in order to prevent conflicts of interest among its various stakeholders. IT governance, in particular, refers to the methods for managing and regulating an organization's information system. According to Yamami et al. [29] "governance is the combination of steering and control, steering to ensure that today's decisions are preparing properly tomorrow, and control to measure the gap from what was planned." In this paper, we are interested in IT service Governance models implementation in organizations. ITIL is the most used framework in organizations, according to Leoz et al. [30] organizations tend to implement ITIL for management purpose; they are limited to adopting the processes of incident response, issue resolution, process improvement and the function of service desk. The service level agreement process is often neglected since it can put strain on IT departments. Yet, the SLA process is highly dependent to the other processes. We present through Figure 7 the relationship between the SLA process and the other processes of ITIL framework [29].

Figure 7. Relationship between ITIL processes
Indeed, implementing ITSG processes t is not an easy job since its definition and role are not clear. This work aims to provide in this sense a comprehensive method for the control of ITSM components since the identification of service requirements phase up to the reporting of services. Even though there is an increasing amount of research dealing with ITSM, a complete ITSG ontology does not exist. As a result, creating a shared representation is needed of IT service control concepts and to show how these concepts relate to ITSM problems in information systems engineering.
The aim is to provide a machine-readable text for the ITSG domain model, which will be added to the technical literature. Second, to the scientific literature concerned with enhancing IT governance systems through a better understanding of their architectures. Similarly, the ITSG ontology's main goal is to represent ITSG domain concepts, their properties, and relationships, to create a shared representation of ITSG concepts among researchers and practitioners, to demonstrate how these concepts relate to ITSM problems, to make ITSG knowledge reusable in similar information systems engineering situations, and to support the development of new ITSG modes.
To meet these needs, the most widely used IT governance frameworks, COBIT and ITIL, have been integrated. COBIT practices are used for the audit and control perspective, while ITIL practices take the service management perspective. The objective is to distinguish control from management, as emphasized by COBIT V5. The ITSG ontology is formally developed according to the DSR approach. The proposed objects are designed using COBIT best practices (DS1: Define and manage service levels) and ITIL best practices (service level management). They were used to search for inconsistency, incompleteness, and redundancy in the safe applications. The inference engines Fact ++ and Pellet were used to verify the credibility.
While COBIT defines a set of key performance indicators for the DS1 phase, it does not specify how these indicators should be reported. The Jena Fuseki server was used to manage the ITSG SPARQL queries in order to validate the proposed ontological domain information. It turns out that with the proposed ITSG alternative, the COBIT DS1 KPIs can be calculated efficiently as shown in Table 1. This leads to the belief that a combination of ITIL and COBIT processes can lead to a substantial change in service quality and improved Business-IT service alignment.
By sharing ITSG knowledge, the expertise of ITG practices is used in the organization, and coordination between external providers and consumers is improved. The results are expected to contribute to the development of IT governance frameworks for use by non-specialized IT governance executives in companies, and to minimize the bureaucracy of IT executives. The proposed artifact may be a paradigm shift in how information management frameworks are integrated to meet the needs of organizations. By recognizing existing waste, ITIL and Lean IT practices can be combined to ensure that IT processes operate effectively, safely, and efficiently.

CONCLUSION
The problem of applying IT best practices to determine the contribution of IT investments to business value has received increasing attention from practitioners and academics in recent decades. IT governance has emerged as a response to this issue. Organizations must adopt the structures and processes necessary to ensure that only services aligned with strategic business objectives are approved and prioritized.
Adopting these processes, however, is difficult due to a lack of clarity in their meaning and function. This paper proposes an alternative to the ITSG system by presenting an ontology that has been formally constructed using the DSR approach and aims to formalize ITG knowledge. The aim was to clear up any misconceptions about the ITSG model implementation's intent.
The ontology scheme was designed and evaluated using the Protégé program. SPARQL queries on the JENA FUSEKI server successfully validated the proposed ITSG domain ontology. The obtained results reveal that the proposed ontology enables effective control of IT services and may result in substantial progress in service quality and improved alignment of IT and business services.