When I was reading documentation about the corporate governance of I.T., and I.T. service management issues, I wanted to try to imagine how it would be a model of enterprise architecture to be able to explain to the whole business area in its interior the difference between management systems and government; Because by mistake as we know is used as if they were the same and that is how the same COBIT 5 explains us.

We have the government standards of information technology (ISO 38500) and management of Information technology services (ISO 20000). On the other hand, we have the frameworks as COBIT for Governance information technology and ITIL for information technology services management.

Let’s look at the model of this distinction between government and management:

Note that in essence the words evaluate, direct, monitor do so both the strategy and the tactical part. The difference in that sense is the roles. While the strategic part defines WHAT strategy must be met, run by the coordinators and business units responsible for different areas. In the tactical part these coordinators and business units should make possible what you want for the strategic part in HOW to execute the strategy through its corresponding areas of operations.

Directors have various objectives: motivations, regulatory constraints, growth objectives, business-enabling objectives, requirements, business changes among others; For this reason, the coordinators and business units make it possible for the company to be directed towards this fulfillment of these objectives and manage them.

We could extend this model if you want, already placing the specific needs of the company and /or also the particular strategies; In the same way place the specific actors to realize the mission and business vision that are directly related to the business goals, in order to reach a model distinction between those who govern a strategy and who execute a business strategy.

I extend the Model a little more with generic elements that could be part of the suggested model. This model can be useful especially to explain who is running a business strategy, with specific needs:

Note: Now it looks more like a model that we are accustomed to seeing in I.T.; Especially if we see it as enterprise architecture.


I am going to try to use this model to see how it could establish that connection between the corporate governance of the IT. and a specific Information Technology service management system. It will not be fully developed because for that you need a specific business and real need; Here it is splitting with elements that already exist to facilitate the visualization and creation of the schema:


If in a company it want to improve its customer service and for this you must renew your ISO 20000 certification, in the area of I.T., consider these elements for the system of Government:

  • – The corporate strategic plan.
  • – The course that indicates the strategic plan, the specific strategy of I.T., to alienate the area of information technology with the business.
  • – The financial, human and budgetary resources, among others that support the achievement of these objectives.
  • – A Director of Services for A.I. (that area within) that must create a specific plan as part of its functions.

Now, for the management system these are the most relevant elements

  • – The management process of the I.T.
  • – Collaboration with allied channels/outsourcing of I.T. helps
  • – The specific capabilities of the I.T. services management processes that will be measured through KPI.
  • – Service management specialists to operate; Leaders and technicians.
  • – In this area I must manage the specific risks, requirements such as ISO 20000, evaluations to the area, as well as specific goals for the area of I.T. Security should also be managed.

Being a COBIT 5 implementer, I must say that the difference between government and management has widened, adding elements that are important to the area of government system and to the area of management system using really useful elements of enterprise architecture.

Conclusion: Evaluating, directing, monitoring is very little to differentiate and separate management governance and much more than a distinction of business roles and responsibilities.

PS: It could also do this exercise also with a specific enterprise risk system, quality management systems, security management systems, among others. As to the liking of the enterprise specific need.

If you want to know how to implement a governance framework for information technology, contact me here.