Digital Transformation of Public Sector Governance With IT Service Management–A Pilot Study

Information Technology or IT is a combination of technology itself and a collection of IT services that ensure the effective implementation of overall Information Technology in an organization. Like other services, Information Technology Service Management (ITSM) has become a global subject because managing IT is only possible through efficient and effective ITSM protocols. A well-implemented ITSM delivery system improves the quality of IT services, which eventually enhances the organization’s overall capacity and output. Public service delivery is closely dependent on the quality IT services that can be acquired through ITSM. This research study reviews some of the established ITSM standards and frameworks like FitSM, ITIL, CobiT, and ISO/IEC 20000 and proposes a most suitable and sustainable tool and its implementation roadmap for the digital transformation of public sector governance. For this pilot study, a public sector organization (PSO) working under the Government of Punjab (GoPb) was selected. This study focuses on an important area that has not yet been adequately addressed, where ITSM delivery can produce tremendous results. This study contributes to academics and researchers since it discusses the selection and implementation of a service management system (SMS) for a PSO while focusing on its needs, requirements, and available resources. In general, the qualitative analysis methodology is used in this research study, and specifically, it can be identified as applied research. The data is collected through a questionnaire, and the results are shown and discussed in the later sections.


I. INTRODUCTION
Many organizations are facing IT regulatory issues in governance, management, and IT service delivery. These issues are mostly concerned with revenue, the assessment of acceptable risks, and the use of enterprise resources [1]. Studying the issues requires a conceptual framework that clearly defines duties and responsibilities. Generally, the ITSM standards and frameworks are complicated, and their implementation is considered problematic because the expertise and required The associate editor coordinating the review of this manuscript and approving it for publication was Justin Zhang . competencies are not available to understand the processes and procedures, especially for SMEs [2].
There is still a perception that IT is a technology to run computers and networks, but this concept is far from reality. Organizations offering IT as an additional service have become the reason for developing and implementing ITSM systems [3]. Organizations are now dependent on IT and related services, and for this reason, ITSMs are in high demand to cater to businesses' requirements and fulfil customers' expectations [4]. ITSM has become more of a practise than a theory used in various flavours in the IT industry and still requires a great deal of understanding to keep improving on the best practises [5]. Now, organisations are more interested in ITSM systems. Many companies focus on including IT services in their product line and providing value-added and quality services to their customers [6]. ITSM, in general, is a set of guidelines for managing the delivery of IT services based on best practices. An effective ITSM implementation ensures all or most IT services are standardized, documented, and supported to achieve the organization's objectives. Continual Service Improvement is an ITSM process that helps improve SMS processes. The improvement in the processes can also be made using the lean approach, which eliminates any waste and focuses only on the deliverable values. The lean methodology can be adopted at any time after careful analysis of the inputs and outputs of SMS [7]. A lean approach's basic purpose is getting work done effectively and efficiently while maintaining service quality, performance, and availability [8]. An effective ITSM supports the stream of the DPBR (demand → plan → build → run) approach that is used for the documentation and communication of the processes and can be a tool or enabler for lean approach implementation [9].
This study focuses on the digital transformation of public sector governance through the implementation of ITSM while focusing on its needs, requirements, and available resources. Qualitative analysis methodology is used in this research study, and specifically, it can be identified as applied research. The data for this study is collected through a questionnaire, and the results are shown and discussed in the later sections.
A. BACKGROUND E-Government refers to the efficient, effective, and transparent delivery of services to the citizens by the government without any intermediary channel. SMS has an essential role in effective E-Government service delivery. IT-Governance provides a reference framework for developing and implementing policies and regulations in Information and Communication Technology (ICT) [10].
Punjab is the largest province of Pakistan, and there are more than 300 administrative, attached, and autonomous bodies working under the GoPb [12]. The Punjab Information Technology Board (PITB), an autonomous PSO, is the custodian of IT infrastructure and related systems, including hosting data centres and managing official email IDs. PITB has initiated and successfully implemented many e-government projects in Punjab [13]. Our selected PSO is responsible for legislation, policy formulation, and sectoral planning in Punjab's power sector. The PSO, manages its operation through twelve attached and autonomous bodies, contributes significantly to mitigating the shortfall of electricity in the province of Punjab and has established several state-owned and facilitated IPP mode power projects under the China Pakistan Economic Corridor (CPEC) and IT is one of the key support areas that facilitates and ensures uninterruptable IT support to achieve the organization's objectives.

B. RESEARCH PROBLEM
The Government of Punjab has taken several initiatives to transform the delivery of public sector services into E-Government. Several projects have been implemented successfully, and many more are in the pipeline. The role of Punjab's PSOs is a building block in the E-Government setup. And these PSOs are facing more or less the same types of challenges and problems in the context of IT service delivery. E-Government heavily relies on the quality of SMS which is almost non-existent in the public sector of Punjab. A careful requirement analysis can also be helpful for the ITSM implementation in other PSOs as well. However, no new initiative in PSO is ever easy.

C. CONTEXTUALIZATION OF PROBLEM ADDRESSED
The key challenges and obstacles to maintaining quality IT services are lack of planning and other factors like people, processes, and technology [14]. About 80% of IT service outages are due to the people and process-related issues, and the rest are caused by technological problems [15]. When we talk about PSOs, we must understand that we are dealing with an organisation that lacks planning, makes poor resource allocations, fails to take responsibility, is slow to respond, and is especially resistant to change, all of which are common throughout the world. People working at PSOs are more interested in the ownership of processes than the output of those processes. The top management makes policies and procedures without taking the stakeholders or relevant professionals on board. A successful implementation of ITSM could have resulted in an overall improvement in the delivery of IT services, reducing overhead costs, and improving customer satisfaction, productivity, and delivery, but resistance to change elements is always observed in a PSO. This resistance and formal and complicated administrative processes make things more complex; therefore, undue delay and unexpected outcomes are observed most of the time [16].
ITSM implementation in an organisation is a team effort and requires effective inter-department coordination. The implementation and day-to-day work go together, increasing the workload on employees, which makes them restrained and unhappy while working late (ALBULESCU, 2020). Some common problems and barriers that resulted in a complete or partial failure of ITSM in PSOs are non-availability of support from the top management, complexity in applying ITSM standards, the nonexistence of technical know-how, and financial constraints [17].

D. OBJECTIVES OF THE STUDY
There are many standards, practices, and tools available for ITSM, but PSOs require special consideration due to their unique requirements and working style. The key objective of this study is to evaluate some popular ITSM frameworks and standards and to propose the best-fit tool and its implementation roadmap. The objectives of this study are: 1) to propose a sustainable and flexible SMS for a PSO 2) to implement the SMS with minimum possible human and financial resources 3) to develop a model with constant review and continual improvement The paper is organised as follows: a literature review on existing ITSM research work is summarised in Section II, and research methodology and study results are presented in Section III. Section IV covers the discussion part and ITSM implementation road map is in Section V and the paper is concluded in the last section.

II. LITERATURE REVIEW
The authors highlight that the organisations and businesses are rapidly transitioning from a goods-based to a servicebased economy [15]. Because of this, there has been more focus on IT services innovation and ITSM standards, which help businesses create, offer, run, and manage IT services to reach their business goals. Managing growth while lowering costs is a demand for digital businesses, but it's particularly difficult for IT infrastructure and operations. The authors concluded their articles by claiming that many IT firms have begun automating their repeated and recurring activities and are moving toward an opportunistic approach to automating their IT procedures. The authors especially reviewed the automation scope of ITSM from an ITIL process perspective and discussed the potential benefits and drawbacks of automation in the IT industry. Authors claimed that operation-related service processes (75 to 85 percent) have the greatest potential for automation. Furthermore, various elements contributing to an effective ITSM function are also part of the study. According to the authors, a systematic approach to evaluating IT processes is essential for a successful implementation in large-scale ITSM automation projects. An ITSM scope matrix was also created to validate the automation method.
The authors in their study state that ITSM considers a critical component of a company's IT development [16]. The ITIL framework was discussed in this case study to improve IT services, and a fuzzy ITIL (FITIL) technique for measuring service level management (SLM) was introduced. The author claimed that by using FITIL, a model can be developed for measuring ITSM in an organization. The study's goal was to provide better IT governance and recommendations based on current (as is) and expected results (to be). The FITIL technique assesses maturity levels using ITIL v3 best practises and compares them before and after the process improvement results on the questionnaire-based protocol. The current maturity level of every cycle of ITIL is used as an input for FITIL. The authors divided the FITIL into four stages: 1: fuzzification, 2: knowledge base, 3: inference, and defuzzification for each ITIL cycle, and there was an improvement at each maturity level, and eventually there was an overall improvement in the SLM maturity level. Based on the research work, the maturity level for continual service improvement can be identified by applying the FITIL approach.
The study conducted by the authors concluded that the evaluating an ITSM is difficult due to its complex evaluation procedure and size of implementation [17]. The study aimed to help ITSM practitioners define a comprehensive method for evaluating ITSM implementation. The ITSM evaluationrelated systematic literature review was done in the study on seven different academic databases. Several models for the evaluation of ITSM were considered based on content (what), context (who and why), and process (how and when) by adopting the Central Counterparty (CCP) framework. For evaluation, context, content, and process must be considered collectively. The study aimed to evaluate different approaches, and every ITSM evaluation methodology discussed can be used in conjunction with the others. Several issues were identified in the study's findings, and it was suggested that the ITSM evaluation should be applied to various units, processes, or case studies. The authors analysed a variety of literature and suggested that additional research should focus on two areas: first, evaluating various case studies for ITSM implementation and their outputs; and second, categorising ITSM evaluations in-depth based on various dimensions, perspectives, and themes.
The author seems convinced that with the growth of IT in public administrations, the expectations and demands of the citizens for high quality and performance in e-government services have increased [18] The author further stated that it has become extremely important for governments to improve public ITSM services and project management for E-government services while involving the IT administrator in the decision-making process. The authors examined the frequent challenges faced while improving the E-Government services. They analysed the root causes of why ITSM fails to deliver to its full capacity in terms of effectiveness and efficiency. In the study, the authors proposed a novel framework that consists of a theoretical model of public sector ITSM and a technological solution with a combination of ITIL and ISO/IEC 20000 that focuses on citizen demands and requirements. The authors integrated, managed, and coordinated three different frameworks in a way that can be measured and audited for ITSM processes and projects in E-Government services and ensures the most effective use and assessment for strategic decision-making. The validation of the proposed framework provides a useful example of the challenges for IT in government offices with complex structures in terms of IT process management to deliver high-quality E-Government services following international standards and citizens' needs. The results of the activities proved a tangible, measurable, auditable improvement in the maturity level of the process from levels 2 to 4. The author concluded that a significant improvement in the strategic decision-making process can be made through the theoretical model and technological solution.
The importance of ITSM highlights in the study as IT services based on ICT significantly impact the performance and potential of business processes that can generate significant business outcomes [19] ITIL and ISO/IEC 20000 are two popular standards for implementing ITSM and there are also several models for assessing the current level of quality of ITSM as well as guidelines for improving their quality. The study's objective was to examine the current degree of ITSM quality as per the standards of ITIL and assess the existing level of ITSM quality in an organisation using the Capability Maturity Model Integration (CMMI) for services. The authors claimed that the study's findings could help managers make decisions about implementing ITSM. According to the author, ITSM is a collection of procedures, methods, roles, and other activities used to deliver business value to customers via IT services. Businesses are becoming increasingly reliant on information and communication technology, which necessitates the provision of high-quality applications and IT services tailored to their needs. The author argues that the ITIL standard outlines how to establish ITSM practises and ensure they are continually improved. Furthermore, the study investigated and evaluated the existing quality level of IT service management practise for a consulting firm.
The investigation of the author elaborates that software selection is the prerequisite for a successful ITSM implementation and that its evaluation and selection is a complex and time-consuming activity [20]. The authors aimed to provide an approach that can be helpful for the selection of the right ITSM tool. A novel approach for ITSM software selection based on functional and non-functional requirements analysis, as well as a novel evaluation method based on fuzzy out-ranking, were proposed in the study. The proposed ITSM software selection method was divided into functional (services) requirements as defined in ITIL and non-functional requirements. The author created 46 different selection criteria. A unique Fuzzy Superiority and Inferiority Ranking (FSIR) technique was introduced and applied to the selection of ITSM software based on predefined criteria, and an IT services provider company was selected for the purposes of selecting and acquiring ITSM software. A numerical example supported the approach's applicability to the decision. The author claimed that this approach can help businesses find suitable ITSM software; nevertheless, it has the drawback that expertise and skills in the IT and ITSM sectors are highly required. This study aims to simplify ITSM implementation by providing a convenient software selection process.
The authors examine the adaptation of ITSM via ITIL in a local public sector organisation in Mexico related to the Local Electoral Institute (LEPI) [21]. They are many LEPIs in number and working in various states, and they are responsible for organising elections in each state of the country. The company's IT department is responsible for dealing with IT-related issues and improving projects that are particularly related to electronics and various other needs of the organization. The authors stated that most of the time the work is done as it arises by the users on an ad-hoc basis and there are no standard operating procedures (SOPs) available. Due to this reason, there is no specific mechanism available for executing, monitoring, and improving the system. The authors highlighted that the key problem in offering high-quality VOLUME 11, 2023 IT services is their adaptability to respond to unanticipated regulatory changes. And, that is the reason why having an IT strategy that aligns with the organization's strategic objectives is critical to ensuring continuous improvement in local democratic functioning. The authors claimed that there has been little research on the use of standards and best practises in IT. Still, the proposed methodology can be replicated and adopted in each country's 32 IT departments working for LEPIs. Implementing a best-practices-based approach allows an IT department to control its IT service delivery and adds value to its procedures by defining critical operations and offering a general vision aligned with the strategic goals of LEPI. Identifying the core functions, establishing new services, continuously altering and improving existing ones, or retiring those that were deemed obsolete is possible by applying ITIL in LEPIs. Applying a strategic methodology approach that allows for successful resource and information management will define critical aspects of an organization, particularly LEPIs whose processes must be entirely transparent. The authors described the methodology of ITIL implementation in various stages like diagnostics (strategic alignment, strategy phase), planning (service strategy and design), transition (service transition), and evaluation (service operations). The authors concluded that by adapting the proposed methodology, which was based on ITIL best practices, the IT department was able to achieve complete administration of IT services.
The authors in their research discuss the implementation of CobiT in an Indonesian educational institute called Universitas Negeri Gorontalo (UNG), where they implemented IT in the university's various operational processes [22]. The data was collected via questionnaires, observations, and documentation and determined the maturity level of IT services, mainly in the delivery, service, and support (DSS) areas. The authors found that the average maturity level of IT services was at level 3 (established), and they suggested that IT performance and services could be improved and upgraded within the scope of compliance, IT service application, and support. While analysing the gaps in the system, the authors found that the current maturity level of IT services within the process domains DSS01 through DSS06 showed the current average maturity level is at 3 (Established). It is the state in which all academicians have communicated and implemented IT service processes that have been carried out according to standard procedure and resulted in a positive outcome. As a result, the organisation improved its IT service performance, which includes policy, execution, and compliance, and it was suggested to proceed to level 4 maturity (predictable). The most significant gap is in the DSS03 (handle problems) domain, which has a maturity level of 3.26. The DSS06 domain, on the other hand, has the smallest gap, with a maturity level of 3.44. The existing gap in the DSS03 domain denotes a lack of understanding of the management process for IT service issues at all university levels. This is reflected by the inconsistency of user service quality and the roadblocks caused by personnel's poor knowledge inside each organisational unit. As a result, the overall evaluation of the IT service maturity level shows that the existing maturity level is far from the desired level, i.e., level 4. (Predictable).
The significance of the ITSM is also pointed out in the research study that says the organisations can gain a lot of value by improving their IT services [23]. A softwaremediated process evaluation technique with four phases is presented in the study to improve ITSM processes: process identification, process assessment, process capability measurement, and process improvement. To assess process capabilities, the international standard for process evaluation was used. This strategy was tested at two Australian companies and found to be effective at a US foreign exchange trading firm as well. The authors claimed that this method can be used to self-assess processes transparently. The research mainly focused on the lack of transparency and high costs of conducting regular and repeatable process assessments in IT organizations. The authors introduced the SMPA (softwaremediated process assessment) method to help organisations self-assess their processes for improvement using a Design Science Research (DSR) approach to address the problem. Process identification, process evaluation, process capability measurement, and process improvement are the four steps of the technique. Process selection technique, online assessment survey, process attribute rating, and assessment report are all included in the SMPA approach. The SMPA approach facilitated continuous IT service improvement through transparent assessment. To determine the usability of the SMPA approach, evaluation trials were undertaken at two IT service providers. Overall, participants said they found the online assessment survey to be reliable and effective. Although the SMPA approach was usable in the context of the trial organizations, the trials revealed several enhancements to the method's usability. The usability issues had also been solved, and the SMPA approach was then used in a high-volume foreign exchange trading industry with two rounds of assessments over a year to improve an ITSM process.
The authors in their study state that the catalogue of IT services or IT Service Catalogue (ITSC) is a system that categorises the specified IT services inside a business, and several issues came to the surface while creating a service catalogue for a public sector organization [24]. The study's objective was to determine the current state of catalogue management in a government organisation from the perspective of the employees working in different sections or departments as well as in IT. This research work was based on a field study and surveyed 45 employees of an organisation from top to bottom. The employees were selected from 22 different organisations in the Manab, Republic of Ecuador, public sector. This study aimed to identify: a) the professional profiles of the employees working in various departments in an organization, b) the standards, demand, management, and IT service management of government organizations; and c) the implementation of an IT service catalog. The most prominent finding was that most of the organisations did not implement their IT service catalogue for the government's specific applications of legislation or regulations. The authors claimed that the academic training of employees working in IT departments or other departments was insufficient for the ITSM to be implemented effectively. In such conditions, when most employees have degrees related to technological fields, most of them admit that they have not implemented the ITSC in their organizations. The study showed that ITSC is not required to build a proper ITSM but it is also highly concerning that the experts who have been in charge of IT departments for several years are not qualified in this subject. Because the ITSC serves as a foundation for financial planning, there is a link between the IT and finance departments. The collaboration of the IT and financial departments is a key component of the IT services portfolio. In future work, the authors want to improve ITSM in public sector organisations by coming up with a way to build and manage ITSCs automatically and in an effective way.
The authors in their research work say that IT planning activities in Brazil are being used increasingly in public sector companies because of increased demand, and companies are maintaining the high standards for their IT services [25]. The goal of the research was to see how ITIL contributes to managing the Brazilian National Institute of Cancer model by implementing CobiT for IT governance to measure the organisational outcome concerning the quality of IT services. For this purpose, the authors used a qualitative field research model and were interviewed to evaluate their findings. Regarding the initiative to improve the administrative processes, the strategies have been classified as concurrent. The key result was that ITIL and CobIT are useful for enhancing the institution's IT governance efficiency. The interviews revealed that implementing ITIL's recommended service management techniques required a cultural shift. People were hesitant to do things differently than they had in the past. As a result, to impact change, senior management assistance is required. From the perspective of the CobiT implementation as a category of analysis, the results showed that there were points requiring adjustment between the ITIL implementation strategy and the organisational management model. The study's findings encouraged the development of new metrics for measuring the degree of alignment between IT and institutional strategic goals. It was anticipated that developing these markers would allow a more precise measurement. Some issues were raised more frequently, such as the lack of standard procedures and processes, even though a tool for managing the IT service with a knowledge management system had previously been implemented to formalise work routines. When it came to the initiative to improve administrative processes, people were more likely to work. Despite operational irregularities, several procedures had been identified that were better than before. The authors concluded that ITIL and COBIT are equally relevant for completing the IT governance task, except that the governance framework includes indications that are not included in the service management library. The study was conducted for the Department of Technology of the National Cancer Institute. The authors proposed an identical implementation plan to be replicated for several other hospitals using ITIL.
The authors in their research argue that increasing demand for Information Systems (IS), which rely heavily on IT, requires enterprises to implement ITSM frameworks [26]. The advancement and complexity of new IT technologies, products, and deployment methodologies have created a major problem in managing and ensuring the availability of an IS. The authors identified that, due to the complexity of their environments, IT organisations manage them through silos or technologies that prevent them from achieving the required environments and leave room for failures. This study sought to investigate and identify these challenges, as well as to provide an IT management framework that can assist IT firms in effectively and efficiently managing their information systems. As outlined in this search study, there are few IT infrastructure solutions and components available to enable or boost IS availability. The authors said that the ITSM frameworks and architectures also ensure the IS and IT infrastructure are constantly available. Each defines the assistance needed by deploying IS and IT in organizations. After conducting a thorough study, the authors found that, in addition to all existing ITSM frameworks and architectures, no solution exists that focuses on ensuring a holistic picture that encompasses IS, IT, ITSM, supporting areas, and management tools. It's critical to have a holistic view of the environment that can be managed and aligned with the IT organization, and the authors identified four challenging factors: awareness, accuracy, completeness, and manageability. The study presented a holistic IT management framework that will address the challenges found in this study while ensuring those four aspects. In future work, the authors suggested developing a prototype to demonstrate how the described framework will solve the problems and handle the four challenges preventing the availability of IS.
The study conducted by the authors reveals that in COVID-19 situation, organizations, including higher education institutes (HEIs) have been facing the problem of enhancing their strategy, ensuring the achievement of their mission, and fulfilling their objectives [27]. As a result, the top management of the HEIs is attempting to find appropriate ways for maintaining educational activities remotely. The authors emphasised that there is a need for ambitious leadership to inspire the public to achieve the educational institutes' objectives as well as skillful managers who can help the institutes accomplish the institute's objectives and goals. Academics are increasingly focusing on leadership and management issues, and it has emerged as a crucial method for expanding an organization's capability. In a time pandemic like COVID-19, establishing a leadership and management style would remain a big challenge, and a significant amount of human, financial, and material resources would VOLUME 11, 2023 be required. The authors presented a solution based on a quality-oriented approach emphasising processes, responsibilities, and service management.
The significance of the ITSM was also highlighted by the authors in their study that says ITSM has become the most widely used management strategy for delivering IT services worldwide [28]. However, it is still unclear which mechanisms and strategic settings an ITSM can use to improve the outcomes of IT operations and services. In the study, the authors hypothesised that ITSM capacity contributes to IS effectiveness by maintaining the alignment of the IS functions with the business and is dependent on organisational IS strategic conservatism. According to data collected from 256 companies, direct effects from ITSM were mediated by IS-business alignment and increased by IS strategic conservatism. The authors concluded that despite the widespread use of a service-centric approach to ITSM, research has largely ignored how and when ITSM capabilities improve the effectiveness of an IS function and add value to the business. The authors further claimed that ITSM capacity improves IS effectiveness both directly and indirectly by maintaining an alignment of the IS function with the business. When a company's IS approach is more conservative, the direct effect (value facilitation) is stronger. The findings showed that the value co-creation and value facilitation mechanisms coexist in the service interactions, with the balance depending on the IS strategic framework. The findings of this study were the first step toward enhancing the research of the service domain for the IS which is constructed from the existing and established IT service strands and best practices.
It is concluded by the authors that many ITSM tools are available to facilitate organisations in implementing ITSM, however, because these tools are complex, difficult to apply, and overlap, enterprises will find it much more challenging to implement them all simultaneously [29]. In this research, the authors suggested developing a novel model for implementing an overlap-less maturity model by considering the problems and challenges mentioned above. Experts from five different organisations implemented and evaluated the model. Project management (PM) experts recognised the novel model as useful and helpful. The study aimed to develop an artefact that will aid enterprises in multi-framework adoption by removing overlaps among IT frameworks. To achieve this, the authors took one of the most important IT processes, project management (PM), and created a PM MM (maturity model) with no overlap. The artifact's authenticity was proven after it was applied to and evaluated by five organizations. The authors claimed that the novel approach verifies and strengthens the problem of IT framework overlaps that have been raised in previous research. 46 activities were found to be areas of overlap among the chosen IT frameworks from the 349 PM activities. At least two of the three IT frameworks examined in this study contained about 15% of all activities. The artefact was deemed valid and completed by all interviewers. The PM experts acknowl-edged the suggested artefact as applicable. They agreed that establishing an IT framework is complex and that having a mechanism to assist them in ITSM implementation by applying a multi-framework would be highly beneficial. ITIL was used in four organisations out of five, which is 80% of overall ITSM framework implementations, whereas CMMI was implemented in the fifth company, which is 20%. The gap found in the study was that when analysing the remaining IT processes in different organisational circumstances, the predicted outcome may vary. The authors were convinced that creating an integrated model that can encompass most of the implemented IT processes might be very valuable and demanding, which is why this research should be continued. The authors suggested that future research may evaluate the model at other firms and, as a result, design similar MMs for the remaining IT processes.
In their study, the researchers discusses about a model that is a combination of ITIL and Business Process Model and Notation (BPNM) [30]. The authors stated that improvements in operations and tasks can result from good business models in any public or private sector organization. By applying the BPNM approach, an organization's internal process can be presented graphically and communicated properly for better understanding. The authors presented a model of the National Superintendence of Public Registries (SUNARP) of the Republic of Peru, which is a public entity where several problems have been identified, like long waiting times for users, non-compliance in operations, managing incidents within the organization, and the non-availability of monitoring of services to the users. The proposed framework presented in the study claims 10 distinct differences in IT incident management when it is modelled with escalation and change management subprocesses, which allows a significant improvement in business processes. ITIL best practises and faults in the service can be recognised and fixed, allowing the care process to be completed in less time.
In the study the authors discuss a software company that is induced to provide quality services to its customers and their existing patchwork-based IT service system causing problems in managing the service catalogue (SC), problem management (PM), change management (CM), and service level agreements (SLA) [31]. The authors considered a service helpdesk system implemented through the ITIL framework to solve service-related problems. A baseline was defined, and some critical gaps were identified, like the fact that the service catalogue isn't available and there is no record of services available to the customers; that there is no prioritisation of problems; that sometimes less important tasks are completed while important ones are put on hold for no reason; that change management is not recorded correctly, which causes the complete outrage of IT services; and that problems are not properly defined in SLA. To cater to the problem, ITIL was implemented in the company, and a significant improvement was recorded in the quality of IT services. Table 1 gives a summary of the research papers that were chosen for the literature review.

III. RESEARCH METHODOLOGY AND STUDY RESULTS
In general, the research methodology used in this study can be classified as qualitative analysis [32], but it can also be identified as applied research because we reviewed various established ITSM standard frameworks and standards and proposed the most appropriate tool and its implementation roadmap as per the objectives of this study. Various steps that have been taken for this study are shown in Figure 2.

A. LITERATURE SELECTION
For literature selection, we adopted the PRISMA methodology to make a systematic review of the existing research in the field of ITSM [33]. Through the PRISMA methodology, we divided our literature selection criteria into four steps: 1: identification, 2: sc:reening, 3: eligibility, and 4: inclusion.    In the first step, we searched and identified the existing studies published in various journals and conference proceedings. We used databases, article repositories, and other resources like Google Scholar, IEEE Xplore, SpringerLink, Emerald Insight, ACM DL, Researchgate, MDPI, and Academia. The terms we used to refine our search were: ''IT Service Management'' AND ''corporate organizations'' OR ''public sector organizations'' AND ''implementation'' OR ''systematic literature review'' OR ''comparative analysis'' OR ''selection'' OR ''success factors'' OR ''case studies'' OR ''opportunities'' OR ''challenges and obstacles''. The second step was screening the articles previously found and selecting the research studies with relevant objectives that had been published in the last five years in reputable journals and conference proceedings. The eligibility, inclusion, and exclusion criteria were applied in the third step for further refinement. In step four, we were left with the research studies that were screened, eligible, and included in our study. The selection criteria for inclusion and exclusion of articles in our study were applied to the papers found during initial searching and presented in Table 2.
The process for literature selection was done through PRISMA. Figure 3 shows the PRISMA flow diagram, in which we initially selected 114 (112+2) articles for our study. Based on the screening criteria set before, 55 articles were removed. We were left with 59 articles to review, and by applying inclusion and exclusion criteria, another 42 articles were removed. Finally, 17 articles were left and are included. Figure 4 and Table 3 show articles published by year.

B. IDENTIFICATION OF IT SERVICES AND GROUPS
To identify IT services in the PSO, we conducted interview sessions with the IT resource persons of three entities. The three entities were selected based on the maximum number of employees, the minimum number, and the average number of employees. In the interview, a general structure of the IT setup in the organisation was explained, and further, we discussed the various IT services in these organizations. After an initial assessment, we found that these entities work along identical   lines with minor differences depending upon the type and nature of the organization. For example, the Accountant General of Pakistan (AGP) provides back-office support, and all accounting and financials are done there [34]. Therefore, most organisations don't have a computerised accounting system, or ERP, installed. All transactions with supporting documents are sent to AGP for a pre-audit and then onward processing for payments. Most of the entities don't gener-ate revenue and rely on public funds transferred to their accounts from the AGP or Treasure Office (TO). Autonomous organisations that work independently use ERPs for financial, logistics, HR, and other services. Internal and external communication is done through the internet, email, phone, and fax, and all entities are equipped with various equipment for the online meeting. Hardware, software, legacy system support, and IT-related procurements are standard and available across all entities. Some entities have developed or purchased supporting systems to facilitate them in their core areas of responsibility, and some of them are supported by PITB, which develops customised applications to facilitate them as an added support system. We have found that almost all entities use the time and attendance system developed by PITB, which is connected to the main server in PITB's data center.
The entities with a web presence use Content Management System (CMS) Drupal to develop and maintain their websites. PITB supervises the overall CMS portal and also provides data centre facilities to PSOs for website hosting. Based on the interview and assessment about working styles and IT services in the PSO, twenty most common IT services are identified and then grouped them into eight groups. Each group has multiple services, and each service will have different processes, all of which will be recorded in the Service Portfolio Management (SPM) of the PSO. The main and sub-groups of IT services available at the PSO are shown in Table 4.

C. DATA COLLECTION
To analyse the existing IT setup and further evaluate the right ITSM tools and implementation roadmap, we designed a structured survey questionnaire to collect data from the PSO. The PSO oversees 12 attached entities, for a total of 13 administrative, attached, and autonomous bodies. The questionnaire was based on the different types of contingencies, open and close-ended questions, and six parts, as shown in Table 5. 7 working days were given to respond; during that period, we were continuously in contact with the entities. We replied to several queries. After 7 days, in total, we received all 13 responses. All the information received was entered into an Excel sheet to perform statistical analysis, and the results are presented in the next section.
Results: The compiled results are shown here in Figures 5-18 and discussed is in the next section.

D. EVALUATION OF ITSM TOOLS AND FRAMEWORKS
There are several tools and frameworks available that define the standards and IT service lifecycle for the improvement of processes, like FitSM: a lightweight ITSM framework; ITIL: widely used for delivering ITSM; CobiT: an IT governance framework; and ISO/IEC 20000: an international standard for managing and delivering IT services. These frameworks are used to implement and improve IT governance by applying best practises for ITSM. Figure 19 shows different ITSM frameworks and standards as a preferable choice for IT professionals to support ITSM delivery services.

1) FITSM
FitSM is a lightweight, open-source, and easy-to-implement ITSM tool that is suitable for any type and size of organization. FitSM was created by the IT Education Management Organization (ITEMO), a partnership of specialists in the field of IT management [36]. The main appealing feature is that it is lightweight and open source, and it is licenced under the Creative Commons License, so it is freely accessible [37]    and compatible with ITIL and ISO/IEC 20000-1 [36]. FitSM has six parts that cover ITSM standards. FitSM 0-3 are the core parts, samples, and templets; FitSM 4 is imple-  mentation guidelines; and FitSM 5 is maturity and capability assessment tools [36]. FitSM requirements are grouped into two types: general requirements and process-specific requirements. General requirements are seven in number and covered in the first part, whereas 14 process requirements are grouped under process-specific requirements. FitSM    provides a basic framework for ITSM implementation in an organisation [37]. FitSM is compatible with ITIL and ISO/IEC 20000 and provides a strong platform for ITSM practises to expand the approach into other best-practise models. FitSM-6 self-assessment and Maturity and Capability Assessment scheme that leads to quick and more visible results and success within a short period. The core goals and activities of FitSM are to provide a lightweight ITSM implementation for the management of IT services in an organisation [38]. FitSM also provides a way forward for   boosting the ITIL implementation program. The structure of FitSM is shown in Figure 20.

2) ITIL
ITIL is the most widely used ITSM framework worldwide. It was introduced by the Office of Government Commerce (OGC), UK, and covers all required processes of ITSM and is truly focused on service design, transition, and operation areas [39] In the recent past, ITIL has been adopted by many organisations to ensure effective and efficient control over  IT service support and delivery. The ITIL framework's best practises enable documentation and continuous improvement of ITSM processes [40]. ITIL provides comprehensive standards for setting up and managing ITSM and has three parts: 1) General Management Practices (14 practices), 2) Service Management Practices (17 practices), and 3) Technical Management Practices (3 practices) [41]. This ITSM standard also focuses on continual service improvement. ITIL v4 is the most recent edition, published in February 2019. ITIL is widely implemented worldwide, and now organisations look forward to improving their processes to become more efficient in fulfilling customers' needs. Lean methodology is getting popular in process improvement as this approach helps identify and eliminate any unnecessary waste within the processes [42]. This framework is perfectly compatible with ISO/IEC 20000 and can fulfil ISO 20000 requirements with relative ease. Figure 21 presents the 34 management practises grouped into 3 categories.

3) COBIT
CobiT was developed by ISACA for IT Management and IT Governance and is also very popular in the IT service-  related industry. CobiT 5 defines a set of generic processes and categorises them into two main areas: 1) IT Governance and 2) IT Management. These two areas are further divided into five domains and 40 processes [43]. CobiT framework is based on best practises that ensure effective governance and management of an organization's IT resources and has been established as a globally acceptable framework focusing on control functions of IT management. CobiT is used to plan, implement, monitor, and evaluate IT governance through the collaboration of control objectives, audits, policies, procedures, and maturity models [3] Areas, domains, and processes are covered by CobiT as explained in Figure 22.

4) ISO/IEC -20000-1
Another popular international IT service management standard is ISO/IEC 20000, which was introduced in 2005, revised in 2011, and then implemented in 2018 [44]. It has 13 parts, and some of them have been withdrawn. The ISO/IEC 20000-1, or Part 1, Service Management System Requirements, covers an organization's overall requirements to implement ITSM. Part 2, Guidance on the Application of Service Management Systems, describes the best practises that the industries have adopted. This part also discusses the customers' needs and explains any acceptable risk. For the achievement of this part, Part 1 provides the foundation without any further or extra requirements. The ISO/IEC 20000 standard was originally developed to replicate the best practises of ITIL. Since ITIL provides only recommendations, ISO/IEC 20000 provides the standards and specifications for SMS and focuses on aligning requirements and delivering IT VOLUME 11, 2023 FIGURE 20. FitSM parts [35].  services. Figure 23 explains the different parts of the ISO/IEC 20000 model for the service management system.

5) COMPARISON OF ITSM TOOLS
An effective and efficient ITSM requires an in-depth understanding of IT services and processes. Further, selecting the right tool to cater to some specific technical and non-technical requirements requires a comparative analysis against the given parameters. In the above sections, we have reviewed and discussed four well-established ITSM standards and best practices: FitSM, ITIL, CobiT, and ISO/IEC 20000. In Table 6, we presented a comparative analysis of different ITSM standards and frameworks based on this research study's objective.

IV. DISCUSSION
The information related to ITSM frameworks and standards was collected in the previous sections to understand the merits, demerits, purposes, usefulness, difficulty levels, limitations, suitability, etc. of each of the four ITSM tools. The cost  of ITSM implementation in terms of time and resources and the complexity level of each ITSM tool were also carefully analyzed. Finally, a comparative analysis was done and is presented in Table 6 in previous section.
The compression is based on some key features of each standard and best practises that are important in fulfilling the objectives of this research work. FitSM, a lightweight standard for ITSM, is the best choice for SMEs and is comparatively easy to understand and implement. Its complexity level is not as high as that of the other three tools. and it is fully compatible with ISO/IEC 20000 and ITIL. Whereas ISO/IEC 20000 is less complex than ITIL, it is still a standard for organisations to demonstrate their compliance with standards, and in PSOs, there are no such requirements. CobiT is also a useful tool and supports medium to largescale organisations where IT works in a major stakeholder capacity. In most of the PSOs, IT is a minor stakeholder, and implementing CobiT firsthand could be a great mess. FitSM provides a ground-level ITSM framework with the option to expand to the next level, which is the best ITSM tool for a POS. Figure 24 presents an analysis done by Forbes Insights on the implementation cost of three out of four ITSM tools in terms of time and resources and also shows their complexity level.
The FitSM is designed using a process model, which is derived from common ITSM best practices [46]. Its implementation is divided down into seven general requirements and 14 process requirements, totaling 69 processes. FitSM. All features available in FitSM also satisfy the objectives of this study, therefore, we recommend FitSM for an implementation in our selected PSO.

V. FITSM IMPLEMENTATION A. IMPLEMENTATION PREREQUISITE
A positive approach to ITSM will help IT become an enabler of the digital growth of an organization. But implementing ITSM in an organisation and successfully generating results is not always enough. It's a teamwork-oriented practise in which business and IT teams work together to produce desired results from the ITSM functions and processes and cater to the requirements of the businesses, as the ITSM implementation in PSO is a challenging task [35].

1) SUCCESS FACTOR
ITSM success is determined by technology, processes, and people. VOLUME 11, 2023 Technology: Technology supports people in their roles and increases process effectiveness and efficiency. Ticket tools and templates are examples of technology used for effective ITSM implementation.
Processes: Well-defined processes are a set of defined activities that are performed to get desired outputs.
People: FitSM Part 3 covers the role of people involved in ITSM. Their responsibilities, skills, and awareness are considered important aspects. The FedSM defines the roles of people, which, as per our proposed implementation plan, are defined in Table 7 below: 2) CAPABILITY AND MATURITY MODEL FitSM-6 provides a self-assessment tool called the Capability and Maturity Assessment Scheme, in which two types of capability and maturity assessments are defined. This assessment scheme helps measure an organisation's overall health in SMS. In FitSM, the capability of every single process is evaluated, whereas the maturity level test applies to the overall quality of ITSM. FitSM has five capability and maturity levels (0-5) as described in Table 8 but addresses only 0-3 for the purpose.
After a detailed analysis of the results based on the questionnaire, a baseline is defined for capability and maturity levels, and phase-wise implementation of FitSM is recommended. In the first phase, only the operations and controls group will be implemented, with proposed capability and maturity levels as shown in Figure 25.

B. IMPLEMENTATION ROADMAP
The FitSM process model has 14 process requirements as shown in Table 9, and these processes are grouped into two further sub-groups: planning and delivery-related processes and operations and control processes. FitSM's 1-8 processes are related to IT service planning and delivery, and in public offices, there are no such services available to the public. So, for the implementation of FitSM, process 1 is related to the Service Portfolio Management (SPM) to document the service groups, services, and service sub-processes, and processes 9-14 are needed for IT operations. Further, some SOPs are also discussed in the implementation roadmap. Table 10 defines a responsibility assignment or RACI matrix, which describes the roles and responsibilities of the people involved in the activities, and tables 11 through 17 present the process implementation plan.

1) SAERVICE PORTFOLIO MANAGEMENT (SPM)
The SPM is responsible for ensuring that all appropriate services required to mitigate day-to-day needs related to IT are documented in the SPM. All IT-related services and subservices in the PSO will be updated in its service portfolio, which will be updated from time to time.
Goals: SPM is a kind of support for selecting, provisioning, and managing all important services that can ensure and add value to the business.

2) INCIDENT SERVICE REQUEST MANAGEMENT (ISRM)
ISRM is responsbile of dealing with incidents that are the root cause of overall service deterioration and/or service outages. Service restoration in the shortest amount of time possible with the least amount of disruption to internal customers Description: The procedures are clearly defined and documented on how to handle incidents or service requests, and further, all roles and responsibilities are also clearly defined and documented. Goals: 1) Developing Standard Operating Procedures (SOPs) for handling incidents or service requests; 2) Identifying and classifying an incident or service request; 3) Resolving an incident or service request Target Capacity: Level-03 (Defined) Triggers: Any event that happened and was reported through an established communication channel, like phone, fax, email, or in-person Procedure: The procedure has several steps to log, classify, and prioritise an activity or event that can be further classified as an incident or service request Step 01: The process manager (PM) will be informed about an event generated through any established communication channel and triggered as defined Step 02: The PM will further investigate if the event is an incident or not: • if the event is an incident, he will move to step 3, • If it is not an event, he will use the procedure as defined in [ITSM-SOP-003-ServiceReq] and it will be considered a service request Stop 03: PM will log the event and consider: • checking if multiple users have reported the same incident to avoid duplication in logging the incident, • PM will put basic information that may be required to process the incident, like date, time, a brief description, the expected compilation time, and the details of affected users, hardware, software, the network, etc.
Step 04: Once an event is logged, the incident or service request will be classified under the service group, service name, and service sub-process name as defined in Table 4 (IT Services and their classification) Step 05: The incident will be prioritised as: 1: critical, 2: high, 3: medium and 4: low.
Step 06: The PM will determine whether the nature of the event is a major incident or not: • if the PM categorises an event as a major incident, he will follow the procedure as defined in [ITSM-SOP-005-MajIncident], and here, this procedure will be halted and no further action will be taken, • if the PM determines that the event is minor and does not fall into the major event category, then move to step 7.
Step 07: PM will check the incident in the Known Error Database (KED) to see if the same incident has occurred in   the past, what solution was provided, and how long it took to resolve and close the event. It will be checked further: • if the incident requires escalation, move to step 8, • if not, move to step 10, • if an incident does not require escalation but requires the implementation of some changes or replacement, then he will follow the procedure as mentioned [ITSM-SOP-006-ChM] and move to step 11.
Step 08: After the PM's initial assessment, the PO will examine the incident and evaluate any possible solutions as recommended by the PM: • if no solution is found and the incident requires further escalation, the SO will review the solution suggested in the output of step 08, • if the solution is found and no further escalation is required, move to step 10, • if the problem can be solved without escalation but requires a change or replacement, he will follow the steps in [ITSM-SOP-006-ChM] and move to step 11.
Step 09: The SMO will present and analyse the incident. SMO will also add input into the incident and will look for any possible solution by keeping in view: • if the solution does not need any change or replacement, then move to step 10, • if the solution needs to implement a change, then follow the procedure [ITSM-SOP-006-ChM] and move to step 11.
Step 10: All of the activities required to resolve the incident and restore service have been completed. The following VOLUME 11, 2023   activities would be performed by the person who is managing the activities: 1) The users will be contacted and their feedback will be solicited; 2) The incident will be closed or considered closed if there is no feedback from the user after a specified period of time, and no more than 24 hours.  Step 11: The incident will be closed by the person who resolves the incident after obtaining the response from the user, and if the user does not respond within a defined time, which is 24 hours, this would lead to the automatic closure of the incident.

3) PROBLEM MANAGEMENT (PROBM)
ProbM is responsible for avoiding the problem's reoccurrence and minimising the overall impact on the organisation of the problem or error. All information about the problem will be documented.
Description: The root causes of the incidents are investigated by an experienced person who has experience dealing with the incidents. The Known Error Database (KEDB) is also to be updated, and every incident will be added to the KEDB. This way, sufficient material will be available to avoid the reoccurrence of errors. Creating the KEDB, which will be created from scratch and updated during the problem management process, is an important process in ProbM.

Goals:
1) identify, document, and perform activities to prevent any reoccurrence of the same incidents, 2) identify the main cause of the incident. Target Capacity: Level-01 (Ad-Hoc)

4) CONFIGURATION MANAGEMENT (CONFM)
The ConfM ensures that all IT assets and Configuration Items (CI) and necessarily available and properly controlled. It is a kind of assurance that the working tools and equipment are always ready to resolve incidents and problems.
Description:ConfiM is not recommended as a way to control CI because there aren't many assets and CI that are related to configuration. Configuration Management Database (CMDB) will also be created and managed to record CI-related information and will be consulted for future use Goals: 1) identify, document, and control configuration-related IT assets and CI, 2) protect and supervise CI for their availability. Target Capacity: Level-01 (Ad-Hoc)

5) CHANGE MANAGEMENT (CHM)
During the change, the ChM makes sure that standard procedures and methods are used correctly, so that the work of the organisation is affected as little as possible.
Description: Well-defined and well-documented activities and procedures are available for handling the change, and the procedure is also defined to prioritise the changes.

Goals:
1) ensure that the changes are evaluated before implementation, scheduled and informed in plenty of time, documented, and that authorization has already been taken before their deployment, 2) ensure that the changes have been measured as per requirements, tested successfully, and reported after deployment, 3) ensure that all changes executed to the CIs are documented and recorded in CMDB, 4) make all configurations as simple as possible and perform them swiftly. Target Capacity: Level-03 (Defined) Triggers: Upon receiving a request for change Procedure: The following steps are followed for the implementation of ChM: Step 01: SO will make sure that the Request for Change (RFC) has been initiated, and the RFC will be registered, after proper approval, using the sub-procedure; 1) the SO must be aware of the RFC's origin and will be classified as a) problem management, b) new hardware, c) new software, d) new project(s), 2) RFC will be recorded into CMDB, 3) if the RFC is not an emergency, the PM will obtain authorizations within the due period,

4) emergency change will be initiated through: [ITSM-SOP-007-ChangeReqPriority].
Step 02: An emergency or priority change will be assigned as; 1: High, 2: Medium, 3: Low Step 03: The PM will assess the change for: 1) the impact of the change; 2) the risk of the change.
Step 04:Any approval for change will be obtained from the PMO.
Step 05: Approved changes will be communicated to the release and deployment Service Owner (SO) to build and test the change.
Step 06: Upon confirmation, SO authorises the deployment of the change.
Step 07: After the implementation of the changes, the PM will review the changes and ensure that the changes have been implemented correctly and solve the requirements.

6) RELEASE AND DEPLOYMENT MANAGEMENT (RDM)
The RDM is responsible for planning and scheduling the new releases while keeping the existing services intact. Requirement analysis and evaluation of new releases are also covered in this domain.
Description: Plan, schedule, build, test, and deploy new approved releases. Goals: 1) planning for the new release and deployment, 2) ensuring the new release does not halt or interrupt the existing services. Target Capacity: Level-01 (Ad-Hoc)

7) CONTINUAL SERVICE IMPROVEMENT (CSI)
The CSI suggests improvement in all main and sub-processes, looks for opportunities, prioritises them, evaluates the outcomes, and finally approves them. CSI is also responsible for VOLUME 11, 2023   aligning the current services to continually improve according to the organization's needs. CSI finds ways to make the services better, ranks them in order of importance, and writes them down. These ways must be evaluated using a clear set of steps.
Goals: 1) look for improvements in processes and activities, 2) look for strategy and design in defining new services and activities. Target Capacity: Level-02 (Repeatable)

VI. CONCLUSION
ITSM standards and frameworks are a set of best practises for handling IT services in an organization. In this research study, we discussed, analyzed, and evaluated four popular standards and frameworks and found that each one has strong points that distinguish it from the others. While planning, designing, and implementing ITSM, complete knowledge of the particular domain must be kept in mind. Our key consideration during selecting the best tool and proposing the implementation roadmap was an expected reluctance to change the behaviour of the employees. Therefore, any stronger and more popular tool could have resultantly failed during its initial implementation phase. A flexible system is always considered good for an organisation lacking expertise. Keeping in view the specific requirements and organisational structure, FitSM, a lightweight ITSM toll covering the maximum requirements, is the most suitable one for the PSO. It requires less expertise, is easy to implement, and is free. We also proposed FitSM's implementation roadmap to streamline the IT services in the PSO. The constant review and continual improvement of ITSM were also discussed and are part of the implementation strategy. ITSM standards and practises have become more complex and laborious to implement from scratch. However, automating IT services, establishing processes and documentation, and defining tasks and responsibilities are advantageous for planning, monitoring, and evaluating the overall health of IT in an organization. As stated earlier, POSs work under the same principles, and their IT-related services and requirements are more or less common. As a result, this implementation can be replicated in the GoPb's other 300-plus entities. Finally, we were able to achieve the objectives of this study, which were selecting the most appropriate ITSM tool and its implementation model for a PSO.

FUTURE WORK
IT Service Management is another promising domain within Information Technology that can lead us towards the highest level of IT service delivery. As compared to other areas, ITSMS has not been given due importance, and due to this, the quality of IT service delivery has become a challenge, even for the organisations that are superseding their competitors in terms of trained staff and availability of the latest technology. Unfortunately, there is not a considerable amount of literature and research work available. The ITSM domain still has potential and should be explored further because a state's digital transformation process heavily relies on IT and the quality of IT services, their timely delivery, and their ability to effectively and efficiently operate are critical. The PSOs work on identical lines throughout the work; therefore, an ITSMS pilot project with good requirements gathering, deep analysis, carefully planned implementation, and aggressive implementation can be concluded in multiple implementations simultaneously in the PSOs.