IT Governance: Comparison between COBIT and ITIL Abstract Has the purpose this paper to present A Practical Guide

to compare the Informati on Technology (IT) Methodologies Used into most corporate Organizations worldwid e. The case study is presented and Analyzed Through These Methodologies. The aim is to identify Characteristics That Are The Same or that are among Them Differe nt, and How Can These methods help to Increase the control and automation level of corporate processes. Furthermore, to establish "The Objective Has the relatio nship Between IT and administration / strategy processes. Summary This article aims to present a practical comparison between the methodologies fo r managing the Information Technology (IT) currently used by most companies and analyze a case study from the perspective of these methodologies. Seeks to ident ify the similarities and differences of these methodologies and how they can hel p increase the degree of control and automation of business processes, linking I T to the processes of strategic management and administrative organization. Keywords: Governance, IT, COBIT, ITIL. 1 Introduction It is basic principle of an organization seeking to run their internal processes and also the manner in which these processes with their suppliers and business partners, we can call external processes to the organization. It aims to identif y the interfaces between these processes, the company's areas of responsibilitie s, people and expected performance measured by indicators and targets. In most c ases, with defined interfaces, the clear responsibilities between the areas and performance measurement, organizations can achieve the ultimate goal of improvin g services due to increased speed and productivity. Firms often called the quali ty system to the set of processes controlled and many of them have specific depa rtments, independent, with a responsibility to address continuous improvement an d development processes. There are programs that reach the various levels of org anization, from the processes of operation and maintenance to the comptroller's administrative procedures and legal. Moreover, for a service company, there are two links in the chain of relationships that are the customers and suppliers, it is not possible to decouple business processes of interaction with their custom ers and business partners. The service level agreements are a way of managing th is interrelationship. The problem that presents itself is just that the improvement and development of procedures fail not because the business can always be improved in the organiza tion requirements, efficiency and degree of automation. For that, depending on t he size and profile of the company's business, there are commercially available, a number of methodologies that guide systems and training tools of empowerment, and promise to revolutionize the management system and the relationship between provider - company - customer . Reputable organizations can audit and certify c ompanies with respect to the efficiency of implementing some of these methodolog ies. Examples of methodologies available and widely accepted in the market, we c an mention: the COBIT [ISACA 2000c] to IT management by innovating and Technolog ical Governance ITIL [OGC 2002nd] that standardizes a number of operational proc esses and management also linked to IT. The goal is to create a system supported by standardized processes, possibly automated, that is understood and is availa ble to everyone in an organization that can be replicated and, in particular, al low evolution. The concept of Governance Technology, the word in English IT Gove rnance, states that IT is an essential factor for the financial and strategic ma nagement of an organization and not just support the business. Without it become unviable basic issues of corporate management. At the macro level, IT governanc e is precisely the integration and use of business processes supported by manage ment packs [ISACA 2000b], for example: Business Intelligence (BI), CRM (Customer Relationship Management), ERP (Enterprise Resource Planning) and SCM (Supply Ch ain Management). So Governance Technology is the methodology (and their integrat

ed processes) corporate management of IT resources. The purpose of this paper is to compare the various disciplines of the methodologies mentioned, through a ca se study of a company that provides technology services, verifying the applicabi lity of these methodologies in organizations: how they can improve the control a nd development of internal processes, which features can make Automation of thes e procedures and, ultimately, how they affect technology professionals at the op erational level. 2 COBIT and IT Governance COBIT [ISACA 2000d] - Control Objectives for Information and Related Technology - has the explicit mission to research, develop, promote and publish an updated set of international standards of good practice regarding the use of corporate I T managers and auditors of technology. The COBIT methodology was established by ISACA - Information Systems Audit and Control Association - by IT Governance Ins titute, an independent organization that developed the methodology considered th e basis of technological governance. COBIT functions as an entity establishes a standard and documented methods to guide the area of technology companies, inclu ding software quality, level of maturity and information security. The documents define the COBIT Governance Technology as "a structure of relationships between processes to direct and control a company to achieve corporate objectives by ad ding value and risk controlled by the use of information technology and its proc esses." 2 Governance Technology considers the area of IT not only as a supporting organiza tion, but a fundamental point to be maintained at the administrative and strateg ic organization. The central objective is to maintain processes and practices re lated to infrastructure systems, networks and devices used by the company. The a nalysis of these processes should drive the organization in the decision of new projects and how to use information technology in them, also taking into account technological developments, existing systems, integration with suppliers, custo mer service (internal and external), cost of technology and expected return . Th e need for systems integration and technological change are grounded in the proc esses of the methodology, creating audit and metrics for measuring the progress of activities of these processes. 2.1 Process Areas COBIT is organized into four areas to reflect a model for IT processes. Domains can be characterized by its processes and activities performed at each stage of implementation of Technology Governance. The areas of COBIT are: Planning and Or ganization: define strategic issues related to the use of IT in an organization, these various processes, including the definition of IT strategy, information a rchitecture, routing technology, investment, risk management design and quality. Acquisition and Implementation: defines the implementation issues of IT as the strategic policy and project pre-defined in the Strategic Plan for Information T echnology Company, also known as IDP (Information Technology Master Plan). Has a series of processes such as, for example, identifying automated solutions to be applied or reused in the corporation, acquisition and maintenance of systems an d infrastructure, development of procedures and mapping systems, installation an d management changes. Delivery and Support: define operational matters relating to the use of IT for assistance services to customers, maintenance and warrantie s relating to these services. The timing of these domains is after activation of a service and its delivery to the customer, who can operate or use the services of the company for outsourced operation. The files relating to this area deal w ith the definition of service levels (SLA - Service Level Agreement) management activities integrated suppliers; guarantees of performance, continuity and syste m security, user training, allocation of costs of services, management configura tion, data management, problems and incidents. Monitoring: defining the issues o f auditing and monitoring of IT services, from the point of view of validating t

he efficiency of processes and evolution of the same in terms of performance and automation. The processes of this area deal primarily of supervising the activi ties of other processes, the company made adjustments to ensure operational proc edures, collection and analysis of operational and strategic data for audit and control the organization. Besides the four main areas that guide the proper use of information technology in the organization, there is also the matter of the a udit for verifying, through evaluation reports, the level of process maturity of an organization. The audit method follows the model of the CMM which establishe s the following levels: None: means that the management process was not deployed . 3 Initial: The process is accomplished without organization, so unplanned. Repeata ble: The process is repeated so intuitive, that is, depends more on people than an established method.€Defined: the process is performed, documented and commun icated within the organization. Managed: there are performance metrics of the ac tivities, the process is monitored and constantly evaluated. Optimized: the best market practices and automation are used for continuous process improvement. Th e result of the report identifies the degree of progress of the organization tha t is valued in a concrete way, based on reliable auditing and market parameters. The executive summary of the report provides the following information: if ther e is an established method for the process, the method is defined and establishe d, what are the minimum controls for verifying the performance of the method, as can be made in the audit method, which tools and the method used to evaluate th e method for its improvement. Since then, the organization defines the goals, ie , the control objectives to be achieved. Figure 1 - The Four Areas of the COBIT Processes Business Objectives PO1 - Define a Strategic IT Plan PO2 - Define the Information Architecture M1 M2 Monitor Processes - Identify Internal Controls and Adequacy M3 - Obtain Indep endent Assurance M4 - Provide for Independent Audit PO3 - Determine Technologica l Direction PO4 - Define the Organization IT & Relationships PO5 - Manage the IT Investment PO6 - Communicate Management Aims and Direction PO7 - Manage Human R esources PO8 - Ensure Compliance with External Requirements IT Governance COBIT Monitoring Information PO9 - Identify Risks PO10 - PO11 Manage Projects - Manage Quality Planning and Organization DS1 - Define and Manage Service Levels DS2 - Manage Third Party Services DS3 - M anage Performance and Capacity DS4 - Ensure Service Continuity DS5 - Ensure Syst ems Security DS6 - Identify and Allocate Costs DS7 - Educate and Train Users DS8 - Assist and Advise Customers DS9 - Manage the Configuration DS10 - Manage Prob lems and Incidents DS11 - DS12 Manage Data - Manage Infrastructure Building DS13 - Manage Operations IT Resources People Applications Technology Infrastructure Data Acquisition and Implementation Delivery and Support AI1 - Identify Automated Solutions AI2 - Acquire and Maintain Application Softwa re AI3 - Acquire and Maintain Technology Infrastructure AI4 - Develop and mainta in procedures AI5 - Install and Validate System AI6 - Manage Changes 4

The areas of COBIT, shown in Figure 1 are integrated as follows: information of a business is generated / changed by IT resources. The information is a prerequi site for the field of Planning and Organization (PO - Planning and Organization) and its processes. The output requirements of the OP are the entry requirements for information to the domain of Acquisition and Implementation (AI - Acquisiti on and Implementation), which in turn, define the requirements for entry into th e domain of Delivery and Support (DS - Delivery and Support ). Finally, the area of monitoring (M - Monitoring) uses information from the DS in its processes an d related activities. Table 1 shows all the processes of policy delivery and sup port further the process of Managing Changes in the Acquisition and Implementati on domain that are in the coverage of the case study. The information requiremen ts are given by: effectiveness, efficiency, confidentiality, integrity, availabi lity, compliance and reliability. IT resources are classified as: people, system s, applications, technology, infrastructure and data. Table 1 - Processes of COB IT. PROCEDURE Manage Data Manage Configuration Identify and Allocate Costs DESCRIPTION This aspect of storage, backup and data recovery support to the organization and other processes of management. Lists the settings of components, devices and ne twork elements for the perfect functioning of the systems (in the initiation, te rmination and changes). This measurement of resource use systems and devices to provide data for other accounting systems that support the business. Refers to c ontrol preset thresholds of performance to prevent abnormalities of failed devic es and components, also controlling data used in the development or reconfigurat ion of capacity adequate resources for systems and networks. Related aspects of building support for the IT infrastructure, for example, structured cabling, coo ling, power, towers and antennas. These activities of the evolution of networks and systems related to increased capacity or changes in versions of topology rea rrangements. Brings issues such approvals, responsibilities, contingencies, reco very plan and communicate changes.€Refers to support reports and statistical in formation extracted from systems to demonstrate the quality of service agreed wi th customers and suppliers through service level agreements. Deals with the iden tification of events in systems, components and network devices, correlation of these events, registration, assessment of the causes and proactive actions to pr event incidents. This aspect of the security policy defined in the Security busi ness, services and mechanisms may involve hardware and software services access control, data integrity and communication, confidentiality, non-repudiation, ava ilability of resources and authentication. Define the infrastructure and methods of Help Desk support for the internal customers and external to the organizatio n. Control of suppliers and related activities, in an integrated manner and with in the quality parameters and SLA, to guarantee the continuity and service deliv ery organization. Provides alternative funding sources and network components an d systems through processes or physical redundancy. Empowers and motivates users to use these systems, maintaining the qualification aligned to the standards of the technology market. Integrates the activities and processes for managing hum an resources and technology operations, including mission-critical 24x7 customer service, shift work, plan activities and relationship of new projects. Manage Performance and Capacity Manage Infrastructure Building Manage Changes Define and Manage Service Levels Manage Problems and Incidents

Ensure Systems Security Assist and Advise Customers Manage Third Party Services Guarantee Service Contin uity Educate and Train Users Manage Operations 5 2.2 Application of COBIT in the Organization COBIT scores the degree of technological governance in an organization from 1 to 5, similar to the I-CMM (Capability Maturity Model), defined in [CMM-I 2001]. T he first step would be to raise the level of use areas and the activities of the organization processes in a satisfactory manner, in order to identify the level achieved by the organization. This survey work is done with the use of question naires and, therefore, investment in these activities need not be large, is limi ted essentially to the time spent by those involved. Thus, it reinforces the con cept that COBIT is independent of new technologies, by contrast, is performed in parallel with the implementation of enterprise systems management and administr ation of the organization. The main advantage of classifying the use of technolo gy is the integration of IT with other departments within the organization. This can not be done without breaking internal barriers and paradigm shifts in the o rganization. For example, not always in Brazilian companies IT is viewed as a bu siness unit that must be self-financing and generate revenue for the organizatio n, by contrast, is usually seen as operational rather than as strategic. The res ult of the audit of the COBIT methodology for assessing the level of maturity (d egree of cases), helps IT to identify the current grade and how to evolve your p rocesses to improve the organization, allowing the evolution of these. 3 Processes of ITIL ITIL - Information Technology Infrastructure Library - was developed by the Brit ish government in the late 1980s and has proved a useful framework in all sector s with a view to its adoption in several leading management services. In the mid 1990s, the ITIL has been recognized worldwide as a de facto standard for servic e management. 3.1 Structure of ITIL ITIL is focused, the operation and management of infrastructure technology in th e organization, including all matters that are important in providing IT service s. In this context, considers that an ITIL IT service is the description of a se t of IT resources. Support Services ITIL assist in the care of one or more clien t's needs, supporting thus their business goals. The basic principle of ITIL is the object of his management: the IT infrastructure. The ITIL describes the proc esses that are needed to support the use and management of IT infrastructure. An other fundamental principle of ITIL is to provide quality service to IT customer s with justifiable costs, ie to relate the cost of technology services and how t hey bring strategic value to the business. The interest in this area due to the fact that, through methodologies (processes) Standardized Management of IT Envir onment,€You can get a proper relationship between costs and service levels prov ided by IT. Figure 2 shows the ITIL processes subdivided into: Application Manag ement, Service Management and Infrastructure Management of Communications Techno logy and Information (TCI). 6 BUSINESS Guest Users Service Management Service Delivery SERVICES Support Services

Application Management Service Desk Incident Management Problem Management Configuration Management Managing Service Levels Capacity Management Financial Management Availability Management Change Management Version Management Service Continuity Design and Planning Implantation Operation Technical Support Management Technology Infrastructure Communications and Inform ation PARTNERS TECHNOLOGY Figure 2 - The Processes of ITIL. 3.2 Management of ICT Infrastructure These procedures cover all aspects of managing ICT infrastructure [OGC 2002b] fr om the identification of business requirements through design and deployment to support and maintenance of infrastructure components and IT services. The main p rocesses are: Design and Planning: related to the creation and improvement of IC T solution. Implementation: related to the deployment of ICT solutions and / or business as planned and with minimal impact on business processes. Operation: re fers to the operation and daily maintenance of ICT infrastructure. Technical sup port: refers to the structure and support from other processes to ensure the ser vices deployed. 3.3 Service Management The main objective of service management is to make sure that IT services are al igned with business needs of the company. The processes of service management ar e divided into two groups: service delivery and support services. 7 The processes of service delivery [OGC 2001] are related to the provision of ser vice delivery to the user and are described in Table 2. Table 2 - Processes of I TIL Service Delivery. PROCEDURE Management Capacity Management Availability Management Financial Management Serv ice Levels DESCRIPTION Allows an organization to manage its resources and the need to provide additiona l capacity in advance. Provides understanding, monitoring and, if necessary, rec overy of costs of IT services from the user, allowing thus a more efficient bala nce can be drawn between cost and performance for every level of business. Ensur

es that users have the availability of IT service needed to support their busine sses with a cost justifiable. Ensures and monitors an agreement to provide an ex cellent level of service between provider and user in order that the implementat ion of a quality service requires clarity in the service and the existence of ag reements between suppliers of IT services and customers of these services . Plan s for recovery of crises that require the work to be performed in an alternative system and establishing a plan describing all measures to be adopted in cases o f emergency or disaster. Continuity Management for IT Services The processes of service support [OGC 2000] are related to the provision of supp ort services that underpin the company's business and are described in Table 3 b elow. Table 3 - Service Support processes of ITIL. PROCEDURE Service Desk DESCRIPTION It is the central point of contact for customers reporting problems, complaints and questions. Can serve as an interface for other activities such as change req uests, maintenance contracts, software license agreements, service levels and co nfiguration management. Aim to restore normal service operation as quickly as po ssible and ensure this way, the best levels of quality and service availability. Identifies and removes errors in the IT environment through the analysis of inc idents recorded in incident management, to ensure maximum stability of IT servic es. Assists in managing the IT environment by recording all your items in a data base by performing a control component of the IT infrastructure used in the perf ormance of IT services. This is the realization of changes in IT infrastructure in a safe and organized by implementing procedures that are assessing the impact of change, commitment and planning its implementation.€Ensures that only teste d and correct versions of licensed software are available for operation checking , storing, distributing and implementing software effectively and efficiently. Incident Management Problem Management Configuration Management Change Managemen t Version Management 3.4 Implementation of ITIL [OGC 2002nd] In the implementation of Technology Governance, using the ITIL processes is nece ssary, first, from the company's business objectives and produce a joint vision, the business with the IT area, which describes, clearly, the objective to imple ment a program of Continuous Improvement in Services. 8 Then it is necessary to evaluate the current situation by verifying that: the di rections of trade and investment are sufficiently widespread and clearly underst ood by the group involved in implementation; areas of IT and business have a rea listic view of the level of maturity and function of IT and quality of service p rovided in relation to these directions, the IT department has a clear understan ding of the vision of those responsible for the IT organization and the organiza tion has a clear answer of what will happen if nothing changes. The third step i s set to be reached through the establishment of measurable objectives and then determine how to get where you want by working to improve existing processes. To verify that the milestones have been achieved, it is necessary to make measurem ents of the metrics established. It is important to establish a mechanism so cyc lical, repeating the steps in such a way as to establish a process of continuous improvement. 4 Description of Case Study For analysis of the methodologies presented here, we searched for a case study: a company that aimed to (mission) to enter the market as a provider of technolog

y services, based on the concept of data center, called HelloWorld.A definition of the initial processes ( IT support to business) was based on a strategic plan with reference to the classic model of five forces of Porter [PORT 1980], as sh own in Figure 3. Available in the market and their bargaining power. In the investor model, as fi nanciers of the deal. In this case, traditional providers of technology as hardw are manufacturers and software companies also telecom operators (carriers). Potential Entrants Several groups were in the process of mobilization to provide Data Center servic es. Competitors in the Industry Buyer Rivalry among existing firms Suppliers The proposal is that the company's services were to replace the model installed in the market, bringing a new paradigm of technology services based Data Center, replacing the model of CPD (Centre for Data Processing) in the internal organiz ation. Substitutes Potential market and their bargaining power, their demand for technology service s, the reasons that lead companies structured to outsource technology services, cost and benefit, stage of the Internet market. Figure 3 - Model of the five forces. The typical scenario of the services of thi s company could include in the form of a package to the final customer: applicat ions (email, content server, database), operating system (WindowsNT, Windows2000 , Linux, HP-UX, Solaris, AIX), service Network (TCP / IP, SPX / IPX), connectivi ty (SDH, Frame Relay, X.25). In a complementary way: redundancy, high 9 availability and monitoring can be applied to the packages mentioned earlier. Th e Operational Processes and Systems Applications of HelloWorld are in Table 4. Table 4 - Operational Processes and Systems Applications PROCEDURE HelloWorld Management Data Storage Management Customer Service Management Capacity Configur ation Management SYSTEMS EMC2 Storage DESCRIPTION These aspects of storage, backup and recovery organization, also to support othe r management processes. This support service requests and reporting problems of internal and external customers. This control data for the development or reconf iguration of capacity adequate resources for systems and networks. These setting s of components, devices and network elements for the correct functioning of sys tems (initiation, termination and changes). This measurement of resource use sys tems and devices to provide accounting data to the systems of business support, for example, billing. This is the infrastructure of communication for updating a nd maintaining the information of Web pages. This control of maximum and minimum thresholds,€Performance measures to prevent abnormalities of failed devices an d components. This identification of events in the systems, their components and network devices, multiple correlation of these events, transience and root caus e. Related to aspects of support to building IT infrastructure, for example, str uctured cabling, cooling, power, towers, antennas, etc.. Can establish preventiv

e maintenance plans as opposed to corrective maintenance. These internal activit ies of changes in systems and networks, formalizing approvals, responsibilities, contingencies, recovery plan and communicate changes to internal and external c ustomers. It reports the level of service by client or service, generated from t he systems to demonstrate the quality of service agreed in the contract with cus tomers and suppliers. This is the historical record and analysis of problems, ev aluation of the causes and proactive actions to prevent incidents. This aspect o f the security services access control, data integrity and communication, to pre vent attacks, intrusions and computer viruses. This routing solution sold to the customer or preparation services for the infrastructure networks and systems, f rom order to delivery. IBM Tivoli, Remedy ARS IBM Tivoli, HP OpenView, MRTG * Implemented in-house. Management Accounting WebTrends, MRTG Content Management Performance Management Microsoft IIS, Apache, WebSphere IBM Tivoli, HP OpenView, SNMP Management Failures IBM Tivoli, HP OpenView, SNMP Maintenance Management * Implemented in-house. Change Management Remedy ARS Management Service Level Management Problem Management Security Management Servi ce Provisioning * Implemented in-house. Remedy ARS McAfee, Norton Antivirus, Firewall-1, ACLs, LDAP * Implemented in-house. The cycle of deployment procedures consisted of the following steps: planning, d esign, and design, implementation, configuration, activation, operation, mainten ance and support. Were adapted to the life cycle of the customer's point of view of business: prospecting, proposal, design or adaptation of the solution, devel opment, deployment, testing, operation and support. The life cycle 10 client as described provides for the supply of information for billing and servi ce level agreed. 5 Case Analysis by COBIT and ITIL In the description of COBIT and ITIL can be observed that the processes can brin g the life cycle of the preparation to the delivery of customer's solution, howe

ver, does not specify what the tools of systems and communications devices to be used to help implement the entire solution. You could say that these tools and devices are commercially available market solutions. In order to involve the pro cesses defined and how these are supported by applications (tools of systems) an d network (communication devices), processes were defined following the premise that should be supported by a commercial system, ie, application package . The p rocesses evaluated and their relationship with the processes of COBIT and ITIL a re presented in Table 5. Table 5 - Cases of HelloWorld and the relationship with the processes of COBIT a nd ITIL. PHASE OF PROJECT HelloWorld Management Provisioning Services COBIT ACQUISITION AND IMPLEMENTATION PHASE OF OPERATION ITIL IMPLEMENTATION PLANNING AND ORGANIZATION DESIGN AND PLANNING HelloWorld Management Data Storage Management Customer Service Management Configuration Man agement Accounting Management Content Management Performance Management Maintena nce Management Capacity Management Change Management Service Level Management Pr oblem Management Security Management Failures COBIT Manage Data Watch and advise Customers Manage the Configuration Identify a nd Allocate Costs Service Desk ITIL Configuration Management Version Management Finance Management Manage Performance and Capacity Management Availability Management Capacity Buil ding Manage Infrastructure Manage Changes Define and Manage Service Levels Manag e Problems and Incidents Ensure Systems Security Manage Third Party Services Gua rantee Service Continuity Educate and Train Users Manage Operations MONITORING O PERATION Continuity Management IT Service Management Change Management Service L evel Management Incident Management Problem Table 5 divides the processes in the design phase and operation phase.€The proc esses at the design stage are those used in the implementation of changes in the IT environment. In turn, the 11 processes of the operation phase are used in managing the day-to-day IT environm ent. In this table, we can observe three columns that list the processes impleme nted in HelloWorld and the processes of COBIT and ITIL seeking to establish equi valence between these processes. It is worth noting that the names of these proc esses are the same used in the COBIT, ITIL and business plan the company HelloWo rld. 6 Conclusions In this work presented a conceptualization of governance and technological aspec ts implemented by COBIT and ITIL methodologies to support this resolution. For t he analysis of the processes defined in these methods were verified from the vie wpoint of a company that has set its own operational processes without following a specific method, was created a model of comparison that lists the basic proce sses with ITIL and COBIT methodologies has been presented in table 5. The result

shows that despite the completeness of coverage of COBIT and ITIL, was still on e of the HelloWorld process that is not included in these methodologies. The cas e is not handled by the COBIT and ITIL is a Content Management handles the manip ulation and presentation of information with commercial or institutional objecti ve through Web content servers Another result is that the approach of case study focused on defining the processes that would support the operational business p lanning processes themselves in terms of methodology COBIT or ITIL have not been defined, but somehow run on demand, ie, in the view "initial" according to the maturity level of COBIT. As a final conclusion of the work, it appears that ther e are two approaches to solve the problem of best practice procedures supported by the IT organization: a procedural approach and another approach tooling. In t he procedural approach seeks to what processes needed to support the business on the assumption of the existence of a strategic plan to guide current business o bjectives, market and technical organization. In this example, from the processe s that come within the definition of systems and communications infrastructure t o support the company's business. The risk of dislocation between the business a nd processes is small. Finally, in contrast to the previous one, the approach us es the tool options of system tools and communication devices in the market for the definition of operational processes. In this case, do not have a top-down vi ew of the model of the company as the provider of services, at great risk to dec ouple the business model of company processes. Firms acquire the management tool s available in the market and seek to use its resources, regardless of being par t of a context of procedures to implement a specific management process. As a co ntinuation of the work would fit the search of statistical information about whi ch approach is most often used in organizations, as apparent in an analysis of t hese tools typically use the approach. By analysis of the case study, it appears that the company HelloWorld used a procedural approach in defining their operat ional processes, presenting a great similarity to the processes of COBIT and ITI L. The management tools used to automate served as part of the established proce dures in their operational procedures, which were defined based on their busines s goals. 12 7 References [2002nd OGC] IT Infrastructure Library - Planning to Implement Service Managemen t. OGC, London, 2002. [OGC 2002b] IT Infrastructure Library - ICT Infrastructure Management. OGC, London, 2002. [OGC 2001] IT Infrastructure Library - Service D elivery. OGC, London, 2001. [OGC 2000] IT Infrastructure Library - Service Suppo rt. OGC, London, 2000. [CMM-I 2001] Capability Maturity Model Integration, Versi on 1.1. CMU - Carnegie Mellon University, SEI - Software Engineering Institute, 2001. [ISACA 2000th] Executive Summary. ISACA - Information Systems Audit and Co ntrol Association & Foundation, 3rd Edition, 2000. [ISACA 2000b] Framework. ISAC A - Information Systems Audit and Control Association & Foundation, 2000. [ISACA 2000c] Management Guidelines. ISACA - Information Systems Audit and Control Ass ociation & Foundation, 2000. [ISACA 2000d] Control Objectives. ISACA - Informati on Systems Audit and Control Association & Foundation, 2000. [PORT 1980] Porter, Michael E. Competitive Strategy - Techniques for Analyzing Industries and Compe titors. ISACA - Editora Campus, São Paulo, 1980. 13