INFORMATION TECHNOLOGY SERVICE MANAGEMENT PROCESSES MATURITY IN THE BRAZILIAN FEDERAL DIRECT ADMINISTRATION

This work aims at the scrutiny of the current situation of the Information Technology Service Management practices within the Brazilian Federal Direct Administration, from the perceptions of the Information Technology Managers of twelve Ministries. The methodology used followed the Process Maturity Framework as a guideline, which is a maturity model whose patterns are described in ITIL v3. The work consists of interviews with questions related to the five maturity levels, as follows: initial, repetitive, defined, managed and optimized. Information on the five basic Information Technology Service Management processes was collected. Besides the classification of the maturity levels of the processes, the interviews allowed us to gather information about the possible causes that hinder the improvement of the maturity of the processes. The outcomes of the survey on the researched ministries showed low maturity level in all the assessed service management processes. The Incident Management Process presented the highest level of maturity, while Problem Management proved to be the most flawed one, in relation to maturity. The other assessed processes, like Change Management, Service Assets and Configuration Management and Release and Deployment Management presented some sort of homogeneity among the ministries. As for the probable causes that hinder the improvement of the maturity level of the Information Technology Service Management processes, pointed by the managers, the following one stand out: the reduced staff, the lack of resources, the gap between the organizational targets and their processes aims, and the lack of skilled labor.


INTRODUCTION
Contemporary society has been characterized by the central role of information in all areas of human activity, mainly due to the advances of the Information Technologies (IT).In the context of these technologies, the spread of the Internet becomes the most outstanding factor, causing changes of several orders in the economic, social, political, cultural and philosophical relationships (PINE, 2011).McGee and Prusak (1994, p.3) stated that the transition from the industrial economy to an information economy, which has been occurring for the last 25 years, will make information turn into a driving power to create wealth and prosperity, rather than land or capital, for the next decades.
In parallel with these changes, as of the 90s, in various parts of the world a government reform has been triggered with the transition from bureaucratic public administration to a managerial public administration (Bresser, 1998).
This process has caused an increasing demand for a professional and efficient public service geared to meet the needs of citizens and a more effective management based on sound principles of governance, like creating channels for the participation of citizens on monitoring and evaluating public policies (Bresser, 1998;Laia et al, 2011).
The need for changes in the public administration posture as well as the development and intensive use of information technologies have driven the creation of policies and actions for the digital communication.In Brazil, in the year 2000, the e- Government (e-Gov) was implemented in order to meet the increasing service offers in digital environments and the opening of governmental communication channels with society (Laia et al., 2011).
However, surveys conducted by the Brazilian Federal Court of Accounts (TCU -Tribunal de Contas da União), through its Department of Information Technology Supervision (SEFTI -Secretaria de Fiscalização de Tecnologia da Informação), pointed to a troublesome reality regarding Information Technology Governance (ITG) within the Brazilian Federal Public Administration (APF -Administração Pública Federal).
The first survey, conducted in 2007, involved 255 federal public sector entities, including Ministries, Federal Universities, Federal Courts, Regulatory Agencies, Local Authorities, Secretariats, Departments and State Enterprises.
The conclusions of this survey indicated the absence of institutional strategic planning in 47% of the surveyed entities, a lack of strategic IT planning in 59% and the absence of an IT Strategic Committee in 32% of them (Brasil, 2008).
In 2009, the SEFTI/TCU conducted a new survey, covering 265 institutions in order to identify possible improvements based on the recommendations made by this Court (Brasil, 2010).
Comparing to the results obtained in the 2007 survey, the TCU verified some improvement in the percentage of institutions that developed an institutional strategic planning.However, it was considered disturbing the percentage of entities that remained without any IT strategic planning (61%) and the persistence of the low percentage of IT Strategic Committees (Brasil, 2010).
Those surveys conducted by the TCU aimed to determine the state of IT governance in the APF and to bring about relevant information on how management of funds in this area has been done.However, no survey has been dedicated to IT service management, which is a vital area for the availability and safety of services provided by e-Gov.
Therefore, this work intends to fill this gap by carrying out a research on IT Service Management (ITSM) in the Ministries, which form the basic structure of the APF.This basic structure is the Brazilian Federal Direct Administration (ADF -Administração Direta Federal) which is composed of 24 ministries.This survey took as a reference the library of best practices for ITSM, the Information Technology Infrastructure Library (ITIL) version 3, globally recognized as a de facto standard in this field and used by hundreds of companies -public and private.

THEORETICAL FRAMEWORK
This theoretical framework relies mainly on issues about Brazilian public administration; e-government; reference models for ITSM; and maturity level assessment of organizations related to management processes.

Brazilian Public Administration
Brazilian public administration, from the country's Portuguese colonization to the present days, should be understood through three great moments: the patrimonial system in which personal interests mingled with public interest; bureaucratization, which aimed to increase impersonality and to create a hierarchy and clearer rules for state activities and, finally, the attempt to introduce private management practices, in order to guarantee greater agility and a state guidance to achieve results (Lescura;Freitas Junior;Pereira, 2010).
The first step toward administrative modernization occurred during Vargas's government in the 1930s, by the standardization of structures and procedures as well as the introduction of modern instruments of intervention (Costa, 2008).
In 1985, after the democratization of the country, there was an urgent need for a public administration reform that would make the State more structured, efficient and responsive to society demands.This reform did not take place due to political and institutional barriers (Marcelino, 2003).
During Collor´s government, despite the political, conceptual and operational mistakes as well as the adopted strategy mistakes, the beginning of the management reform was triggered by attempting to introduce the principles of new public management (Costa, 2008).
Finally, in 1995, during Fernando Henrique Cardoso´s government, a State proposal of reform was formulated and enacted by Congress in 1998.This reform defined strategies and conditions to become the third public administration model applied to the country, but it was not entirely implemented due to political opposition (Marcelino, 2003).
According to Paula (2005) in the same period of time, another political project referring mainly to social aspects had been developed based on the legacy of popular mobilizations against the dictatorship period and the democratization of the country.The election of President Luiz Inacio Lula in 2002 and the ascension of the Labor's Party (Partido dos Trabalhadores -PT) created the hope of implementation of an alternative project to reformulate the relationship between the state and society concerning citizenship rights.
However, this expectation was not met because of the maintenance of managerial practices experienced so far, leading to the fragmentation of the state engine due to the fact that up to this date there are two models in operation (Paula, 2005).

Electronic Government
In the 90s a theoretical framework and a set of management tools came out to modernize the state and make it more efficient and focused on public administration for the benefit of the citizens (Bresser-Pereira, 1998).In the same period, the development and use of new Information and Communication Technologies (ICTs) increased, mainly those Internet-related which provided major changes in public administration (Coutinho, 2000).
The proposal of the Brazilian State Reform, enacted in 1998, moved on other contributions to society such as the concern of government agencies with a better offer of citizen service (Brulon;Ohavon;Rosenberg, 2012).Therefore, in 2000, the e-Gov was created to bring up a new cultural paradigm of digital inclusion, focusing on citizens, reduction of unit costs, improvement of the management and quality of public services, transparency and simplification of processes (Medeiros;Guimarães, 2004).
In 2001, the Electronic Government Policy was launched in Brazil, following some lines of action which reinsured the strategy of offering safer services and information, easy access and low cost, besides the implementation of an advanced communication infrastructure and services (Braga et al., 2008).According to Medeiros and Guimarães (2006), e-Gov should be seen as a way to access governmental information and services through the Internet.According to Abrucio (2007), e-Gov is the best potential instrument to improve efficiency in Brazil´s public services besides providing a framework that enables the continuity of other actions required by the population needs.
However, according to a survey conducted in 2007 by the TCU/SEFTI on IT Governance, in 255 agencies and/or entities, the APF pointed out several weaknesses such as: lack of institutional strategic planning in 47% of the surveyed agencies/entities, lack of IT strategic planning in 59% and an absence of a Strategic Committee for IT actions and investments in 32% of them (Brasil, 2008).
In some of these agencies and/or entities there are annual action plans, but their aim only foresees the allocation of available resources and they do not indicate strategies or are meant to monitor and support medium and long term projects, a fact that explains the constant discontinuity of projects that were already initiated, meaning waste of resources (Brasil, 2008).
In 2009, the TCU/SEFTI conducted a new research in 265 institutions, and the results showed an improvement over the previous survey regarding to the percentage of institutions that follow an institutional strategic planning.However, the percentage of institutions that still does not have IT strategic planning is quite significant (61%), as well as the absence of a few IT Strategic Committees (Brasil, 2010).
There was a slight improvement in the percentage of institutions that care about the level of services management offered by the IT area.In 2007 it represented 11% of the total, and in 2010, it grew by 16% (Brasil, 2010).Furthermore the data found in the 2010 survey showed that 57% of the respondents did not define performance goals for the use and the management of institutional IT, 76% of them did not establish performance indicators for IT, 71% of them did not assess this performance regularly and 87% of them admitted making decisions about IT management and using without keeping in mind the expected benefits of the information systems (Brasil, 2010).Such circumstances motivated the following statement by the comptroller, Minister Aroldo Cedraz: "Usually it may be inferred that there is no concern of the senior management about the usage and management of institutional IT, which can lead to inefficiency and ineffectiveness of the institution as a whole " (Brasil, 2010, p.16).
On the other hand, through the checking of facts related to public services offer, it came out that in 2010 the Federal Police suspended the issuance of Brazilian passports due to flaws in computer systems (Oliveira; Tito, 2010).In the early 2011, several operational failures were related to the National High School Exam (ENEM -Exame Nacional do Ensino Médio) and the Unified Selection System (SISU -Sistema de Seleção Unificada), as reported by "O GLOBO" newspaper (Gomes, 2011;Freitas Neto;Cazes 2011).Also in 2011, operational failures were reported to have occurred in the Federal Data Processing Service (SERPRO -Serviço Federal de Processamento de Dados) in the city of São Paulo, a fact that impacted the Internal Revenue Service, in the Department of Motor Vehicles (DETRAN -Departamento de Trânsito) of several states of the country and also in the Integrated Foreign Trade System (Siscomex -Sistema Integrado de Comércio Exterior), as Civa (2011) reports.
The IT Governance situation, according to the TCU surveys and the operational failures constantly being reported by the press showing the weakness of Brazil's ICT infrastructure regarding the services offered to the society concerning the availability and security of such services in order to consolidate the philosophy of e-Gov.

Information Technology Service Management
According to Parasuraman, Zeithaml and Berry (2006), one of the most important characteristics of the service industry is to deliver quality to the customers, but it is one of the hardest tasks considering that the quality of service offered is the result of the quality of all processes that produce this service.The IT-related activities, regardless of the segment of an organization, are inserted in these contexts, since they are considered to be part of the service industry (Magalhães;Pinheiro, 2007, p.44).
The quality of the delivered service implies in the effectiveness of IT management in the organizations, which should be focused on the proper functioning of systems and technologies that support organizational activities.However, these processes need to be directly linked to IT Governance, which deals with aspects related to the planning and guidance of the external activities of the organization (Grembergen;Haes;Guldentops, 2004, p. 4).
During the last century, from the 70s on, organizations began to worry about the best way to manage IT services, what encouraged the creation of several managing models for these services (Cordenonsi, 2001, p. 61).
In the late 80s, according to Cordenonsi (2001), by request of the British government, the Central Computer and Telecommunications Agency (CCTA) held a compilation of managing IT services best practices, used by several organizations, public and private, named Information Technology Infrastructure Library (ITIL).

2.4
The ITIL Reference Model Information Technology Infrastructure Library (ITIL), also known as ITIL reference model, is globally recognized as the most important collection of best practices for managing IT services and it has become over the years a de facto standard for organizations (Barafort;Di Renzo;Merlan, 2002;Chan et al, 2009;Pereira;SILVA, 2010;Lahtela;J'antti;Kaukola, 2010;Neničková, 2011).
The first version of ITIL was published by the British CCTA (Central Computer andTelecommunications Agency) between 1989 and1995 andconsisted of 42 volumes (Sante;Ermers, 2009).The second version, ITIL v2, consisted of eight books, and it was published between 2000 and 2004 by the Office of Government Commerce (OGC), which incorporated the CCTA.This version presents a revised, condensed and more consistent content, and it has been accepted by more than one hundred countries (Sante and Ermes, 2009).In 2007, the current version ITIL v3 was published replacing version 2 (Chan et al., 2009).
In June 2010, the responsibility for the publication and update of ITIL was transferred to the United Kingdom Cabinet Office (Cabinet Office, 2011).In 2011, the Cabinet Office announced some changes in version 3, and named it ITIL v3 2011.
The ITIL v3 comprises five books: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.This version includes all processes and a function already described in ITIL v2 which has brought a considerable amount of new processes and functions described in Table 1.
According to Cater-Steel, Toleman and Tan (2006) the implementation of best practices of ITIL may transform the management of services in organizations, resulting in positive outcomes.It is recommended that the implementation starts with the processes that would bring in faster results, specially the change in management process.Hagen and Kemper (2011) also considered the change management process as the ITIL core process as it ensures that the changes in hardware and/or software may be performed properly, with no unintended increase in costs, reduced risks and greater confidence and satisfaction for business managers.However, this is not common sense in this field of work.According to Lahtela, J'Antti and Kaukola (2010), incident management and problem management processes should be the first to be worked out in IT organizations.

IT Maturity Models
Maturity models describe the evolution of a particular entity in the long run, which may be an organization or an organizational function and may have, in general, the following features (Klimko, 2001):  the entity's development is described by a limited number of levels (usually, four to six);  characterization of each level by certain requirements that must be achieved;  levels are sequentially ordered, from the most basic to the highest level that is perfection; and  the assumption that the organization development consists in advancing gradually from one level to the next without excluding any precedent levels.
The maturity level evaluation can be supported by certain procedures, including the use of questionnaires.Based on the analysis of the results, recommendations for improvement and ways to achieve higher levels of maturity may be given (ITGI, 2007).Klimko (2001) states that the advantage of maturity models is their simplicity which facilitates their understanding and communication as well as the fact that they may be used for benchmarking.Pereira and Silva (2010) established a comparison between various maturity models, whose results are shown in Table 2. Six models were selected: Bootstrap, Trillium, PMF, CMM, CMMI-SVC and ITSCMM.The authors chose these models as being the most appropriate of the alternatives because they have considered them to be less general and better documented. Whether it may be used as a basis to develop other models.Regarding to the accomplished success, it is observed that CMM and PMF models are evaluated as extreme points: extremely high and very low, respectively.As for the maturity evaluation criterion, PMF and CMMI-SVC use two modes: staged and continuous while Bootstrap and Trillium use only the continuous mode.CMM and ITSCMM use only the staged mode.
As for the number of levels defined for evolution, all models adopt 5 as the maximum level.Bootstrap uses 0 as the initial level and CMMI-SVC adopts 0 as the initial level for continuous mode and 1 as the initial level for the staged mode.About the scope criterion, three models deal with software: Bootstrap, Trillium and CMM, and the other three models deal with services: PMF, ITSCMM and CMMI-SVC.
In relation to the details, there are four situations concerning the models: Low detail (PMF), Medium (Bootstrap and Trillium), High (CMM and CMMI-SVC) and Extremely High (ITSCMM).Lastly, Bootstrap, Trillium, PFM and CMMI-SVC were not used as a reference for creating other models, while ITSCMM formed the basis for CMMI-SVC, CMM and many other models.

2.6
PMF maturity model Pereira and Silva (2010) argue that despite the existence of a huge amount of maturity models, only PMF (Process Maturity Framework) is specifically designed for ITIL (Information Technology Infrastructure Library).However, they consider it a fairly simple model described in a few pages only in ITIL v2, and this procedure does not provide enough information to help the ITIL implementation.
However, considering that this present work does not deal with the implementation of ITIL but, rather with the evaluation of ITSM processes, and, according to Pereira and Silva (2010) PMF is the only alternative for evaluation of these processes, it was decided to use it for the assessment of the processes.
Moreover, contrary to what Pereira and Silva (2010) claimed, the PMF was incorporated into ITIL v3, and it can be found in Appendix H of the Design Service book (OGC, 2007a).Also, an enhanced version called Extended Process Maturity Framework (EPMF) can be found in Appendix B of Rudd's paper (RUDD, 2010).
The PMF defines an ITSM maturity model when it comprises five dimensions of organizational evolution: vision and guidance, process, people, technology, and culture (OGC, 2007a).
Vision and guidance dimension is related to the targets that the organization wants to achieve and these targets are directly linked to the available budget and the goals that have to be achieved.
The process dimension refers to the way organization is structured to achieve their goals.Usually there is a predominance of isolated areas, determined by function.An alternative is to have it structured in a process-oriented approach.
The people dimension refers to how professionals interact in the organization.The structure model adopted, isolation or integration, will determine the levels of collaboration and information sharing.
The technology dimension deals with the existence of a global IT architecture that is integrated to people and processes.Finally, the culture dimension refers to the set of ideas, values, beliefs, practices and expectations, which are shared among the people in the organization.
For each of these dimensions there is a maturity scale, organized in sequential and cumulative stages, from a simple level to a higher level of growth and improvement.Table 3 depicts maturity levels described in the PMF, which follows the same nomenclature used by other maturity models such as ITSCMM (CLERC; NIESSINK, 2004); SW-CMM (ITGI, 2006); CMM-SVC (SEI, 2009).

(initial)
The process is recognized, but there is little or no activity related to the management of the process.Besides, it is not benefited with resources or budget allocation.

(repetitive)
The process is recognized but still does not deserve much attention and, therefore, receives few resources.In general, the activities related to it have no coordination, are made irregularly, without direction and with little effectiveness.

(defined)
The process is recognized and documented, but there are no formal agreements or acceptance and recognition of its role within the organization.However, the process has already a responsible agent, objective and formal goals, as well as allocated resources and focus on efficiency and effectiveness.There are reports on the activities, which are saved for future references.

(managed)
The process has full recognition and acceptance throughout the IT area.It is focused on service delivery and its objectives and goals are based on business objectives and goals.The process is fully mapped, it is managed and it has a proactive nature, established and documented interfaces, including those to other IT processes.

(optimized)
Besides, the process has a full recognition, has objectives and strategic goals aligned with the objectives and strategic goals of IT and business.It is institutionalized as part of daily activities, and considers actions for continuous improvement established as part of the process itself.

METHODOLOGY
This research aimed to verify the ITSM maturity level in the ADF, composed of 24 ministries, hence a finite universe.The strategy chosen was interviews with IT managers, in at least ten ministries, selected non-randomly from ease of access through a network of relationships.
The methodology used was based on the Process Maturity Framework (PMF), a maturity model described in the ITIL reference model.Interviews were conducted with questions related to the five maturity levels: initial, repeatable, defined, managed and optimized and information was collected on five basic processes of ITSM.In addition to the classification of processes in maturity levels, the interviews gathered information on the possible causes of low process maturity.
According to Minayo (2000, p.23), the search is a "[...] basic activity of sciences in its inquiry and discovery of the reality [...]".The research should seek answers to questions proposed in a "[...] successive approximation activity of reality that never runs out, making a particular combination of theory and data".

Characteristics of the Research
This study was characterized as an applied research, having as its objective the generation of knowledge that can be of practical use in solving problems related to ITSM in the ADF (Marconi;Lakatos, 2008).
Regarding the approach to the problem, the research can be classified as both quantitative and qualitative for translating into numbers opinions and information, classifying and analyzing them (Best, 1972 cited by Marconi;Lakatos, 2008).
Regarding the purposes, this research is descriptive, because it "exposes certain population characteristics or a certain phenomenon" (Vergara, 1998, p. 45) and involves the use of standard techniques of data collection, such as questionnaires and systematic observation (Almeida, 2011).Specifically, interviews were conducted with the use of closed questions and some of these questions were made using optional open-ended responses.

Statistical Universe
Population or statistical universe "[...] is the set of people who have a common characteristic, whose behavior one wants to analyze", which may be finite or infinite, according to the number of elements (Tiboni, 2010, p.3).
Thus the population of this research can be classified as finite, composed of 24 existing ministries.After setting the survey population, the mapping of the IT Coordinations and their IT managers took place, and they should be contacted for the interviews.
In most ministries, the responsibility for IT operations lies in a Coordination which is subordinated to the Planning, Budget and Administration Secretariat (SPOA -Secretaria de Planejamento, Orçamento e Gestão) which, in turn, is subordinated to the Executive Secretariat of the Ministry.Therefore, this Coordination is positioned on the third level of the hierarchical structure.Some exceptions to this structure have been identified in five Ministries.In four of them, the IT Coordination is positioned at the same hierarchical level as the SPOA.However, in another Ministry the opposite happens and IT is one level below the SPOA.Finally, in one of these Ministries, the area responsible for IT has not been identified.

3.3
Selected Processes for Assessment Taking into consideration the fact that ITIL v3 was released in 2007 and that it is not yet fully adopted by the organizations, processes that are in common with the prior version, version 2, have been selected by the researchers.It is worth noting that the selected processes are extremely important for service management, such as Incident Management, Problem Management, Service Assets and Configuration Management, Change Management, and Release and Deployment Management.

Data Collection
Data was collected in 12 Ministries, through a standard interview, consisting of 65 closed questions which covered the five Organizational Dimensions that are Vision and Guidance, Process, People, Technology, and Culture.Each dimension was evaluated concerning the five maturity levels: initial, repeatable, defined, managed and optimized.
In addition to the closed questions, which allowed only "yes" or "no" answers, there was the possibility for the interviewed person, from his/her point of view, to point out the causes that hinder the maturity development of ITSM in the ADF.This possibility only became available when there was one or more negative responses to questions about a certain dimension, what meant that the process would not be at the highest maturity level (level 5).In order to indicate the causes, some options were presented to the interviewed person.There was the possibility of identifying other causes or no cause at all.This entire evaluation process has been automated with the development of a specific tool used in this research.

Calculation of The Maturity Level
Considering the fact that the available documentation on the PMF describes only the requirements related to the maturity level in each dimension, and that it does not indicate how to calculate this maturity, a method has been defined for this purpose, as described below: a) To find the maturity level in each Dimension, a questionnaire is applied to check if all the requirements indicated in the PMF are met; b) In order to reach a certain level of maturity in any of the dimensions, all the answers must be positive ("yes") in the respective level; c) If there is a negative response ("no"), the interview is interrupted at that dimension, the maturity level reached at that point is stored and indications of possible causes for the negative response are presented; d) At the end of the evaluation, when the level in each dimension has been identified, the process of maturity level may be calculated, as follows:

RESULTS
As noted earlier, the survey was conducted in 12 out of the 24 Ministries, between July and September 2011 and it evaluated these five ITSM processes Incident Management; Problem Management; Service Asset and Configuration Management; Change Management and Release and Deployment Management.
In most Ministries, only one manager was interviewed and he answered the same questions about the five Dimensions; in other Ministries although more than one manager was interviewed, only one answer was considered for each question.Finally, in one of the Ministries, diferent managers answered about different processes.
All respondents were, directly or indirectly, responsible for the execution of the processes evaluated and in most cases they have a higher managerial position.Some of these managers are public servants and other subcontractors.
The results show the maturity level of the assessed processes as well as the maturity level of the dimensions in the selected Ministries.In every Ministry the main causes pointed out as obstacles to a higher level of process maturity are presented.
Ministries are identified as M_xx where xx = goes from 01 to 12 in order to avoid their identification.

Maturity Level of ITSM Process
The assessment of the maturity level of ITSM processes, in each Ministry, was carried out based on the evaluation of the organizational dimensions Vision and Guidance, Process, People, Culture and Technology over every process.

Incident Management
The Incident Management process covers the activities that aim to restore normal IT operations in the shortest time possible upon the occurrence of exceptional situations in order to minimize the impact to the business (Fernandes;Abreu, 2008, p. 291).
As shown in Figure 1, it turned out that in three Ministries the process reached maturity level 1 (initial).In the Ministry M_10, maturity level was zero and in eight Ministries, 66% of the universe, level 2 (repeatable) was reached which, overall, is a low maturity level.This is a very concerning situation because the process Incident Management aims to maintain the availability and reliability of IT services.The Problem Management process aims to prevent the occurrence of operational failures in IT infrastructure by detecting and correcting the causes of any failures that led to incidents, as well as adopting measures that can prevent such occurrences (Fernandes; Abreu, 2008, p 291).
The overall result of the evaluation of this process in the surveyed Ministries is shown in Figure 2. The maturity related to this evaluation process is zero in four surveyed Ministries; three surveyed Ministries only reached maturity level 1 (initial); other four surveyed Ministries reached maturity level 2 (repeatable) and finally in M_04, the evaluation pointed out to maturity level 3 (defined).Considering that the Problem Management process aims to proactively prevent incidents from occurring or recurring, it usually evolves in parallel or in sequence with the Incident Management.Therefore, in Ministry M_4 there is an unusual situation: while the Incident Management process met maturity level 2, the Problem Management reached maturity level 3.
Regarding to Ministries M_2, M_3 and M_12, the situation is similar to what is seen in many other organizations: the maturity level of Incident Management precedes the evolution of Problem Management which, in this case presents a maturity level of zero.In Ministry M_10, the Problem Management process and the Incident Management process have a maturity level of zero.
However, the best scenario was found in Ministries M_01, M_05, M_06, M_07, M_08, M_09 and M_11 where the two processes, Incident Management and Problem Management are at the same level of maturity and this may represent the existence of coordinated actions aimed to the development of these ITSM processes together.

Service Asset and Configuration Management
The process of Service Asset and Configuration Management comprises activities related to the identification, registration, control and verification of service assets and configuration items of IT components by creating and maintaining a centralized repository (Fernandes;Abreu, 2008, p. 287).
Figure 3 shows the result of the evaluation of this process in the Ministries where the survey was conducted.In this process, maturity levels were between zero and 2 (repeatable), with the highest concentration in maturity level 1 (initial).
In Ministry M_05, although the maturity level for this process is zero, it reached maturity level 2 (repetitive) in the Incident Management and Problem Management processes.This kind of situation is quite rare because, in general, it is very difficult to develop the maturity of these processes without the knowledge and control of the installed base, both hardware and software, as well as the existing relationships and dependencies among the components.
In the other Ministries, the situation appears to be somewhat balanced.In some of them, the maturity of the Service Asset and Configuration Management process is higher or at the same level of the maturity of Incident Management and Problem Management, which represents a positive evolution of ITSM in general .
The main responsibility of the Service Asset and Configuration Management process is to ensure that accurate and reliable information on assets required for service provision will be available whenever and wherever they are needed.

Change Management
The process of Change Management aims to ensure systematic and standardized treatment of the changes made to the IT environment in order to minimize possible impacts on the quality of service (Fernandes;Abreu, 2008, p 287).
Figure 4 presents the result of the evaluation of this process in the surveyed ministries.Overcoming incidents and correcting problems in the IT operations will inevitably depend on the implementation of changes in the environment, which, if not well managed, may generate new incidents and not solve the problems.On the other hand, the dynamics of the IT environment involves constant changes both in hardware and software, requiring the management of this process no matter how incipient it may be.
Since the Change Management and Service Assets and Configuration Management processes are directly related, this scenario seemed to be consistent in other Ministries.The maturity of Change Management is either at the same level as the maturity of Service Asset and Configuration Management or at a lower level.
A more balanced scenario was found in Ministries M_01, M_06, M_07, M_08 and M_11 where the Incident Management, Problem Management, Service Asset Configuration Management and Change Management processes are at the same level of maturity, or at least at a closer level.

Release and Deployment Management
The process of Release and Deployment Management involves the management of a set of changes to be implemented in the IT environment as an integrated body (Fernandes;Abreu, 2008, p 288).
Figure 5 shows the result of the assessment of the Release and Deployment Management process in all the surveyed ministries.The situation found in Ministry M_05 is not common either, the process of Change Management shows null maturity and the process of Release and Deployment Management presents Maturity 1 (initial).
The Release and Deployment Management process is somehow the continuity of the Change Management process, as both are responsible for changes in the operating environment.Thus, an IT operanting environment with defined ativities in Incident Management and in Problem Management processes and no maturity at all in Release and Deployment Management and Change Management is not comprehensible.
In other Ministries, the situation seems to be balanced since in all of them the level of maturity of the Release and Deployment Management process is above or at the same level of maturity of the Change Management process.

Overall Rating
Table 4 shows the maturity levels of all assessed processes in the 12 ministries.In Figure 6 the overall results are shown in boxplot form.The maturity level of the ITSM processes in the surveyed Ministries usually ranged from level 1 (initial) to level 2 (repeatable).In nine Ministries at least one of the assessed processes showed a zero level of maturity.
The Incident Management process feature reveals the best result in the studied group, reaching level 2 (repetitive) in 67% of the Ministries.Problem Management and Release and Deployment Management processes were the only ones that showed maturity level 3 (set), but this occurred in other Ministries.However, in most of the Ministries the Problem Management process presented null maturity level.
The Services Asset and Configuration Management process, one of the pillars of the implementation and improvement of the other processes, presented a relatively good rating compared to other processes.It was observed that 58% of the Ministries showed an initial level, 33% of the Ministries presented level 2, and only one Ministry accomplished only a zero level of maturity.
In the case of Change Management, eight Ministries were at level 1 (initial) and the others at the extremes, level 0 and level 2, which, in statistical analysis, are considered as outliers.

4.2
Causes Pointed out This section consolidates the main causes cited by the interviewed managers as obstacles to the improvement of the maturity level of ITSM processes.
Table 5 shows the most frequent causes cited in the interviews and the number of ministries in which they were cited.The Frequency column indicates the number of times a particular cause was cited in all Ministries and the quantity of Ministries column shows the number of agencies in which that statement occurred.Source: the authors It was seen that "reduced staff" was the most mentioned cause of the low maturity level of the ITSM processes.Then, the sentence "insufficient human and material resources", answered by eight ministries, may be added to the first question because it also deals with the understaffed issue.
In addition, it could also be added to this group the cause pointed in fourth place by nine ministries, the "lack of skilled labor".Thus, the human factor is the major challenge to the improvement of ITSM processes, either in relation to the number and the qualification of the staff members as well as the relationship among the staff members, which emphazises the cause "deficiency in internal communication."It should also be noted that the obstacles related to the strategy of the organization, such as "lack of linkage between organizational goals and objectives of the process" and "lack of management vision focused on continuous improvement."

CONCLUSIONS
The aim of this study is to survey the maturity level of the processes of Information Technology Service Management in the Brazilian Federal Direct Administration according to the managers' point of view.
Interviews were conducted with IT department managers in 12 of the 24 Ministries and they focused on five processes that are Incident Management, Problem Management, Service Asset and Configuration Management, Change Management, and Release and Deployment Management.
Collected data allowed the authors to conclude that ITSM within the Ministries is still at a very incipient level.There are many initiatives but there is a deficiency of strategic decisions to support these actions in an integrated way.Besides, these initiatives lack the appreciation of IT as a vital mechanism for improving the delivery of public services.
The lack of linkage between the goals of the organization and the goals of ITSM processes is one of the causes indicated in eight Ministries, repeated 35 times.Such situation may have been caused due to poor communication between the IT area and the governing body of the organization, since inadequate internal communication was one of the most pointed out causes in nine Ministries.
Moreover, analyzing the organizational structure of the Ministries, it is clear that the IT area is not considered an strategic area in most of them, as the IT area is subordinated to an administrative area, which can be a Secretary or an Executive Board.This finding is also based on four of the main causes given by the respondents, namely: lack of priority for IT, lack of financial resources, limited view of the role of IT from senior management and lack of IT planning .
Other causes cited by many respondents, such as reduced staff, insufficient human and material resources, and lack of skilled labor, are part of a vicious circle, because they are not the only causes that hinder the process improvement but they are also consequences of these obstacles, in a constant feedback process .
The data collected in this research is considered an important contribution to the knowledge of the ITSM situation in the ADF, since this topic is still underexplored in academic papers and even in surveys conducted by the TCU, primarily targeting IT Governance based on Control Objectives for Information and related Technology (COBIT).
However, the existence of some limitations in this research should be outlined, such as the fact that information collected represents the opinion of respondents which may not accurately portray reality.In addition, only one manager answered the questions on all processes in most Ministries, which restricted the ability to collect information from various points of view.
Another limitation is the fact that the answers were not checked with evidence, as it happens in audit works, and it depended solely on the concern of the interviewed professionals in sincerely and honestly contributing to the survey.Therefore, it is recommended a new research on the status of ITSM in the APF in general or in some segments such as the ADF, in order to allow the definition of policies and guidelines that can support improvement actions on operational areas of IT directly responsible for delivering services to users.
It should be noted that the provision of electronic services to citizens with quality and security is directly related to IT Service Management at appropriate levels of maturity, which according to the presented characteristics in Process Maturity Framework lays in level 3 (set), especially in the most critical areas for a proper IT services operation.
ITIL has been considered over the years as a de facto standard for ITSM due to the scope of the collected experiences and its acceptance among IT professionals.Therefore, organizations should seek guidance in this library, which is renewed by the use and the possibilities of new discoveries.quite particular characteristics, is wellcome.In any case, regardless of which model is used, some processes may be found in any IT operations and need to be prioritized, such as incident management, problem management, and change management.
As stressed by Braga at al. (2008, p. 17), IT may be a "powerful digital inclusion agent, supporting governance by creating virtual spaces for democratic participation and civic dialogue and expanding a collective decision-making, it promotes equality and citizenship".However, for this to occur the IT infrastructure needs to be well managed.

Figure 1 -
Figure 1 -Incident Management Maturity -all Ministries.Source: the authors

Figure 2 -
Figure 2 -Problem Management Maturity -all Ministries Source: the authors

Figure 3 -
Figure 3 -Service Asset and Configuration Management Maturityall the Ministries Source: the authors

Figure 4 -
Figure 4 -Change Management Maturity -all Ministries Source: the authors

Figure 5 -
Figure 5 -Release and Deployment Management Maturity -all Ministries Source: the authors

Figure 6 -
Figure 6 -Boxplot of the maturity levels of the processes assessed -all Ministries Source: the authors However, this work does not intend to suggest the implementation of ITSM practices which are exclusively based on ITIL.It is important to notice that any ITSM solution that meets the needs and the reality of the Ministries of the ADF, with their Information Technology Service Management processes maturity in the Brazilian Federal Direct 683 Administration JISTEM, Brazil Vol. 12, No. 3, Sept/Dec., 2015 pp.663-686 www.jistem.fea.usp.br

Table 5 -
Causes pointed more often