This blog was contributed by Mark Smalley, IT Management Consultant at Smalley.IT and Director of Global Promotion at ASL BiSL Foundation … and all-round serious thinker. It was written on the back of a BrightTalk webinar on the future of IT service management.

Mark had proposed the blog be called simply “I&T” but I rightly or wrongly decided to make its topic more explicit. The following are Mark’s thoughts and words with some editing on my part to meet word count guidelines (which I eventually failed to do so) …

What exactly is “IT”?

The term “IT” can be confusing. Does it refer to an organizational entity, e.g. the IT department and if so, does that include the applications domain? Does it refer to artefacts such as hardware, software, and data that are used to enable and support planning, collection, organization, use, control, dissemination, and disposal of information1)? And finally, and this is my main topic, is “information” included in IT, or is it a separate entity?

Why am I asking this now?

While preparing for the panel discussion mentioned above and thinking about the kind of questions that people would and should be thinking about, I decided to ask my personal network about the questions that they thought IT people should be thinking about. This resulted in 67 questions2) posed by 24 experts from 16 countries. Amongst them, Charles Betz noticed that some of the questions touched on “the age-old existential questions about ‘what is IT?’ and ‘what happens if we take IT out of ITSM?’” and referred to his definition of IT value:

“IT value is found in qualifying the organization [or more generally, any actor] to participate in information-rich environments, and – to the extent that performance depends on excellence in managing information – in elevating this performance above peers”.

Anyway, as to “why now” it was the “performance depends on excellence in managing information” part that triggered my urge to write something and, in so doing, structure my thoughts.

What’s information management?

A quick search will provide you with several decent definitions of information management and I’ve combined a couple to clarify the activities, goals, and responsibilities:

“Information management is the means by which an organization efficiently plans, collects, organizes, uses, controls, disseminates and disposes of its information, and through which it ensures that the value of that information is identified and exploited to the fullest extent.1)

Information management is a corporate responsibility that needs to be addressed and followed from the most senior levels of management to the front line worker. Organizations must be held and must hold their employees accountable to manage information appropriately and responsibly.4)

This composite definition appeals to me for two reasons. It doesn’t mention information technology (which I regard as a closely related but separate entity with its own characteristics). And it emphasizes that it’s a business (private or public organization) responsibility to manage information, implying that information is a business asset. The more important the business asset, the greater the need to manage the asset.

The importance of information

So how important is information? How crucial is information for helping you to survive? How crucial is information for helping you to succeed? Is information “just” an internal resource that supports your primary processes or is it (part of) your product/service? The answers to these questions will inform how you organize information management.

Taking a high-level governance perspective, I’d suggest that there are two major questions to be answered:

  • Are you spending an appropriate amount of time and money on information (as opposed to other assets such as people)?
  • Is this time and money well-spent?

Drilling down to questions for business management

  • How well do you (as users of business information) identify the information that your business needs?
  • How well do you acquire and manage IT services that fulfill (part of) your information needs?
  • How well do you construct and manage the non-automated part (e.g. manual procedures) of your information systems?
  • How well do you use your information systems?

The fourth question is often the weakest link in the chain. You have spent gazillions on creating information systems with lots of potential but the actual value is only realized when they are used effectively and hopefully also efficiently. Who is responsible for ensuring effective and efficient use? Has this and the other three topics been left to chance or have they been organized? Can the board of directors and top management demonstrate that they are governing and managing information appropriately?


IT people often think in terms of plan/build/run and demand/supply paradigms. From a business perspective, demand/supply/use is more appropriate, and I have used this paradigm to qualify three standards/frameworks that come to mind when thinking about guidance for information management:

  • The ISO/IEC 38500 5) “standard for corporate governance of information technology” states as its goal “to promote effective, efficient, and acceptable use of IT in all organizations”. IT is defined as the “resources required to acquire, process, store and disseminate information,” so strictly speaking it only addresses the governance of resources and not information itself.
  • COBIT 5 6) is a “business framework for the governance and management of enterprise IT” that “creates optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.” I have not (yet) discovered a COBIT definition of IT but there are frequent references to “information and related technology”, implying recognition of two entities to be governed and managed. In terms of the demand/supply/use paradigm, demand and supply are dealt with extensively but use is not dealt with anything like the same thoroughness that characterizes the rest of COBIT.
  • The BiSL 7) framework is the “business information services library” that “helps organizations to adopt a professional approach to the management of their business information” and addresses demand and use, giving guidance for management and for practitioners who fulfill roles such as key-users, functionality managers, and business analysts.

 A high-level comparison is sketched in the table below, where management has been divided into the activities specifically related to governance (i.e. implementing policy guidance, and reporting for monitoring purposes), and “regular” management of resources and activities. The mapping is admittedly very rough and therefore open to criticism but illustrates the focus of the standard and two frameworks.


ISO/IEC 38500







Management (governance aspects)




Management (other aspects)









So what?

So information and technology are different things. So information is important and therefore needs to be managed in its own right. So there is guidance, training, and certification available for those tasked with governance, management and execution of information management activities.

What’s the problem?

In most organizations information management is informally and partially organized. The consequences? Missed business opportunities by not reaping the potential benefits of information; operational, compliancy, and reputational risks; and money wasted due to inefficient use of resources.

Who’s to blame: the business or IT? Probably both – for mixing a lethal cocktail of ignorance, complacency, incompetence, and organizational politics; but assigning blame is not going to solve the problem.

What is? As far as I’m concerned the only way forward is to use a proven approach to complex problems8), namely a multidisciplinary probe-sense-respond approach in which the most effective practices will emerge. In practical terms, get your more-information-oriented and IT-oriented business people and your more-business-oriented and information-oriented IT people to collaborate on achieving a common goal: organizing information management in your specific organization. Use the available guidance as “a good place to start your thinking, and a terrible place to stop9).”

Ultimately the buck stops at the board but make the best use of your capabilities, irrespective of whether they are in business and/or IT. I believe that the traditional border between business and IT, demand and supply, is currently in flux. So feel free to draw your own borders. 

A final thought – IT career options

Traditional IT departments are under pressure from both supply and demand. On the supply side, external IT service providers are encroaching into their space with offerings such as software-as-a-Service (SaaS). From the other side, increasingly IT-savvy business departments are exerting pressure on IT departments or are leapfrogging them and dealing directly with external IT services providers. I believe that there are three main career options for professionals in IT departments:

  • Stay in the IT department but be prepared to take on a more “logistical” role as broker and integrator.
  • Move to an external IT service provider and fulfill your previous role but from a more commercial perspective and possibly from an emerging economic region.
  • Move down (Stephen – or is it “up”?) the IT value chain towards the business: acquire business knowledge, business empathy (no mean feat), and information management capabilities. 

So there you have it. Some quick thoughts from Mark – as always your thoughts and opinions are also appreciated.

Mark’s references:

  1. Queensland Government Information Management Policy Definitions, Dec 2009, v.1.0.1:
  2. Give me questions, not answers:
  3. E.g. BIM Function:
  4. AIIM, What is Information Management:
  5. ISO/IEC 38500:
  6. COBIT 5:
  7. Business information Services Library:
  8. Cynefin:
  9. Ivor Macfarlane with a little help from my ITSM friends (publications)