Applying Business Process Modeling to improve IT Incident Management Processes in a Public Entity in Peru

Business models used to improve current operations and tasks within private and public organizations, this technique is known as business process improvement, allowing organizations to be more efficient. Business processes are supported by the standard of the Business Process Modeling Notation, provided to organizations, to understand their internal business processes in a graphical notation and communicate its procedures in a standard way. IT departments manage IT services daily through IT incident management to restore normal operation of the service after an interruption. In the SUNARP; a public entity of Peru, there are several problems such as: long waiting time to attend to users, noncompliance in the operative part of the management of Incidents and inadequate monitoring of the attention given to users. The objective of this research is to design a model to improve the IT incident management process at SUNARP. The methodology used to design the new model has taken into account the best practices of ITIL V3 and the BPMN for the graphic notation of processes. As a result, ten differences stand out in the proposed model. It is concluded that IT incident management process was modeled with the sub processes of the escalation and change management, which has allowed business process improvement in the SUNARP.


Introduction
In organizations, according to Zacarias (2017) (1), the Business Process Management (BPM) serves as a systematic approach to detect, customize, model, execute, document, measure, monitor, analyze, improve business processes (BP) and control automated and not automated processes.
In many business organizations, there is an interest in the BPM, as it is reflected in the report entitled: "The State of Business Process Management" (2019) (2), published in 2018, which shows interesting data such as: 93% of the organizations in the survey are engaged in multiple process improvement projects; 79% said they were using process software tools to model the processes they were analyzing and planning to change. Most of them said that the process models they developed were only used by the process change team, but 22% said that the models were shared with all employees. 65% of those surveyed agreed or strongly agreed that BPM processes and technologies have helped their organizations improve efficiency, versatility and customer satisfaction. In the same way, 59% of the organizations in the survey are engaged in one or more major transformational projects.
At the global level, organizations need to make use of technology for survival in the market, so they require personnel specialized in technology; ones who have knowledge of processes and tools of Information Technologies (IT) that are used on a daily basis. Meanwhile, IT must be aligned with the objectives of their business to be oriented to processes and customer satisfaction.
Among the processes of greatest impact on the organization, there is the IT incident process. For a proper management, the use of standards and best practices are recommended, such as the Information Technology Infrastructure Library (ITIL) (2007) (3), which allows a better performance of the company through the optimization of time, categorization of incidents, acquisition of a good tool for the incidents attention and the increase in user satisfaction.
Morán et al. (2009) (4) argue that incident management is the process that deals with the treatment of events that cause degradation or loss of the normal functionality of a service, with the aim of restoring the service with the minimum negative impact on the business. However, implementing ITIL processes through an organization is not an easy task and presents many difficulties, as indicated by Mahy (2017) (5), so the backing of the CEO of the organization is essential.
The IT incidents process management is operated through the user help desk, which is composed of a set of human and technological resources with the main objective of solving the intermissions of the service that needs attention in the shortest time possible, providing the highest level of technical solution to the problems related to IT.
The large organizations that provide IT services have their own user help desk; such as the case of National Superintendency of Public Registries (SUNARP); a public organization of the Peruvian state that also has its user help desk and this area is part of the Information Technology General Office (ITGO). The ITGO is located at the headquarters of SUNARP, located in the Surco district, Lima -Peru. This office is responsible for receiving the different requests for user attention; either by phone calls, emails or face-to-face requests.
At SUNARP, the attention is managed through a series of procedures which are not well defined or not fully designated for compliance, having no documentation, or lacking defined roles and responsibilities for their attention. So, the organization's inefficiency in relation to the incidents management results in the ITGO working in a disorderly manner, and in several situations the attention does not come to be attended and it is not known to those who work in the help desk, until the user communicates again that he has not been attended yet. Likewise, the waiting time for the attention of the incidents is too long; sometimes they are not registered for their prompt solution, causing user dissatisfaction. On the other hand, there are also limitations in terms of IT tools to manage the incidents of SUNARP in charge of the help desk.
Among the main problems found in the incident management of the public entity of SUNARP, the most important ones mentioned are as follows: • Undefined procedures.
• Limitations of available IT tools to manage incidents. • Long waiting time to attend to users. • Non-compliance in the operative part of the incident management. • Lack of follow-up of the attention given to users. • Some users becoming dissatisfied with the service provided.
For all this, the present investigation made a diagnosis of the current situation in the incident management process in SUNARP.
The main objective of this research is to design a model to improve the IT incident management process in a public institution as is the SUNARP, based on ITIL V3 and the BPMN for the graphic notation of processes.
The rest of the paper is organized as follows. Literature Review section includes related works to incidents management. Theoretical frame Section related to the concepts and theories. Research Methodology section describes a sequence of phases for the research. Analysis of the current situation section describes the current situation of the organization, the current analysis of the incident attention process and the strategic evaluation. The section of the Model of processes to improve the management of incidents, describes the proposed TO BE diagram and its differences. Results section describes the comparison between the previous model and the proposed model with ten differences. Recommendations and finally the conclusions are presented in the last section.

Literature Review
This section describes the works realized by different authors, as well as a brief theoretical framework review of interesting topics, for a comprehensive understanding of the incidents management that can help the proposed model improve the incident management processes in a public organization.

Related works
The publication by Galup et al. (2009) (6) has an objective to raise the awareness of IT service management (ITSM) because of the obvious importance of this IT discipline, they say that the focus of ITSM is on providing specific processes, metrics, and guidance to enable and manage the assessment, planning and implementation of IT service processes to optimize tactical and strategic IT asset use. ITSM is a discipline focusing on a set of wellestablished processes. These processes conform to standards such as ISO/IEC 20000 and best practices such as ITIL. The goal of ITSM is to optimize IT services in order to satisfy business requirements and manage the IT infrastructure while better aligning IT with organizational objectives.
The research study realized by Sarnovsky et al. (2018) (7), focused on creating predictive models that help in the process of incident resolution and implementation of IT infrastructure changes to increase the overall support of IT management. The main objective was to build the predictive models using machine learning algorithms and CRISP-DM methodology. They used the incident and related changes database obtained from the IT environment of the Rabobank Group company, which contained information about the processing of the incidents during the incident management process. They decided to investigate the dependencies between the incident observation of a particular infrastructure component and the actual source of the incident, as well as the dependency between the incidents and related changes in the infrastructure. They used Random Forests and Gradient Boosting Machine classifiers in the process of identifying incident sources as well as in predicting possible impacts of the observed incident. Both types of models were tested on a testing set and evaluated using defined metrics. Palilingan et al. (2018) (8) mention in their manuscript that many of the problems that arise in academic information systems come from incidents that are not properly handled. The objective of the study aims to find the appropriate way of incident management. The incident can be managed so that it will not be a big problem. The research uses the ITIL framework to solve incident problems. The technique used in this study is a technique adopted and developed from the service operations section of the ITIL framework. The results of this research found that 84.5% of the incidents appearing in academic information systems can be handled quickly and appropriately. 15.5% of the incidents can be escalated so as not to cause any new problems. The model of incident management is applied to make the academic information system run quickly in providing academic services in a good and efficient way. The incident management model implemented in this research is able to manage resources appropriately so as to quickly and easily manage incidents.
The paper by Blaj et al. (2019) (9) highlights the importance that producers or service providers, who want to furnish an extraordinary experience of their products, have to be available and to give support to their customers 24/7. More companies are opting for Artificial Intelligent Chatbots as part of their customer service team. Some projects aim to optimize and automate support for customers using the Service Now platform with a chatbot. Customers will have their own personal assistant who will create, delete or modify the incidents assigned to them, but it can also be used for recreational purposes or weather forecasts. Users can communicate with the chatbot using normal language through various chat applications: Skype, Webex Teams or through an intelligent speaker. The objectives proposed were: illustrating the chatbot concept, illustrating the notion of chatbot through different scenarios and approaches, integrating and using common messaging services, using a platform, named Firebase, as a service and creating or modifying data streams structured as incidents through APIs. Astuti et al. (2018) (10), indicate in their manuscript that Directorate of Information Technology and Systems Development (DPTSI) is an organization unit of Institut Teknologi Sepuluh Nopember (ITS) which is responsible for providing services related to information technology (IT) and system for all stakeholders. Incident management and requests fulfillment are part of the services managed by Service Desk unit of DPTSI. Incident management and requests fulfillment hold a significant role yet prone to error; they could pose threats and risks to the organization. Hence, the identification and assessment of risks, especially risks of IT processes, are highly required to avoid problems or disruption in organizational business processes to minimize losses. The research indicates that, COBIT 5 Enabling Process is used as a framework to identify the IT processes, whereas COBIT 5 for Risks is used to conduct the risk management activities. Risks are identified from the Service Desk's business processes and the existing condition of DPTSI. Data and information were obtained from interviews and observation, and then they were mapped to corresponding ideal conditions based on COBIT 5 process, DSS02 Manage Service Requests and Incidents. Furthermore, risks related to IT processes were identified, assessed and managed based on COBIT 5 process APO12 Manage Risks. This research resulted in a document containing a list of IT risk assessment and risk control justification which can be used as a reference document for Service Desk unit of DPTSI ITS in managing risks associated with IT Processes. They conclude that a good risk management processes will help the decisions' maker of the organization to make strategic decisions. The paper by Serbest et al. (2015) (11), indicates that fast development and change in IT require organizations to use "Help Desk Systems". These systems make people learn the information about the system's overall structure after entering the system and with the help of this structure they can be acquainted with the process of the frequently asked questions step by step. The purpose of the study was to shorten the orientation time of the FAQS installed along with the increasing amount of countries that the Schneider Electric IT department serves, and to switch to a live system without reducing service quality with minimal job losses. The aims of the project were as follows: To set up a webbased system which doesn't require installation, to make the help desk personnel utilize the pdf documents related to the works which are carried out in each factory of the company and prepared by the department experts, to increase the satisfaction of the user they have served by responding to problems in the shortest time and to decrease the work load of the location experts in the factory in question. Also, it enables experts to enter the system in a different page and create categories with processes like adding, deleting and searching for documents and viewing current work orders. A program aiming to present values such as selecting files, category ratios, how often experts upload documents to department managers has been developed and presented to the company.
The study realized by Eikebrokk et al. (2017) (12) indicates that ITIL lacks appropriate theories and models that capture the distinctive characteristics and implications of the ITIL implementation practice. The proposed model provides IT executives with practices for improving ITIL processes implementation quality and helps them assess the benefits of their efforts.
The results show that implementing ITIL processes can positively influence BPM and lead to other additional benefits in IT departments and potential effects that should motivate IT managers to consider ITIL implementation projects.

Theoretical Frame
This section is based on the fundamental concepts for deepening some context issues as follows in details.

Business Process Management
BPM is an approach that focused on the continuous improvement of business processes in the organizations, providing a collection of best practices. According to Goby et al. (2016) (13), implying a continuous commitment to manage BPs, requires a lifecycle methodology with structured steps and feedback that establish a managerial practice in organizations, which helps in continuous improvement and meeting business objectives (BOs). BPM lifecycle is based on principles, such as modelling and documentation of BP, customerorientation, constant assessment of the performance of BP, a continuous approach to optimization and improvement, following best practices for superior performance, and organizational culture change.
In the last few years, many authors have contributed with BPM lifecycle proposals, contributing to the growth of BPM. Dumas et al. (2013) (14) consider that the BPM lifecycle proposed consists of the following phases: process identification, process discovery, process analysis, process redesign, process implementation, and process monitoring and controlling. The implementation of the BPM lifecycles in the organizations can address BP change and identify the improvements required to achieve the desired BOs.
BP is defined within a business model as a functional and organizational-border linkage of value-added activities that generate the expected customer benefits and convert the business strategy derived from process goals. However, it must be observed that without BPM there are no Business Process Modeling and Notation. a number of specified activities, which are carried out by people or machines for generating a company's value.

Business Process Modelling Notation
Several publications of the literature indicate a variety of modeling languages and tools for the design of processes. Despite the increasing use of flowcharts or event-driven process chains today, the Business Process Modeling Notation (BPMN) is used as a new standard worldwide in a short time. As indicated by Paschek et al (2016) (15), BPMN is considered part of BPM tools which is used for the holistic, precise, and formal and consistent description of BP. It additionally emphasizes the benefits of process modeling as noted below: • Creating transparency over BP; • Clear and comprehensive documentation of BP as a prerequisite for automation; • Communication of BP and promoting understanding of the process; • Analysis, measurement, controlling, benchmarking and optimization of BP; • As well as risk and compliance management.

IT service management
Sarnovsky et al. (2018) (7) argue that ITSM is considered a discipline and it is defined as a set of specialized organizational capabilities for providing value to customers in a form of services. The main goal of ITSM is to ensure delivery of quality IT Services that support the BOs of the organization by using the cost-effective resources.
The publication by Galup et al. (2009) (6) considers that ITSM is a subset of Service Science that focuses on IT operations, such as service delivery and service support. In contrast to the traditional technologyoriented approaches of IT area, ITSM is a discipline for managing IT operations as a service that is process oriented and accounts representing more than half of the total cost of IT ownership. Today, providers of IT services have to consider the quality of the services they provide and focus on the relationship with customers. Due to its processes-focus, it shares a common theme with the process improvement (such as, TQM, Six Sigma, BPM and CMMI), as well as providing a framework to align IT operations-related activities and the interactions of IT technical personnel with business customers and user processes.
The ITSM is a subset of services that focuses on IT operations, such as the provision of services and service support. ITSM is an emerging discipline that focuses on a set of well-established processes. ITSM evolved during the time into highly standardized frameworks based on best practices. These processes correspond to standards such as ISO/IEC 20000 (2009) (16) and best practices such as ITIL or CoBiT (2009).
Mera et al. (2018) (17) argue that ITSM is characterized by its emphasis on IT services, customers, Service Level Agreement (SLA), and the management of the IT function and its daily activities functions through processes, but the IT services need to be classified into a catalog . The information technology service catalog (ITSC) is a structure where the IT services are identified and classified within a given organization. This catalog is the basis for the IT services portfolio to be properly managed during its useful life so that the financial, technological, and human and time resources are used correctly. For this reason, Mera et al. (2019) (18) make a proposal based on automatic learning to identify ITS in public organizations, adapting the catalog of services and taking the history of requests and incidents accredited by the department of information technologies in public organizations, as its main input.
Applying ITSM is a key issue in the management of an organization's IT functions. ITIL is the most popular and influential framework for applying ITSM. With adoption growing globally, it is important to understand the benefits that ITIL processes can bring to an organization. According to Mcnaughton et al. (2010) (19), the benefits of implementing and using ITIL processes have been predicted or assumed with very little research and minimal anecdotal evidence.
Managing and using IT services is considered very important for modern businesses to improve their performance, for all this, the IT management needs to ensure an adequate flow of complex tasks of the projects and operations with dependence on IT. Achieving a good IT management depends in large parts on an IT Governance Framework adequate into the organization.  (21) indicate that ITIL is one of the IT management frameworks that provide a systematic approach to contribute to the best IT Governance. Its study is based on secondary data focused on understanding the ITIL framework in relation to IT Governance; the paper contributes to IT investments and IT resource management in an organization, starting with technological changes, reduction of the operating costs, maintenance and decisionmaking process with the focus on improving organization sustainability.

Incident Management
IT incident is referred to as an inadequate functioning of the hardware, software or an information system, reduction in the quality and interruption or failure of a configuration item (CI) that has an impact on IT service (for example; failure of one disk from a mirror set). Incidents may be recognized by the technical staff, detected and reported by event monitoring tools, communicated by users (usually via a telephone call to the service desk), or reported by third-party suppliers and partners. Incident management is the process responsible for managing the lifecycle of all incidents. Richard et al. (2019) (22) argue that an incident is any event occurred outside the standard operation of a service and may cause an interruption or reduction in the quality of service. The purpose of Incident Management is return services and processes to the normal service level as soon as possible by mitigating the effects of disturbances in IT services. In addition, the authors of the paper consider that the main objective of incident management process is to ensure that every incident occurred during operational activities must be solved by standardized procedure to create quick resolution for the incidents.  (4) argue that incident management is the process in charge of the study and solution of the events that cause loss or degradation of the normal operability of a service, its main objective is to restore the service to minimize the negative impact on the organization, to maintain the highest level of availability and quality of service.   (24) believe that incidents management is considered an IT tactical demand due to its relation to IT services. They argue that the demand for IT services comes from many different sources and surfaces in many different forms. This demand can be segmented into three main categories: 1) strategic, 2) tactical, and 3) operational. Help desk is also defined as an area in any organization which helps end-users find answers and solutions to problems they face. Service desk is a specific type of service; an outsourced support group aiding callers by resolving the problem or transfer the call to others for help.
The service desk is the single point of contact for users when there is a service disruption, service requests of the IT support or even for some categories of requests for change. The service desk provides a point of communication to users and customers, as well as a point of coordination for several IT groups and processes. This means that the service desk symbolizes the total concentration of services for users and customers, being the reference center for users of the service (SPOC, Single point of contact), as indicated by Rios (2013) (27). (4) argue that the service desk is also named the service center, it consists of a team of people who receive contacts from customers or users either through calls, messages, tickets, etc. to register, classify and attempt to resolve or forward problems to appropriate support groups.

Morán et al. (2009)
The functions of a Help desk are as follows: • Be the space for communication and contact between users and services. • Provide provisional solutions to errors and incidents, in relation to problem management. • Record events that have caused loss or degradation of a service reported by an affected user, following the process indicated by the protocol of best practices. • Track the events reported above and inform the user of the status of the event. • Derive change requests when necessary. • Provide users with the information requested by them, so that the database must be kept updated.

Information Technology Infrastructure Library (ITIL)
ITIL contains a set of best practices but it does not provide a step-by-step guideline that details how to conduct the implementation of an ITSM framework in companies. As indicated by Orta et al.

Research Methodology
To develop the work with certified knowledge, the authors of this paper attended the training of the ITIL V3 Workshop, and the Process Modeling Workshop using Bizagi Process Modeler tools at the National Engineering University (UNI).
To achieve the objectives of this work, they considered the best practices of ITIL V3 (3). At the same time, to realize the processes diagram designs for the incidents management, they used the Business Process Modeling Notation (BPMN), a standard for business process modeling that provides a graphical notation for specifying business processes in a Business Process Diagram (BPD), based on a flowcharting technique very similar to activity diagrams from Unified Modeling Language (UML).
To develop the research work, a sequence of five phases was considered as shown in Figure 1.  It is the second stage to study the entity where the work was carried out and the required information obtained from it, as well as the improvement of incident management process for which the study is done. It is considered the strategy in the ITIL life cycle (36).
• Design of the proposal: This is the stage where the incident management process proposed with its time indicators, as well as the metrics, is modeled to be considered in the process. • Results obtained: It is related to the results obtained in the proposal, making a comparison between before and after the incident management and verifying the initial goals.  Planned observation and participated in the study group.

Current Situation of the Organization
SUNARP is the public entity part of the The justice group is one of the vital sectors in the country, its purpose is to take care of compliance with laws, justice and people's rights, promote human rights and have a reliable and inclusive justice, and focus on the vulnerable population. Likewise, by means of the formulation, evaluation and execution of institutional policies of the State, it provides legal advice and defense of its interests.

Current analysis of the IT incident Attention Process
Knowing the scope of the process allows knowing the incidents that the help desk addresses in the organization in their dayto-day activities.
The scope of the IT incident attention process is presented in Table 2. Request from a user to restore a service that is not functioning normally.
Note: A request to reset a user's forgotten password, or the request for a backup of a user who has lost data, is also considered an incident.
An evaluation of the current situation of the processes was carried out through an interview with the 8 members of the help desk; the questions asked were linked to knowledge, roles, activities and compliance with the current process which allowed the authors of this paper to know the current situation of the "Incident attention" process. To carry out the interview, the following research questions were posed:

Do you know if there is a process for incident management?
2. In the current process for incident management, are your roles determined?
3. In the current process for incident management, are your activities well defined?

Does the tool for recording incidents allow better control and help with compliance process?
The following results were obtained from the survey of the members of the help desk service to know the current situation of the incident management process.
• For the first question, 83.33% of the respondents replied that they are unaware of the existence of the incident management process (5 of the members). • For the second question, after showing the flowchart of the "Incident Attention" process, 33.33% of the respondents indicated that their roles are not well defined (2 of the 6 members).
• For the third question, after showing the flowchart of the "Incident Attention" process, 66.67% of the respondents (4 of the 6 members) indicated that the activities they carry out are not well defined.
• For the fourth question, 100% of the respondents indicated that there is no support technology tool for incident management in order to have better control and help with compliance of the processes.

Identification of customers and their needs
To enrich the incident management process, it is necessary to know those involved in the process; to which the services are offered, and their needs. In the organization, two types of customers involved were identified in the process, the internal and external customers.
The internal clients identified are: the head of the ITGO and the headquarters staff. The needs of internal customers are the following: • Resource operability (software and hardware) • Resource availability (software and hardware) • Resource support (software and hardware).
The external customers identified are: users from other areas and outside the headquarters. The needs of external customers are the following: • Resource operability (software) • Resource availability (software) • Resource support (software).
After identifying the clients and their needs, the SWOT analysis is carried out to identify the current situation of the help desk of the organization.

SWOT analysis of the current situation of the help desk
The SWOT analysis provides a quick image of the participants' own assessment of the organization (or even group, project or any other part of the organization) and its environment.
Using the observation technique for the analysis of the organization, the Strengths, Opportunities, Weaknesses and Threats of the internal and external factors of the help desk were identified, which is easily summarized in Table 3.  Internal factors: these are the strengths that contribute to the help desk, four strengths were identified. There are also weaknesses, which are detrimental to the help desk, eight weaknesses were identified.

External
factors: these are the opportunities or conditions which favour the help desk, four opportunities were identified. Likewise, there are threats that cause damage in the area, four threats were identified.
The AS IS/TO BE Process Mapping is a management tool that helps in the description and improvement of the internal processes of the organizations. It is dedicated to the exploration of the company's business through methodologies and practices used in dayto-day activities.
The AS IS process mapping is the definition of the current process situation. The participants of this assignment are the users who are involved in the daily process (known as key users). In this context, a good practice is to ask the executor of the process to report how to execute it, or a questionnaire is made to gather the information.
Doing the strategic evaluation, it is also important to know how this process works in the SUNARP. For this specific case, the diagram AS IS is used as shown in Figure 2.

Fig. 2: AS IS diagram
In figure 2, the current IT Incident Attention process in the help desk is shown. As this process is in a manual form and is not standardized, the transfer for the modeling of processes was made using a suitable tool (Bizagi Process Modeler); the change made is for a better explanation of the current situation of the process without making any disturbance.
Taking into account this diagram as an initial base, it is possible to make a new process model to improve the incidents management in the organization.

Model to improve IT Incident Management Processes
For the proposal, the TO BE process mapping is used, the mapping defines the future of the IT incident management process situation. It is also where the authors of the paper document what is defined in the mapping with the help of tools that add value to the process, such as BPM (Business Process Management) technologies.
Having the information obtained in the analysis of the situation of the organization, the TO BE diagram is proposed, which is the business model to be proposed, as shown in Figure 3.

Fig. 3: TO BE diagram
As seen in the above figure, the proposed model for the IT incident management process is divided into three phases, as indicated below: • First phase: Registration.

Results Obtained
After making the proposal of the new model, a comparison is made between the initial model and the proposed model, finding the differences indicated below: First difference: Phases of the proposed model. The Incident Management process has been divided into 3 phases or milestones: Registration, Attention and Response. This allows identifying and defining the phases for a better reading of the process and its understanding.

Second difference: Roles and responsibilities
for the incident management process. Initially, the roles of the staff of the user attention process are not well defined. The proposed diagram, such as indicated, has some actors involved; users, help desk analysts, help desk operators and contractors. In the help desk, there are two analysts one coordinator and four operators.
It is important to identify the members involved in the team work and establish specific roles for each of them according to the nature of the organization. Table 4 shows a list of roles and responsibilities identified and assigned to the members involved in the incidents management process for better performance of its duties in the day to day activities.  • Register the reported incident ticket.
• Investigate and diagnose the incidence.
• Solve the first level incidents.
• Document the incident solution.
• Communicate the change response.
• Update the ticket.
• Prepare an incident diagnosis report.
• Send the diagnostic report to the supervisor. Help desk supervisor • Analyze the diagnostic report of the incident and its resource. • Send the diagnostic report to the contractor.
• Monitor the Operational Level Agreements (OLA) and support contracts and objectives of the group. • Change the IT team.
• Perform the technical specifications (EETT) of the change of equipment in the change management. Help desk operator • He is the member in the second level of escalation.
• Investigate and diagnose incidents.
• Make the solutions for second level incidents.
• Communicate the change to the help desk analyst.
• Assign the incident to the specialized area using the suitable tool.

Third difference: Classification of the incidence
In the incident management process of the old model, the activity of classifying incidences was not considered. However, the new model includes the activity of classifying or categorizing the incidence as indicated in ITIL V3.
According to the incident management process, the time of this activity must be 5 minutes maximum in an SLA. Its previous activity was to register an incident ticket in case the user did not enter the details of the incident in a ticket, but if the incident details are in the ticket, the incident is classified. The subsequent activity is to investigate and diagnose the incidence. It is a user-type activity, since the help desk analyst must classify the incident through the use of the incident management tool.
The activity of classifying incidents is related to prioritization, which is one of the objectives of this work. This activity aims to establish the impact and priority of resolution. Depending on this activity, the time of resolution of the incidents varies, as well as the allocation of the resources that will be needed for their solution. After the classification of the incident, the prioritization of the incident will be carried out. Prioritization should be based on impact and urgency.

Fourth difference: Investigation and diagnosis of the incidence
In the process of incidents attention, after registering the ticket of the incident, the authors of the paper proceed to evaluate; while in the incident management process, the activity of investigating and diagnosing the incident as indicated by ITIL V3, is considered. This activity must have a maximum SLA of 1 hour and the information is provided by the incident database, this task is performed by the help desk analyst.

Fifth difference: Database of incidents
The activity of solving incidents is involved in the process of incidents attention, but the difference found is that this activity is based on incidents database for its solution; this activity is performed by the help desk analyst.

Sixth difference: Documentation and closing of the incident
The activity of documenting and closing a ticket refers to the documentation of the solution of the first level incidents carried out by the help desk analyst in case the incident occurs again, the solution can be at hand until the total solution, then close the ticket again. This activity must have a maximum SLA of 10 minutes. With the culmination of this activity, the process is closed.
The difference between the processes of the models is that in the previous model, the undocumented activities processes had negative implications on efficiency.

Seventh difference: Scaling process
In the new business model, the embedded sub process; called scaling process, was added. The previous model had too many activities which do not allow the model to be simple and easy to understand, for this reason, a new sub process was incorporated. This process is performed by the operator of the help desk.
Another difference identified in the proposed model is the proposal of 4 levels of escalation indicated below: • N1: Help Desk Analyst • N2: Support Operator • N3: Specialized area • N4: Help Desk Supervisor (Change Management).

Eighth difference: Change management
The new business model incorporates the reusable sub process; called the change management process. The previous model had too many activities which did not allow a simple and easy understanding of the model, for this reason, the new sub process was incorporated, this process is performed by the help desk operator and the analyst. If then, in the sub-escalation process, the solution of the incidence is not achieved, the change management is continued.

Ninth difference: Time of attention of the incidents
In the incident's attention process of the previous model, the times of the activities are not indicated, this makes any incident, however simple, take the longest time for the solution. With the new incident management process model proposed, all processes and sub processes are temporized, allowing time saving in incidence management.
Below are the times of the incidents attended during the months (January, February and March) and subsequently the same incidents with their times of solution, taking into account the process model with ITIL V3 and BPMN, showing the saving time that occurs with the use of the new proposal, as evidence.
In January, 490 incidents were recorded.
• A total of 4070 minutes was used in the incidents attention reported. • With the proposed model, a total of 2085 minutes would have been spent in the incidents attention.
In the month of February, 363 incidents were recorded.
• In the month of February, a total of 4512 minutes was used in the attention of the reported incidents. • With the proposed model, a total of 3230 minutes would have been spent in the incidents attention.
In March, 192 incidents were recorded.
• In the month of March, a total of 6152 minutes was used in the attention of the reported incidents. • With the proposed model a total of 3123 minutes would have been spent in the incidents attention.

Tenth difference: Inclusion of artifacts
Considering the differences found between previous and proposed models, the proposed model process consider two artifacts: the database of the incidents and the diagnostic report. The artifacts serve to make the model understandable and easy to read.

Recommendations
In this section, the following recommendations are made: • The implementation of the proposed model based on best ITIL V3 practices to improve the service to the end user by reducing service time. • The change of the IT incident management tools in the help desk to achieve the classification and prioritization of the incidents.
• Training related to the implementation of best practices ITIL V3 to help improve the incidents management in the help desk, as well as the use of the proposed tool for the use of incidents, to work efficiently, optimizing the processes indicated by ITIL V3.

Conclusions
The IT incident management process was modeled with its sub processes: Scaling process and Change management according to the BPMN standard and based on best practices of ITIL V3. This has improved the incident management in the help desk of SUNARP, Surco.
With the improvement of the time based in best practices of ITIL, deficiencies in the service can be identified to be solved and thus comply with the care process in less time.
The new process model for incident management has made it possible to prioritize the attention of the incidents through the classification of these incidents, with the tool of the emergency matrix for impact, allowing to record and classify the incidents properly.
With the knowledge of the proposal based on ITIL best practices, the help desk staff achieves improvements in customer service, in terms of providing good service and user satisfaction.