April 7, 2017

COBIT vs ITIL: Choosing Your IT Service and Governance Model

Finding and implementing a set of governing best practices for IT service management usually leads businesses to compare COBIT vs. ITIL.

Companies can actually use Control Objectives for Information and Related Technologies (COBIT) and Information Technology Infrastructure Library (ITIL) in conjunction with one another to improve the IT department’s processes. Although they are distinct frameworks, the current version of COBIT (COBIT 5) was released in 2012 with the addition of ITIL principles. ITIL includes in its scope standard operational management processes and procedures for managing IT services throughout their lifecycle. The latest version was released in January 2011 but is still relevant to DevOps, cybersecurity, and IoT, among other emerging markets.

ALSO READ: A Beginner’s Guide to IT Service Companies

When comparing COBIT vs ITIL, you’ll notice quite a few overlaps. Both of these frameworks attempt to situate IT within the larger company as a service-oriented and autonomous entity. This lets IT departments guide their own policies and practices and build their own roadmaps with business directives in mind, rather than forcing the department to bend to the whims of the rest of the company.

Guiding Practices

COBIT bases its framework on these five principles that guide decisions within the enterprise:

1. Meeting stakeholder needs or the creation of value for the enterprise stakeholders.

2. Covering the Enterprise End-to-end — all functions and processes of the enterprise are important as they relate to information and information technologies.

3. Applying a Single Integrated Framework by including all related framework and standards, giving enterprises a single set of standards to meet across the company.

4. Enabling a Holistic Approach — seven interconnected factors that determine whether a project will work, including culture, resources, and information.

5. Separating Governance from Management to ensure proper oversight and follow-up for each project, and that stakeholders drive needs while management drives direction.

  • Governance: making sure enterprise objectives are achieved through evaluation of needs, prioritization of projects, performance monitoring. Meeting stakeholder needs falls under this, since governance decides and prioritizes among the varied needs of the stakeholders. The board of directors of most companies would make up the governing body.
  • Management: plans, builds, runs, and monitors activities, and is usually the executive management under the leadership of the CEO.

According to BMC, an ITIL training and consulting provider, “The ultimate goal of ITIL is to improve how IT delivers and supports valued business services.” A company or department that implements ITIL should follow these five stages:

  1. Service Strategy seeks to understand the role and govern the financial importance of IT within the larger organization, including monitoring and updating processes.
  2. Service Design takes a holistic approach to designing IT services that seeks to improve them for the organization.
  3. Service Transition defines and mitigates risk through the change of services process.
  4. Service Operation relates to the day-to-day tasks of running an IT department including new builds and managing existing products.
  5. Continuous Service Improvement encompasses the habits, metrics, and processes that lead to improvement throughout the lifecycle. This stage of the process encompasses the entire lifecycle of each product and is based on predetermined KPIs.

Scope of COBIT vs. ITIL

COBIT connects business goals to IT goals with a guide for maturity models and standards. It also assigns objectives and duties to both business and IT leaders. A major plus for the COBIT model is that it was designed to integrate a bunch of other oversight and governance models, including ITIL. COBIT 5 provides enterprise companies with the following resources to build, monitor, and improve its implementation:

  • Frameworks
  • Process Descriptions
  • Control Objectives
  • Management Guidelines
  • Maturity Models

These five pieces help to reduce costs, establish and maintain privacy standards, and give structure and oversight to general IT processes within the company. They also protect IT an integrated part of the business, rather than a side-project or an afterthought. The frameworks help strike a balance between benefits and risks. This generic structure makes IT governance simple for businesses of many types and throughout the public and private sectors.

ITIL specifically covers IT service management (ITSM), whereas COBIT deals with the integration of IT into all parts of the enterprise. ITIL’s design allows implementation alongside other frameworks and guidelines, including project management or business rules, but seeks to improve the overall product lifecycle from idea through consumer.

How to Implement

COBIT requires a top-down implementation that starts with stakeholders and defines business goals from their perspective. Implementation requires coordination between the stakeholders, C-level executives, and management staff to make sure available processes or products fit the needs of the stakeholders.

IT teams can implement ITIL within the department with little to no interference or communication from C-level executives or boards. Understanding IT as a service-based department may require a change of attitude for those who aren’t used to working for the good of the company/client/customer rather than the project itself.

Experts suggest implementing principles and practices from both frameworks, but above all, trust your  experts. While COBIT and ITIL can suggest best practices, your team understands your infrastructure and needs best, so they should confirm whether the recommendations will or won’t work for your company.

Looking for software? Try our Product Selection Tool