ITIL vs Cobit – Differences Between Two IT Governance Framework
IT Governance Frameworks
COBIT ( Control Objectives for Information and Related Technologies )and ITIL (Information Technology Infrastructure Library) are popular frameworks used for governance in IT Service Management (ITSM). Individually, they look at the Information Technology (IT) enterprise through a slightly-different lens. When utilized together, they offer guidance for the effective management of IT services.
Given their respective similarities, let’s talk about the differences. ITIL is a framework that enables IT services to be managed across a lifecycle or service value chain. Conversely, COBIT supports enterprise IT governance to derive the maximum value to the business through IT investments, while optimizing resources and mitigating risks.
COBIT is a methodology that connects business strategic outcomes to IT strategic outcomes, incorporating feedback and tasks to both IT and the business stakeholders. COBIT provides the resources (Frameworks, Process Descriptions, Control Objectives, Management Guidelines, and Maturity Models) to build, monitor, and improve its implementation while helping to reduce costs, establish and maintain standards, and provide structure and oversight to IT processes.
The COBIT framework is based on these five guiding principles:
- Meeting stakeholder needs – Creating value for all stakeholders. The outputs are Benefits Realization, Risk Optimization, and Resource Optimization
- Covering the enterprise end to end – Covering all corporate processes and functions relating to data/ information flow and technologies. Ensuring the value creation and the corresponding governance encompasses the entire organization.
- Applying a single integrated framework – One set of standards to be utilized by all parties throughout the enterprise, IT and the business.
- Enabling a holistic approach – COBIT 5 lists seven types of enablers (Principles, policies, and frameworks; Processes; Organizational structures; Culture, ethics and behavior; Information; Services, infrastructure and applications; and People and skills and competencies all working together to provide one all-inclusive approach.
- Separating Governance from Management – Many organizations struggle with this aspect. There is no segregation of duty and no support – from executive leadership – for a holistic approach for governance.
With COBIT focused on governance, ITIL sees things through a different lens, which incorporates governance. In ITIL4, governance is on full display as one of the four elements (along with Guiding Principles, Practices (Processes), and Continual Improvement) of the Service Value System which transform the Service Value Chain into a value created for the customer. The Service Value Chain weaves through the traditional ITIL Service Lifecycle with the ability to knit pieces of every Service Lifecycle phase to create value for the business customer in the form of products and services. These four elements – which include Governance – enable the Service Value System to be consumable in a collaborative manner. This example of a Service Value Chain should help. An organization wishes to deploy a new code enhancement using DevOps. The ability to define strategy, design the solution, test the new functionality, deploy, record Incidents, fix the code, test the fix, deploy, measure, and record Incidents outstanding is a gamechanger for ITIL. Notice how this Service Value Chain weaves through the traditional Service Lifecycle. But, in order to gain full value from this Service Value Chain, the four elements of Service Value System must be present. We need the Guiding Principles, Governance, Practices (Processes), and Continual Improvement to create a standardized output for the business customers in the form of value.
ITIL vs Cobit
While COBIT tries to govern all the processes throughout an organization, ITIL uses governance as one aspect of providing value to all stakeholders. When examining each framework, they appear to be similar, with similar aspects of the ITIL v3 Service Lifecycle. But we must understand that the expected outcomes are different. As stated above, COBIT is wanting end-to-end governance while ITIL4 is seeking business value creation. They can co-exist, however.
An organization may use these frameworks in concert to govern the environment. Only very mature organizations with mature processes (practices) should entertain the thought as there may be confusion from users and stakeholders. Since each framework has a unique list of processes – with a large overlap – an organization may use a “best of breed” to gain maximum results. For example, COBIT is much stronger in Supplier Management, Continuity, and Security, among others, while ITIL4 (and ITIL v3, for that matter) are better in the areas of what ITIL4 calls “General Management Practices” like Strategy Management, Architecture Management, Service Financial Management, Workforce and Talent Management, Continual Improvement, Organizational Change Management, and Relationship Management. The two frameworks are both strong on the traditional control areas (Change Management, Configuration Management, and Asset Management) while COBIT is stronger in areas needing more control where ITIL4 lacks and ITIL4 is stronger in the areas needing collaboration with stakeholders, especially from the business.
Neither framework, ITIL4 nor COBIT should be prescribed for a given organization. There should be requirements documented with goals and outcomes defined, then mapped to the applicable framework.