COBIT vs ITIL: Understanding IT Governance Frameworks

BY

COBIT and ITIL are both popular systems used for governance in IT service management. Used together, in part or in whole, these IT frameworks offer guidance for effective management of IT services.

What’s The Difference between ITIL and COBIT?

ITIL is a framework that enables IT services to be managed across their lifecycle, while COBIT aids enterprise IT governance to generate the maximum added value to the business via its IT investments, while mitigating risks and optimizing resources.

COBIT Basics

COBIT is a methodology that aims at connecting business goals to IT goals – assigning objectives and duties to both business and IT leaders and providing the resources to build, monitor, and improve its implementation, while helping to reduce costs, establish and maintain privacy standards, and give structure and oversight to general IT processes within the company.

These resources being:

  • Frameworks – which help to achieve a balance between benefits and risks
  • Process Descriptions
  • Control Objectives
  • Management Guidelines
  • Maturity Models

The COBIT framework is based on these five guiding principles:

    • Meeting Stakeholder Needs (Value creation for enterprise stakeholders)

Meeting Stakeholder Needs

Source:  COBIT® 5, figure 3. © 2012 ISACA® All rights reserved.

    • Covering the Enterprise End-to-end (Coverage of all corporate processes and functions that relate to information flow and technologies)

Governance Objective: Value Creation
Source:  COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.

Roles, Activities and Relationships
Source:  COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.

    • Applying a Single Integrated Framework with a single set of standards to be used across the business

    • Enabling a Holistic Approach among 7 categories of enablers as defined by COBIT 5:
      COBIT 5 Enablers

      • Principles, policies and frameworks
      • Processes
      • Organizational structures
      • Culture, ethics and behavior
      • Information
      • Services, infrastructure and applications
      • People, skills and competencies

Source:  COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.

    • Separating Governance From Management

Separating Governance from Management
Source:  COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.

ITIL Basics

ITIL is a framework that focuses on and enables IT services to be managed across their lifecycle, from mirroring the IT landscape components (configuration items) on a centralized knowledge base to registering their lifecycle (changes, events and incidents) to managing the evolution of those configuration items (versions; integrations and so on). ITIL is organized in the following main service components:

  1. Service Strategy focuses on mirroring the overall IT Service Delivery model in a manner that perfectly matches and covers the organization structure and inherent needs while establishing processes that enable monitoring and updating of the configuration items as per business needs and impact.
  2. Service Design is not merely an initial activity that seeks to design the IT services in a manner that will match the organizational structure but a continuous assessment, aiming to have a set of IT processes and service processes that are designed to best fit corporate needs.
  3. Service Transition defines and mitigates change risk through proper Change Management and Planning.
  4. Service Operation assures daily operations by delivering needed current recursive support tasks such as Service Desk or Backups among other.
  5. Continuous Service Improvement looks at established KPIs and their evolution as well as Problems and bottlenecks and performs needed analysis that will lead to the formulation of Optimization proposals.

How, why and when – use combined or separately?

In many ways COBIT provides the “what” and ITIL shows the “how.”

When companies start with ITIL, they can then move to effectively integrating IT into their core business processes. IT provides a support role to the organization similar to HR or Purchasing, but a major difference is that IT is often constantly present throughout the corporate operational cycle – whereas the other two only play a specific role in given circumstances, or when needs arise. Therefore, it is relevant to include IT in the entire operational cycle in a manner such that it can effectively support it and add value to the business.

ITIL provides detailed advice on how to carry out several COBIT processes. Change Management is an example where ITIL clearly defines a structure and a process to accomplish it properly.

COBIT’s Principle 1 (Meeting Stakeholder Needs) includes the goals cascade mechanism that enhances ITIL effectiveness (when both are present) by supporting Service Management in: prioritizing Service Management improvement opportunities; identifying its key activities; and acting as a means of justification for improvement proposals by linking those to concrete organizational objectives.

How do ITIL and COBIT overlap?

Some processes match each other. For instance, the BAI06 Managing Changes process in COBIT matches the ITIL Change Management process under the Service Transition Chapter.  On the other hand risk mitigation in ITIL is addressed by the risk management topic but no specific process is available – whereas in COBIT we find the process APO12 which manages risks.

So, while there is some overlapping, one needs to understand that if COBIT is an antibiotic, ITIL is an aspirin.  Both are important and both have distinct yet complementary goals.  Both provide guidance on best practices for a company to adapt to its unique situation but do not enable any blueprints to follow.

Although DevOps significantly improves on ITIL’s way of addressing development and PMBOK deals with project management (which is something ITIL does not), there is really no alternative for ITIL – whereas there are several alternatives to COBIT.

Related posts:

ITIL Best Practice Books


Each free “Best Practice Insights” booklet highlights important elements from the latest version of ITIL so that you can quickly understand key changes and actionable concepts.

Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

Share This Post


Stephen Watts

Stephen Watts

Stephen Watts is an IT marketing professional based in Birmingham, AL. Stephen began working at BMC in 2012 and focuses on creating best-in-class web content.