COBIT and ITIL are both popular systems used for governance in IT service management. Utilized together, in part or in whole, these IT frameworks offer guidance for effective management of IT services.
What’s the difference between ITIL and COBIT?
ITIL is a framework that enables IT services to be managed across their lifecycle. COBIT, on the other hand, aids enterprise IT governance to generate the maximum added value to the business via its IT investments, while mitigating risks and optimizing resources.
COBIT is a methodology that aims at connecting business goals to IT goals – assigning objectives and duties to both business and IT leaders. It provides the resources to build, monitor, and improve its implementation, while helping to reduce costs, establish and maintain privacy standards, and give structure and oversight to general IT processes within the company.
These resources include:
- Frameworks, which help to achieve a balance between benefits and risks
- Process Descriptions
- Control Objectives
- Management Guidelines
- Maturity Models
The COBIT framework is based on these five guiding principles:
1. Meeting Stakeholder Needs
This principle is focused on value creation for enterprise stakeholders.
2. Covering the Enterprise End-to-end
This includes coverage of all corporate processes and functions that relate to information flow and technologies.
3. Applying a Single Integrated Framework
This principle focuses on implementing a single set of standards to be used across the business.
4. Enabling a Holistic Approach
This principle has seven categories of enablers, as defined by COBIT 5:
- Principles, policies and frameworks
- Organizational structures
- Culture, ethics and behavior
- Services, infrastructure and applications
- People, skills, and competencies
5. Separating Governance From Management
This principle ensures that governance and management don’t get confused.
ITIL is a framework that focuses on and enables IT services to be managed across their lifecycle, from mirroring the IT landscape components (configuration items) on a centralized knowledge base to registering their lifecycle (changes, events, and incidents) to managing the evolution of those configuration items (versions, integrations, and so on). ITIL is organized in the following main service components:
- Service Strategy focuses on mirroring the overall IT Service Delivery model in a manner that perfectly matches and covers the organization structure and inherent needs, while establishing processes that enable monitoring and updating of the configuration items as per business needs and impact.
- Service Design is not merely an initial activity that seeks to design the IT services in a manner that will match the organizational structure, but a continuous assessment that, aims to have a set of IT processes and service processes designed to best fit corporate needs.
- Service Transition defines and mitigates change risk through proper Change Management and Planning.
- Service Operation assures daily operations by delivering needed current recursive support tasks such as Service Desk or Backups, among others.
- Continuous Service Improvement looks at established KPIs and their evolution as well as Problems and bottlenecks, and performs needed analysis that will lead to the formulation of Optimization proposals.
How, why & when? Combined or separate?
In many ways, COBIT provides the “what” and ITIL shows the “how.”
When companies start with ITIL, they can then move to effectively integrating IT into their core business processes. IT provides a support role to the organization similar to HR or Purchasing, but a major difference is that IT is often constantly present throughout the corporate operational cycle – whereas the other two only play a specific role in given circumstances, or when needs arise. Therefore, it is relevant to include IT in the entire operational cycle in a manner such that it can effectively support it and add value to the business.
ITIL provides detailed advice on how to carry out several COBIT processes. Change Management is an example where ITIL clearly defines a structure and a process to accomplish it properly.
COBIT’s Principle 1 (Meeting Stakeholder Needs) includes the goals cascade mechanism that enhances ITIL effectiveness (when both are present) by supporting Service Management in: prioritizing Service Management improvement opportunities, identifying its key activities, and acting as a means of justification for improvement proposals by linking those to concrete organizational objectives.
Do ITIL and COBIT overlap?
Some processes match each other. For instance, the BAI06 Managing Changes process in COBIT matches the ITIL Change Management process under the Service Transition Chapter. On the other hand, risk mitigation in ITIL is addressed by the risk management topic, but no specific process is available – whereas in COBIT we find the process APO12, which manages risks.
So, while there is some overlapping, one needs to understand that if COBIT is an antibiotic, ITIL is an aspirin. Both are important and both have distinct yet complementary goals. Both provide guidance on best practices for a company to adapt to its unique situation, but do not enable any blueprints to follow.
Although DevOps significantly improves on ITIL’s way of addressing development, and PMBOK deals with project management (which is something ITIL does not), there is really no alternative for ITIL – whereas there are several alternatives to COBIT.