ITIL and COBIT are both IT Governance frameworks that organizations use to increase the value of their business.
On their own, each framework is extremely successful in offering custom governance while delivering quality service management. When paired together, however, COBIT and ITIL have the potential to dramatically increase value, not just for the customer, but for the entire organization and its partners.
So, the question is: what are the differences between COBIT and ITIL, and how can they best be used together?
COBIT is a set of guidelines needed for any organization and can be applied in any industry. It is a tool that will be helpful for managers by bridging the gap between control requirements, risk analysis, business risk, and technical issues. Back in 1996, COBIT’s initial focus was on auditing, however since then it has evolved into a framework that effectively manages organization’s governance and risk at the enterprise level. It ensures control, quality, and reliability of IT systems which is necessary and an important aspect for every organization in today’s modern business.
If COBIT focuses on what should be covered in processes and procedures, ITIL provides detailed guidance on how the processes or procedures should be designed and focuses on how to plan, design and implement effective service management processes.
ITIL aims to organize IT services on the whole and IT departments’ work in particular and provide an opportunity for constant operational perfection. ITIL life cycle consists of five different stages: ITIL service strategy, design, transition, operation, and continual process improvement. It can be adapted and used in conjunction with other practices such as ISO 27000, COBIT, Six Sigma, etc.
What type of a Governance framework should your organization adopt?
Both ITIL and COBIT frameworks and management system standards have value to offer, and they have different strengths and weaknesses. If you just pick one of them, you will certainly miss out on some great guidance and your management system will be missing some important characteristics.
Which way your organization should go also depends on its maturity level. Do you as an organization have established operational, support, design processes and procedures that are adopted organization-wide? If this is the case, you already have a mature ITIL ITSM framework in place which can be verified and improved with ECI’s assistance, and for you COBIT’s Governance model is the next step.
If your organization is in a perpetual firefighting mode, has no documented processes, no formal change request, incident request or service request processes in place, then it is advisable for such an organization to adopt ITIL first.
COBIT VS ITIL – Can they work together?
COBIT and ITIL may seem similar when companies look at the frameworks at a glance, but the outcomes generated from each are different. With COBIT, the outcome is creating a network that provides end-to-end governance. With ITIL, it is focused on creating value for the business.
These frameworks should be used in organizations with a lot of mature processes in place because otherwise, there are chances that these complex practices will only confuse both the employees and stakeholders. Both ITIL and COBIT have different sets of processes and roles, a lot of which overlap. The best way to manage this is to see which overlapping aspect provides the bigger benefit for the organization, and then go along with it. When it comes to supplier management or security, the preferred choice would be COBIT. But, when it comes to general management practices, service finance management, and talent management, for example, ITIL works better.
| Problem | COBIT Solution |
| IT is inefficient, doesn’t meet business goals | Using COBIT 5’s Goals Cascade, the company can translate its stakeholder needs into an actionable strategy. This way, top management can pinpoint the IT processes that they want to focus on. |
| Company frequently fails audits | COBIT initially began as an audit framework. And now, it still proposes a very handy enterprise IT evaluation system. Using it, the organization can perform internal audits and be better prepared. |
| Problem | ITIL Solution |
| Similar breakdowns keep occurring | Differentiating issues. To tackle IT issues more efficiently, ITIL offers a system that differentiates between events, incidents, problems, changes and requests. If a similar incident happens for a, say, third time, it can be viewed as a problem, whose root cause is analyzed and eliminated. |
| Changes in the company’s IT infrastructure are chaotic | Change management and CMDB. ITIL lays down a detailed procedure for changes in enterprise IT. Firstly, changes are authorized. Secondly, people are informed. If the change isn’t successful, a preapproved backout plan is enacted. |
COBIT works better in parts and processes which require control, whereas ITIL works better for processes that require more collaboration with the stakeholders.
Our experience has shown that both COBIT and ITIL complement each other, despite being designed by different organizations. Even though they may seem like they do not overlap and serve different purposes, they can be used together. COBIT helps identify what a company needs to do, and ITIL shows the company how it can be done in the best possible manner. This way, all IT resources get utilized to the maximum if implemented correctly.
Are there other frameworks?
There are lots of different frameworks and best practices that you can use to help you manage IT services.
ISO/IEC 27001 – the international standard for information security management If you are running IT services then you must make sure you understand the requirements for information security, and take these into account in designing your management system.
Agile – a development methodology that divides projects into short phases, each of which delivers valuable outcomes. Agile can provide a great framework for an ITSM improvement project, helping you to rapidly deliver measurable value in small increments.
Kanban – a methodology for managing work in progress, to optimize the use of resources. It’s also a system where existing processes are improved in small steps, rather one large one. Kanban can provide a great way to manage the workload of technical people in an IT department, ensuring that you get maximum value from your limited resource
You can probably think of more best practices, frameworks and standards that could help you create value for your customers. Don’t be afraid to include ideas from any approach that can help you improve your business. Remember that what you are creating is not an ITIL management system or a COBIT management system, it is your management system which you are designing to help you create value for your customers.
You can take the best suited practices from different standards and frameworks and combine them into a system that works for you, rather than strictly following a single framework. In each instance, ECI has proven it can assist and lead the way.