When choosing a certification within the system area, there are three visions about which to take. And according to this, it could be defined in the service, governance/management, and project, COBIT, and ITIL are the most used, during a long time for professionals in the area of IT in IT management. For this, the SCRUM and PMI methodology also crosses our mind, the latter being the most complete since it includes a broader vision. Even many of the courses within PMI are COBIT and ITIL together since both are the basis for the management of IT services.
ITIL vs. Cobit-1
When deciding on the approach to improving the current situation, the CIO faces the dilemma of which body of knowledge of good practices should be supported.
The two reference frames are ITIL and COBIT. ITIL vs. COBIT? Should we choose between the two? What does each contribute? Both ITIL and COBIT are the fact to standards within the frameworks of good IT management practices. Let’s see its main features.
Features of COBIT
ITIL is currently owned by the AXELOS company, in which the British Government Cabinet Office participates. It is a great guide to good practices, aimed at those responsible for IT management. It covers all activities to be carried out in the management of IT services: the definition of the IT provider strategy, the identification of services, design, construction, testing, deployment, operation, and improvement. It is structured in 5 stages: Strategy, Design, Transition, Operation, and Continuous Improvement of the Service.
Each stage describes the principles that govern it, the processes and activities that are carried out, the roles that participate and their responsibilities, reflections on organizational aspects, on technology, and the implementation of these practices. Also, appendices of various utilities (analysis and management techniques, industry standards, references, glossaries, etc.) are included. It constitutes the reference encyclopedia of good management practices, of invaluable value for the IT manager.
ISACA created COBIT in the mid-1990s as a framework for IT auditing. It progressively evolves, including control, management practices, until it reaches the latest version, COBIT5, to become a frame of reference for the company’s governance and IT management.
COBIT5 is structured in a series of books:
“ cobit 5 certification – A business framework for government and IT management of the company”, is the key book, where the structure of the framework is defined, with the principles that have guided the development of COBIT5 and the catalysts, elements that they influence the results of government and IT management.
COBIT5 Catalyst Guides – They are a series of publications in which the catalysts are detailed. The catalyst processes have a special interest, covering the governance and IT management processes.
COBIT5 professional guides – They are a series of publications aimed at specialist professionals on specific aspects, such as the Implementation of COBIT5, Information Security, and Risks, among others.
To achieve the alignment of IT with the business, COBIT5 establishes a cascade of linked objectives ranging from corporate goals to the objectives of the governance and IT management processes. Likewise, the difference between governance and management, defining and distinguishing the purpose and activities of each.
Also highlight the Process Capacity Model, based on ISO / IEC 15504, which allows the IT organization to evaluate the capacity of management processes as a starting point for continuous improvement.
Both frameworks aim for the IT area to support business strategies and objectives. The practices proposed by one and the other are comparable. Therefore, we will not find contradictions between them. The main difference is in the perspective from which they describe the practices.
COBIT arose from the interest and responsibility of the business to monitor and audit the management of IT. Throughout the successive versions, COBIT has evolved its initial purpose of being an audit framework, also to become a reference in governance and IT management practices. COBIT5 has its main target audience in the CIO.
Features of ITIL
ITIL emerged from the beginning with the purpose of being a reference in IT management practices. Your target audience is the manager. It aims to offer you a guide on how management activities should be carried out and why.
We must clarify that ITIL or COBIT should not end in themselves. It is not right to propose an improvement project such as the “ITIL or COBIT implementation project.” On the contrary, improvement projects should be focused on resolving those weaknesses that prevent us from reaching business goals. That is when we will look into one or another framework to obtain recommendations for possible improvement approaches.
Some examples of possible decisions:
- We could consider the advisability of assuming the governance and management structure proposed by COBIT5.
- Regarding governance, we could ask ourselves whether we should add principles and / or processes of the ITIL Service Strategy. On the other hand, we will find in this ITIL guide how to define a strategy.
- As for the management processes, ITIL goes deeper into the details that will need to be taken into account when implementing them. The structure in stages of ITIL, Design, Transition, and Operation of the Service, is closer to the dynamism of the evolution of IT services.
- As for the approaches to Continuous Improvement, ITIL and COBIT are practically identical.
- To establish a Balanced Scorecard aligned with the business, COBIT5 helps us a lot with its cascading objective structure.
- To assess whether our management processes are adequate for the business requirements, we will find a good reference in the COBIT5 Process Capacity Model.
In conclusion, we will say that both frames are aligned and have no contradictions. But they are not identical since they are developed from different perspectives: COBIT5 from business to IT and ITIL from IT to business. Therefore, the dilemma of choosing one or the other must not occur. Each organization must establish its own management structure, and collect from both frameworks those recommendations that are most useful to them.
There are institutes like Vinsys that provide certification courses in IT Governance, IT Service Management, Project Management And Language Training.