When it comes to ITSM frameworks, most people think immediately of ITIL.
However, ITIL isn’t the only noteworthy framework. There are several other widely-used frameworks—one of the most prominent being COBIT.
But do we really need more than one ITSM framework? After all, how different could the two frameworks be? When first comparing COBIT vs ITIL, they appear similar—but if you look closer, there are some clear differences.
COBIT—Control Objectives for Information and Related Technologies—is an IT governance framework developed by the Information Systems Audit and Control Association (ISACA). First introduced in 1996, COBIT is a set of guidelines and practices designed to help organisations get the most out of their IT resources.
COBIT marries IT with broader business objectives, helping organisations develop and implement information management and governance strategies to support their objectives. The COBIT framework is in active development, and the most recent version was released in 2019.
A major difference between COBIT and other frameworks is its focus on information security, risk management, and governance. According to ISACA, COBIT helps organisations build and maintain an effective governance system, including processes, organisational structures, policies and procedures, information flows, culture, skills, and infrastructure.
On the other hand, the COBIT 2019 Introduction and Methodology document makes it clear that COBID is NOT:
- A full description of an organisation’s full IT environment
- A framework to organise business processes
- A technical framework to manage technology
- A prescription for making IT decisions
Rather than these, COBIT focuses on the higher-level governance aspects of IT—it defines the types of decisions to be made, who should make them, and how.
ITIL—the IT Infrastructure Library—is a best practice framework for delivering and managing IT services. Initially developed in the 1980s by the UK Government, ITIL is now owned and administrated by AXELOS, a joint venture between the Uk Cabinet Office and Capita.
ITIL is the most widely used framework for delivering ITSM. The framework provides a unified set of best practices for ITSM based on extensive research and input from the public and private sectors worldwide over the last four decades. ITIL is also in active development, and the most recent version—ITIL 4—was released in 2019.
The ITIL framework is divided into five components:
- Strategy — Understanding business objectives and customer needs
- Design — Planning the delivery of business objectives through IT
- Transition — Replacing outdated IT services with new services
- Operation — Delivering, managing, and supporting IT services
- Continual Service Improvement — Improving and refining IT services/delivery over time
Organisations worldwide use ITIL to design, implement, and deliver IT services that are aligned with the needs of the business and to ensure IT services support business initiatives and growth.
In simple terms, COBIT helps organisations determine what they need to do, while ITIL provides the roadmap of how initiatives and services can be delivered.
Because of their differing remits, there are some fundamental differences between COBIT vs ITIL:
- ITIL focuses heavily on ITSM, while COBIT considers the entire organisation.
- ITIL is more operational, focusing on service management and delivery, while COBIT is more strategic, focusing on governance.
- ITIL aims to optimise IT services to best support the business, while COBIT aims to align IT goals and values with business objectives.
All of which begs the question: is it really a question of one or the other?
When it comes to COBIT vs ITIL, one doesn’t replace the other. Many enterprises use both:
COBIT to align IT goals with business objectives and ensure the organisation obtains maximum value (and minimum risk) from IT resources.
ITIL to design, build, and refine an IT service that is efficient, effective, and supports business needs and initiatives.
So, should your organisation use both? That depends.
For very large or highly regulated organisations that require a strong focus on governance, it can make sense to use both ITIL and COBIT. This is effectively a “belt and braces” approach to ITSM, which ensures IT resources are allocated in a consistent way and in line with the organisation’s objectives.
However, for most organisations—particularly SMEs—the COBIT vs ITIL debate is clearer cut. ITIL 4 already includes enough focus on governance, making COBIT an unnecessary complication.