COBIT is one of a small number of IT management and IT service management (ITSM) approaches that likely get mentioned when anyone asks about ITIL alternatives. Or is perhaps given as an answer to questions about the availability of more practical industry best practice to supplement the guidance in ITIL. Both are valid use cases for COBIT guidance.
Want to find out more about what COBIT is and how it will help? Read on...
The continuing evolution of COBIT
COBIT, created by ISACA, is far older than many people think. It’s similar to ITIL (which was “born” in 1989) in this respect, having first appeared in 1996 with its original “Control Objectives for Information and Related Technologies” naming (and called COBIT for short).
Since then, it has undergone a number of refreshes that have moved COBIT on from its audit-based roots:
- Version 2 in 1998
- Version 3 in 2000
- Versions 4 and 4.1 in 2005 and 2007 respectively
- COBIT 5 in 2012
- COBIT 2019 in late 2019.
COBIT 2019 is currently the “live” version and it’s worth noting that COBIT – again like ITIL – has replaced the longer-form name with simply the acronym. In part to accommodate the change in focus.
What COBIT is and isn’t
A good starting point is to stress that COBIT is not just ITSM best practice guidance. Instead, and this is the ISACA definition from COBIT 2019, it’s:
“…a framework for the governance and management of enterprise information and technology (I&T), aimed at the whole organization.”
When COBIT 2019 was launched, ISACA also helpfully expressed what COBIT isn’t, that it:
- “Is not a full description of the whole I&T environment of an organization
- Is not a framework to organize business processes
- Is not an (IT) technical framework to manage all technology
- Does not make or prescribe any IT-related decisions.”
In terms of its content, the latest version of COBIT provides best practice guidance across a variety of IT management areas:
- Keeping IT running
- Cost management and value optimization
- Better aligning IT with the business
This is achieved via COBIT providing “…the components to build and sustain a governance system: processes, policies and procedures, organizational structures, information flows, skills, infrastructure, and culture and behaviors.”
Importantly, and as highlighted by the above statement, COBIT isn’t just a set of processes. The COBIT guidance also includes six additional “enablers” for effective governance:
- Policies and frameworks
- Organizational structures
- Culture, ethics, and behaviors
- Information; services, infrastructure, and applications
- People, skills, and competencies.
As with ITIL, there’s a need to “adopt and adapt” the COBIT guidance rather than viewing it as the only way to do things (which would make it a standard, not guidance).
COBIT versus ITIL
While for some organizations, it might be a case of COBIT versus other approaches (such as ITIL), the intention of ISACA has long been to design COBIT to integrate well with other industry frameworks and standards such as ISO standards, ITIL, and TOGAF.
Importantly, ISACA’s aim for COBIT is not to replace what organizations already use. Instead, COBIT should be used in conjunction with whatever’s already in place to help improve both business operations and outcomes.
Where the “versus” can be used to good effect, though, is in the comparison of COBIT’s global uptake to ITIL’s. Here, IT industry surveys usually find the adoption level of ITIL – the “market leader” – to be somewhere between 60-70% of organizations, COBIT is somewhere between 10-20%.
Be warned though, such statistics should always be viewed in context – that any organization that has simply applied one small piece of best practice guidance from COBIT, ITIL, or any other approach can state that they use it.
What changed in COBIT 2019
As you would expect, a key change of scope in the COBIT 2019 version is the introduction of “more modern” IT management areas, including cloud, DevOps and Agile, the Internet of Things (IoT), and service integration and management (SIAM).
To enable organizations to get more out of their investment in COBIT, COBIT 2019 also introduced the COBIT Performance Management (CPM) model. This is based on CMMI, with organizations able to score their processes from 0-5 across COBIT’s governance and management objectives.
That last sentence’s use of “governance and management objectives,” is a reminder of another COBIT 2019 addition – formal definitions that differentiate between governance and management, that:
- “Management plans, builds, runs, and monitors activities, in alignment with the direction set by the governance body, to achieve the enterprise objectives.”
- “Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives. Direction is set through prioritization and decision making. Performance and compliance are monitored against agreed-on direction and objectives.”
Finally, although there are many more changes within COBIT 2019, with this version ISACA introduced an “open-source” model for COBIT. Meaning that COBIT users can easily provide feedback and propose enhancements for the future evolutions of COBIT.