These days many organizations invest huge amounts of money and resources to deliver value from IT while managing the a complex range of IT-related challenges such as :
One of the ways of addressing these challenges is to implement best practices such as IT Infrastructure Library(ITIL). Organizations wishing to adopt IT best practices need an effective management framework to provide a consistent approach that would both ensure successful business results when using IT and the achievement of the enterpriser's strategy.
This is where COBIT makes a mark as a framework to be used. COBIT which stands for Control Objectives for Information and related Technology focuses on "what needs to be achieved" rather than "how to achieve". It is a framework and a knowledge base for IT processes and their management. The framework is based on the premise that IT needs to deliver the information that enterprise requires to achieve its objectives. As a result it helps align IT by focusing on business information requirements and organizing IT resources. It is based on established frameworks such as Software Engineering Institute's CMM, ISO 9000, ITIL and ISO/IEC 270002.
COBIT is based on proven and established frameworks that focuses on what an organization must do and not on how it needs to do. Due to its high level and broad reach it is often called as the "integrator" bringing in a range of practices under a single umbrella.
COBIT has 3 primary components:
Business Requirements
In order to satisfy business objective data information needs to satisfy a certain control criteria which COBIT refers to as a business requirement. According to CoBIT there are 7 unique information criteria:
IT Processes
IT processes contain generally accepted tasks or activities in a process model. Totally there are 34 IT processes which are spread across 4 domains. They are
IT Resources
IT resources are managed by IT processes to provide information that the organization needs to achieve its objectives. IT resources are broadly classified into:
How does ITIL Map with COBIT?
IT best practices need to be aligned to business requirements. They must also be integrated with one another and with internal procedures. COBIT can be used at the highest level, providing an overall control framework based on an IT process model that should generically suit an organization. ITIL is a set of best practices that covers discrete areas and can be mapped to the COBIT framework, thereby providing a hierarchy of guidance.
In order to understand the mapping between COBIT and ITIL please refer to the tables below. Please note that these are subjective and are displayed to help better understand the relationship between the two. In the list below a single step for 3 of the 4 domains is provided
In the mapping below you will see the relationships between parts of ITIL and COBIT in order to better understand the relationships. Please note that this is just a sample as obtained from ISACA.
ITIL Process | COBIT | ||
Process | Detailed Control Objective | ||
The Service Desk |
|
|
|
Understand business and customer service criteria | AI1 | AI1.1 | Definition of information requirements |
Plan and design service desk infrastructure | DS8 | DS8.1 | Help desk |
Specify targets and effectiveness metrics | DS8 | DS8.5 | Trend analysis and reporting |
Determine service desk functions | DS8 | DS8.1 | Help desk |
Resource and manage service desk effectively | DS8 | DS8.1 | Help desk |
Define responsibilities and resolution pathways | DS8 | DS8.3 | Customer query escalation |
Monitor workload | DS8 | DS8.4 | Monitoring of clearance |
Undertake customer/user satisfaction surveys | PO8 | PO8..1 | External requirements review |
Produce management reports | DS8 | DS8.5 | Trend analysis and reporting |
Facilitate service management reviews | M2 | M2.3 | Internal control level reporting |
Incident Management |
|
|
|
Record incidents | DS8 | DS8.2 | Registration of customer queries |
Incident investigation and diagnosis | DS10 | DS10.1 | Problem management system |
Assign ownership | DS10 | DS10.1 | Problem management system |
Incident resolution and recovery | DS10 | DS10.1 | Problem management system |
Incident closure | DS10 | DS10.1 | Problem management system |
Stay tuned for further mapping between COBIT and ITIL.
For more information please refer to the following links: ISACA and Wikipedia.