ITIL 4 and COBIT 2019 Working Together

IT service management (ITSM) best practice guidance options available, it can be easy to get confused as to which one should be used for your organization (and this is, of course, if your organization doesn’t automatically default to ITIL given it’s “most popular” status).

The truth is, however, that for many organizations, only using one body of ITSM best practice could mean that you’re missing out. In fact, most of the available bodies of ITSM best practices have been designed with others in mind, with organizations actually encouraged to integrate them, in an adopt and adapt fashion, to create an optimized ITSM capability.

Two such bodies of ITSM best practice that go particularly well together are ITIL 4 and COBIT 2019. Where ITIL is the most popular best practice framework when it comes to service management, while COBIT is globally recognized for enterprise governance and the management of information and technology.

Alone, each framework can do wonders for any organization wishing to focus on delivering quality service management and fit-for-purpose governance. But together, they’ve the potential to create even more value, not just for customers, but for employees, suppliers, and partners as well.

This blog explains what each of these bodies of ITSM best practice guidance is and how they’re able to be used together.

This blog by @Joe_the_IT_Guy explains what ITIL 4 and COBIT is and how they’re able to be used together. #ITSM Share on X

What is ITIL 4?

ITIL 4 is a best practice framework designed to help organizations with service management, including ITSM, in a digital world. It provides assistance around a wide range of IT and management practices, detailing what the best-practice looks like and how it can be achieved. It guides organizations, using an ethos of adopt and adapt, through aspects of IT service delivery and support such as incident management, availability management, change enablement, and information security management to name just a few of ITIL 4’s 34 management practices.

While ITIL 4 is a holistic framework – seeing service management as the responsibility of the entire business – its priority is on helping IT teams to improve and enhance their practices while keeping in line with the business vision. But ITIL is also very aware of the other available bodies of best practice and that these can be integrated with ITIL 4 as needed by its users.

What is COBIT 2019?

COBIT 2019 is an information and technology governance and management framework. In its own words, COBIT 2019 is designed for “customizing and right-sizing enterprise governance of information and technology.” This means that it’s fully flexible and can be adapted to suit the needs of any size organization and whatever bodies of best practices they already employ.

Like ITIL 4, COBIT is holistic in its thinking and states the importance of an organization working together as one. Also, again in a similar way to ITIL 4, the main objective of COBIT 2019 is to create value for all stakeholders.

How then, can ITIL 4 and COBIT 2019 work together?

For as long as I can remember, COBIT and ITIL have complemented each other. And their recent updates, in late 2018 and early 2019 respectively, have only reinforced this. For example, ITIL 4 pays much closer attention to governance than its previous versions, which helps organizations to more clearly see where and how COBIT can fit in.

Also, both bodies of ITSM best practice guidance are focused on helping to transform stakeholder desires into value. Plus, they’re both designed to be customized, allowing organizations to use the parts they need when they need them.

ITIL 4 introduced a “service value system” (SVS) which, along with the service value chain, shows how organizational activities work together to create (or co-create) value.

The ITIL 4 Service Value System

In the SVS’s second “ring” sits governance, the system for directing and controlling the organization – with this where COBIT 2019 can most obviously fit in. However, when the COBIT processes are additionally considered there are also many overlaps with ITIL 4’s management practices where your organization can take and blend guidance from both. I’ve provided a couple of example COBIT processes later on.

To help organizations to meet the needs of stakeholder demands, COBIT 2019 uses “goal cascading” whereby the stakeholder needs cascade to enterprise goals, down into alignment goals which COBIT states “emphasize the alignment of all IT efforts with business objectives,” and then into the governance and management objectives of COBIT itself.

The COBIT 2019 Goals Cascade

Source: ISACA, COBIT 2019 (2018)

Given this cascade approach, COBIT 2019’s structure can also help ITIL-using organizations to get real value from their IT capabilities while helping them to avoid risks while ensuring sufficient resources are in place to do so.

How can ITIL 4 and COBIT 2019 work together? @Joe_the_IT_Guy explains here. #ITIL4 #COBIT Share on X

Using COBIT alongside ITIL 4 (or the reverse)

COBIT 2019, then, can be used to create organizational governance and management objectives directly from stakeholders’ needs while, alongside this, ITIL 4 can guide those needs through its service value system turning inputs into outputs that deliver valuable outcomes for both internal and external customers.

If you’re already acquainted with ITIL, then the following two COBIT 2019 processes should be familiar:

1. DSS02: Managed service requests and incidents – to help ensure that all IT incidents and service requests are resolved in a timely and effective manner.
2. BAI06: Managed IT changes – to help enable the fast and reliable delivery of changes to the business.

In the same way that your organization has hopefully chosen to adopt and adapt the parts of ITIL that are relevant to its needs, this can be similarly supplemented with COBIT guidance.

While the two frameworks align nicely in their views and their aims, for the most part ITIL 4 is guiding on the activities and components working together within the organization with a governance wrapper, while COBIT 2019 is heavily focused on the governance aspect and not on individual ITSM practices.

So, if your service management capabilities need to increase in maturity and you’re looking to focus on better risk management and to ensure governance compliance, then ITIL 4 and COBIT 2019 working in unison will help your organization in developing ITSM capabilities that are better suited to its needs than using just one of these bodies of ITSM best practice in isolation.

Does your organization use ITIL and COBIT in tandem? If so, how is it going? Please let me know your experiences, and tips for getting it right, in the comments.