White Paper

May 2019

ITIL® 4 and COBIT®

Vishal Vyas

Contents

Introduction

2 Putting it in perspective: IT governance and IT management

3 ITIL 4 and COBIT 2019: focusing on similar problems from different directions

ITIL

COBIT

2019

6 ITIL 4 and COBIT 2019: similarities in framework architecture

7 Synergy in components of the governance system and dimensions of service

management

8 Synergies between ITIL service value chain and COBIT goals cascade

9 Synergies between ITIL service value chain activities and COBIT domains

10 Synergies in ITIL practices and governance management objectives

11 ITIL 4 and COBIT 2019: how they are different

Conclusion

About

the

author

02 TIL® 4 and COBIT®

AXELOS.COM

04 ITIL® 4 and COBIT®

AXELOS.COM

Governance is normally considered the study of ‘what’ an organization needs to achieve, whereas management
is usually about ‘how’ to achieve it. In other words, COBIT is the governance framework and ITIL is the execution
framework.

Figure 3.1 COBIT and ITIL interaction

ITIL 4

ITIL 4 acknowledges that there are various methods of managing and implementing IT. Hence, it does not prescribe definite
processes and architectures, as this may be counterproductive to the specific service delivery environment. Instead, ITIL 4
builds upon the immense pool of existing knowledge of IT service management practices present in various organizations. At
the same time making it flexible enough for organizations to use when and how they need it.

ITIL 4 advocates that any service delivery and value creation effort should consider the four dimensions of service
management as:

organizations and people

information and technology

partners and suppliers

value streams and processes.

ITIL service value system consists of:

Guiding principles: recommendations that can guide an organization in all circumstances, regardless of changes in its goals,
strategies, type of work, or management structure.

Governance: the means by which an organization is directed and controlled.

Service value chain: a set of interconnected activities that an organization performs to deliver a valuable product or service to
its consumers and to facilitate value realization.

Practices: sets of organizational resources designed for performing work or accomplishing an objective.

Continual improvement: a recurring organizational activity performed at all levels to ensure that an organization’s
performance continually meets stakeholders’ expectations.

ITIL® 4 and COBIT® 05

AXELOS.COM

Figure 4.1 Service value system

The service value chain consists of six activities:

plan

improve

engage

design and transition

obtain/build

deliver and support.

COBIT 2019

COBIT has been one of the most popular options for anyone attempting to establish governance over IT service creation
and delivery. COBIT also established creation through IT-enabled investments. There have been other attempts such as
ISO 38500, OECD® principles, and the Cadbury report. However, these have not be as popular as COBIT, nor have they
developed the large repository of knowledge as COBIT has.

COBIT 2019 has been updated with new guidance, facilitating an easier and more intuitive implementation. This will
strengthen COBIT’s continuing role as an important driver of innovation and business transformation.

COBIT 2019 prescribes the six governance system principles as:

provide stakeholder value

holistic approach

dynamic governance system

governance distinct from management

tailored to enterprise needs

end-to-end governance system.

COBIT 2019 product architecture consists of major components.

ITIL® 4 and COBIT® 07

AXELOS.COM

ITIL 4 and COBIT 2019: similarities in framework architecture

6.1 GOVERNANCE IN COBIT 2019 AND ITIL SVS

ITIL 4 service value system is an example of how various components in a service providers organization can come together
to create value. One of the important components of ITIL SVS is governance. The principles of governance as discussed
in COBIT are similar to some of the concepts discussed in ITIL 4. Evaluate, direct and monitor are the basic governance
components accepted by both ITIL 4 and COBIT 2019.

6.2 GUIDING PRINCIPLES

Figure 6.1 Guiding principles

The 7 guiding principles of ITIL 4 should be considered in all areas of an organization. Some of the guiding principles in ITIL
4 have a close relationship with the governance system principles described in COBIT 2019 such as:

Focus on value: the ITIL 4 guiding principle of focus on value is compatible with the COBIT 2019 governance principle of
delivering stakeholder value. Both principles focus on value creation for the relevant stakeholders.

Think and work holistically: the ITIL 4 guiding principle of think and work holistically is compatible with the COBIT 2019
governance principle of end-to-end governance system. Both principles state that value cannot be delivered by working in
isolation but can only be created by focusing on all of the components that the enterprise puts in place to achieve its goals.

Progress iteratively with feedback: ITIL 4 guiding principle of progress iteratively with feedback has some similarity with
the COBIT 2019 governance principle of dynamic governance system. Both principles acknowledge that the management
framework will be revised during its lifetime in response to a changing business environment.

08 ITIL® 4 and COBIT®

AXELOS.COM

ITIL 4 reinforces the principle that value cannot be created by independently implementing either processes or technology.
The value creation must be brought about holistically to include the four dimensions of service management. These
dimensions complement some of the components of the COBIT 2019 components of the governance system. Interestingly
COBIT does identify partners/suppliers as one of the components of a governance system.

Organizations and people: this dimension is closely associated with the COBIT 2019 component of organization structures,
people skills, and competencies.

Information and technology: this dimension is closely related with the COBIT 2019 component of information, service
infrastructure, and applications.

Value streams and processes: this dimension is closely related with the COBIT 2019 component of processes, principle
policies, and procedures.

Synergy in components of the governance system and dimensions

of service management

Figure 7.1 Interaction between governance system and service management

10 ITIL® 4 and COBIT®

AXELOS.COM

10 Synergies in ITIL practices and governance management
objectives

Both ITIL 4 and COBIT are frameworks that have similar objectives yet attain them through different perspectives. One
to one mapping of processes is neither possible nor advisable. However, there are certain similarities that can be used to
complement one another.

COBIT has taken an open approach in articulating the scope of its influence. When necessary, it also does not shy away
from guiding users to other appropriate frameworks, standards, and processes. COBIT 4.1 and COBIT 5 have a related
guidance outline. COBIT2019 takes a step further in this direction. In the description of governance and management
objectives, each objective points to a ‘related guidance’ and ‘detailed reference’. Hence, it has become easier for
practitioners to combine the governance directions from COBIT, with the activities in ITIL, to create a comprehensive
solution. Nonetheless, in the current version of COBIT 2019 each objective is mapped to ITIL v3 processes.

The below table is a high-level overview of how COBIT 2019 governance and management objectives are mapped to ITIL 4
practices. It should be noted that this is a very high-level chart showing similarities and should not be considered as an exact
cross-reference of all of the content/activities within both of the frameworks. Its intention is to show how the implementation
of ITIL practices in an organization will support governance implementation efforts.

ITIL® 4 and COBIT® 11

AXELOS.COM

COBIT 2019 governance and management objective

ITIL 4 practices

EDM03

Ensured risk optimization

Risk management

APO02

Managed strategy

Strategy management

APO03

Managed enterprise architecture

Architecture management

APO05

Managed portfolio

Portfolio management

APO06

Managed budget and costs

Service financial management

APO07

Managed human resources

Workforce and talent management

APO08

Managed relationships

Relationship management

APO09

Managed service agreements

Service level management

APO10

Managed vendors

Supplier management

APO12

Managed risk

Information security management
(partial), Risk management

BAI02

Managed requirements definition

Business analysis, software
development, and management

BAI03

Managed solutions identification and
build

Service design

BAI04

Managed availability and capacity

Availability management, capacity, and
performance management

BAI05

Managed organizational change

Organizational change management

BAI06

Managed IT changes

Change control

BAI07

Managed IT change, acceptance, and
transitioning

Release management, deployment
management

BAI08

Managed knowledge

Knowledge management

BAI09

Managed assets

IT asset management

BAI10

Managed configuration

Service configuration management

BAI11

Managed projects

Project management

DSS01

Managed operations

Infrastructure and platform
management (partial)

DSS02

Managed service requests and
incidents

Incident management, service desk,
service request management

DSS03

Managed problems

Problem management

DSS04

Managed continuity

Service continuity management

DSS05

Managed security services

Information security management,

MEA01

Managed performance and
conformance monitoring

Continual improvement, measurement
and reporting

MEA02

Managed system of internal control

Information security management,
(partial)

Measurement and reporting (partial)

Table 10.1 COBIT 2019 objectives compared to ITIL 4 practices

ITIL® 4 and COBIT® 13

AXELOS.COM

References

AXELOS (2019). ITIL® Foundation, ITIL 4 edition. London: The Stationary Office

ISACA (2018). COBIT® 2019 Design Guide. Schaumburg: ISACA

ISACA (2019). COBIT® 2019 Framework: Introduction and Methodology. Schaumburg: ISACA

ISACA (2018). COBIT® 2019 Implementation Guide. Schaumburg: ISACA

Vyas, V, GEIT. Al Ghaith, J. Al Yaqoobi, A, PMP. Hasan, SJ. (18 January 2016) Dubai Customs COBIT 5 Implementation.
COBIT Focus, [online]. Available at: http://www.isaca.org/COBIT/focus/Pages/dubai-customs-cobit-5-implementation.aspx
[Accessed 20 May. 2019]

13 About the author

Vishal is Chief Solutions Officer at Knowlathon, heading global consulting and coaching
practice on IT Governance and IT Service management. He has delivered sessions and
projects in over 24 countries over 15 years. He is passionate about coaching teams
and organizations on ITSM, IT governance, and risk management to co-create unique
solutions for complex and challenging environments. Vishal is especially adept at
mentoring consultants and instructors to deliver high impact sessions and consulting
assignments. He also actively participates in industry forums to create knowledge
resources for advancement of public knowledge and understanding of best practice
frameworks.

14 About AXELOS

AXELOS is a joint venture company co-owned by the UK Government’s Cabinet Office and Capita plc.

It is responsible for developing, enhancing and promoting a number of best practice methodologies used
globally by professionals working primarily in project, programme and portfolio management, IT service
management and cyber resilience.

The methodologies, including ITIL®, PRINCE2®, PRINCE2 Agile®, MSP®, RESILIA® and its newest
addition AgileSHIFT® are adopted in more than 150 countries to improve employees’ skills, knowledge and
competence in order to make both individuals and organizations work more effectively.

In addition to globally recognized qualifications, AXELOS equips professionals with a wide range of content,
templates and toolkits through the CPD aligned My AXELOS and our online community of practitioners and
experts.

Visit www.AXELOS.com for the latest news about how AXELOS is ‘Making organizations
more effective’ and registration details to join AXELOS’ online community. If you have specific queries,
requests or would like to be added to the AXELOS mailing list please contact
[email protected].

15 Trade marks and statements

AXELOS®, the AXELOS swirl logo®, ITIL®, PRINCE2®, PRINCE2 Agile®, MSP®, M_o_R®, P3M3®, P3O®,
MoP®, MoV®, RESILIA® are registered trade marks of AXELOS Limited. AgileSHIFT® is a trade mark of
AXELOS Limited. All rights reserved.

COBIT® is a registered trademark of ISACA

Image credits:

©Getty/Fuse,

Figure 4.1 AXELOS (2019). London: The Stationary Office.

Figures 3.1, 6.1, and 7.1 were created by the author

Reuse of any content in this White Paper is permitted solely in accordance with the permission terms at
https://www.axelos.com/policies/legal/permitted-use-of-white-papers-and-case-studies

A copy of these terms can be provided on application to AXELOS at [email protected]

Our White Paper series should not be taken as constituting advice of any sort and no liability is accepted for
any loss resulting from or use of or reliance on its content. While every effort is made to ensure the accuracy
and reliability of information, AXELOS cannot accept responsibility for errors, omissions or inaccuracies.
Content, diagrams, logos and jackets are correct at time of going to press but may be subject to change
without notice.

Sourced and published on www.AXELOS.com

TIL® 4 and COBIT® 14

AXELOS.COM