Updated: Jan 6
Key Words: ITIL 4 COBIT2019 Certification Information management
Both COBIT and ITIL are the frameworks that CIO and other informatization middle and senior managers must learn. Using the two together can provide comprehensive guidance for the effective management of informatization. The latest versions of ITIL 4 and COBIT 2019 have just come out in the first half of 2019, reflecting the general trend of global information management development, and it is worth learning for every CIO and can avoid a lot of detours.
There may be conflicts between Do right Things and Do things right. If COBIT is an antibiotic, then ITIL is aspirin. Both are important and have clear but complementary goals. In the IT environment, doing the right thing can be summarized as the IT team's decision to focus on achieving business goals, helping to create maximum added value for the business, while reducing risks and optimizing resources. This is Enterprise IT Governance (EGIT). After determining the right thing, the IT team will focus on doing the right thing, that is to say, how the IT team will perform this task, the overall organization of IT services (especially the work of the IT department), and provide opportunities for continuous operation and improvement. This is precisely IT Service Management (ITSM).
1. Perspective: IT governance or IT management
There is a certain degree of confusion regarding the term IT governance. Some IT professionals mistakenly believe that IT governance is related to compliance with rules and regulations and general bureaucratic tasks, which hinder normal operations. This view of IT governance is unfair and inaccurate.
In fact, IT governance and IT management work together. IT governance ensures that IT activities and processes are aligned with overall goals. IT management is the method IT teams use to achieve these goals. IT governance aims to achieve a balance between IT performance and IT compliance. IT performance can ensure that IT continues to provide value and meet consumer expectations in terms of cost and functionality. IT consistency ensures that all rules and regulations are complied with and all risks are properly managed.
IT performance and IT conformance may conflict with each other. For example, under the over-focus on IT compliance, the IT security department implements strict password policies. For example, all passwords must be 32 characters in length and need to be changed every day. This brings difficulties to users. On the other hand, emphasizing IT performance will require the implementation of loose password policies. For example, a password never expires, only requires four characters, and contains only numbers, which will endanger IT security. IT governance will create a system to evaluate the various options available and then select the appropriate option. Therefore, IT governance is a balance between IT performance and IT conformance.
COBIT's perspective is top-down. It separates governance from management and is a set of practices that senior managers should understand how they should approach corporate IT.
ITIL's perspective is head-up, talking about service management, and it is a road map that determines how to organize IT staff's work practices and processes.
2. ITIL 4 and COBIT2019: One Problem and Two Solutions
IT is more complex than it was 20 years ago and is still evolving. Initially, the tremendous efficiency improvement that IT brings to business processes is a key driver for the increasing use of IT in many areas. The increase in the quantity and quality of technology has led to the use of IT in more complex and critical business processes. In just a few years, the industry is facing more and more complex IT, which has been ubiquitous in industry segments, business areas and processes.
This complexity is caused by the explosion in the number of machines and the interdependence between technologies. In addition, too many stakeholders deal with all aspects of IT design, creation, delivery, and consumption at the same time. IT stakeholders have been trying their best to manage this complexity, so ITIL is right. Business stakeholders also try to use IT to meet business goals, so the COBIT governance and control framework is born.
Over the years, the focus of ITIL has been steadily evolving. Currently, ITIL 4 aims to provide customers with value in the form of services. The key goal is to understand the parameters and requirements involved in good service delivery and to look at the customer or business from the perspective of the service provider.
The focus of COBIT is constantly evolving. The main goal of COBIT 2019 is to ensure the provision of stakeholder value and the service delivery engine from a business perspective.
Essentially, COBIT 2019 and ITIL 4 are two different ways to achieve the same goal, and these two frameworks complement each other.
3. ITIL 4
ITIL 4 fully recognizes that there are different ways of managing and implementing IT. Therefore, it does not emphasize a clear process and architecture like the previous version of ITIL, because this may have a counterproductive effect on the specific service delivery environment. On the contrary, ITIL 4 is based on a large amount of existing IT service management practical knowledge in various organizations. At the same time, it enables organizations to use them flexibly when and how they need it.
ITIL 4 advocates that any service delivery and value creation work should regard the four dimensions of service management as:
Organization and people information and technology partners and supplier value streams and processes.
ITIL service value system includes:
Guiding Principles: Can guide the organization’s recommendations in any situation, regardless of changes in its objectives, strategy, type of work, or management structure.
Governance: the means of organizational guidance and control.
Service value chain: A set of interconnected activities performed by an organization to provide valuable products or services to its consumers and promote value realization.
Practice: A set of organizational resources designed to perform work or achieve goals.
Continuous improvement: Regular organizational activities at all levels to ensure that the performance of the organization continues to meet the expectations of stakeholders.