For many years, information technology professionals in IT service administration (ITSM) have been using COBIT (Control Goals for Information and Related Technology) and ITIL (Information Tech Infrastructure Library) for many years. Together COBIT and ITIL offer guidelines to the management of IT services by businesses, both internally and from third parties such as service providers and business partners.
The way to control the IT infrastructure could be described as ITIL over the whole lifecycle. COBIT is concerned with management of enterprise IT with a view to maximising the value created by the enterprise, allowed by IT expenditure and managing risk and capital. COBIT 5 identifies concepts and skills enabling an organisation to meet the needs of shareholders, especially those related to the use of IT assets and resources throughout the business. ITIL further describes those parts of company IT that are service managers (process activities, organisational structures, etc.).
Generally speaking, COBIT is broader than ITIL in its scope of coverage.
Purpose: ITIL is an ITSM framework. COBIT is an IT practice (and now governance) framework. ITSM has grown to mean “all of IT management seen from a service perspective” but that service slant or bias remains. COBIT is intended to be a comprehensive description of all IT practices. It may not do that perfectly but it comes much closer than ITIL because it doesn’t constrain itself to ITSM.
Coverage: ITIL covers less than half of COBIT’s range and only completely covers about a quarter of the practices (8 of the 34 COBIT processes) and that’s COBIT 4.1 whereas COBIT 5 opens the gap even further.
Rigour: ITIL’s narrative style (no really, compared to other frameworks it is downright chatty) may appeal, but as a foundation for my consulting activities the rigour and structure of COBIT is more dependable and useful. COBIT is systematically numbered; and every entity has a consistent structure. I actually find the formal COBIT structure much easier to use than the ITIL rambling: I find answers quicker, I get clearer concepts with less confusion, and I frame things readily.
Benchmark: You can assess against COBIT; it has clearly defined requirements. That was one of COBIT’s early drivers for adoption: auditing IT for SOx compliance. COBIT auditors/assessors are certified (CISA). To assess against ITIL you need to go to proprietary benchmarks (including TIPA, not to be confused with my Tipu). ISO20000 compliance is not the same thing as ITIL “compliance”.
Credibility: COBIT is written by a team, not a couple of authors per book. The same team for all the books. And then the list of all COBIT contributors and reviewers runs to pages. It is owned and published by a not-for-profit membership body set up and run by auditors, process geeks and security wonks.
Accessibility: COBIT is low cost compared to ITIL. There is a copyright and trademark waiver for use by consultants and vendors. You can subscribe to an interactive personalized online version.
Novelty: COBIT is of course not “new” any more than ITIL was when the world “discovered” it a decade ago. But COBIT has yet to be a fad, and the world is ready for a new fad as the realities of ITIL sink in. COBIT has none of the negative baggage accruing on ITIL. I think COBIT is its next silver bullet.
Governance: COBIT will be embraced because the realization is dawning that Cloud and SaaS and BYOD are business decisions not IT decisions, and that therefore it is high time the organization as a whole stepped up to its responsibilities for IT instead of abdicating and blaming IT. Organizations have failed their IT like a bad parent, and the road to redemption is via better enterprise-level governance of IT, and that’s what COBIT 5 is all about. ITIL Service Strategy actually talks about governance quite a lot but nobody has read it. COBIT has the governance high ground.
SINHARA'S NMIT Blog 