The primary goals for information technology governance are to ‘guide and direct’, assure the business value in the investments in IT and mitigate the risks that are associated with IT and its management. This can be done by;
IT governance can be confused with good management practices and IT control frameworks, rather than a management system used by directors and the business executive. Whilst ensuring compliance is an essential component of good governance, it is essential to be focused on delivering value and measuring performance.
The collapse of Enron in 2000, and alleged issues within Arthur Anderson and Worldcom emphasised the need for defined duties and responsibilities of the boards of directors for public and privately held corporations and robust management systems combined with reporting mechanisms and performance indicators.
COBIT focuses on the definition, implementation, auditing, measurement and improvement of controls for specific processes that span the entire IT life cycle. It is an excellent reference model for IT governance across the IT life cycle – more about the ‘what’ in service delivery.
ITIL primarily focuses on defining the process, functional, operational and organizational attributes that need to be in place for IT management lifecycle to be fully optimized. ITIL is more about the ‘how’ in service delivery.
COBIT can be thought of as defining the CSF and related KPIs that ITIL processes must deliver against, all within a guidance framework tied back to audits.
COBIT has 34 high level processes that cover 210 control objectives categorized in four domains:
COBIT provides benefits to managers, IT users, and auditors.
Managers benefit from COBIT because it provides them with a foundation upon which IT related decisions and investments can be based. Decision making is more effective because COBIT aids management in defining a strategic IT plan.
IT users benefit from COBIT because of the assurance provided to them by COBIT’s defined controls, security, and process governance.
COBIT benefits auditors because it defines IT control components within a company’s IT infrastructure and thereby helps them support their audit findings.
The complete COBIT package consists of:
The IT Infrastructure Library® (ITIL) is the most widely accepted approach to IT Service Management in the world.
ITIL is a best practice framework, drawn from the public and private sectors internationally. It describes the management of IT resources to deliver business value – and sets expectations that documented processes, functions and roles will be identified in IT Service Management (ITSM). ITIL is intended to assist organisations in optimising their IT service management practices and ensure that the delivery of identified ‘services’ are in alignment with business expectations.
The focus of ITIL today is integration of IT into the business, assuring the delivery of business value and the treatment of services as business assets. ITIL describes the life of a service from definition to retirement, in the Service Portfolio. The initial part of the ‘portfolio’ is the Service Pipeline, which defines all the services in planning and development, and subsequently tranisitions to the Service Catalogue, which contains the services being offered to the business users.
The original version of ITIL was developed at the same time as, and in alignment with BS 15000, the former UK standard for IT Service Management.
A new version of ITIL was introduced in 2007 (ITIL V3).
ITIL delivers tried and tested processes that ensure predictable, repeatable and reliable outcomes in IT, ensuring the delivery of value to the business.
The central core of ITIL is Service Strategy. The cycle of lifecycle stages is Design / Transition / Operation and Continual Improvement is wrapped around it.