Governing ITIL with CobiT
Posted by twinkleto3s on August 12, 2008
ITIL is clear that it does not stand alone, and in fact, you cannot “do ITIL” without some form of governance. But what does “governance” mean? ITIL requires a framework of policy, process, procedures and metrics that can give direction to IT operations (and ITIL activities). Control Objectives for IT (CobiT) does just this.
We’ve all heard the saying that, “…if you can’t measure it you can’t control it, and if you can’t control it you can’t manage it.” This has never been truer than when “it” refers to IT. As IT professionals we’ve probably all had an opportunity to work in really well-managed IT shops, as well as those that would even make Dilbert cringe. When you compare the two, the well-managed IT organizations knew where they were going (destination), they knew how they were going to get there (roadmap), and they all knew where they were (current location).
The poorly managed IT shops? For the most part, they didn’t know where they were headed (no communicated objective), so any road would get them there (wandering aimlessly). Essentially they were lost.
Unfortunately many IT organizations turn to the ITIL and the potential of IT Service Management as if it alone will lead them to some “promised land.” They go off and get trained, and go back to work and try to “do ITIL.” The result is often just a marginally “less lost” IT shop. Why is that? How does an IT organization ensure its destination is the right one? How does it know it’s on the right path? How does it determine where it is on that path? Following I introduce the idea of governing ITIL with CobiT.
IT Governance
The IT Infrastructure Library was never intended to be a stand-alone set of good practices. Its primary focus is to bring a process-oriented approach to the delivery of the IT infrastructure as a set of services, and the direct support of those services. Issues of managing process deployment resources, quality, and security all require the integration of other frameworks and methods to enable the ITIL’s IT Service Management processes to achieve their purpose. Still it’s not enough. This is where IT Governance comes in. One possible answer is to use Control Objectives for IT (CobiT) to establish the governance framework for IT Service Management using ITIL.
IT Governance ties IT goals to those of the enterprise. It ensures that IT delivers valuable services through the optimal use of its resources, while understanding the risks involved and the establishment of goals and metrics to track organizational performance.
IT Governance Focus Areas
* Strategic Alignment – Link IT & Business Goals
* Value Delivery – Optimize the Cost & Value of IT Services
* Resource Management – Optimize Resource Investment
* Risk Management – Understand the Enterprise’s Appetite for Risk
* Performance Management – Track & Monitor Achievements
CobiT’s Role in IT Governance
Control Objectives for IT (CobiT) was developed by the IT Governance Institute (www.ITGI.org) to advance international thinking and standards in directing and controlling enterprise information technology. CobiT supports IT Governance through its framework of 34 IT processes. This framework ensures business and IT alignment, maximizes IT enablement of business processes, optimizes IT resources and manages risk.
CobiT Ensures:
- IT & Business Alignment
- IT Enabled Business Processes
- IT Resource Optimization
- IT Management of Risks
CobiT’s framework accomplishes this by focusing on the business’ requirement for information, and the structured (process) utilization of IT resources. It groups its 34 processes into four domains; plan & organize, acquire & implement, deliver & support and monitor & evaluate. Each process has a high-level control objective (the desired outcome) and one or more detailed control objectives that address the requirements of the actual activities that it performs. The framework utilizes a structured approach in describing each; it details the process, what business requirement it is intended to fulfill, its focus area, how it is to be achieved, and how it will be measured. It also details how to assess each process’ maturity (capability, control & coverage).
In effect, CobiT’s framework establishes what needs to be done to provide the information the enterprise needs to achieve its goals. It does this by the establishing control objectives that link the business goals in a cascading set of IT goals and metrics. These extend from the strategic alignment of business’ IT capability requirements all the way down to the tactical management of those processes involved in achieving those goals
