Service Management Blog

COBIT vs ITIL: IT Governance Frameworks

4 minute read
Stephen Watts

COBIT and ITIL are both popular systems used for governance in IT service management. Utilized together, in part or in whole, these IT frameworks offer guidance for effective management of IT services.

What’s the difference between ITIL and COBIT?

ITIL is a framework that enables IT services to be managed across their lifecycle. COBIT, on the other hand, aids enterprise IT governance to generate the maximum added value to the business via its IT investments, while mitigating risks and optimizing resources.

Download Now: ITIL 4 Best Practice e-Books

These all-new for 2020 ITIL e-books highlight important elements of ITIL 4 best practices. Quickly understand key changes and actionable concepts, written by ITIL 4 contributors.

COBIT Basics

COBIT is a methodology that aims at connecting business goals to IT goals – assigning objectives and duties to both business and IT leaders. It provides the resources to build, monitor, and improve its implementation, while helping to reduce costs, establish and maintain privacy standards, and give structure and oversight to general IT processes within the company.

These resources include:

  • Frameworks, which help to achieve a balance between benefits and risks
  • Process Descriptions
  • Control Objectives
  • Management Guidelines
  • Maturity Models

The COBIT framework is based on these five guiding principles:

1. Meeting Stakeholder Needs

This principle is focused on value creation for enterprise stakeholders.

Meeting Stakeholder Needs

Source: COBIT® 5, figure 3. © 2012 ISACA® All rights reserved.

2. Covering the Enterprise End-to-end

This includes coverage of all corporate processes and functions that relate to information flow and technologies.

Governance Objective: Value Creation

Source: COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.

Roles, Activities and Relationships

Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.

3. Applying a Single Integrated Framework

This principle focuses on implementing a single set of standards to be used across the business.

4. Enabling a Holistic Approach

This principle has seven categories of enablers, as defined by COBIT 5:

  • Principles, policies and frameworks
  • Processes
  • Organizational structures
  • Culture, ethics and behavior
  • Information
  • Services, infrastructure and applications
  • People, skills, and competencies
COBIT 5 Enablers

Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.

5. Separating Governance From Management

This principle ensures that governance and management don’t get confused.

Separating Governance from Management

Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.

ITIL Basics

ITIL is a framework that focuses on and enables IT services to be managed across their lifecycle, from mirroring the IT landscape components (configuration items) on a centralized knowledge base to registering their lifecycle (changes, events, and incidents) to managing the evolution of those configuration items (versions, integrations, and so on). ITIL is organized in the following main service components:

  1. Service Strategy focuses on mirroring the overall IT Service Delivery model in a manner that perfectly matches and covers the organization structure and inherent needs, while establishing processes that enable monitoring and updating of the configuration items as per business needs and impact.
  2. Service Design is not merely an initial activity that seeks to design the IT services in a manner that will match the organizational structure, but a continuous assessment that, aims to have a set of IT processes and service processes designed to best fit corporate needs.
  3. Service Transition defines and mitigates change risk through proper Change Management and Planning.
  4. Service Operation assures daily operations by delivering needed current recursive support tasks such as Service Desk or Backups, among others.
  5. Continuous Service Improvement looks at established KPIs and their evolution as well as Problems and bottlenecks, and performs needed analysis that will lead to the formulation of Optimization proposals.

How, why & when? Combined or separate?

In many ways, COBIT provides the “what” and ITIL shows the “how.”

When companies start with ITIL, they can then move to effectively integrating IT into their core business processes. IT provides a support role to the organization similar to HR or Purchasing, but a major difference is that IT is often constantly present throughout the corporate operational cycle – whereas the other two only play a specific role in given circumstances, or when needs arise. Therefore, it is relevant to include IT in the entire operational cycle in a manner such that it can effectively support it and add value to the business.

ITIL provides detailed advice on how to carry out several COBIT processes. Change Management is an example where ITIL clearly defines a structure and a process to accomplish it properly.

COBIT’s Principle 1 (Meeting Stakeholder Needs) includes the goals cascade mechanism that enhances ITIL effectiveness (when both are present) by supporting Service Management in: prioritizing Service Management improvement opportunities, identifying its key activities, and acting as a means of justification for improvement proposals by linking those to concrete organizational objectives.

Do ITIL and COBIT overlap?

Some processes match each other. For instance, the BAI06 Managing Changes process in COBIT matches the ITIL Change Management process under the Service Transition Chapter. On the other hand, risk mitigation in ITIL is addressed by the risk management topic, but no specific process is available – whereas in COBIT we find the process APO12, which manages risks.

So, while there is some overlapping, one needs to understand that if COBIT is an antibiotic, ITIL is an aspirin. Both are important and both have distinct yet complementary goals. Both provide guidance on best practices for a company to adapt to its unique situation, but do not enable any blueprints to follow.

Although DevOps significantly improves on ITIL’s way of addressing development, and PMBOK deals with project management (which is something ITIL does not), there is really no alternative for ITIL – whereas there are several alternatives to COBIT.

Additional resources

New for 2020: ITIL 4 Best Practice e-Books

These all-new for 2020 ITIL e-Books highlight important elements of ITIL 4 best practices so that you can quickly understand key changes and actionable concepts. Download now for free!


These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Stephen Watts

Stephen Watts (Birmingham, AL) has worked at the intersection of IT and marketing for BMC Software since 2012.

Stephen contributes to a variety of publications including CIO.com, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.