You are on page 1of 13

Given that IT is operationally critical and strategic to enterprise success, then

adopting best professional management practices should be a management


imperative. ITIL® and COBIT® are two of the most widely adopted frameworks
for supporting IT governance and management improvement initiatives and
when used together as complementary tools can provide an even more powerful
solution to your organization’s service management and governance needs.

However, every enterprise needs to tailor these practices to suit their individual
requirements and overcome common obstacles to ensure that any improvement

Interfacing and Adopting ITIL® and COBIT®


initiative is driven by business priorities and requirements.

This is where this publication can help you. If you are already using ITIL or COBIT,
it will show you how to effectively adopt and utilize these two best practices as
complementary tools, resulting in improved IT service capability that is aligned
with business and governance requirements. If you are new to ITIL or COBIT, it
will provide a useful overview of the advantages of both practices and how and Interfacing and Adopting ITIL® and COBIT®
why they can be used together.

By following the guidance in this publication, you will learn how to realize the
value from your IT investments and services, enabling you to achieve cost-
effective IT solutions, as well as better governance and management of IT
services.

I S B N 9 7 8 -0 -1 1 -3 3 1 4 5 2 -2

ANAGE
TM

ME
BES

NT PRAC
www.tso.co.uk 9 780113 314522

T
UC
TIC
E PROD

9449 ITIL Interfacing and Adopting Cov v1_0 7mm SPINE.indd All Pages 16/12/2015 17:13
Interfacing and Adopting ITIL® and COBIT®

London: TSO

48906_AXELOS FOR PRINT.indb 1 15/12/2015 18:08


Published by TSO (The Stationery Office), part of Williams Lea and available
from:
Online
www.tsoshop.co.uk

Mail, Telephone, Fax & E-mail


TSO
PO Box 29, Norwich, NR3 1GN
Telephone orders/General enquiries: 0333 202 5070
Fax orders: 0333 202 5080
E-mail: customer.services@tso.co.uk
Textphone: 0333 202 5077

TSO@Blackwell and other Accredited Agents

© The Stationery Office 2015


All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or
transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise
without the permission of the publisher.
Copyright in the typographical arrangement and design is vested in The Stationery Office Limited.
Applications for reproduction should be made in writing to The Stationery Office Limited, St Crispins,
Duke Street, Norwich, NR3 1PD.
Applications for reproduction should be made in writing to The Stationery Office Limited, St Crispins,
Duke Street, Norwich NR3 1PD.
The information contained in this publication is believed to be correct at the time of manufacture.
Whilst care has been taken to ensure that the information is accurate, the publisher can accept no
responsibility for any errors or omissions or for changes to the details given.
This product includes COBIT 5® ©2012 ISACA® used by permission of ISACA®. All rights reserved
The AXELOS swirl logo is a trade mark of AXELOS Limited
The AXELOS logo is a trade mark of AXELOS Limited
The Best Management Practice Official Publisher logo is a trade mark of AXELOS Limited
PRINCE2® is a registered trade mark of AXELOS Limited
MoP® is a registered trade mark of AXELOS Limited
ITIL® is a registered trade mark of AXELOS Limited
M_o_R® is a registered trade mark of AXELOS Limited
COBIT 5® is a registered trademark of ISACA®
A CIP catalogue record for this book is available from the British Library
A Library of Congress CIP catalogue record has been applied for.
First published 2015
ISBN 9780113314522
Printed in the United Kingdom for The Stationery Office
Material is FSC certified. Sourced from responsible sources.

48906_AXELOS FOR PRINT.indb 2 15/12/2015 18:08


Contents

List of figures and tables v 3.5 Governance and management


activities related to IT services 27
Acknowledgements vi
4 Practical applications for using ITIL
1 Introduction 1 and COBIT together 31
1.1 Today’s business view of IT 3 4.1 Objective 1 – Delivering value from
1.2 The benefits of ITIL® and COBIT® 4 an IT service 33
4.2 Objective 2 – Aligning IT services with
1.3 Objectives of this guide 4
enterprise objectives and risks 34
2 ITIL and COBIT 7 4.3 Objective 3 – Developing IT solutions
2.1 Introduction to COBIT 9 and services to align with desired
business outcomes 38
2.2 COBIT 5 overview 10
4.4 Objective 4 – Aligning IT service level
2.3 COBIT 5 process model 11 agreements with business objectives 41
2.4 COBIT 5 implementation 13 4.5 Objective 5 – Ensuring IT services are
2.5 Introduction to ITIL 14 defined and delivered securely 43

2.6 ITIL Service Strategy 15 4.6 Objective 6 – Managing enterprise


and IT service supplier relationships 45
2.7 ITIL Service Design 16
4.7 Objective 7 – Optimizing the portfolio
2.8 ITIL Service Transition 17 of IT services and the service catalogue
2.9 ITIL Service Operation 18 to deliver benefits and optimize costs 46

2.10 ITIL Continual Service Improvement 19 5 Achieving required service capability


and monitoring performance 49
3 Governance and management
of IT services 21 5.1 The importance of assessing capability 51

3.1 Business context – value 23 5.2 Driving a positive improvement culture 52

3.2 IT risk 25 5.3 How to assess capability 53

3.3 Information is a key resource for 5.4 Driving improvement 53


all enterprises 26 5.5 Monitoring performance 59
3.4 Key drivers affecting service 6 Conclusions 61
management 27

48906_AXELOS FOR PRINT.indb 3 15/12/2015 18:08


iv | Interfacing and Adopting ITIL and COBIT
Bibliography and further reading 65
Appendix A: COBIT and ITIL mapping 69
Appendix B: Examples of mappings
based on enterprise goals 95
Index 103

48906_AXELOS FOR PRINT.indb 4 15/12/2015 18:08


List of figures and tables
FIGURES Table 4.7 COBIT 5 processes mapped to ITIL
guidance for managing enterprise
Figure 2.1 Meeting stakeholder needs 10 and IT service supplier relationships 45
Figure 2.2 Processes for governance of Table 4.8 COBIT 5 processes mapped to
enterprise IT 12 ITIL guidance for optimizing the
Figure 2.3 Seven phases of the portfolio of IT services and the
implementation lifecycle 14 service catalogue to deliver benefits
and optimize costs 47
Figure 2.4 The ITIL service lifecycle 15
Table 5.1 IT service management maturity
Figure 4.1 COBIT value creation 33 paths 53
Figure 4.2 The overall value chain 35 Table A.1 COBIT 5 enterprise goals mapped
Figure 5.1 Ensuring strategic alignment 52 to IT-related goals 72

Figure 5.2 Continual service improvement Table A.2 IT-related goals mapped to IT
approach 57 processes 76
Table A.3 Risk scenarios mapped to IT
TABLES processes 82

Table 3.1 The objectives of effective Table A.4 COBIT 5 IT-related processes mapped
governance and management to ITIL 2011 guidance 91
of IT services 28 Table B.1 Cascade example – top 10 COBIT 5
Table 4.1 COBIT 5 enterprise goals 36 processes based on the enterprise
goal of customer-oriented service
Table 4.2 COBIT 5 IT-related goals 37
culture 97
Table 4.3 COBIT 5 processes mapped to ITIL
Table B.2 Cascade example – top 10 COBIT 5
guidance for aligning objectives 39
processes based on the enterprise
Table 4.4 COBIT 5 processes mapped to ITIL goal of business service continuity
guidance for designing and and availability 99
developing solutions and services 40
Table B.3 Cascade example – top 10 COBIT 5
Table 4.5 COBIT 5 processes mapped to ITIL processes based on the enterprise
guidance for aligning IT service level goal of optimization of service
agreements with business objectives 42 delivery costs 100
Table 4.6 COBIT 5 processes mapped to ITIL
guidance for ensuring IT services
are defined and delivered securely 44

48906_AXELOS FOR PRINT.indb 5 15/12/2015 18:08


Acknowledgements

AUTHOR
Gary Hardy, IT Winners

REVIEWERS
We would like to thank those who participated
in the quality assurance of this publication,
generously donating their time to reviewing this
title, including:
Claire Agutter ITSM Zone
Duncan Anderson Global Knowledge
Johannes Botha get-IT-right.com
James Doss itvaluequickstart.com
Lucio Augusto
Molina Focazzio Independent consultant
Jimmy Heschl Red Bull
John E. Jasinski C5Plugin
Christian F. Nissen CFN People
Marco Smith ICORE Ltd

48906_AXELOS FOR PRINT.indb 6 15/12/2015 18:08


9449 ITIL Interfacing and Implementing CP.indd 1

48906_AXELOS FOR PRINT.indb 1


Introduction 1
25/08/2015 12:10

15/12/2015 18:08
48906_AXELOS FOR PRINT.indb 2 15/12/2015 18:08
 | 3

1 Introduction

1.1 TODAY’S BUSINESS VIEW OF IT proportion of an enterprise’s costs, yet many


enterprises fail to optimize these costs and obtain
For many years, IT has been an enabler for
a good return from their IT-related investments.
enterprise success and a strategic tool for increasing
Enterprises – especially those operating globally
competitive advantage. Now IT has become
– are also dealing with an increasing amount
pervasive in all aspects of business activity, public
of regulation. As a result of this environment,
service and personal communications. IT services are
IT services must be responsive to fast-changing
embedded in business processes and have become
demands and be predictable, reliable, secure and
an integral part of enterprise operations. With the
cost-effective.
expansion of the internet providing high-capacity
and low-cost mobile communications, IT is no The increased focus on IT by executive management
longer confined to the IT function or just within the has highlighted the need for better governance
enterprise – it can be utilized anywhere at any time and management of IT. The concept and actual
by anybody. practice of IT governance have gained significant
momentum and acceptance in recent years and this
Successful enterprises apply effective governance
is driving a need for IT best practices to be aligned
and management practices to ensure that objectives
with business and governance requirements. It has
are achieved and risks are minimized. They
shifted management’s attention away from just
recognize that strategic planning and execution
technology solutions and towards defining the
must be driven and monitored by executive
beneficial outcomes desired from the use of IT.
management if value is to be created. Given IT’s
pervasiveness, informed business leaders are (Note: although ‘IT governance’ is the commonly
recognizing that the same attitude must be applied used term, in reality we mean improved
in relation to IT, ensuring that controls are in place enterprise governance to include IT. ISACA uses
to preserve value and avoid IT-related business risks. the term ‘governance of enterprise IT’ [GEIT] to
They insist on adoption and adaptation of best try to emphasize this point. The goal is not to
practices in areas such as portfolio management, create another IT silo in this case with respect to
service delivery and risk management, and they are governance.)
able to monitor IT’s performance using business- One of the most important enablers in an enterprise
oriented reporting. is the provision of cost-effective IT services at
Executive management needs to pay special service levels necessary to support critical business
attention to the use of IT, given that IT is now functions. If IT services and service levels are not
so intrinsic to the execution of business strategy clearly defined, and the service levels not properly
and operations. IT accounts for a very significant

48906_AXELOS FOR PRINT.indb 3 15/12/2015 18:08


4 | Interfacing and Adopting ITIL and COBIT
measured and monitored, then it is likely that the framework for enterprise-wide governance and
services provided will fail to meet business needs. management of IT.
The growing capability and capacity of the internet, COBIT provides the strategic orientation and focus,
mobile communications and cloud computing by considering all stakeholder needs, and by linking
are enabling a transition towards outsourced business and governance requirements to critical
IT services rather than just IT applications or IT-related areas. It helps establish ‘what to do’
solutions. This will evolve towards what might be and helps obtain executive-level sponsorship for
called ‘cloud business’, since in reality they will any necessary improvement. Just as importantly, it
become IT-enabled business services. We have ensures executive-level accountability for IT-related
already seen this happen with, for example, cloud- business decisions. ITIL provides best practice for
based sales processes, online gaming, email and ‘how to do’: the planning, designing, building and
social networking. Therefore, IT functions and operating of the IT services required to support and
the business must together take responsibility for sustain the enterprise’s IT-related objectives.
managing the operation of business processes and
ITIL and COBIT are the two most widely adopted
related IT services. This requires mature IT service
frameworks for supporting IT governance and
management, IT management and IT governance
management improvement initiatives, and when
practices that include the business process owners
used together implementation will be significantly
(the consumers of the services), the IT function
more effective. By utilizing both frameworks,
(which manages IT in an enterprise) and service
improvements will be driven top down with
providers (who increasingly will supply IT-enabled
management’s support and commitment. Using ITIL
business services).
and COBIT will help to improve the success, stability
and quality of IT services, and the speed at which
1.2 THE BENEFITS OF ITIL® AND COBIT® they are delivered.
The adoption of proven best practices helps guide Leveraging proven best practices allows
professional behaviour, increases effectiveness organizations to implement standard processes in
and efficiency, and results in reliable and place of ad hoc approaches. It also helps to maintain
trusted activities. It avoids ‘reinventing wheels’; enterprise knowledge (rather than relying on expert
avoids disagreements between business, IT, risk staff) and develops professionalism and career
and assurance stakeholders; and saves time in progression within the organization. It embeds a
developing approaches. shared vision of good practice into business as usual
and makes meeting contractual requirements and
Given that IT is operationally critical and strategic to
compliance obligations easier.
enterprise success, then adopting good professional
management practices should be a management
imperative. ITIL has become the world’s most 1.3 OBJECTIVES OF THIS GUIDE
popular and effective guidance for IT service
This guide will help organizations that are already
management. Used by thousands of individuals
using ITIL or COBIT to effectively adopt and utilize
and enterprises, COBIT is the world’s most used
these two best practices as complementary tools –

48906_AXELOS FOR PRINT.indb 4 15/12/2015 18:08


Introduction | 5
to enable improved IT service capability aligned by, improvement projects and operational
with the enterprise’s business and governance services.
requirements. For those new to ITIL or COBIT,
This can lead to many other business benefits,
the guide will provide a useful overview of the
including the engagement of executive
advantages of both practices and how and why they
management and business process owners,
can be used together.
efficiency gains, less reliance on experts, fewer
Every enterprise needs to tailor the use of ITIL and errors, increased trust from business partners, and
COBIT to suit its individual requirements. Experience respect from regulators. It will also emphasize the
has shown that adoption of these potentially helpful importance of setting direction and monitoring
best practices can be costly and unfocused if it is (governance) and of the execution of objectives
not driven by business priorities and requirements. (management).
Given the enterprise-wide use of IT, there needs to
This guide is intended for all users of ITIL and
be an enterprise view of IT and of the governance
COBIT – current or prospective – who are interested
and management practices required. Executive
in driving increased value from IT. This includes
management, business management, auditors,
business and IT management, IT professionals
compliance officers, IT managers and IT practitioners
(including consultants and advisors), auditors and
should work together to ensure that use of COBIT
process assessors.
and ITIL leads to cost-effective and value-generating
IT solutions and services. The contents of the guide are organized as follows:

This guide will help enterprises adopt and adapt ITIL ■■ Chapter 2 provides an overview of ITIL and
and COBIT to: COBIT.
■■ Chapter 3 describes the business context and
■■ Better govern and manage IT services
issues that drive a need for effective governance
■■ Gain executive management buy-in and support
and management of IT services, and describes
for continual service improvement
the most important governance management
■■ Provide a transparent and accurate view of activities related to service management.
current IT process performance and significant
■■ Chapter 4 explains how to use ITIL and COBIT to
gaps to enable decision-making
define the requirements for service capability
■■ Prioritize improvement plans and actions based – understanding business and compliance
on business needs and the value generated requirements for IT services and focusing on key
■■ Improve the efficiency and effectiveness of ITIL processes.
implementation activities ■■ Chapter 5 explains how to use ITIL and COBIT to
■■ Create an effective framework of management assess service capability, implement improvements
structures, policies and defined practices in an integrated way and measure service
■■ Provide structure and context for existing or performance using appropriate performance
potential activities objectives and metrics – based on maturity
■■ Provide management with key practices to assessments and best-practices gap analysis.
monitor the performance of, and value delivered ■■ Chapter 6 provides some conclusions.

48906_AXELOS FOR PRINT.indb 5 15/12/2015 18:08