COBIT vs. ITIL: 5 Crucial Differences To Know

  • Control Objectives for Information and Related Technologies (COBIT) is defined as a framework meant to fill the gaps between business risks, management needs, and technical problems.
  • The Information Technology Infrastructure Library (ITIL) is defined as a framework designed to standardize the planning, selection, delivery, maintenance, and end-to-end lifecycle for business IT services.
  • This article covers the crucial differences between COBIT and ITIL.

What Is COBIT?

COBIT was initially coined as an acronym for Control Objectives for Information and Related Technology. However, with time, this expansion of the acronym has fallen in popularity, and COBIT is used as a standalone term to refer to the framework.

COBIT was developed in 1996 by the Information Systems Audit and Control Association (ISACA). Its original aim was to focus specifically on financial auditing in IT environments. As COBIT was upgraded, it grew to incorporate governance activities such as ISO 38500 and other ISACA frameworks.

With the release of COBIT 5 in 2012, the framework has grown to emphasize IT governance for business success. A 2013 add-on further enhanced its risk management capabilities. The latest released version of this framework is COBIT 2019.

COBIT provides several golden standards for IT controls, enabling value addition for enterprises through IT decisions while reducing risks. This framework gives companies a high-level roadmap to develop and manage IT governance practices. This supportive solution bridges the gap between technical and business issues and allows for better risk management and compliance around specific IT processes. Stakeholders rely on COBIT for maturity models, best practices, and metrics to measure the coordination and success metrics of business objectives and processes.

See More: Kanban vs. Scrum: 10 Key Differences

What Is ITIL?

The Information Technology Infrastructure Library (ITIL) is a framework for IT service management. Its core purpose is to highlight the best practices for delivering IT services.

ITIL features a systematic approach to information technology service management (ITSM). It is a useful solution for risk management, client relations enhancement, cost-effectiveness improvement, and creating a stable IT environment primed for scale, change, and growth.

The original ITIL consisted of 30 books. With the launch of ITIL V2 in 2000, these books were condensed into seven volumes, each covering a facet of IT management. The ITIL Refresh Project 2007 consolidated this framework further into five volumes covering 26 processes and functions. By 2011, ‘ITIL 2011′ was published under the UK Cabinet Office, with the number of volumes staying constant at five.

The core aim of ITIL is to help organizations ensure the creation of predictable IT environments and the delivery of best-in-class customer service. This is achieved through the streamlining of processes and the identification of opportunities for efficiency enhancement.

ITIL is also focused on integrating IT solutions into business processes. This, of course, is immensely important as information technology today is an indispensable aspect of every business process. ITIL 4, the latest version of the framework, maintains this focus while increasing the emphasis on creating a flexible and agile IT department.

The main functions of ITIL are service design, service strategy, service operations, and service transition. By using these components together, organizations can formulate an effective system that allows stakeholders to deliver IT services and associated goals efficiently.

  • Service design enables the development of detailed, fit-for-purpose IT solutions to fulfill customer requirements.
  • Service strategy drives the understanding of customer expectations for IT products and services and results in the seamless creation of delivery plans.
  • Service operations enable the efficient management of day-to-day activities related to service execution as per their key performance indicators (KPIs) and service level agreements (SLAs).
  • Finally, service transition guides the journey of approved solutions from design to production to minimize disruptions.

See More: Black Box vs. White Box Testing: Understanding 3 Key Differences

Key Differences Between COBIT and ITIL

COBIT is a framework designed to fill the gaps between business risks, management needs, and technical problems. Conversely, ITIL is a framework to standardize the planning, selection, delivery, maintenance, and end-to-end lifecycle for business IT services.

COBIT vs. ITIL Frameworks Overview

Sources: GeeksforGeeksOpens a new window and process.stOpens a new window

Let’s look closer at the key differences between COBIT and ITIL.

1. History

Developed by the Information Systems Audit and Control Association (ISACA), the COBIT IT management framework aims to support companies in developing, organizing, and implementing strategies related to information governance and management.

Originally known as Control Objectives for Information and Related Technologies, COBIT version 1 was released in 1996. It was initially designed as a collection of IT control objectives to enable financial audit personnel to navigate IT environment growth better.

ISACA released COBIT version 2 in 1998. This release expanded upon the framework and brought its applications to users outside the auditing domain.

COBIT version 3 was developed shortly after the turn of the millennium, introducing the information governance and IT management techniques that are a part of the framework even today.

COBIT 4 was released in 2005, with COBIT 4.1 being released soon after in 2007. These updates came with even more governance-related information surrounding information and communication technology.

COBIT 5 was released in 2012, and an add-on for this version was rolled out in 2013. This add-on came with a larger bank of information on information governance and risk management for enterprises.

ITIL is a global efficient IT framework that drives cost reduction and improved customer service in business IT environments.

The origins of ITIL lie in the United Kingdom. In the 1980s, the British government recognized that the quality of its IT infrastructure wasn’t up to the mark. This set in motion a series of events that led to the origin of ITIL.

The Central Computer and Telecommunications Agency (CCTA), now known as the Office of Government Commerce (OGC), was tasked with developing a standard for better connecting IT systems in the private and public sectors. This exercise aimed to build a more efficient framework and a more cost-effective implementation of IT resources.

ITIL V1 covered procedures such as change management, software distribution and control, help desk management, capacity management, business continuity planning, cost management, and availability management. In the early 1990s, this framework was used by stakeholders from large corporations and the government to improve the execution and delivery of their IT services. In 2000, coinciding with the merger of CCTA into OGC, ITIL was adopted by Microsoft as the foundation for the company’s proprietary Microsoft Operations Framework (MOF).

ITIL V2 was the first major revision of the framework. Released in 2001, this update focused on removing duplicate entries, enhancing topic coherence, and adding IT concepts. ITIL V2 expanded its coverage to include subjects such as problem management, security management, incident management, service continuity management, financial management of IT assets, and release management. This release also gave users access to call centers and help desks and introduced discussions and comparisons around the three types of service desk structures: local service desks, virtual service desks, and central service desks.

ITIL V3 was released in 2007. This update pivoted toward a more lifecycle-centric approach to service management and enhanced ITIL’s focus on IT business integration. This version came with 26 functions and processes classified into five volumes focused on service strategy, operation, design, transition, and continuous service improvement. ITIL V3 brought new ideas in domains such as service assets, service value definition, information security management, and business case building. Another update to ITIL V3 was released in 2011. This release aimed to correct inconsistencies and errors in the text and graphics across the framework.


2. Latest Version

The 2018 ISACA announcement of an update for COBIT was interesting: it had done away with the version numbering system followed till then. The latest version of COBIT was to be called COBIT 2019.

The latest COBIT release is designed for constant evolution through more fluid and frequent updates. This release aims to create governance strategies that are more collaborative and flexible and address evolving technology.

By addressing new technologies, security considerations, and trends, COBIT 2019 offers an up-to-date framework for modern enterprises. It features even more seamless compatibility with other IT management frameworks such as ITIL, TOGAF, and CMMI. This version is a great umbrella framework for unifying end-to-end organizational processes.

The COBIT Core Model comes with new concepts and terminologies, including 40 management and governance objectives to establish a governance program. The latest updates to the performance management system allow for increased flexibility during capability and maturity measurements. In general, this version aims to provide businesses with more flexibility while customizing IT governance strategies.

COBIT is similar to other IT management frameworks, such as ITIL, in that it drives the alignment of business and IT goals. This is achieved by linking the two and building a process that breaks down IT silos and connects IT infrastructure to outside stakeholders.

However, a crucial difference between COBIT and other frameworks is the focus on risk management, information governance, and security. These key focus areas are even more emphasized in COBIT 2019.

This latest version enhances the definitions of COBIT, not only what it is but also what it is not. For instance, ISACA has specifically clarified that COBIT 2019 is not a framework for business process organization, technology management, IT-related decision-making, or the determination of IT architecture or strategies. Instead, it is strictly designed as a framework for managing and governing end-to-end enterprise IT systems.

ITIL 4 is the most recently released update of the ITIL framework.

Introduced in February 2019, this version is highly value-centric and primarily focuses on bringing together diverse stakeholders within an organization to coordinate and generate value for clients.

In recent years, the IT service management domain has seen the advent of new frameworks such as SIAM, FitSM, and VeriSM. This led to the need for ITIL V3 to adopt a more refined approach to service management as a business driver.

ITIL 4 has focused on enhancing the best parts of ITIL V3 and creating a framework to deliver tailor-made organizational solutions.

Before ITIL 4 was released, practitioners were directed to implement ITIL strictly according to the prevalent guidelines. This led to the implementation of a complex network of practical solutions. ITIL 4 solved this by taking a more pragmatic approach. Instead of idealizing processes and discouraging flexibility in implementation, ITIL 4 focuses on delivering tailor-made enterprise solutions through “practices.”

With security-focused digital transformation playing a critical role in the modern service sector, this latest version of the framework serves as a comprehensive guide to effectively managing information technology for businesses without compromising on value creation for consumers.

The four factors of service management, as discussed in ITIL 4, are information and technology, companies and people, value chain and processes, and partners and suppliers.

Finally, this release considers the ITIL service value system (SVS) to explain how different service distribution components work cohesively to drive the co-creation of client value. Simply put, it focuses on breaking down silos and ensuring macro-level optimization by emphasizing combining diverse methods and collaborating to produce value.


3. Purpose

Unlike other frameworks for IT governance, COBIT specifically focuses on risk management, information governance, and security. COBIT 2019 is not focused on figuring out IT architecture and strategies. Instead, it emphasizes managing and governing IT across an organization. It is not a solution for helping businesses perform specific IT functions. Instead, it takes a higher-level approach to implementing IT for business success.

The ultimate purpose of COBIT is to ensure the prioritization of IT investments in a way that drives businesses toward achieving their objectives without taking on increased IT risks. To that end, it focuses on the concepts outlined below.

Data-driven decision-making: Robust data is required to support business decisions. IT governance frameworks establish a connection between IT processes and business requirements.

IT risk management: COBIT drives enterprises to consider objectives around responsibility and control to ensure the effective negotiation of IT risks.

Planning, creation, and monitoring: Process-focused specifications are flexible for business requirements and also useful since processes are always results-driven. These descriptions give users access to reference models in the simple vernacular, allowing all stakeholders to consider them during planning, creation, and monitoring processes.

Process capability measurement: COBIT maturity models allow enterprises to measure process capabilities to understand progress and set priorities for upgrades.

Performance assessment: Every business needs tools to assign responsibilities and for the self-assessment and approval of IT measures. COBIT allows users to access metrics for assessing optimum performance.

These concepts enable leaders to identify organizational responsibilities and use clearer communication lines to create and monitor high-level IT implementation.

Basically, COBIT gives businesses a centralized roadmap for risk, compliance, and governance, as well as enhanced insights on ROI on IT services. New companies can specifically benefit from a framework such as COBIT to fast-track their IT growth without ignoring important elements.

The purpose of ITIL has always been to provide a framework for enterprises to drive process automation, service management enhancement, and integration of information technology into business processes.

ITIL 4 goes a step further by updating the framework to accommodate and account for the potential of cutting-edge tools, software, and technologies.

The release of the latest ITIL update acknowledges the indispensable role of information technology in every business process. Thus, the new framework accommodates more agile, collaborative, and flexible IT concepts.


4. Principles

The principles of COBIT are intentionally framed generically to allow for applicability across industries.

Cover the enterprise end-to-end: All business functions and processes related to information technology must be considered.

Meet stakeholder needs: Add value by realizing resource use and benefits related to IT while minimizing risk.

Apply a single, integrated framework: Apply unified standards across enterprise systems.

Separate governance from management: Distinguish between planning, running, creation, and monitoring stages and particular governance functions such as evaluating, decision-making, and monitoring.

Enable a holistic approach: Consider the seven COBIT enablers, including ‘Culture, Ethics, and Behavior’ and ‘People, Skills, and Competencies.’

ITIL 4 strongly emphasizes company culture and the integration of information technology into the general business structure. It encourages a collaborative approach between IT and stakeholders from other departments, especially as these stakeholders increasingly need technology for their business processes.

ITIL 4 features seven guiding principles adopted from the ITIL Practitioner Exam, covering communication, measurement and metrics, and organizational change management. These principles are listed below.

  1. Start where you are
  2. Focus on value
  3. Collaborate and promote visibility
  4. Progress iteratively with feedback
  5. Optimize and automate
  6. Keep it simple and practical
  7. Think and work holistically

Additionally, strong emphasis is given to customer feedback to make it easier for enterprises to understand how the public perceives them. This also helps decipher customer satisfaction and pain points.


5. Certification

Key certifications available for COBIT 2019, the latest version of COBIT, are listed below.

COBIT 2019 Foundation Exam: This certification is designed to prepare candidates for the COBIT 2019 foundation certificate exam. It covers the context, components, advantages, and main drivers for using COBIT as a framework for information and technology governance. The certification in COBIT 2019 foundation can be earned after attending a two-day course.

COBIT 2019 Design and Implementation Exam: This certification covers how to use COBIT to design a customized purpose-fit governance system.

COBIT Bridge Workshop: This one-day certification course covers the models, key definitions, and concepts in COBIT 2019 and heavily focuses on the differences between COBIT 2019 and the version released before it, COBIT 5.

The certification scheme for ITIL 4, the latest version of ITIL, includes the ITIL Foundation and the ITIL Master exams.

Once a candidate passes the ITIL Foundation Exam, the scheme diverges into two paths. Candidates can either continue toward attaining the ITIL Strategic Leader (SL) certification or the ITIL Managing Professional (MP) certification. Both these certifications have distinct modules and examinations.

The ITIL Strategic Leader (SL) Exam targets candidates who work with comprehensive digitally enabled services (not only those under IT operations). This certification focuses on the role of technology in directing business strategy and the contributions of IT. ITIL SL modules include ITIL Leader – Digital & IT Strategy and ITIL Strategist – Direct, Plan & Improve.

The ITIL Managing Professional (MP) Exam targets IT practitioners involved with digital teams and technologies across the enterprise (rather than only the IT department). This path covers the knowledge required for running successful IT projects, workflows, and teams. ITIL MP modules include ITIL Specialist – Create, Deliver and Support; ITIL Specialist – High Velocity IT; ITIL Specialist – Drive Stakeholder Value; and ITIL Strategist – Direct, Plan & Improve.

By completing both paths, a candidate qualifies for the designation of ITIL Master, which is the highest ITIL certification offered.

See More: DevOps vs. Agile Methodology: Key Differences and Similarities


Both COBIT and ITIL are IT governance frameworks; however, several differences exist between them. A rather oversimplified explanation of the differences can be provided by defining COBIT as the ‘why’ and ITIL as the ‘how.’

COBIT focuses on value generation for enterprises through IT investments while simultaneously driving risk mitigation. On the other hand, ITIL focuses on management across the IT services lifecycle. This is generally considered a more foundational starting point for IT development. It can be said that COBIT builds on top of ITIL and provides a control framework for structuring ITIL processes. While alternatives exist for COBIT, ITIL is necessary for almost every business.

Both COBIT and ITIL are popular frameworks for IT service management. Enterprises invest in them to ensure the development of a functional IT ecosystem that provides real value. Each framework features its unique focus areas and components, and the decision to adopt either ultimately depends on the specific needs and goals of the company.

Did this article provide a useful summary of COBIT vs. ITIL? Share your comments on FacebookOpens a new window , TwitterOpens a new window , or LinkedInOpens a new window !

Image Source: Shutterstock