I focus on delivering IT managed service outsource transitions and implementations, working with organisations that are outsourcing IT services or transitioning between suppliers. As an IT managed service specialist, I have extensive experience with ITIL; however, when bearing in mind the end-to-end requirements to be considered and addressed, ITIL may be excellent for core infrastructure services and operational management, but it leaves gaps when developing a comprehensive IT managed service linking a supplier’s service, retained IT responsibilities and business need.
COBIT provides users with a reference point for considering the impact and requirements needed to build and implement a working IT solution. Additionally, most IT service providers have based their service solution around the ITIL model, which mirrors their service capability and areas of responsibility. This results in gaps between the service provided and the needs and expectations of the business in achieving a functioning, managed end-to-end service.
I have had to become my own COBIT champion, as the IT services industry’s focus is still currently very ITIL-aligned. Currently, in the areas of IT managed service I deal with, COBIT is seen as supporting a business view or a tool for auditors or security professionals. Unfortunately, COBIT does not have any real impact today within the IT services provider environment.
COBIT provides users with a reference point for considering the impact and requirements needed to build and implement a working IT solution.
For me, the core COBIT elements are Deliver, Service and Support; supplemented by Build, Acquire and Implement; and Align, Plan and Organise. These provide a level of structure to the development and implementation of core IT services. However, the Evaluate, Direct and Monitor elements are growing in use as organisations are getting a better grip on the need for governance, IT risk and alignment to the consuming business. The maturity here varies, often depending on the IT/data dependencies that drive awareness through compliance and security needs. But, for many organisations, IT services are seen as a utility capability that is procured at minimum cost to an adequate level of service with bearable levels of performance. So until IT services suppliers see that COBIT can enable them to create products and services that their customers or potential customers have a desire to consume, COBIT may remain the preserve of the enlightened few.
While the IT services business may not have yet embraced COBIT, I find its breadth and depth of definition a valuable tool to drive my own service. Governance and risk management ensure that the solutions I am tasked to deliver are joined up and function, or in the worst case, have awareness of related risk and issues.
When I introduce colleagues to COBIT, those from an IT operational background quickly get the concept, structure and approach. Unfortunately, many still feel constrained to follow only an ITIL-focused scope driven by a supplier’s contractual service solution and/or project scope. Too often, later in the project, issues are raised/discovered that adopting an initial COBIT-focused scope would have highlighted, giving time to be addressed.
However, for me COBIT is a trusted reference point, not a characterization I consider solely my own opinion, but rather one based on my global knowledge and experience. It provides justification and credibility to the need to consider and address wider aspects of IT services.
As an example, when looking to define the scope of operational activities or outsource requirements, the ITIL framework may closely align to IT supplier’s service portfolios; however, COBIT’s broader approach provides me with a checklist to consider what else could be relevant to supporting an end-to-end service. What are the outcomes I need from a supplier and what must the business provide to support the end-to-end service?
For example, take DSS01 Manage Operations. In the ITIL publications, all the relevant activities can be found across the framework, but in COBIT we have a section that directly addresses the needs of a service that supports application operation, data management and business operations. For me, this provides:
- IT-related and process goals with suggested related metrics
- A Responsible, Accountable, Consulted and Informed (RACI) chart to consider roles that are relevant to the business governance model to suit the organisation’s maturity
- Operational requirements in process practices, Inputs/Outputs and activities
The process practices and defined activities can be considered against the environment to decide whether they are relevant or they draw you to identify specific requirements to support the operational model.
COBIT is still seen as a niche tool by the IT services industry. IT service providers like ITIL because it facilitates their creation of building-block solutions that have a quantifiable level of risk, which enables them to develop structured cost models for services.
The core elements of ITIL are simple, understood by both customers and suppliers. Today, COBIT is still a mystical animal in many environments.
IT service providers need to discover a way to make products of COBIT processes that can be seen as enablers for IT goals. All IT functions need to understand their part in addressing the enterprise enablers, therefore creating an identifiable value path for IT supplier services, demonstrating value and encouraging suppliers to develop service solutions that are not just utility services, but business enablers.
COBIT needs a bigger foot in the door with IT service suppliers to explore the business benefits and commercial opportunities of addressing enterprise goals through the right outcomes from IT services.
Vincent Pearce, CGEIT, ITIL, priSM
Is an independent IT service management consultant and transition specialist working in the UK. He has an IT operational support background with 30 years of experience working with a number of IT service providers and customers across finance, media, retail and government.