ITIL VS COBIT
Oleh
Geofrey Vincent
1501142176
Kevin
1501147851
Danny
1501148135
Jordy Jonatan
1501151262
Calvin
1501151880
06 PLM/Group 5
Universitas Bina Nusantara
Jakarta
2013 – 2014
Table of Contents
ABSTRACT ........................................................................................................................................... 3
CHAPTER 1 .......................................................................................................................................... 4
Introduction ........................................................................................................................................... 4
1.1
Background ............................................................................................................................ 4
1.2
Scope ....................................................................................................................................... 4
1.3
Purpose and Benefits ............................................................................................................. 4
1.3.1
Purpose ........................................................................................................................... 4
1.3.2
Benefits ........................................................................................................................... 4
1.4
Methodology .......................................................................................................................... 5
1.5
Systematic of Writing............................................................................................................ 5
CHAPTER 2 .......................................................................................................................................... 6
Literature Review.................................................................................................................................. 6
2.1 Theory / General ......................................................................................................................... 6
2.1.1 Definition of Software .......................................................................................................... 6
2.1.3 System.................................................................................................................................... 6
2.1.4 Information System .............................................................................................................. 6
2.2 Information Technology ............................................................................................................. 6
2.2.1 IT Framework ...................................................................................................................... 6
2.2.2 IT Governance ...................................................................................................................... 6
2.2.3 Enterprise Governance ........................................................................................................ 7
2.2.4 IT Service Management ....................................................................................................... 7
2.2.5 IT applications ...................................................................................................................... 7
2.2.6 IT development environment .............................................................................................. 8
2.2.7 IT platforms .......................................................................................................................... 8
2.2.8 IT operations......................................................................................................................... 8
CHAPTER 3 .......................................................................................................................................... 9
Discussion ....................................................................................................................................... 9
CHAPTER 4 ........................................................................................................................................ 25
Conclusion and Suggestion ................................................................................................................. 25
4.1 Conclusion.................................................................................................................................. 25
4.2 Suggestion .................................................................................................................................. 26
References ............................................................................................................................................ 27
CURRICULUM VITAE ..................................................................................................................... 29
Figure 1: Information System Development Phases ............................. Error! Bookmark not defined.
ABSTRACT
IT Governance is very important for every company based on Information Technology
Minded. Its a process to ensure the effective and efficient use of IT in enabling an
organization to achieve its goals. Now we want to discuss some of the method to manage IT
for the company. There are two method that we want to discuss, ITIL framework and Cobit.
The purpose of writing is to understand the diferent between ITIL framework and Cobit itself.
This two method will have their own advantages and disadvantages, so, we will explain about
it in the next chapter. The analysis methodology that we used in the writing of this paper is
data collection method. Data collection method are done by literature study from several
journals and websites to support the purpose of writing this paper. The result achieved from
this paper is to know about the diferent between Information Technology Infrastructure
Library, the framework also and Cobit. Overall the conclusion of this study are we know what
is Information Technology Infrastructure Library, its framework, about Cobit also, how to
implement each method and we also know the example of the implementation of the
Information Technology Infrastructure Library and Cobit. And about ITIL vs Cobit, we also
knew about the benefits of ITIL and the benefits of Cobit. The diferent method of Information
Technology Governance have their own way to give the benefits to the user or the company
that use the method. This also will be a good reference to choose which method is good to use
by several people for implementating their IT Governance in their company or in their
business.
Keyword
ITIL, COBIT, IT Governance, IT Framework.
CHAPTER 1
Introduction
1.1 Background
IT Governance is very important for every company based on Information
Technology Minded. Its a process to ensure the effective and efficient use of IT
in enabling an organization to achieve its goals. Now we want to discuss some
of the method to manage IT for the company. There are two method that we
want to discuss, ITIL framework and Cobit. The result achieved from this
paper is to know about the diferent between Information Technology
Infrastructure Library, the framework also and Cobit. Overall the conclusion of
this study are we know what is Information Technology Infrastructure Library,
its framework, about Cobit also, how to implement each method and we also
know the example of the implementation of the Information Technology
Infrastructure Library and Cobit. And about ITIL vs Cobit, we also knew about
the benefits of ITIL and the benefits of Cobit. The diferent method of
Information Technology Governance have their own way to give the benefits to
the user or the company that use the method. This also will be a good reference
to choose which method is good to use by several people for implementating
their IT Governance in their company or in their business.
1.2 Scope
This paper about ITIL vs Cobit is limited by the scope of the following several
journals about definition, benefits of each method that we will discuss.
1.3 Purpose and Benefits
1.3.1
Purpose
The purpose is to understand the diferent between ITIL framework and Cobit
itself. This two method will have their own advantages and disadvantages, so,
we will explain about it in the next chapter.
1.3.2
Benefits
The benefit that could be attained will listed in below:
-
For The Writer
o Have an information about ITIL.
o Have an information about Cobit.
o Have an information about differences between ITIL and Cobit.
o Got the benefits of ITIL.
o Got the benefits of Cobit.
o Know how to choose the best method, ITIL or Cobit.
1.4 Methodology
The analysis methodology that we used in the writing of this paper is data
collection method. Data collection method are done by literature study from
several journals and websites to support the purpose of writing this paper.
1.5 Systematic of Writing
Chapter 1: Introduction
In this chapter explains about background of establishing this
paper, scope, purpose and benefits, methodology and systematic of
writing as well.
Chapter 2: Literature Review
In this chapter explains about all the theories that is going to be
used and as a framework within the writing and arranging in this
paper.
Chapter 3: Discussion
In this chapter discuss about ITIL and Cobit. We will discuss about
the definition, benefits, the different between ITIL framework and
Cobit, and also the example of the implementation of the ITIL and
Cobit in some of the company.
Chapter 4: Conclusion and Suggestion
In this chapter consists of essays about the conclusion that has been
done by completing research and suggestions that we found during
the research.
CHAPTER 2
Literature Review
2.1 Theory / General
The theories on which the writing basic as follows:
2.1.1 Definition of Software
According to (Satzinger, Jackson, & Burd, 2005)p4, Software is a computer
program that when executed provide desired features, function, and performance.
According to (Rainer & Cegielski, 2011)p40, software is a program or collection of
programs that enables the hardware to process data.
2.1.3 System
According to (Satzinger, Jackson, & Burd, 2005)p6, System is a collection of
interrelated components that function together to achieve some outcome.
2.1.4 Information System
According to (Satzinger, Jackson, & Burd, 2005)p7, Information System is a
collection of interrelated components that collect, process, store, and provide as
output the information needed to complete business tasks.
2.2 Information Technology
2.2.1 IT Framework
According to (Rouse, WhatIs.com, 2005) “In computer system a framework is often called as
a layered structure indicating what kind of programs can or should be built and how they
would interrelate also its include actual programs, specify programming interfaces, or offer
programming tools for using the frameworks.”
According to (Rouse, WhatIs.com, 2005) “A framework may be for a set of functions within a
system and how they interrelate; the layers of an operating system; the layers of an
application subsystem; how communication should be standardized at some level of a
network; and so forth.”
2.2.2 IT Governance
According to (Gartner, 2013) “IT Governance is defined as the processes that ensure the
effective and efficient use of IT in enabling an organization to achieve its goals.”
According to (Schwartz, 2007) “IT Governance is simply put as a structure around how
organizations align IT strategy with business strategy, ensuring that companies stay on track
to achieve their strategies and goals, and implementing good ways to measure IT’s
performance.”
2.2.3 Enterprise Governance
According to (Lees, 2007) Enterprise governance can be defined as: “The set of
responsibilities and practices exercised by the board and executive management
with the goal of providing strategic direction, ensuring that objectives are
achieved, ascertaining that risks are managed appropriately and verifying that the
organisation’s resources are used responsibly.”
2.2.4 IT Service Management
According to (Rouse, Search CIO, 2006) “IT Service Management (ITSM) is a process-based
practice intended to align the delivery of information technology (IT) services with needs of
the enterprise, emphasizing benefits to customers. ITSM involves a paradigm shift from
managing IT as stacks of individual components to focusing on the delivery of end-to-end
services using best practice process models. ITIL (Information Technology Infrastructure
Library) is a globally recognized collection of best practices for information technology (IT)
service management.”
2.2.5 IT applications
According to (Rouse, SearchSoftwareQuality, 2007) “IT Application is the use of a
technology, system, or product.”
According to (TechTerm.com, 2008) “An application, or application program, is a software
program that runs on your computer.”
According to (Rouse, SearchSoftwareQuality, 2007) “The term of application is a shorter
form of application program. An application program is a program designed to perform a
specific function directly for the user or, in some cases, for another application program.
Examples of applications include word processors, database programs, Web browsers,
development tools, drawing, paint, image editing programs, and communication programs.
Applications use the services of the computer's operating system and other supporting
applications. The formal requests and means of communicating with other programs that an
application program uses is called the application program interface (API).”
2.2.6 IT development environment
According to (Rouse, SearchSoftwareQuality, 2007) “IT Development Environment is a set of
a process and programming tools used to create the program or software product. The term
may sometimes also imply the physical environment.”
According to (Janssen, n.d.) “A development environment is a collection of procedures and
tools for developing, testing and debugging an application or program.”
2.2.7 IT platforms
According to (Rouse, SearchServerVirtualization, 2006) “In computers, a platform is an
underlying computer system on which application programs can run.”
According to (Rouse, SearchServerVirtualization, 2006) “A platform is any base of
technologies on which other technologies or processes are built.”
2.2.8 IT operations
According to (Gartner, 2013) “IT operations as the people and management processes
associated with IT service management to deliver the right set of services at the right quality
and at competitive costs for customers.”
CHAPTER 3
Discussion
ITIL vs Cobit
ITIL
ITIL stands for Information Technology Infrastructure Library. ITIL was actually developed
by the United Kingdom’s office of Government Commerce. ITIL is a set of guidance that are
documented in a books, describing an integrated, process based, best practice framework for
managing IT services and also can be adapted for use in all business and organizational
environment. ITIL was developed actually for the use by UK government.
But then, since the introduction in the early 1990s, ITIL give positive impact to businesses
and organizational that adopt ITIL. ITIL provides an additional knowledge, capabilities and
skills. It is available in many languages and also accessible through publications, training,
qualifications and support tools. ITIL’s value proposition focuses on the IT service provider
understanding customers business objectives and priorities, and the role that IT services play
in enabling these objectives to be achieved. ITIL has a ‘lifecycle’ approach to IT services,
focusing on practices for service strategy, service design, service transition, service operation
and continual service improvement:
•Service strategy: collaboration between business strategists and IT to develop IT service
strategies that support the business strategy
•Service design: designing the overarching IT architecture and each IT service to meet
customers’ business objectives by being both fit for purpose and fit for use
•Service transition: managing and controlling changes into the live IT operational
environment, including the development and transition of new or changed IT services
•Service operation: delivering and supporting operational IT services in such a way that they
meet business needs and expectations and deliver forecasted business benefits
•Continual service improvement: learning from experience and adopting an approach which
ensures continual improvement of IT services.
The Benefits of Implementing ITIL :
From a business perspective, the adoption of ITIL practices by IT service providers – whether
in-house providers or external suppliers – ensures many benefits, including:
•IT services which align better with business priorities and objectives, meaning that the
business achieves more in terms of its strategic objectives
•Known and manageable IT costs, ensuring the business better plans its finances
•Increased business productivity, efficiency and effectiveness, because IT services are more
reliable and work better for the business users
• Financial savings from improved resource management and reduced rework
•More effective change management, enabling the business to keep pace with change and
drive business change to its advantage
•Improved user and customer satisfaction with IT
•Improved end-customer perception and brand image.
•Improve resource utilization
•Be more competitive
•Decrease rework
•Eliminate redundant work
•Improve upon project deliverables and time
•Improve availability, reliability and security of mission critical IT services
•Justify the cost of service quality
•Provide services that meet business, customer and user demands
•Integrate central processes
•Document and communicate roles and responsibilities in service provision
•Learn from previous experience
•Provide demonstrable performance indicators
•Improved customer satisfaction through a more professional approach to service delivery
•Improved IT services through the use of proven best practice processes
•Improved ROI of IT
•Improved delivery of third party services through the specification of ITIL
•Improved morale of service delivery and recipient staff
•Increased competence, capability and productivity of IT staff
•Increased staff retention
•Reduced cost of training
•Improved systems/ applications availability
•Reduced cost/ incident
•Reduced hidden costs that traditionally increases substantially the TCO
•Better asset utilization
•A clear business differentiator from competitors
•Closely aligned to commercial business services and products
•Greater visibility of IT costs
•Greater visibility of IT assets
•A benchmark to measure performance against in IT projects or services
•Reduced cost of recruitment and training - hiring ITIL qualified people is easier
ITIL Implementation Example
ITIL has been implemented in many large international such as Microsoft, IBM, Atos,
Caterpillar, Shell Oil, Boeing and many more and the result that they have achieved with ITIL
is a great success and significant operational cost savings.
“Microsoft uses ITIL both as the basis for Microsoft Operations Framework, which is our
structured approach to helping customers achieve IT operational excellence and in how we
operate our own systems. We are proud to have contributed as lead authors to the writing of
the Application Management and the Planning to Implement Service Management books in
the ITIL collection. "
- Rick Devenuti, Corporate Vice President, Microsoft Services and IT
“ITIL has long been recognized as the industry standard for IT Service Management. We
were an early adopter and our delivery model has been based on ITIL since its early
inception. All the service desk processes - change, incident and problem management) have
been in use for a long time, and we have been able to implement others, such as release
management, on new contracts. It has established consistency in terminology and processes
throughout our operations. Today, we have around 200 people trained on the ITIL foundation
and managers courses. The result is that 1000 people involved in service delivery use ITIL,
with increasing numbers taking it up in technical consulting. "
- Laura Jay, Managed Operations Delivery Assurance, Atos
Beside those two big company, there are also many company that have implement ITIL into
their business process. Below are the list of the company who have implemented the ITIL.
•Visa: Began embedding Incident Management guidelines in 2002, resulting in improved
monitoring of network and systems outages, and a reduction in the time to resolve Incidents
by as much as 75%. Smart Enterprise Magazine
•PEMCO: An investment in ITIL Essentials training with Pink Elephant in 2002 resulted in
overall savings of $500,000 within 12 months. Gartner
•Zurich Life: Since implementing ITIL to maintain Service Desk consistency in the late
1990’s, the company has reduced the number of contracted IT staff from 30 down to 10.
Network World
•Sallie Mae: Began adopting ITIL Service Support processes in 2005, resulting in a reduction
in the length of Help Desk calls by 40% and improving the rate of first-call resolution to a
two-year high. Bank Tech
•Nationwide Insurance: Implementing key ITIL processes in 2001 led to a 40% reduction of
its systems outages. The company estimates a $4.3 million ROI over the next three years.
CMP
•Capital One: An ITIL program that began in 2001 resulted in a 30% reduction in systems
crashes and software-distribution errors, and a 92% reduction in “business-critical” Incidents
by 2003. Computerworld
•JPMorgan Chase: Implemented ITIL’s Incident, Problem and Change Management in 2004
to improve Service Desk operations. Their Service Desk now maintains 93% customer
satisfaction ratings and a 75% first-call resolution rate; in the bigger picture, ITIL helped
JPMorgan Chase eliminate 500,000 Service Desk calls. Computerworld UK
•Raymond James Financial Inc.: After implementing ITIL, the number of calls to the
company’s Help Desk dropped by as much as 25% within 18 months. Computerworld
•Pershing: Adopted ITIL in 2004 to improve Service Desk operations. Within a year
Pershing’s Incident response time dropped by more than 50%. CIO Magazine
•Avaya: ITIL has helped the telecom provider cut their IT budget by 30% while also helping
to comply with Sarbanes-Oxley legislation. Their CIO now sits on the board, as IT is now
viewed as part of the business, and not just an operational cost. Techworld
•Telkomsel: Besides improving customer service at this Indonesian mobile operator, ITIL has
helped reduce operational IT costs by 50-60% while keeping pace with the company’s
growth. Computerworld UK
•Procter & Gamble: Started using ITIL in 1999 and has realized a 6% to 8% cut in operating
costs. Another ITIL project has reduced Help Desk calls by 10%. In four years, the company
reported overall savings of about $500 million. Network World
•Caterpillar: Embarked on a series of ITIL projects in 2000. After applying ITIL principles,
the rate of achieving the target response time for Incident Management on Web-related
services jumped from 60% to more than 90%. nextslm.org
•MeadWestvaco: Began using the ITIL framework in 2003. To date, the company has
eliminated more than $100,000 annually in IT maintenance contracts and recognized a 10%
gain in operational stability. CIO Magazine
•Shell Oil: Used ITIL best practices while overhauling and consolidating some 80,000
desktop PCs worldwide. With the project completed, Shell significantly reduced the time it
needs to upgrade software, potentially saving the firm 6,000 staff-days and $5 million dollars
annually. Smart Enterprise Magazine
•Finisar: The computer hardware manufacturer adopted ITIL in 2002 and achieved Service
Desk standardization. As a result, customer satisfaction rates rose from 33% to 95%. Finisar
also managed to cut the amount spent on IT from 4% of revenue to 2.4%. CIO Magazine
•Purdue University: Information Technology at Purdue (ITaP) trained half of their 450 fulltime employees in ITIL in 2003, and implemented an ITIL-based Service Desk. From these
efforts, ITaP was able to cut second-level support calls by 50%. Further, ITIL has enabled
ITaP to implement a $73 million ERP project without adding more full-time personnel or
degrading service levels. InfoWorld
•Hospital Corporation of America: Measured ITIL success and cost savings on the repeatable
and consistent delivery of IT services, which directly relates to the infrequency of
network/computing outages. Network World
•MultiCare: After implementing ITIL, the not-for-profit health network has seen dramatic
improvements in IT services and organizational productivity. For example, ITIL enabled
MultiCare to reduce its usual backlog of trouble tickets from 700 to 50 within six months.
SearchCIO
COBIT
COBIT stands for The Control Objectives for Information and related Technology. COBIT is
a good framework strategy, and supporting toolset that can maintain organizations standards
and also develop a system related to IT governance. COBIT allows IT managers to bridge the
gap between control requirements, technical issues and business risks.
COBIT was created first by the Information Systems Audit and Control Association (ISACA)
and the IT Governance Institute (ITGI). COBIT
COBIT 5 is ISACA’s newest iteration of its management and governance of enterprise IT
(GEIT) framework. It is built on five principles and seven governance enabler models. COBIT
5 is intended for enterprises of all types and sizes. COBIT 5 ties together and reinforces all
ISACA knowledge assets, i.e., COBIT 4.1, Val IT™, Risk IT,the Business Model for
Information Security™ (BMIS™), the IT Assurance Framework™ (ITAF™), Taking
Governance Forward (TGF), and Board Briefing on IT Governance, 2nd Edition.
Created by the Information Systems Audit and Control Association (ISACA), and the IT
Governance Institute (ITGI) in 1992, Cobit enables clear policy development and good
practice for IT control throughout organizations.
Cobit provides IT managers, auditors and IT users with a set of generally accepted measures,
indicators, processes and best practices to assist them in maximizing the benefits derived from
IT and developing appropriate IT governance and control in a company.
The Benefits of Implementing COBIT :

Mitigate organizational risk for IT and business as a whole

Strengthen security

Ease your auditing and compliance burden

Reduce cost while improving the consistency of IT delivery

Improves IT efficiency and effectiveness

Helps IT understand the needs of the business

Puts practices in place to meet the business needs as efficiently as possible

Helps executives understand and manage IT investments throughout their life cycle

Provides a method to assess whether IT services and new initiatives are meeting business
requirements and are likely to deliver the benefits expected

Helps to develop and document the appropriate organizational structures, processes and
tools for effective management of IT

Provides an authoritative, international set of generally accepted practices that helps boards
of directors, executives and managers increase the value of IT and reduce related risks

A common language for executives, business and IT staff

A view, understandable to management, of what IT does

A better understanding of how the business and IT can work together for successful delivery
of IT initiatives

Better alignment, based on a business focus

Better quality IT services

Improved efficiency and optimization of cost

Reduced operational risk

More effective management of IT

Clear policy development

More efficient and successful audits

Clear ownership and responsibilities, based on process orientation
COBIT Implementation Example
Example of organizations that implemented COBIT in their business process :
•Sun Microsystems/Oracle in January 2012
Sun/Oracle has found COBIT matrices and mapping documents very helpful when talking about how
the various frameworks all fit together. The enterprise has successfully leveraged the concepts in the
COBIT-related materials to create discussion of health and maturity self-assessments, provide a line of
sight between its activities and its business goals, bring predictability and reliability to how the IT
group plans and manages the work across the enterprise, and complement its corporate planning cycle
with an “IT management cycle.”
During that time, the enterprise has enjoyed some successes and learned some valuable lessons along
the way. The following are the key lessons learned:
Understand the target. COBIT is not the target. The target is improved governance and management
of the enterprise’s IT. To do so means adopting, leveraging and implementing the industry-accepted
concepts and practices that are embedded in COBIT. COBIT provides the overall framework, but
when it comes to execution, the enterprise must dive deeper into those concepts and practices.
Use the COBIT umbrella. COBIT is the end-to-end umbrella framework. The enterprise developed a
presentation
that
showed
how
the
most
common
industry-accepted
frameworks/methodologies/practices complement each other.1 It is a little dated because of the
updates to some of the frameworks that have taken place, but it still tells the story. COBIT goes a long
way in harmonizing the many frameworks. This is important and incredibly valuable in dealing with
the many IT specialties. Specialists are very good at what they do. Service management professionals
manage, and, for most, their preferred guidance is ITIL. Security professionals protect, and, for many
of them, the preferred guidance is the ISO/IEC 27000 series. By using a COBIT-inspired model, all
groups were able to see how their work fit under an overall umbrella and how their work related to
each other’s work.
Stay focused. Improving the governance and management of enterprise IT is a journey, not a
destination. Some enterprises want to focus on the short term. That is fine as long as it is in the context
of the longer-term direction. Related to this is the worry among some employees that COBIT will be
replaced within the enterprise in a year or so by something else that might be the “hot topic” in the
management world. Two things are helping to avoid that. First, the enterprise has a
COBIT/governance champion, who keeps an eye on where the concepts in COBIT can add value.
Second, the enterprise is not implementing COBIT per se, it is implementing improvements to how it
governs and manages the IT contribution to the enterprise, and COBIT is the guiding framework.
Use it all. COBIT and all the COBIT collateral, including Risk IT and Val IT, provide an amazing
body of work. There are golden nuggets throughout all of the material. By having someone who has an
in-depth understanding of the COBIT material, a COBIT champion, the organization can get really
serious about improving governance and management of enterprise IT. For instance, Sun/Oracle has
found the mapping documents very helpful when talking about how the various frameworks all fit
together. Sun/Oracle embraces ITIL as well, and has had some success using the COBIT User Guide
for Service Managers.
Avoid common mistakes. Using the Sun/Oracle experience, and after consulting other organizations
that are undertaking implementations of governance of enterprise IT using COBIT, some common
reasons that implementations fail have been identified. As may be expected, they fail for many of the
same reasons that other transformational change efforts fail.
The following are some specific examples of how Sun/Oracle has successfully leveraged the concepts
in the COBIT-related materials:
Sun/Oracle leveraged the IT Assurance Guide: Using COBIT to create a discussion worksheet for
process health and maturity self-assessments. It is a two-part document. The first part applies to all
processes and addresses the six generic process controls. The second part addresses the controls
specific to each individual process. Sun/Oracle uses the input and output tables to identify key
boundary processes. This ensures that the enterprise has key stakeholders from these processes
involved in the discussion. The focus of the facilitated discussion is the process’s current state and the
business impact of that state. The discussion of the business impact is influenced by the business
objectives. Sun/Oracle uses the goals cascade in COBIT (appendix A and the management guidelines)
to help provide a line of sight between its activities and its business goals. The enterprise can then step
easily into a maturity assessment of the process using the maturity attributes (figure 15 of COBIT 4.1).
3
To bring predictability and reliability to how the IT group plans and manages the work across the
enterprise, the group leveraged many of the concepts embedded in the COBIT framework portion of
the COBIT 4.1 publication. The group needed a way to operationalize the Plan-Do-Check-Act (PDCA)
concept at the IT organization level. The enterprise had a corporate planning cycle, and the IT group
created the “IT management cycle” to complement that corporate activity. Figure 1 shows how the IT
management cycle is represented; elements have been drawn from COBIT and other complementary
frameworks. (Note: MRP is budget-related.)
It became useful to demonstrate what the enterprise must do to achieve integration and alignment of
the governance/management activities. Figure 2 is a matrix that helped Sun/Oracle do just that. It
combines the IT management cycle with the IT governance focus areas. The key message is: Both
vertical and horizontal integration and alignment of the activities are necessary.
From time to time, the IT group revisits the components of governance of enterprise IT as described in
COBIT: leadership, organizational structures and processes. The enterprise decided to focus on the
organizational structures and has found that it has done a pretty good job with the vertical structures
(the traditional who reports to whom), but has not focused sufficiently on the necessary horizontal (or
lateral) structures. This led us to two new internal rules:
•Maitland in July 2011
Need for COBIT
Increasing business oversight and accountability for the information and communication technology
(ICT) asset is a cornerstone of Maitland’s future ICT governance state. In order to create a shared
understanding of ICT and its purpose, the enterprise recognized that a governance framework was
needed.
Governance principles for general business use were already well understood by Maitland’s senior
management. Aligning ICT governance to COBIT was regarded as a natural extension of the overall
organizational governance practices. Maitland had first learned about and used COBIT in early 2004
while undertaking research for a governance framework to guide general ICT management.
Process
Maitland’s COBIT deployment has been fundamental in achieving its goal of a considered and
responsible transition in governance models. The enterprise’s COBIT training rollout was designed to
include both business and ICT resources; in this way, a shared understanding and common governance
language was created, which served as a lens to visualize the desired state for the emerging ICT
domain. This approach has worked well, and the enterprise continues to benefit from the improved
governance maturity.
The design and deployment of Maitland’s project office environment has given the enterprise the
opportunity to gain control over the number and diversity of projects that had been undertaken
previously. The environment is now successfully orchestrated and offers both visibility and credibility
to business projects (including ICT-related projects), while ensuring greater opportunity for success.
Going Forward
Maitland is increasingly using the COBIT framework as a guide to structure and position the
enterprise’s thinking in many ICT subject areas. Also, Maitland has found that the governance
principles noted in COBIT are universally applicable—not exclusive to the ICT domain—and is in the
process of applying them enterprisewide.
•Adnoc Distributions in December 2008
Why did Adnoc choose to implement COBIT?
Adnoc Distribution was growing in leaps and bounds with the initiation of a multibillion-dollar natural
gas project that increased the complexity of operations. Resources were not proportionally increased,
projects were not prioritized and IT value was increasingly questioned. A significant issue contributing
to these problems was that many IT processes were not standardized and, thus, not repeatable, which
contributed to the inefficiency of IT service delivery. There were huge challenges facing the IT
department as it tried to meet the expectation of the business.
Adnoc Distribution did not have established processes and procedures to provide IT services in an
effective and efficient manner. The company recognized that the activities were dependent on people
and were not formally documented so that they could be repeated in a standardized manner. This also
meant that there were no control mechanisms to ensure that the activities were carried out
appropriately.
In addition, IT was not effectively aligned to the business to support the organizational goals. For
example, prioritizing the investments for various IT projects was not done in a disciplined way. There
was also a gap in providing value to the business due to a lack of effective program management. IT
was viewed as a cost center, and management did not believe that the investment was justified.
Hence, IT department leaders suggested implementing Control Objectives for Information and related
Technology (COBIT) to add discipline, improve service levels, increase IT users’ satisfaction and
improve IT governance practices—thereby enabling the business to achieve its goals.
Why was COBIT identified as the best framework to use?
Adnoc wanted to streamline its IT processes and felt that no other standard offered a complete
framework to address all the elements of a process, including measurements, key performance
indicators (KPIs) and key goal indicators (KGIs). COBIT was found to be more general and businessoriented than other standards. It encompasses most of the elements an IT environment would possess,
while other standards focus on one respective area.
“For example, ISO 27001 addresses the information security elements, whereas COBIT goes beyond
this and looks at a more panoramic view of the processes in a standard way,” said Ali Guidoum, Ph.D.,
CISM, IT advisor for Adnoc. “However, it does not preclude the implementation of other
complementary standards—in fact, many other standards are mapped with COBIT.”
How did Adnoc get management buy-in for COBIT?
It was quite a challenge to deliver the message of IT governance to the board. However, IT staff
succeeded by delivering awareness sessions on IT governance and how COBIT would help the IT
goals align with business goals. The IT department also explained to management that if the processes
are standardized using COBIT, IT could more effectively deliver the services in line with the
expectations of the business.
The target management groups to whom the sessions were delivered were the IT steering committee,
auditing department and executive management. The awareness sessions helped management to give
the right support in terms of budget, resources and the necessary commitment to back the project. The
IT department’s presentation of case studies featuring other successful companies where COBIT was
implemented also gave management the confidence that COBIT is an effective and useful model for
improving the existing governance and IT practices.
How is COBIT being used?
"COBIT implementation at Adnoc was spearheaded by Bhavani Suresh, who led team of nearly 35
people who contributed to the project. As a result of the team's efforts, all four IT departments—Data
Center Operations, Retail Automation, Network and Help Desk, and Application Systems—are now
using COBIT."
The departments identified many COBIT processes that they deemed necessary for implementation.
However, to narrow them down to a manageable number, Adnoc used COBIT to map its business
goals to IT goals and then prioritized the related processes through a risk-assessment approach.
Adnoc then implemented the three most important and relevant COBIT processes, according to the
current budget and resources availability. The three processes selected focused on change
management, business continuity and service level management.
All departments use a change management process that was designed based on COBIT to ensure that it
is applied in a controlled manner and minimizes interruption to services. The change management
process also helps the departments follow a standard, systematic process that is repeatable, measurable
and improved upon continuously.
Additionally, service level management (SLM) was implemented across the entire organization.
Adnoc essentially adopted a COBIT SLM process that formalized the service level agreements with
various other business units, resulting in clear expectations. The SLM process is continuously
improved based on feedback from business executives.
Business continuity planning was another significant project initiated under COBIT. The framework
was developed, a business continuity model (BCM) was created with clear roles and responsibilities,
and different types of procedures handling were developed. The BCM is not specifically an IT project;
it involved different departments of the company, such as safety and security, human resources, etc.,
and COBIT provided the common language.
Other interlinked processes, such as configuration management and security management, are also
being designed and developed based on COBIT.
Currently, Adnoc uses COBIT in combination with other best practices, including portions of IT
Infrastructure Library (ITIL), as well as ISO 27001 and Project Management Body of Knowledge
(PMBOK) standards.
Additional COBIT processes, including one related to data management, have been identified for the
next phase of implementation.
What benefits did Adnoc Distribution realize by using COBIT?
The main goal of the COBIT implementation was to improve the efficiency of the delivery of the
information systems services by either improving the existing processes or designing and
implementing new processes—and that goal has been accomplished.
Although Adnoc Distribution was aware that not all the COBIT processes were applicable or required,
the prioritization exercise helped the company streamline the implementation and carry it out in
phases. The processes achieved their intended results, and a significant improvement was noticed in
the efficiency of IT services delivery. They have led to organization and maturity and have been
embedded in the IT culture.
After noticing a great deal of success following the first phase of COBIT implementation, the
company is eager to move forward to embrace additional COBIT processes. Additionally, Adnoc
Distribution is conducting a great deal of work to integrate COBIT with other frameworks for
maximum benefit. While it is expected to take one to two years to achieve the seamless integration of
the different frameworks, Adnoc looks forward to the eventual efficiencies it will realize as a result.
•Ecopetrol SA in June 2010
Process
In 2008, The Information Technology Division chose COBIT as the proper IT governance framework
to integrate an IT management system, based on the following characteristics of COBIT:
1. It enables mapping of IT goals to business goals.
2. It results in better alignment, based on a business focus.
3. It provides a view of what IT does that is understandable to management.
4. It indicates clear ownership and responsibilities based on process orientation.
5. It is generally accepted by third parties and regulators.
6. It provides a shared understanding amongst all stakeholders, based on a common language.
7. It fulfills the COSO and Sarbanes-Oxley requirements for the IT control environment.
8. In the last quarter of 2008, Ecopetrol’s Information Technology Division defined the guidelines,
processes and control objectives to implement. Similarly, the division identified the internal
resources that would support the implementation of the system and allocated resources to hire the
required external consultants.
The team established a project, giving special consideration to the following issues:
Resource allocation and an interdisciplinary team with representatives from the involved areas within
IT Defining the points of relationship with Business Units and other Support Units and interacting
with key areas—Finance, Risk, Strategy, Quality, and Internal and External Audit—on an ongoing
basis.
Integration and convergence with the IT support team in Transport Operations who were anticipating a
COBIT implementation effort.
Alignment with business projects: Strengthening of the internal control system (COSO) and
Compliance (Sarbanes-Oxley Act). We considered the various business initiatives and ongoing
projects to ensure the coordination and integration of efforts.
A line of reporting at the highest level of management, with weekly follow-up meetings on the project
Identification of prior applications (Sarbanes-Oxley, high component in SAP) and others critical for
business process. Equally, understanding the people, resources and infrastructure associated with these
applications.
Ecopetrol chose to implement 28 COBIT processes, giving priority to the control objectives that
support Sarbanes-Oxley compliance. The Information Technology Division developed an internal
exercise to determine the maturity level of these processes. After concluding that they were at an
average maturity level of 2, the team identified the gaps and set up action plans to reach level 3 for the
most critical processes.
The project team then developed the design and documentation of the processes and, subsequently, the
implementation and monitoring of the operation for the completion of the required adjustments. As a
result, by June 2009, the Division had implemented and secured 14 high-priority COBIT processes. By
December 2009, all 28 had been implemented.
During the second half of 2009 and the first quarter of 2010, internal and external audits were
developed for Sarbanes-Oxley compliance. Several measures were implemented for remediation and
improvement of key IT processes and controls. As a result, the external auditor reported that there
were no significant deficiencies or material weaknesses in IT controls that need to be reported by the
CIO, the CFO, the CEO or the auditor.
In December 2009, the COBIT project received a company award for excellence to recognize the
project team’s performance, initiative and teamwork.
Conclusion
During the last quarter of 2009, the Information Technology Division contracted an external consultant
to conduct the COBIT maturity level assessment for the fourteen critical processes. The assessment
confirmed the achievement of level 3 in twelve processes and level 4 in two processes.
In 2010, the IT Division structured a sustainability and optimization plan for its IT management
system, based on the premise of having a comprehensive vision, organizational and operating model,
and leveraging information technology to achieve automation in the IT processes and controls.
The company also restructured the IT Compliance area, taking as reference the good practices of the
COBIT framework.
Key issues that led to the excellent results of the first year of COBIT implementation in Ecopetrol’s IT
management system include:
The implementation of COBIT was structured as a project, with a detailed work plan, clearly defined
milestones, allocation of team work with dedication and reliance on project management, risk
management, and control of timing and deliverables of the project.
The team had the full support of management, provided weekly progress reports, and brought up any
deviations and actions that required assurance.
The company hired well-known specialized consulting firms that integrated teams with extensive
knowledge and experience.
A change management front, including training activities and professional accreditation, was
established.
The project planning, development and results was communicated effectively within the company.
Search for the appropriation of practices by the process owners and control responsible.
The project was well integrated with all areas involved, and synergies were leveraged, especially with
the IT support team in Transport Operations who provided the results of previous efforts and
guaranteed the perspective of business users
A community of practice and management on lessons learned were established.
Sustainability strategies and further optimization of processes were defined.
The IT Division interacted effectively with the audit teams.
Particular focus was given to segregation of duties, access control, continuity planning, software
development and information security issues.
Maturity level assessments were conducted by a competent and independent third party.
More than 20 employees passed the COBIT Foundation exam and earned a COBIT certificate.
Several employees were or became members of ISACA, which gave them easier access to more
detailed guidance.
Ecopetrol conducted benchmarking of national and international oil and gas companies.
Ecopetrol plans to finish 2010 with 31 COBIT processes built into the IT management system,
operating at level 3, with a view to achieve level 4 in 2011. The Information Technology Division is
studying the draft documents of COBIT 5 and plan to implement it as soon as it’s available. Ecopetrol
is also extending the practices of its IT management system and COBIT to the companies in its
business group in Colombia, Peru and Brazil.The IT management system will be embedded in the
Corporate Management System to ensure integration and alignment of practices.
With the integration of the IT Management System supported by the implementation of COBIT and
the structuring of sustainability and process-based optimization model, Ecopetrol has laid a strong
foundation for the consolidation of IT governance, risk and compliance.
CHAPTER 4
Conclusion and Suggestion
4.1 Conclusion
IT Governance is very important for every company based on Information Technology
Minded. Its a process to ensure the effective and efficient use of IT in enabling an
organization to achieve its goals. Now we want to discuss some of the method to manage IT
for the company. There are two method that we want to discuss, ITIL framework and Cobit.
ITIL stands for Information Technology Infrastructure Library. ITIL was actually developed
by the United Kingdom’s office of Government Commerce. ITIL is a set of guidance that are
documented in a books, describing an integrated, process based, best practice framework for
managing IT services and also can be adapted for use in all business and organizational
environment. ITIL was developed actually for the use by UK government.
ITIL has been implemented in many large international such as Microsoft, IBM, Atos,
Caterpillar, Shell Oil, Boeing and many more and the result that they have achieved with ITIL
is a great success and significant operational cost savings.
COBIT stands for The Control Objectives for Information and related Technology. COBIT is
a good framework strategy, and supporting toolset that can maintain organizations standards
and also develop a system related to IT governance. COBIT allows IT managers to bridge the
gap between control requirements, technical issues and business risks.
The main goal of the COBIT implementation was to improve the efficiency of the delivery of
the information systems services by either improving the existing processes or designing and
implementing new processes—and that goal has been accomplished.
The summary of this study are we know what is Information Technology Infrastructure
Library, its framework, about Cobit also, how to implement each method and we also know
the example of the implementation of the Information Technology Infrastructure Library and
Cobit. And about ITIL vs Cobit, we also knew about the benefits of ITIL and the benefits of
Cobit. The diferent method of Information Technology Governance have their own way to
give the benefits to the user or the company that use the method. This also will be a good
reference to choose which method is good to use by several people for implementating their
IT Governance in their company or in their business.
4.2 Suggestion
Our suggestion is using ITIL framework is more better than COBIT, because based on the
research ITIL framework is commonly used , and COBIT usually used in auditing.
References
COBIT Focus. (2011). Retrieved from https://www.isaca.org: https://www.isaca.org/KnowledgeCenter/cobit/cobit-focus/Documents/COBIT-Focus-Vol-3-2011.pdf
Consulting, S. (n.d.). Symptai Consulting Limited. Retrieved from http://www.symptai.com:
http://www.symptai.com/index.php/cobit
Elephant, P. (2008). The Benefits Of ITIL. 17.
FORUM, E. C. (2012). 4 reasons COBIT 5 should be part of your IT strategy. Retrieved from
http://www.enterprisecioforum.com:
http://www.enterprisecioforum.com/en/blogs/mylessuer/4-reasons-cobit-5-should-be-partyour-it
Gartner. (2013). Gartner. Retrieved from http://www.gartner.com/: http://www.gartner.com/itglossary/it-governance/
Group, I. (2014). ITILTRAINING.com. Retrieved from http://www.itiltraining.com/:
http://www.itiltraining.com/itil-benefits.asp
InsideBusiness360. (2009). Benefits of using the Cobit Framework for it Governance. Retrieved from
http://www.insidebusiness360.com:
http://www.insidebusiness360.com/index.php/benefits-of-using-the-cobit-framework-for-itgovernance-16631/
Janssen, C. (n.d.). techopedia. Retrieved from http://www.techopedia.com/:
http://www.techopedia.com/definition/16376/development-environment
Kneller, M. (2010). Executive Briefing: The Benefits of ITIL®. Best Management Practice, 10.
Lees, G. (2007). Enterprise Governance. Topic Gateway Series no.32, 3.
Rainer, K. R., & Cegielski, C. G. (2011). Introduction to INFORMATION SYSTEMS Enabling and
Transforming Business. Danvers: John Wiley & Sons, Inc.
Rouse, M. (2005, September). WhatIs.com. Retrieved from http://whatis.techtarget.com/:
http://whatis.techtarget.com/definition/framework
Rouse, M. (2006, August). Search CIO. Retrieved from http://searchcio.techtarget.com/:
http://searchcio.techtarget.com/definition/ITSM
Rouse, M. (2006, September). SearchServerVirtualization. Retrieved from
http://searchservervirtualization.techtarget.com/:
http://searchservervirtualization.techtarget.com/definition/platform
Rouse, M. (2007, February). SearchSoftwareQuality. Retrieved from
http://searchsoftwarequality.techtarget.com/:
http://searchsoftwarequality.techtarget.com/definition/application
Satzinger, J. W., Jackson, R. B., & Burd, S. D. (2005). Object-Oriented Analysis and Design with the
Unified Process. Boston: Course Technology, Cengage Learning.
Schwartz, K. D. (2007, may 22). CIO. Retrieved from http://www.cio.com/:
http://www.cio.com/article/111700/IT_Governance_Definition_and_Solutions
TechTerm.com. (2008, October 12). TechTerms.com. Retrieved from http://www.techterms.com/:
http://www.techterms.com/definition/application
Weekly, C. (n.d.). ComputerWeekly.com. Retrieved from //www.computerweekly.com:
http://www.computerweekly.com/opinion/A-helping-hand-with-IT-governance
CURRICULUM VITAE
Name
: Geofrey Vincent
Place, Date of Birth
: Jakarta, 17 November 1993
Gender
: Male
Address
: Jl. Bambu Betung 3 No.18, Bojong Indah
Phone Number
: 08170171193
Education History and Course
:
A. Junior High School
: SMP Kalam Kudus, Jakarta - Indonesia
B. Senior High School
: SMA Kalam Kudus , Jakarta - Indonesia
C. Present
: BINUS University, Jakarta
CURRICULUM VITAE
Name
: Danny
Place, Date of Birth
: Jakarta, 24 September 1992
Gender
: Male
Address
: Kemanggisan Raya No.59
Phone Number
: 08989956151
Education History and Course
:
D. Junior High School
: SMP Tarsisius 2, Jakarta - Indonesia
E. Senior High School
: SMA Regina Pacis, Jakarta - Indonesia
F. Present
: BINUS University, Jakarta
CURRICULUM VITAE
Name
: Jordy Jonatan
Place, Date of Birth
: Pontianak, 20 Mei 1993
Gender
: Male
Address
: Citra 2 Extension Blok BI 2 no.42
Phone Number
: 089660600281
Education History and Course
:
G. Junior High School
: SMP San Marino, Jakarta - Indonesia
H. Senior High School
: SMA San Marino, Jakarta - Indonesia
I. Present
: BINUS University, Jakarta
CURRICULUM VITAE
Name
: Kevin
Place, Date of Birth
: Jakarta, 8 February 1994
Gender
: Male
Address
: Jl. Hanura 2 no. 33A
Phone Number
: 08176783182
Education History and Course
:
J. Junior High School
: SMP Kristen Ketapang 1, Jakarta - Indonesia
K. Senior High School
: SMA Kristen Ketapang 1, Jakarta - Indonesia
L. Present
: BINUS University, Jakarta
CURRICULUM VITAE
Name
: Calvin
Place, Date of Birth
: Jakarta, 10 November 1990
Gender
: Male
Address
: Jl. Krendang Raya No. 19
Phone Number
: 089610584943
Education History and Course
:
M. Junior High School
: SMP St. Tarsisius, Singkawang - Indonesia
N. Senior High School
: SMA Damai, Jakarta - Indonesia
O. Present
: BINUS University, Jakarta