COBIT is a useful tool for much more than Audit

When I presented my "layman's view of COBIT" to the local chapter of itSMF some time back, the main point I wanted to make was that COBIT has many practical uses - only one of them is audit. This is reflected in the changing makeup of the ISACA membership: auditors are now a minority.

I have used COBIT as a checklist or framework for all sorts of reviews or current-state assessments. It is not perfect - I usually add some additional items of my own to check for - but it is more comprehensive and better suited due to its structure than ITIL for such checking.

Those who say "COBIT is the WHAT and ITIL is the HOW" haven't read all the associated publications such as the COBIT User Guide for Service Managers. There is a grey area in the middle: much of ITIL is only the "WHAT" and much of COBIT can be used as the "HOW". This what/how model for distinguishing the two frameworks is much too simplistic. Try gathering all the info on Service Desk from COBIT 4.1 and COBIT Control Practices into a booklet and you will see what I mean.

As another example, when we did an all-of-IT documentation review for a client, we used COBIT to create the list of essential artifacts we should look for.

Sure, if you are completely new to ITSM you'll need a narrative like ITIL to tell you what is going on, but for anyone who has worked in the industry you don't need to go outside COBIT too often.

What have you used COBIT for?


The SwissKnife of IT

I use to say that I see COBIT of the Swiss knife of IT. I use it when talking about metrics, when writing an Strategic Plan, when defining a set of processes, when defining an outsourcing strategy, bufff...

I use almost every time, except when writing an article :-)

Oh! And sometimes I use it when doing an audit....

Antonio Valle
G2, Gobierno y Gestión de TI

Syndicate content