What ITIL Doesn't CoverThere's a popular misconception that ITIL describes IT Delivery. In fact, argues columnist Rob England, it doesnt even fully describe IT Service Management.
And ITIL is the de facto standard ITSM framework to use. Everything we do in IT Delivery should be framed in terms of the services delivered, and all our activities and behaviors (and spending) derived from that.
By IT Delivery Im referring to that half of IT also known as Production or Operations, separated by The Wall from the other half, known as Solutions or Development. (IT Solutions should also be service based, but that is a fight for another day). Id like to use the term IT Operations (and I do), but it is used by ITIL more specifically to refer to the monitor and control functions of IT, the day-to-day, so to avoid confusion well use IT Delivery.
The gaps in ITILs coverage of IT Delivery are most starkly illuminated by a white paper COBIT Mapping: Mapping of ITIL V3 With COBIT 4.1. For those who havent met it, COBIT started life as an audit framework for IT and has grown to be something a lot more general and useful. The paper is available for download from www.isaca.org free to ISACA members - others will have to pay. It shows how much more complete COBIT is as a framework (although ITIL has advanced in Version 3), and more rigorous, even if ITIL does have more meat on the bones.
For those of you who don't have a spare twenty-five bucks, the COBIT processes not covered at all by ITIL V3 are:
(The codes are COBIT process identifiers. If you do have the white paper, these assessments come from the diagram on page 19.)
Nothing important in that lot, is there? And the COBIT processes only partially covered by ITIL V3 are: ...
ITIL only scores a full coverage on 8 out of 34 COBIT processes:
More recently we had another white paper, this time issued jointly by ISACA (owners of COBIT) and OGC (owners of ITIL). This paper, the excitingly titled Aligning CobiT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit is available for public download. It does not map the processes so starkly it doesnt give ratings of coverage. But if you wade through the detail of the mappings you can make your own assessment based on what proportion of COBIT controls for which it shows equivalent ITIL coverage. You may conclude as I did that it seems to rate ITIL more highly against two processes (PO1 and DS2) than the original paper did, and seems to make an even lower assessment than the first paper on five others (PO9, AI2, AI7 DS5, DS10), ending up with indicating that ITIL has full coverage for a slightly different 8 of the 34 COBIT processes.