IT Service Management
Showing results for 
Search instead for 
Do you mean 

COBIT and ITSM KPIs

‎08-20-2012 08:59 PM - edited ‎09-20-2015 07:25 AM

This is probably old news for many of you, but historically there has been an interesting set of relationships between COBIT, ITIL, and a myriad of other standards and regulations. In the height of the Sarbanes-Oxley Act (SOX) fallout, some HP service desk colleagues and I collaborated with HP Audit and HP IT on a compliance reporting concept. The idea was that by demonstrating effective controls (largely through a set of service desk and related operations metric reports), we (HP) could persuade our external auditor to put fewer IT auditors on the bus that was sent out to evaluate us. The IT audit bus was just a phrase - to the best of my knowledge anyhow. As an aside, the output may have been on older reporting platform, but the information managed was surprisingly similar to what we now present via our HP Executive Scorecard VP of Ops persona.

 

In this mid 2000’s COBIT 4 timeframe, there were a number of papers and presentations on the relationship between ITIL, COBIT, and ISO 17799 (security). There would be reasonable paths woven between a regulation like Sarbanes-Oxley, to COSO, to COBIT, and then to ITIL and ISO 20000. In those days, I would travel with a popular, lightweight COBIT 4 book that was full of Key Performance Indicators, Process Key Goal Indicators, and IT Key Goal Indicators. If you compared the COBIT 4 guidance with ITIL guidance and a few other sources you could come up with a reasonable (but potentially broad) set of KPIs to consider, and you can still find a lot of this material out on the internet.

 

Leaving those golden years behind and coming back to the future, COBIT 5 (www.isaca.org/COBIT/Documents/COBIT5-Compare-With-4.1.ppt) clearly supports an enterprise level balanced scorecard approach. Interestingly, this is the same foundation HP uses in our IT Performance Suite strategy supported by the HP Executive Scorecard. To COBIT 5’s credit, there appears to be fewer KPIs to choose from. But, that is the essence of a KPI. In an analyst conversation a few weeks, the comment was made to the effect “isn’t 150 KPIs an oxymoron”. Further while I haven’t dug through COBIT 5 like I had version 4, a more corporate governance approach incorporating value and risk is also clear.

 

So what is the point of all of this?

  1. If you’re looking for a rich set of IT metrics to consider tracking along with related goals, download a COBIT 4 document. No wonder SOX audits were so expensive and considered so onerous. But, this is still a great reference if you're evaluating KPIs.
  2. If you’re looking for a more balanced scorecard approach and looking for operational guidance, there are a smaller set of KPIs to be found in the COBIT 5 materials. Or, you could stay tuned to Myles’ postings to see what he writes next.

And again if you haven’t done so already, please help us with our service desk KPI survey.

 

Thanks!

Chuck Darst

 

P.S. COSO - http://www.coso.org/ - The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.

 

0 Kudos
About the Author

chuck_darst

HPE IT Service Management Product Marketing team manager spanning our solutions for the service desk, asset mngt, CMS, and more. My background is engineering and computer science in the networking and telecom worlds. As they used to say in Telcom, "the network is the business" (hence huge focus on service management). I always enjoyed working with customers and on the business side of things, so here I am in ITSM marketing.

Events
Each Month in 2016
Online
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
Sep 30
Seattle, WA
OpenStack Days Seattle
OpenStack Days Seattle, September 30, is the largest gathering of OpenStack users and prospective users in the Pacific Northwest region.
Read more
View all