In relation to the information sphere of the organization, the COSO Committee model is developed by a number of again “de facto standards”, such as COBIT and ITIL.


ITIL 4 Foundation books CBD UK
The basic solutions of the ITIL methodology are fixed by separate international standards for the management of information technology services

The basic solutions of the ITIL methodology are fixed by separate international standards for the management of information technology services in an organization from the corresponding family of management standards ISO / IEC 20000 (reference for ITIL foundation books:

Each of the specifications of the COBIT and ITIL standards includes a series of voluminous documents, which it is not necessary to dwell on in detail in the format of this edition. The COBIT standard has already undergone the 4th edition (in 2007 edition 4.1 was published), and the ITIL specification - the 3rd.

In general, both of the noted standardized approaches (COBIT and ITIL) pursue the following general goals for the use of information technology in organizations:

— compliance with the requirements of the top management of the organization;

— ensuring transparency of business impact and risks associated with IT;

— creation of mechanisms that guarantee the achievement of the set goals;

— improving the effectiveness of responses to business requirements and changes in the organization's strategy;

— ensuring effective translation of business requirements into the corresponding capabilities of solutions in the field of information technology;

— integration of applications and information technologies into the business processes of the organization;

— Ensuring effective relationships with other organizations;

— ensuring transparency of IT expenses, capacity, strategy, policy and quality of services;

— Ensuring accounting and efficient use of all IT assets;

— increasing the efficiency of investments in IT and the contribution of information technology to the overall business performance;

— optimization of IT infrastructure and resources;

— ensuring the reliability of automated transactions performed;

— Ensuring adequate counteraction of IT to adverse external and internal factors;

— Ensuring the required availability of IT services;

— maintaining the integrity of information and infrastructure;

— Ensuring compliance of IT activities with laws and regulations;

— ensuring a stable quality of services, supporting the process of continuous improvement.

All of the listed positions organically develop the provisions of the COSO Committee model, offering a risk-based pragmatic approach to the use of information technologies by organizations in the context of the benefits and benefits of the organization from their use.

Both standards are based on a continuous improvement model (the ITIL specification explicitly states compliance with the ISO 9000 model; the COBIT standard does not contain such formulations, but actually complies with them).

In the introduction of the COBIT standard, it is noted that its structure is maximally adapted to support the control framework for the organization's corporate governance and risk management, as set out in the COSO Commission's recommendations "Internal Control - Integrated Framework" and similar guidelines.

The fundamental difference between COBIT and ITIL is their origin, and therefore the specifics of their use.

The customer and sponsor of the ITIL specification were organizations that use information technology in their activities. From the standpoint of the classical model of the activity of IT organizations, they implement a service (auxiliary) function to the processes of forming the added value of products and corporate governance processes. An exception may be when the primary purpose of the organization is to provide IT services. Such companies are also present on the market, but, as a rule, for the purpose of serving a large “material business” (oil or machine-building holding, etc.). In such a vision of the contribution of IT to ensuring the activities of the organization, the service model of organizing and implementing IT management processes in the organization with all the ensuing entities of the service model (service planning, service requirements, etc.) seems to be the most appropriate. It is this model that underlies the ITIL specification.