I have a small question: Can I convert my mission and vision with Cobit to IT-Goals? The aim is to use this processes in TOGAF for set up my Enterprise architecture, and using ITIL for evaluate, monitor and problem-solving of my processes?
Is this a good interpretation of the IT-governance frameworks? Or have I made a mistake?
On
CobiT and ITIL together are a powerful force for IT Operational efficiency and effectiveness. CobiT provides a framework for IT governance, aligning IT with business requirements. ITIL is a collection of best practices in Service Management, Security, Infrastructure Management, and Application Management. Together they can make the process improvement task much more achievable.
When should you use one or the other?
In general, CobiT is used for audit functions and ITIL is used for process improvement. We recommend that, instead of selecting between CobiT and ITIL, you combine both from the beginning in all process improvement activities. In the long run, you will eventually get there, so starting with an integrated approach is the most effective option. It will save you time and money and provide a process which meets stakeholder requirements earlier
As a company, your auditors will expect use of CobiT for SOX compliance. As a growing IT Organization, you will formalize your processes and procedures either based on ITIL or another framework which borrows heavily from ITIL
As i said earlier, both ITIL and CobiT are excellent tools for the IT Organization to improve processes and align IT functions with business and regulatory requirements. In bringing them to the table as one initiative instead of two separate initiatives, you gain from both a single work effort and an integrated IT process and compliance solution.
CobiT and ITIL complement each other. For example,the COBIT framework identifies a Software Release Policy as a control point, but leaves it to the organization to define those processes and procedures associated with Software Release. ITIL describes the best practices associated with Software Release Management. the interfaces to other activities such as Infrastructure Deployment, Change Management and Configuration Management; and how to implement Software Release Management within the ITO.
No, your approach is spot on (also what I do in my daily job). I use ITIL for the processes involved in shaping the organization and processes, Cobit (I personally prefer the 4.1 version) to help prioritize what needs to be done (btw. there are matching tables in Cobit 4.1 linking it to ITILv3), to give you and idea on the relevant controls. I also think it's quite charming to have the CMMI section in Cobit giving you an idea on the right maturity.