ISACA's new strategy for COBIT and its future impact on ITIL

In my post about the control of ITIL the IT Swami conjectured that the future might hold ISACA gaining control of ITIL's space and possibly merging with itSMF. If that does not happen, it is pretty clear from ISACA's newly announced strategy that they are going to end up competing at least on the boundaries of their respective turfs and possibly over a large overlapping area.

For a fine introduction to ISACA's new directions, watch this presentation from Lynn Lawton, ISACA International President (oh for this kind of insight and transparency from itSMF eh?).


Here are the key points I took from the presentation.

ISACA membership has tripled in six years to over 90,000. The fastest growing sector is non-audit general IT professionals.
They are well cashed up, have lots of members and 40% of those members are keen to act as volunteer contributors
ISACA feel competition from un-named organisations encroaching on their territory.
88% of members feel the need for practical how-to advice on execution of COBIT and other ISACA frameworks.
That pragmatic guidance will address security, applications and "for example" business continuity (and...???)
COBIT is the strong brand - all the ISACA IP will be brought under a unified COBIT 5 umbrella.
The new growth in the body of knowledge will be driven by an open source model where volunteers contribute (exactly what I have been calling for with ITIL for a long time)
ISACA's vision is for trust in and value from information systems. This is across assurance, security, governance, risk, and compliance
COBIT is seen to provide a common language to IT
ISACA's governance framework will be simplified and improved. It already includes over sixty bodies.
ISACA are about to embark on a new, more targeted, more integrated marketing approach
They still have no online community but this is promised in the next year in a revamped website (they better deliver on that if they have aspirations to an open source model!)

In addition to what we learn from the presentation I would also add that ISACA has a central membership system that allows them to contact, survey and make use of every single member across the planet (itSMF does not).
They have a strong Board.
Even though the COBIT brand is much weaker than ITIL's, they still manage to have a much stronger web presence.

My conclusions

The emphasis is on assurance, security, governance, risk, and compliance: management and operations are not mentioned. But value derived from systems is, and the existing COBIT framework already provides a great deal of day-to-day operational guidance, if only at a checklist level.
If COBIT 5 is built from open source contributions it seems to me inevitable that the content will spill out into BAU operational guidance across the range of COBIT processes, which is a superset of ITIL, due simply to the willingness of the contributors to go there.
Since it will include professional certifications and more importantly organisational certification, this must be seen as competitive to ITIL, CMMI-SVC, ISO20000 and ISO38500.

The risks?

ISACA is fundamentally stodgy. The intensely conservative core membership may not go along with radical new directions.
Open content has not been wildly successful either in the narrow scope of ITSM or in the wider field of Wikipedia. However ISACA has eager volunteeers who come form those who know their stuff, and they have the tight governance to do the required policing and editing and review of the contributed content.
ISACA has the mass to make the open source content model successful but it is a new model for any formal framework - it may be too risky for the brown suits to tolerate.
The more susccessful COBIT is, the more the big vendors will come sniffing around. ISACA has a proven track record of internal governance but there have reportedly been some mis-steps. They will have to manage this well to keep their perceived independence from the money circus.
A marriage of ISACA and itSMF - or ITIL and COBIT - would be one of those unions of opposites ("chalk and cheese") that might be the perfect complement or equally might end in a messy divorce.

As I have predicted for a while, ISACA has been discretely watching the brash usurpers parading on their front lawn and is biding its time to see them off in a quiet, studied and professional manner.


COBIT5 is moving on ITIL

Two years ago I made the prediction in this post that COBIT 5 and ITIL would "end up competing at least on the boundaries of their respective turfs".

Reading the draft of COBIT5 I can see it coming to fruition. Check out the Process Reference Guide and look at the detail in the guidance for each process. it's not a chatty narrative like ITIL but it sure has a lot of the same content.

Syndicate content