A study in governance: comparing Castle ITIL with ISACA

It is always illuminating to use COBIT as a benchmark to study ITIL. In recent days, ISACA has announced another solid Board, whilst itSMF continues its infighting (see below), APMG expands its empire, TSO goes its own merry way unanswerable, and OGC tightens control over - and profit from - what everyone thought was public property (blog coming if I can ever unravel it all).

For those unfamiliar, ISACA is the international body that is all things to COBIT (and Val IT and Risk IT, the multiple bodies of knowledge being brought together into the upcoming COBIT5).

There is no comparable body for ITIL. ITIL is owned and supposedly governed by OGC. The books are published and marketed by TSO. The certification is managed and marketed by APMG, along with the branding. itSMF is an organisation struggling to decide whether it is a trade association or a member professional body - in the meantime it does most of TSO's and APMG's international marketing for them using volunteers, even though both TSO and APMG are for-profit companies. OGC, TSO an APMG have little international representation (other than APMG having a branch in a couple of countries and APMG's subsidiary Education insititutes doing the actual certification). itSMF has loosely integrated, autonomous chapters in many countries. The web presence is all over the place like a dog's breakfast. I label this conglomeration "Castle ITIL".

ISACA is Castle COBIT. It owns, publishes, certifies and markets COBIT. It is a not-for-profit professional association with tightly integrated chapters in many countries.

In theory perhaps there is a concern at all COBIT functions being in one organisation - no separation of duties or powers. But those concerns are - for me - much allayed when we look at the governance.

ISACA has just announced its new Board, a mix of long-standing members and new blood. If you look at the Board composition in detail you see one software vendor (Hi Rob!), half-a-dozen from Deloittes and KPMG (unsurprising since COBIT had its roots in audit, though no more), and the rest - lots of them - are practitioners.

The much smaller itSMF Executive Board is less vendor dominated than it has been at times but still has four out of seven current or ex HP, CA or EXIN.

Please don't leap to the conclusion that I think itSMF needs to limit vendor control. I think it has too many vendors, but vendors are people too. If they step forward, they have a right. The imbalance is a result of Castle ITIL simply not appealing enough to the practitioner constituency. itSMF is tainted as a trade association. This is clearly improving as itSMFI pays more attention to the needs of the shareholders ... er... members. Nevertheless TSO and APMG are private companies, closed to contributors (unless of course you want to contribute to TSO's growing body of copyrighted ITIL material). OGC is a British Government agency - say no more. Other than at a local level, contributing to ITIL is hard. You can only work for bits of it, in the knowledge that other large chunks are going their own merry way whatever you do.

ISACA on the other hand is one body heading - as much as any volunteer body can - in one direction. No doubt ISACA has its own ugly politics (contributions welcome from readers), but a governance-centric organisation is discrete and manages that stuff behind closed doors. Unlike itSMF where the bodies fall out the doors. I'm sure everyone will assure us this is Keith's own decision, and I'm sure it is, but it is the culmination of a long-standing power struggle within itSMF which I doubt will be the last. itSMF suffers from the loose unstructured ad-hoc foundations on which it was built. Those foundations will introduce instability for a long time to come.

I don't care how good the ITIL content is - its support infrastructure will let it down when ITIL and COBIT inevitably battle for the public mind-share. As it happens, I often find COBIT content more useful too but that's another discussion. I'm betting on COBIT.