Choosing an IT governance framework isn’t just a technical decision—it’s a strategic choice that directly impacts your organization’s future competitiveness.

When analyzing IT governance implementations across organizations globally, we often see failures stemming from poor framework selection or inadequate understanding of organizational contexts. Conversely, organizations that select frameworks optimized for their specific situations and implement them systematically achieve significant operational efficiency improvements and create substantial business value.

This guide provides an in-depth analysis of ITIL 4, COBIT 2019, and ISO/IEC 20000, offering expert guidance for selecting the optimal framework based on your organizational context.

 

 

1. ITIL 4: The Essential Service Value-Centric Framework for Practitioners

Why ITIL 4 is Revolutionary: Complete Analysis of the Service Value System

The ITIL Service Value System describes how all components and activities of an organization work together as a system to enable value creation. Each organization’s service value system interfaces with other organizations, forming an ecosystem that facilitates value for those organizations, their customers, and other stakeholders.

Five Core Components of the Service Value System:

1. 7 Guiding Principles
   • Focus on Value: Emphasizes value creation for all internal and external customers and stakeholders
   • Start Where You Are
   • Progress Iteratively with Feedback
   • Collaborate and Promote Visibility
   • Think and Work Holistically
   • Keep It Simple and Practical
   • Optimize and Automate
2. Governance
   • Means by which an organization is directed and controlled
   • Ensures alignment with strategic objectives
   • Compliance with external and internal regulations
3. Service Value Chain An operating model that outlines the key activities required to respond to demand and facilitate value realization through the creation and management of products and services6 Key Activities:
   • Plan: Understanding of vision, current status, and improvement direction
   • Improve: Continual improvement of products, services, and practices
   • Engage: Understanding stakeholder needs and building relationships
   • Design & Transition: Considering quality, cost, and time-to-market
   • Obtain/Build: Securing and building service components
   • Deliver & Support: Service delivery according to agreed specifications
4. 34 Management Practices
   • General Management Practices (14): Architecture management, continual improvement, information security management, etc.
   • Service Management Practices (17): Incident management, problem management, change management, etc.
   • Technical Management Practices (3): Deployment management, infrastructure and platform management, software development, etc.
5. Continual Improvement

Practical Application of Value Streams in Real Work

Value streams define the work (whether human labor or automation) that needs to be performed to deliver the results customers want. The value-oriented lens of the Service Value Chain ensures all activities align with demand and eliminate waste.

Real-world Application Examples:

• Incident Handling Value Stream: Engage → Deliver & Support → Improve
• New Service Development: Plan → Design & Transition → Obtain/Build → Deliver & Support

What Makes ITIL 4 Different: How Does it Differ from Previous Versions?

Integrated Digital Operating Model ITIL 4 provides a practical and flexible foundation designed to help organizations on their digital journey, with integration of ITIL 4 best practices with Agile, DevOps, and digital transformation playing key roles in the new framework.

Four Dimensions Model

1. Organizations and People: Corporate culture and appropriate staff capacity and competency levels
2. Information and Technology: Information, knowledge, and technologies needed for effective service management
3. Partners and Suppliers: Suppliers involved in service design, deployment, and delivery, and associated relationships
4. Value Streams and Processes: Integrated and coordinated work approach

 

 

2. COBIT 2019: The Essential Enterprise-wide IT Governance System for Executives

How to Clearly Separate Governance and Management Roles from Board Level to Operations

COBIT 2019 is used at the enterprise governance level (from the Board of Directors level down) while ITIL 4 best practices are used at the execution level (from IT service delivery management upward).

Governance Domain (EDM – Evaluate, Direct, Monitor)

• EDM01: Ensure governance framework setting and maintenance
• EDM02: Ensure benefits delivery
• EDM03: Ensure risk optimization
• EDM04: Ensure resource optimization
• EDM05: Ensure stakeholder transparency

Management Domain (35 Processes)

• APO (Align, Plan, Organize): Strategic alignment, planning, organizing (13 processes)
• BAI (Build, Acquire, Implement): Build, acquire, implement (11 processes)
• DSS (Deliver, Service, Support): Deliver, service, support (6 processes)
• MEA (Monitor, Evaluate, Assess): Monitor, evaluate, assess (4 processes)

How to Design COBIT 2019 for Your Organization (6 Key Factors)

Traditional 5 Principles + New Design Factors

1. Enterprise Strategy: Organization’s mission, vision, values
2. Enterprise Goals: Goals reflecting stakeholder needs
3. Risk Profile: IT-related risks faced by the organization
4. IT-related Issues: Compliance, new technologies, etc.
5. Enterprise Size: Organization size and complexity
6. Industry Sector: Industry-specific requirements

COBIT Performance Management System that Proves IT Performance with Numbers

Goal Cascade

Enterprise Goals → IT-related Goals → Enabler Goals → Individual Process Goals

Performance Measurement

• Outcome Measurement: Degree of goal achievement
• Application Measurement: Degree of process implementation
• Capability Measurement: Process maturity (0-5 levels)

 

 

3. ISO/IEC 20000: Everything About International Standard Certification for Customer Trust

Why So Rigorous? Breaking Down the Standard’s Strict Structure

ISO/IEC 20000-1:2018 specifies requirements for establishing, implementing, maintaining, and continually improving a service management system. An SMS supports service lifecycle management including planning, design, transition, delivery, and improvement of services that meet agreed service requirements and deliver value.

Practical Guide: 250 Requirements Organized into 10 Areas

10 Major Procedures and 250 Detailed Requirements

1. Service Management System (SMS) General Requirements

• Understanding context and determining scope
• Leadership and top management commitment
• Planning and risk management

2. SMS Planning and Implementation

• Service management policy and objectives
• Assignment of roles, responsibilities, and authorities
• Competence and awareness enhancement

3. Planning and Implementation of New/Changed Services

• Service requirements specification
• Service design and development
• Service transition management

4-10. Operational Processes

• Service delivery processes (SLA management, service reporting, etc.)
• Relationship processes (business relationship management, supplier management)
• Resolution processes (incident, service request)
• Control processes (change management, asset and configuration management)

Complete Guide: From Certification Acquisition to Maintenance

The certification process typically requires organizations to maintain detailed documentation of their service management system requirements and processes and how they adhere to the standard.

Certification Stages

1. Stage 1 Audit: Document review and readiness assessment
2. Stage 2 Audit: On-site audit to verify implementation status
3. Certificate Issuance: Valid for 3 years
4. Surveillance Audits: 1-2 times per year for ongoing compliance verification

 

 

4. Expert In-Depth Comparative Analysis of Three Frameworks

What Makes Their Philosophies and Approaches So Different?

Perspective	ITIL 4	COBIT 2019	ISO/IEC 20000
Paradigm	Service value co-creation	Enterprise value optimization	Standards compliance and quality assurance
Decision Criteria	Stakeholder value	Business goal achievement	International standard requirements
Change Response	Agile, adaptive	Structured, systematic	Normative, stable
Performance Measurement	Degree of value realization	Level of goal achievement	Requirements compliance rate

How to Diagnose Your Organization’s Maturity Level

ITIL 4 – Progressive Evolution Model

• Level 1: Reactive – Response when problems occur
• Level 2: Managed – Basic process operation
• Level 3: Defined – Standardized processes
• Level 4: Measured – Performance-based management
• Level 5: Optimized – Continuous improvement

COBIT 2019 – Capability Maturity Model

• Level 0: Incomplete – Process not implemented or goals not achieved
• Level 1: Performed – Ad hoc, inconsistent performance
• Level 2: Managed – Basic management activities performed
• Level 3: Established – Standardized and documented processes
• Level 4: Predictable – Measured and controlled processes
• Level 5: Optimizing – Continuously improving processes

ISO 20000 – Binary Assessment

• Conform or Non-conform
• Clear criteria with no intermediate stages

Customized Strategies by Company Size: From Startups to Large Enterprises

Startups (10-50 employees)

Recommended: ITIL 4 Selective Application

• Key Rationale: Flexibility suitable for rapid change and limited resources
• Applied Practices: Incident management, change management, service request management
• Expected Results: Basic service stability within 3-6 months
• Implementation Cost: $10K-$30K (training and tool implementation)

Small to Medium Enterprises (50-500 employees)

Recommended: ITIL 4 → ISO 20000 (Optional)

• Phase 1 (ITIL 4):
  • Service desk systematization
  • Core operational process establishment
  • 6-12 months, budget $50K-$200K
• Phase 2 (ISO 20000, Optional):
  • Reliability assurance for B2B customers
  • Competitive advantage in tenders
  • Additional 12-18 months, budget $300K-$800K

Large Enterprises (500+ employees)

Recommended: COBIT 2019 + ITIL 4 Integration

• Governance-First Strategy:
  • Build strategic direction and governance structure with COBIT
  • Optimize operational practices with ITIL
  • 18-36 months, budget $5M-$20M
• Integration Benefits:
  • 15-30% reduction in IT operational costs
  • 40% improvement in project success rates
  • 80% reduction in compliance risks

 

Industry-Specific Response Methods: Complete Mastery of Financial, Manufacturing, and IT Services

Financial Services

• Regulatory Requirements: Basel Accords, financial regulations, data protection laws
• Recommended Combination: COBIT 2019 (compliance) + ISO 20000 (reliability)
• Key Considerations: Risk management, data governance, audit trails

Manufacturing Industry

• Operational Characteristics: 24/7 continuous production, high stability requirements
• Recommended Framework: ITIL 4 (operational optimization focus)
• Key Considerations: Availability management, capacity management, supply chain integration

IT Service Providers

• Business Model: Service quality directly impacts revenue
• Essential Requirement: ISO 20000 certification
• Recommended Approach: Build with ITIL 4 foundation → Obtain ISO 20000 certification

Cloud and AI Era: Comparing Framework Responsiveness

Cloud-Native Environments

• ITIL 4: Best adaptability (DevOps, Agile integration)
• COBIT 2019: Strengths in cloud governance
• ISO 20000: Applicable for cloud service certification

Automation and AI Implementation

• ITIL 4: Natural integration with “Optimize and Automate” principle
• COBIT 2019: Strengths in AI governance and ethical AI management
• ISO 20000: Quality assurance for automated processes

 

 

5. Implementation Strategies for Immediate Practical Application

Designing Hybrid Approaches that Mix Multiple Frameworks

Scenario 1: Global Enterprise Integration Strategy

Enterprise Level: COBIT 2019 governance structure
  ↓
Regional Level: ITIL 4 operational processes  
  ↓
Service Level: ISO 20000 quality assurance

Implementation Roadmap:

• Year 1: Establish COBIT governance structure and policies
• Year 2: Build and integrate ITIL 4 core practices
• Year 3: Prepare for and obtain ISO 20000 certification

Creating Performance Measurement Indicators that Convince Management

ITIL 4 Performance Measurement

• Value Indicators: Customer satisfaction, business impact
• Operational Indicators: MTTR, MTBF, availability
• Improvement Indicators: Process maturity, automation rate

COBIT 2019 Performance Measurement

• Governance Indicators: Strategic alignment, risk management effectiveness
• Management Indicators: Process capability levels, goal achievement rates
• Business Indicators: ROI, TCO, compliance rates

ISO 20000 Performance Measurement

• Conformity Indicators: Requirements compliance rate, non-conformance resolution rate
• Quality Indicators: Service quality, customer satisfaction
• Improvement Indicators: Certification audit results, continual improvement activities

Change Management Expertise: How to Transform Organizational Culture Without Employee Resistance

Cultural Change Management

• ITIL 4: Value-centric mindset, collaborative culture
• COBIT 2019: Governance mindset, enhanced accountability
• ISO 20000: Quality consciousness, standards compliance culture

Technical Integration

• API-based tool integration
• Automated workflow construction
• Integrated dashboard and reporting systems

 

 

6. Final Guide for Strategic Selection

Core Decision Matrix

Are there operational issues that need immediate resolution? → ITIL 4 for operational process improvement priority

Is management demanding IT investment effectiveness?
→ COBIT 2019 for governance system establishment

Does the customer/market require official certification? → ISO 20000 certification acquisition essential

Future-Oriented Perspective

Each framework continues to evolve for the digital transformation era. Understanding how COBIT 2019 and ITIL 4 align for optimal IT governance and service management, and finding the optimal combination for your organization’s characteristics, is key to success.

Three Core Principles for Success:

1. Accurately diagnose your organization’s current situation
2. Minimize risks through phased approaches
3. Continuously evolve through ongoing improvement

We hope your organization creates genuine business value and secures competitiveness through IT governance. 🙂

 

 

 

Related Resources and Additional Learning Links

Official Documentation and Standards Organizations

• AXELOS (ITIL Official): ITIL 4 Service Management Certification
• ISACA (COBIT Official): COBIT 2019 Framework and Resources
• ISO Official: ISO/IEC 20000 Standard Documentation

Integrated Framework Guides

• AXELOS & ISACA Joint Whitepaper: Using ITIL 4 and COBIT 2019 to Create Integrated Environment
• ITIL-COBIT Mapping Analysis: ITIL 4 and COBIT 2019 Correlations

Expert Comparative Analysis and Implementation Guides

• Advisera: COBIT vs ITIL vs ISO 20000 Detailed Comparison
• NovelVista: ITIL vs COBIT vs ISO 20000 Key Differences
• ITSM Docs: Building Compliant Delegation Framework (ISO 20000, COBIT, NIST)

Practical Implementation Resources

• ITSM Docs: COBIT 2019 Implementation Guide
• Joe The IT Guy: Complete Guide to ISO 20000:2018 New Version