COBIT, ITIL, ISO 27002 or ISO 38500?

Since the advent of the concept of Good Corporate Governance around the year 1992-1993 and after the bankruptcy of major companies in the United States and Europe as a result of the lack of independent oversight of the company, the concept or term of IT Governance was also emerged.

The term of IT Governance seems to be accepted with enthusiasm by the IT people, although many of them do not actually know exactly what the main purpose behind the emergence of IT Governance term.


It might be that IT people just accept the term of IT governance and translate it to their own meaning, It may be that when IT people hear the term of IT governance they think that the use of the term is just because the term is a trendy word.

Moreover, as we can feel and see that because of rapid changes in IT world then IT people tend to accept every new term just to ensure that they are not left behind or they are not outdated.

The tendency in IT is that if there is a new term, IT people usually just accept it, no matter whether or not the term can be understood by them, the important thing is just accepted it first, it can be thought and learned later on, the important thing is how they are just not left behind, that seems to be what they think.

As time goes by and no one or rarely questioned what exactly the purpose of ITgovernance, there are varying opinions or recommendations on what is the appropriate standard should be used for IT governance framework.

There has been an opinion that initially there was no suitable standard to serve as an IT governance framework, until finally there was an argument which says that although there is no single standard that can serve as an IT governance framework, but there are already some standards that can be used as starting point in establishing IT governance framework.

Standards at the beginning are popular as candidates to become IT governance frameworks are COBIT, ITIL and ISO 27002. But lately as COBIT is the most vociferous standard proposed to be an IT Governance Framework, so at that time COBIT is considered to be the most appropriate standard to be used as an IT governance framework.

The Opinion persists longer until finally in 2008 the ISO published a new standard called ISO 38500 entitled Corporate Governance of IT.

ISO 38500 standard is made specifically to meet the requirement of IT Governance Framework, this is different to COBIT or ITIL or ISO 27002 which was from the beginning was not made ​​for the IT governance framework, but what was trying to do is to attempt to match and to fit with any standard to serve as an IT governance framework.

The core concept and to keep in mind is that the original intent of IT governance concept is to provide guidance to the company that IT strategic decisions are not only on the CIO, but also on the board of directors, commissioners and stock-holders.

IT governance is inseparable from the Corporate Governance as IT governance is part of Corporate Governance.

The difference between governance and management in terms of the difference between Corporate Governance and Corporate Management are as follows:

Governance focuses on oversight, accountability and strategic decisions, while management focuses on strategic decisions, management decisions and control, and operational management.

Intersection between governance and management is on the area of ​​strategic decisions. Coverage area of governance is the upper-middle while the coverage area of management is the lower-middle.

In Corporate Governance the area discussed is around the role of directors, commissioners and shareholders. Similarly, the area should be discussed in IT governance should be in the area around it.

Just as there is a clear difference between Corporate Governance and Corporate Management, there is also a clear difference between IT governance and IT management.

If the coverage area of Corporate Governance is the upper middle and the coverage area of Corporate Management is the lower middle, and thus also the coverage area of IT governance should be the upper middle and the coverage area of IT management should be the lower middle.

COBIT, ITIL and ISO 27002 are the standards that the coverage area is the lower middle range, and ISO 38500 is a standard that the coverage area is the upper middle, and thus COBIT, ITIL and ISO 27002 are suitable if they are used as IT management framework and ISO 38500 is suitable if it is used as an IT governance framework.

ITGovernanceOnline.com website is updated frequently, several times a month. So, you can revisit every month or check the history of interesting updates of the website on What’s new on the website?.

Related Posts

The Core Concept of IT Governance
How is IT Governance in The USA?
Corporate Governance and IT Governance
IT Governance in more detail
Multi-definitions of IT Governance
IT Governance Definitions
All About ISO 38500
IT Governance model can be misleading…(COBIT vs ISO 38500)
The Relationship Between IT Governance and Corporate Governance
The Difference Between Management and Governance
Why is COBIT not an appropriate IT Governance Framework?
COBIT, ITIL, ISO 27002 or ISO 38500?
Is ISO 38500 The Real IT Governance Framework?
Why IT people love to use the word “governance” these days?
The Origin of IT Governance Term
IT Governance Framework
How Is ISO 38500 Today?
IT Governance, IT Service Management, IT Management, are they all the same?
Green IT Governance