The management focus of Cobit differs from the Information Technology Infrastructure Library (ITIL) that is gaining data center adoption. But both are complementary, and the latest version of Cobit has improved integration with ITIL, said Robert Stroud, an IT service management evangelist at CA Inc., and contributor to Cobit.

ITIL is focused on IT processes, such as how a help desk handles a trouble ticket. Cobit integrates some of ITIL but takes the issues to a higher level in a company by focusing on meeting business needs, said Stroud. It provides a means to map IT to business requirements, such as ensuring that costs are measured and service levels and performance goals are met, he said.

IT users who want to discuss, for instance, how much storage is available aren't necessarily giving a business the information it really needs, said Stroud. "The business just cares about the ultimate service," he said.

The city of Phoenix is in the planning stages of a Cobit implementation, according to Lance Turcato, the deputy city auditor. Turcato has in the past been involved in a Cobit implementation in the private sector, and said it can foster a better partnership with IT, the business side and auditors. That's because Cobit "pulls together the best practices" in the industry and provides a baseline for IT, said Turcato.

For instance, in IT security it assembles the leading risk indicators and what specific controls are needed to address them. In that respect, Cobit is a "think-tank brain dump for what leaders in the industry are doing for IT security," he said.