Share on:

Improving the Service Desk by Using COBIT 5

By Claudio Cilli, Ph.D., CISA, CRISC, CISM, CGEIT

COBIT Focus | 26 March 2018 Chinese Simplified | Japanese

Claudio Cilli The IT service desk plays a significant role in the day-to-day operations of any organization. When it functions well, all other activities perform well. If the service desk cannot perform, either because it does not have the proper technical skills or does not show requisite empathy, key personnel and activities suffer.

An effective service desk has significant associated costs, both in terms of resources involved and infrastructure needed (e.g., ticketing software, incident management and tracking software), so it is vital for an organization optimizing these efforts to balance effectiveness and budget.

Improving the technical and customer service skills of the service desk is vital to productivity and to the overall customer experience, as an organization’s service desk sits at the frontline of customer care and, in turn, becomes of the face of the organization.

If an organization is adopting COBIT 5 for IT governance implementation or optimization, it is possible to take advantage of the flexibility of the framework to help achieve goals. In fact, the Deliver Service and Support (DSS) processes, which are also mapped to the ITIL best practices, provide the necessary activities and performance measurement keys.

In COBIT there is everything you need: You only need to learn how to navigate. In this case, the purpose of using COBIT 5 is to enhance the use, implementation or customization of the service desk.

Consider the following 3 tips:

  1. Select the appropriate COBIT “entry point”—The first thing to do is to select the appropriate COBIT 5 publication from the COBIT product family. In this case, a good choice is COBIT 5: Enabling Processes. Looking at the process reference model, 2 interesting processes merit attention: DSS02 Manage Service Requests and Incidents and DSS03 Manage Problems. They are exactly what is needed.
  2. Select the appropriate part of the process management practice—The answers are the responsible, accountable, consulted, informed (RACI) chart and the management practices. They show what to do, who should do it and how. In addition, they also provide some useful information such as the level of involvement.
  3. Define the key performance indicators (KPIs)—They provide the measurement of how well the process is working. COBIT 5 includes many of them. One does not need to necessarily adopt them, but they can provide good guidance. In fact, the hardest part in a new process is to determine which factors are essential for measuring its effectiveness. COBIT 5 helps provide many good KPIs, taken from best practices. They can be safely used.

Now, let us make the resolution of our problem:

  • Implement incident and problem management—Proficient incident and problem management processes are key to an effective service desk. It is up to the service desk manager to implement them. ITIL is a globally recognized service management methodology that can alter how the service desk performs. The operational phase of the ITIL service life cycle includes many aspects of what impacts a service desk on a daily basis. Leadership skills and the ability to motivate employees are also two key features for service desk managers to inspire their team members.

    DSS02 and DSS03 show what to do. The first part of the process description shows the process’s purpose, business and IT goals, etc. They may not be needed in this case since a service desk is necessary and the goal is to make it cost-effective and efficient.
  • Focus on desktop support and customer service—Two areas of desktop support that are often overlooked are support for line of business (LOB) applications and customer service skills. Microsoft Office is the most widely used suite of productivity software in the world. However, desktop support specialists tend to use that software less frequently than the typical office worker and are not prepared to assist with questions pertaining to it.

    Effective customer service skills are just as important and a vital part of any service desk. Professional courtesy and understanding how to deal with customer complaints strengthen the bond between any service provider and the provider’s customers. Regardless of a team member’s technical acumen, all levels of desktop support become more effective with training for Microsoft Office and understanding the fundamentals of customer service.

    Again, DSS02 and DSS03 are the key processes.
  • Utilize tailored training—Utilizing authorized training solutions from leading vendors such as CompTIA and Microsoft can transform the service desk team by raising its level of technical proficiency. Many organizations maintain multiple tiers of support that require different levels of skill and different training needs, so it is important to identify areas of improvement for the management of the service desk to ensure strong leadership and implementation of proven best practices.

    This is new, but well-trained service desk operators make the real difference, so there is a need to turn to COBIT 5 for help again.

    Training is treated in several processes, but only one is appropriate in this case: APO07 Manage Human Resources Audit/Assurance Program. APO07.01 Maintain Adequate and Appropriate Staffing and APO07.03 Maintain the Skills and Competencies of Personnel provide the right guidance, proving that COBIT encompasses all relevant needs.


COBIT comes from the experience and skills of a great community of IT auditors and managers. It provides practical solutions to IT governance issues. What is needed is learning how to navigate it. Once that is accomplished, the solution to all IT governance issues can be found inside.

Claudio Cilli, Ph.D., CISA, CRISC, CISM, CGEIT

Is a university professor, researcher and professional information security consultant. His areas of expertise include computer science, software compliance, lexical and semantic analysis, and information systems analysis and development. He is a member of a number of scientific and advisory boards and teaches post-graduate courses in computer security and IT governance. Cilli is also a consultant at the Office of Internal Oversight Services at the United Nations. He is president of the ISACA Rome (Italy) Chapter and has authored and published several specialized books and magazine articles. He is a frequent speaker at many international conferences and seminars.