IT governance in its most simply form is about defining how organisations align IT strategy with business strategy. This is not accomplished simply with a narrow focus on either business or IT infrastructure; ensuring the company stays on track to achieve their strategies and goals calls for steady measurement of IT's performance. Measuring processes is the surest way to cater to stakeholders and an IT governance framework is crucial to answer the questions that arise from managing IT with business interests in mind. The level of IT governance implementation will vary according to company's size, industry and other regulatory requirements. A food stall on the street won't be so dependent on IT as a multinational behemoth of a company.
The drivers that motivate organisations to establish a formal IT governance are:
a) Business environment- there are macro environment and micro environment, besides the very internal business environment which comprises organisational culture and adopted frameworks and processes.
b) Compliance - common compliance guidelines and influences include:
b.1) OECD Principles - what chiefly concerns these principles is financial stability, sustainability and economic efficiency. It's also in the OECD interests to ensure that stakeholders and shareholders are treated with fairness, widen the scope of corporate governance, introduce agency conflict solving and the development of the capital market.
b.2) the Cadbury Report - For financial reporting and accountability.
b.3) Sarbanes Oxley-Act - a law that was passed to ensure that the CEO should no longer be responsible for issuing financial reports and independent audits should also be conducted in order to avoid accounting scandals.
b.4) Basel, Basel II and Basel III - a set of rules resulting from a treaty held in Basel to regulate banks' activities.
b.5) Robert Monk - his writings dealt with harmful business practices and the need for directors, shareholders and councils to narrow their ties, in addition to the extinction of company owners holding seats as CEO.
c) IT as service Provider - IT is supposed to support the business activities and should be a means to carrying out the business strategy and goals
d) Technological integration - integrating processes and technologies saves time and energy as staff members have free access to whatever information they need at the right moment.
e) Information security - should be rooted on the principles described in ISO 27001. Other ISO standards:
ISO 9000 - quality management
ISO 9126 - Software Quality
ISO 12207 - Software Life cycle maturity
ISO 15504 - Software Development Process (if you catch yourself constantly harping on about windows being crappy, chalk it up to a lack of following ISO 9126 and ISO 15504 to design uality software programs!)
ISO 20000 - IT management Services
f) Business dependency on IT - there should always be a contingency plan when there is a major interruption in the service environment so as not to hinder business continuity. Business dependency on IT is a topic often broached in risk management.
Organisations today are subject to many regulations governing data retention, confidential information, financial accountability and recovery from disasters. While none of these regulations requires an IT governance framework, many have found it to be an excellent way to ensure regulatory compliance.
The IT Governance cycle
As stated above, deploying IT to meet business goals isn't a simple task. There should be ongoing monitoring of IT performance and how continuous improvement can be incorporated into the daily processes and functions of IT in order to further align it with the business objectives. Below is a summed-up flowchart of the IT Governance cycle:
IT Governance cycle |
No comments:
Post a Comment