In 2020, the challenges for effective IT governance are different than at any time in the past. The rate of change of technology, threats and the shifting world of governance can be challenges to developing and maintaining good IT culture.

Last week, in part one of this blog, we covered the importance of a strategic, rather than technical focus. We also looked at the first prong of good governance, being information governance. 

This week we are looking at security governance, operational governance and the importance of accountability and transparency. 

Security governance or cybersecurity controls and directs IT security. Again, it is a framework for accountability in mitigating security risks to data. Keep in mind the difference between governance and management. Management recommends security strategies. Governance ensures that security strategies align with business objectives and are consistent with regulations. The distinctions are highlighted by education non-profit EDUCAUSE:

Governance  Management 

Oversight 

Implementation 

Authorises decision rights 

Authorised to make decisions 

Enact policy 

Enforce policy 

Accountability 

Responsibility 

Strategic planning 

Project planning 

Resource allocation 

Resource utilisation 

Operational governance is the organisational structure and subsequent supporting processes which enable the enterprise to realise optimal performance and demonstrate continuous improvement through what we call an “IT maturity model”.  What is an IT maturity model?  Think of it as a guideline on how to create and optimise a progressive IT infrastructure. Utilised correctly, it becomes a benchmark to gauge the overall effectiveness of IT.  Knowing your level of maturity lets you set goals so you can reach higher levels.

ITIL, which was formerly known as the Information Technology Infrastructure Library, is one such structure and process set in IT service management. ITIL comprises management best practices for: 

  • Service strategy 
  • Design 
  • Transition 
  • Operational improvement 
  • Continual services improvement. 

ITIL provides a framework for IT services to support core processes of the business. It provides a systematic approach to IT service management to help manage risk, strengthen customer relations, establish cost-effective practices and build a stable IT environment that allows for growth, scale and change. 

Let’s take a break with some accountability and transparency 

If you treat information, security and operational governance in isolation – words on a wall, if you will they will have precisely zero effect. For governance to be effective, it requires accountability and transparency. 

Accountability is a subset of responsibility. Whilst responsibility can be shared, accountability is singular – only one person can be accountable for an outcome. Accountability means being responsible for something and answerable for one’s actions. You need to use accountability to set expectations within your organisation.

Transparency is about engaging business units with the governance frameworks and accountabilities. In that way, everyone knows both where they stand and how the accountability will be assessed and measured. 

Good IT culture is a multifaceted issue. However, it should not be a complicated one. A key role of the IT department is ensuring that the governance frameworks are in place and both those frameworks and resulting accountabilities are communicated effectively within the organisation. If there is confusion, a lack of understanding or transparency, there is no good IT culture. 

Next week, we will look at the strategies for addressing cybersecurity risks, known as the Essential Eight. 

Until then, stay safe. 

Managed IT