In 2020, the challenges for effective IT governance are different than at any time in the past.  The rate of change of technology, threats and the shifting world of governance can be challenges to developing and maintaining good IT culture.

So, what is good IT culture in 2020? I’m glad you asked.

The key issues are:

  • A strategic, rather than technical, focus
  • Governance: information governance; security governance; operational governance
  • Accountability and transparency.

Maintaining a strategic focus

It’s a common problem. You likely see it occur across your organisation: people who are focused on the technical rather than the strategic.

The draw for people to get down into the technical layer is very strong. To continually tinker – but at what cost?  Continuous change can have detrimental outcomes when someone is fixated on ‘just getting something to work’ and resists following change management procedures.  It is invariably on these occasions that a second set of eyes will point out the subsequent glaring risk that has just been created – a typical example is to give a standard user full network Administrator access over their local computer….  Yes, they finally got that program installed, however, the computer is now vulnerable to any level of malicious virus infection!  Another illustration of this is when an organisation falls in love with a solution and unwittingly loses understanding for the originating business problem at hand.

Keeping that strategic focus is an everyday challenge. It keeps you looking at the organisation’s broader goals and how IT supports them:

  • What are the strategic imperatives of the organisation?
  • What are the challenges to achieving those imperatives?

One major challenge is ensuring that there is a clear IT roadmap that aligns the strategic focus to the operational. In turn, that roadmap should be underpinned by governance.

Governance, governance, governance

Governance is a set of authorisations, policies and processes to ensure that your organisation’s IT operates as it should.

There are three aspects to governance: information, security and operational.

We will cover off information governance today and then next week look at security and operational governance.

Information governance is a framework for how data is secured and handled within your organisation. Indeed, it needs to balance the security of information and its use. Information governance is not records management – at least, not in isolation. It is a coordinated approach to managing information across an organisation to support outcomes.

The National Archives of Australia produced an excellent table that highlights why information governance is important:

Benefits of information governance

Consequences of poor information governance

  • Enhances information quality and authenticity
  • Data quality issues
  • Improves integrity and reliability
  • Unreliable information
  • Improves findability and accessibility
  • Information is difficult to find
    Information is difficult to interpret
  • Improves accountability and reduces risk
  • Non-compliance with regulations and legislation
    Reputation damage
  • Enables appropriate controls
  • Security breaches
  • A holistic approach for information needs that encourages opportunities and efficiencies
  • Information silos, which exposes the agency to risk and limits opportunities
  • Enables whole-of-government collaboration and innovation
  • Difficult to implement machinery of government change and stifles whole-of-government innovation

Next week: security governance, operational governance and the importance of accountability and transparency.

Until then, stay safe.

Managed IT