In 2020, the challenges for effective IT governance are different than at any time in the past.
The rate of change of technology, threats and the shifting world of governance can be challenges to developing and maintaining good IT culture.
Last week, in Part One of this blog, we covered the importance of a strategic, rather than technical focus. We also looked at the first prong of good governance, being information governance. This week we are looking at security governance, operational governance and the importance of accountability and transparency.
Security governance or cybersecurity controls and directs IT security. Again, it is a framework for accountability in mitigating security risks to data. Keep in mind the difference between governance and management. Management recommends security strategies. Governance ensures that security strategies align with business objectives and are consistent with regulations. The distinctions are highlighted by education non-profit EDUCAUSE.
Governance | Management |
Oversight | Implementation |
Authorises decision rights | Authorised to make decisions |
Enact policy | Enforce policy |
Accountability | Responsibility |
Strategic planning | Project planning |
Resource allocation | Resource utilisation |
Operational governance is the organisational structure and subsequent supporting processes which enable the enterprise to realise optimal performance and demonstrate continuous improvement through what we call an “IT maturity model”. What is an IT maturity model? Think of it as a guideline on how to create and optimise a progressive IT infrastructure. Utilised correctly, it becomes a benchmark to gauge the overall effectiveness of IT. Knowing your level of maturity lets you set goals so you can reach higher levels.
ITIL, which was formerly known as the Information Technology Infrastructure Library, is one such structure and process set in IT service management. ITIL comprises management best practices for:
- Service strategy
- Design
- Transition
- Operational improvement
- Continual services improvement
Let’s take a break with some accountability and transparency
If you treat information, security and operational governance in isolation – words on a wall, if you will – they will have precisely zero effect. For governance to be effective, it requires accountability and transparency.
Accountability is a subset of responsibility. Whilst responsibility can be shared, accountability is singular – only one person can be accountable for an outcome. Accountability means being responsible for something and answerable for one’s actions. You need to use accountability to set expectations within your organisation.
Transparency is about engaging business units with the governance frameworks and accountabilities. In that way, everyone knows both where they stand and how the accountability will be assessed and measured.
Good IT culture is a multifaceted issue. However, it should not be a complicated one. A key role of the IT department is ensuring that the governance frameworks are in place and both those frameworks and resulting accountabilities are communicated effectively within the organisation. If there is confusion, a lack of understanding or transparency, there is no good IT culture.