Modern organisations need to understand the importance of IT governance and the valuable role of the IT department as an enabler for the organisation. A well-developed IT governance framework is central overall good governance.
IT governance is about responsibilities and consequences. For most people, the value of IT governance is often only highlighted when something goes wrong – when an IT governance failure has real and negative impacts on the organisation and those stakeholders. And it does go wrong: you’ve no doubt seen the reports from auditors, underwriters and others summarising the sheer volume of threats and attacks occurring.
IT governance is the responsibility of executives and the board of directors. It consists of leadership and organisational structures. It also requires processes that ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives.
The key word is “responsibility”, which lies with the executive and board/Council, rather than the IT department. Organisations, from the board down, must make IT Governance a top order concern. To quote WA’s Auditor General:
When government outsources any ICT function, or buys cloud hosted applications, it remains responsible for identifying risks and ensuring appropriate functionality, security and availability controls are in place. Proper due diligence processes must be undertaken, when designing the contract and throughout the term of the contract, to ensure government gets the service it needs and the community expects.
These concepts of organisational need and community expectation are central to the Office of the Auditor General’s annual Information Systems Audit Report. The report assesses whether controls in government entities “effectively support the confidentiality, integrity, and availability of information systems”.
Without effective IT governance, your organisation will not be able to support that confidentiality, integrity and availability or, as it is known, ‘information security’.
In devising and implementing a quality IT Governance framework, it is vital to understand the value of IT governance.
Being able to demonstrate that value to key stakeholders – the executive, the board or the Council – is obviously preferable to suffering through the organisational pain and consequences of a failure: a breach of ratepayer data, a critical system shutdown impacting service delivery and so on.
As the leader of the organisation, it is about understanding that the consequences of poor IT governance are real, far reaching and can impact every aspect of what you do. What’s more, those consequences sheet home to the leadership level: these are obligations that an organisation’s leaders retain regardless of how IT governance is managed or what suppliers are used.
We will talk next week about how to demonstrate the value of IT governance and some great tools that you can use in the process.
Until then, stay safe.