We often hear our customers say, “IT governance is just too complicated and only really works for large enterprise organisations”. As a company called IT Governance, we are, of course, duty bound to explain that the practice of IT governance is relevant to companies of all sizes. This is a useful conversation, however, as it also gives us a chance to explain the range of our consultancy and training services!
Or just misunderstood
IT governance is not just misunderstood by those in SME companies but often by many chief information officers and IT directors in the so-called larger firms. With its origins in the 80s and 90s, the concept of governance was defined by the OECD as: “the system by which business corporations are directed and controlled.” While governance is the responsibility of the board, who are rightly focused on shareholder rights and accountability, there is an assumption that they are also responsible for directing the strategy of the business and identifying and mitigating risks in the future.
Traditionally, information technology was seen as an operational issue and was rarely discussed in the boardroom, with the possible exception of its high cost. However, with the growth of the importance of intellectual assets, the ubiquity of IT and the increased risk from cyber crime, it is now likely to be on the agenda of every board meeting in the world.
What is IT governance?
In his book IT Governance: A Pocket Guide (2007), Alan Calder gives the following useful definition of the subject:
“IT governance can be defined as a ‘framework for the leadership, organisational structures and business processes, standards and compliance to these standards, which ensure that an organisation’s IT supports and enables the achievement of its strategies and objectives.”
You will note that this definition includes the words ‘leadership’ and ‘strategies’, and in many ways it can be seen as a mandatory requirement for successful IT directors. Modern IT governance also transcends a traditional governance approach and provides a much-needed bridge to the implementation of practical measures that support specific business objectives.
My advice to senior managers in small organisations is to learn the basic principles of IT governance and find out how they can be applied to their current and future use of information technology. Or, put more simply, help them answer the question “Does our IT help deliver our key business objectives?”
For an introduction to IT governance and a practical guide to creating strategies and methodologies to enable immediate implementation, I can recommend that you attend our Implementing IT Governance – Foundation & Principles training course. Delivered by Alan Calder, this three-day classroom session is next available on 3-5 February in London.