IT governance is a board-led management framework for making IT an integrated, value-adding part of the business. Alan Calder provides his top tips to help implement IT governance successfully within your organisation.
1 Share a clear understanding of what IT governance is
The most effective definition I have found is the following: 'IT governance is a framework for the leadership, organisational structures and business processes, standards and compliance to these standards, which ensures that the organisation's IT supports and enables the achievement of its strategies and objectives.'
2 Make the board understand that IT governance is its responsibility
In today's corporate governance environment, where the value and importance of intellectual assets are significant, boards have to extend the core governance principles to the organisation's intellectual capital, information and IT. This means setting strategic aims, providing strategic leadership, overseeing and monitoring the performance of executive management, and reporting to shareholders on their stewardship of the organisation.
3 Institute an IT governance framework
This is the vital tool for the task, comprising a set of principles, decision-making hierarchy and tailor-made suite of reporting and monitoring processes. It must encompass eight key areas: IT governance and implementation principles; information strategy; IT risk management; software applications; ICT architecture; ICT infrastructure/technology; ICT investment and project governance; and information compliance and security.
4 Have a CIO with a clear role and authority
The CIO should have the same status as the CFO and other functional heads, with direct responsibility for managing IT operations and personal accountability for the success of IT activity.
5 Create an IT steering committee
Few directors are technology literate. The board therefore needs special measures to command the IT agenda. A board-level steering committee should take the lead on IT governance, overseeing principles, strategy and risk treatment, and the overall monitoring and oversight of corporate systems. Its members should include a majority of outside directors, plus the CIO, key senior executives and other business unit heads.
6 Ban jargon from technology discussions
To ensure participation from all members of the IT steering committee, technological jargon should be prohibited. All members should be compelled to discuss any IT issue by focusing on opportunities, issues, risks or plans that are comprehensible to the layman.
7 Create an enterprise IT architecture committee
This should ensure that all ICT deployments are in line with enterprise IT architecture. It should ward off attempts to deploy nonstandard hardware or systems, unless the architecture itself is amended accordingly. Key members should include senior managers in systems, data, security and infrastructure, the organisation risk manager and informed business representatives.
8 Undertake professional IT audits
Just like a financial audit, an IT audit plan needs to reflect key risk areas. It must review regulatory compliance, information security, IT project progress and technical implementation, as well as the skills and competence of staff. Such a plan, with qualified IT auditors, will give the board real technical assurance that its IT regime is being upheld.
9 Use best practice standards and ensure they are properly integrated
An organisation should use best practice standards to build an IT governance framework, such as CoBIT, ISO27001 or ITIL. Each has a slightly different objective and none is a complete IT governance framework. They need to be selected as required and then integrated seamlessly, which can effectively be accomplished using the Calder- Moir IT governance framework as an enabler.
10 Stress at all times that IT governance is about competitiveness
The key benefit of an IT governance framework is improved competitiveness, thanks to the complete integration of IT into the strategic and operational management approach of the organisation. Without integrating IT governance into the overall corporate governance structure, survival in the information economy is hard; long term success is impossible.