IT Governance – An important cog in the world of Technology

#IT Governance # Data Governance # ISACA #cobit #itil #gdpr #grc

The world of technology as we have come to know it is changing and evolving at speeds we have never seen before. The 4th Industrial Revolution, Big Data, the rise and growth of Cloud Computing, Artificial Intelligence and Robotics have all contributed to the exponential boom in technological advancement. The Covid Pandemic has served as a catalyst to bring the dawn of remote working where accessibility to work, data, and online material is now the new normal. Added to this the growth in the use of online shopping and the rise in cybercrime, we are in living in a completely different world that did not exist 5 years ago.

An Information Technology environment without any form of governance is like a traffic system without road markings, road signs and regulations…. utter chaos.

The governance of information technology (IT) serves an important function in any business environment. It refers to the processes, structures and leadership that enable the business to keep its strategies and objectives relevant and secure through IT. These processes are to ensure information technology investments are aligned with an organization's goals and objectives. It enables organizations to monitor and control activities and decisions associated with information technology to comply with laws, regulations, and policies, and manage their IT risks effectively. IT Governance is essential to maximizing returns on IT investment. IT Governance is part of Corporate Governance. Hence, it plays a vital part in today’s business.

Over the years, I have encountered numerous names/terms of the governance of information technology; IT Governance/ITG, ICT Governance, Corporate Governance of IT/CGIT and Enterprise governance of IT (EGIT). IT Governance is by far the most common of terms encountered.

IT Governance is different from Data Governance. Data Governance is focused on data assets. The?Data Governance Institute?defines it as “a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”

IT Governance uses formal and informal mechanisms to monitor and control key information technology capability decisions. Through this approach, the delivery of value to key stakeholders in an organization is achieved. Where IT Strategy sets the approach for the use of IT for business value, governance sets the direction.

The IT Governance Institute (ISACA) defines IT Governance as follows, "...leadership, organizational structures and processes to ensure that the organization's IT sustains and extends the organization's strategies and objectives.”

IT governance plays an important part in any organisation today as it provides the structure to align business and IT strategies. With the growth of regulations in data privacy like the European Union’s General Data Protection Regulation (GDPR?) & the UK’s own GDPR, South Africa’s Protection of Personal Information Act (POPIA) to the California Consumer Protection Act (CCPA) and the growth of other similar regulations in many countries; organisations and their leadership are under continuous pressure to ensure that they remain compliant coupled with their IT environments being properly utilised, aligned to business strategy, stable and secure.

It is necessary to highlight some of the key factors that highlight the importance of IT Governance, these include enabling the business to comply with a variety of data and information requirements. We are living in a digital world where accountability, resilience and dependability are rapidly becoming a pre-requisite for many consumers who see these as a norm to do business. IT Governance will certainly assist in meeting these heightened challenges from shareholders and consumers alike. ?

Through the frameworks and standards used in IT Governance, businesses are able to become more productive. This is achieved through the alignment of IT and business strategy. It provides managers with the framework to organize and manage IT initiatives and projects centrally thereby facilitating better decision-making and maximizing IT resources and budgets.

IT Governance uses best practices and controls in its frameworks. These assist in meeting the internal and external requirements of the business. These frameworks assist businesses in achieving higher than normal return on IT investment and support the governance, risk and compliance (GRC) function as IT is rapidly becoming part of the daily operations of the business.

With the critical shortage of IT resourcing, many IT departments in businesses are struggling to meet the demand and requirements of their mandate. IT Governance is able to identify the areas of planning for the controlling of critical IT resources and allowing managers to ensure that adequate support is available for current and future IT investment. This is clearly evident in the areas of Cloud and Cybersecurity.

IT Governance has numerous frameworks that are based on best practices that a key to the success of its implementation. These frameworks allow the business to manage its IT risks, use the IT systems in an efficient and effective manner and ensure that the IT activities are aligned with its overall business objectives. Some of the more common frameworks include the following:

COBIT and ITIL are the two most popular. COBIT was developed by ISACA and is the acronym for Control Objectives for Information and Related Technology. COBIT was 1st published in 1996 and has had regular updates with the latest version COBIT 2019. COBIT assists businesses implement, monitor and improve IT management best practices. It also assists companies in determining their strategic direction based on their IT control strengths.

ITIL focuses on IT services management. ITIL is the acronym for Information Technology Infrastructure Library and was 1st published in 1989. It aims to ensure that IT services support the core processes of the business. ITIL comprises sets of management best practices for service strategy, design, transition (such as change management), operation and continual service improvement.

Often COBIT and ITIL are used together as they overlap somewhat. While the ITIL framework has a narrow focus on IT service management (ITSM), the COBIT framework has a broader, risk management focus that can be applied to almost any area of the business. I have successfully used both in a number of assignments/projects over the years.

ISO 20000 framework is a standard and code of practice for IT service management.?It enables companies to select and implement the most effective IT practices and methods to achieve success. It enables IT departments to ensure that their IT service management (ITSM) processes are aligned with the business's needs and international best practices.

The factor Analysis of Information Risk (FAIR) framework helps to identify and quantify risks so as to minimise their impact. Cybersecurity and operational risks are the focus areas of the FAIR framework.

The Committee of Sponsoring Organisation (COSO) framework aims to analyze the internal control system of a business. A COSO evaluation focuses more on business-related aspects of an IT department, such as risk management and compliance. By getting management to focus on the more important (‘bigger’) risks, both individually and collectively, threats and opportunities are identified the groundwork for risk response is laid.

Selecting an IT Governance Framework is no light matter. The culture of the business, its strategy and objectives and the purpose of the exercise need to be considered. Often, businesses combine frameworks for the best results.

Clearly, in the rapidly changing world, as we see today, IT has become an integral part of the business. The days of manual paper pushing are gone. Corporate governance and being a good corporate citizen are imperative to survive. IT Governance is meaningless without the recognition of both ownership and responsibility. Asking the right questions on how IT can be used to benefit the business and what can be leveraged through the use of IT are important elements of IT Governance.

With the ever-rising costs of technology coupled with the need to demonstrate true return on IT investment, IT Governance has a valuable role to play in today’s digitally driven world.

References

https://thinkinsights.net/digital/it-governance/

Isaca.org

Gartner.com

Coso.org

Itgovernance.co.uk