Sustaining an effective business model in the face of digital disruption requires a strong foundation of IT governance able to scale and adapt to modern enterprise needs. These needs, though unique to each enterprise, are generally shaped into four key drivers — innovation, meeting customer expectations, data-based decision making and improving business performance — and enabled by a convergence of technologies such as cloud and mobile, social apps, the internet of things (IoT), artificial intelligence (AI), and robotic process automation (RPA).
All these factors, combined with an explosion in connectivity and data and the globalization of IT, give rise to a new set of enterprise risks. These risks can’t be effectively managed ad hoc. In the age of digitalization, a “strong” model of IT governance increasingly means that companies must be even more focused on being adaptable, scalable and proactive. Here’s a look at how the components of such a model might be organized:
Strategic Alignment: IT organizations should play an integral role in helping businesses achieve strategic objectives. In a mature IT governance model, IT adds value by proactively developing and presenting IT solutions to the organization’s top strategic challenges. These projects are identified according to consistently applied criteria, in consultation with business units, and with full transparency and leadership from executive management and the board. IT strategies must be aligned with enterprise strategies.
Value Delivery: As a strategic partner, IT should feel culturally obligated to deliver solutions on time, on budget and within the original scope. Communication — both horizontal and vertical — is frequent and structured to confirm that business requirements are being met and budget goals are achieved.
Risk Management: In addition to foundational technology risks, such as cybersecurity, data privacy and availability, a strong IT risk management program must proactively address emerging (and evolving) risks such as digitalization, broadening data governance and incident/breach response. Risk management should be a continuous process coordinated by the board and management consistent with the organization’s risk priorities and tolerance. This is a key differentiator necessitated by the speed of change. Annual assessments, combined with preventive controls and continuous monitoring, are critical for ensuring that key risks are mitigated.
Resource Management: When the IT organization is operating at optimal levels, assets — not only applications and infrastructure, but processes and skill sets — are integrated and evaluated for efficacy and are deployed strategically, considering both internal and external models.
Performance Management: Mature IT governance leaves nothing to doubt. IT must fully understand the operational levers driving the business and ensure that these levers are measured, monitored, summarized and reported regularly to stakeholders in an easily digested format, such as a balanced scorecard. Regular measurement and reporting set expectations, drive behavior and provide a basis for measuring value delivery and improvements.
If you are looking for a framework for your IT governance process, ISACA’s COBIT “is a framework for the governance and management of enterprise information and technology aimed at the whole enterprise. Enterprise IT means all the technology and information processing the enterprise puts in place to achieve its goals, regardless of where this happens in the enterprise. In other words, enterprise IT is not limited to the IT department of an organization, but certainly includes it. COBIT defines the components to build and sustain a governance system: processes, organizational structures, policies and procedures, information flows, culture and behaviors, skills, and infrastructure.” This type of framework can be an important tool when evaluating IT governance within the organization.
You can read more on this topic in IT Governance in the Age of Digitalization and by exploring these tools on KnowledgeLeader:
IT General Controls Questionnaire
IT Governance Capability Maturity Model