Ensuring IT supports the business efficiently & effectively
By Rody Posthuma , risk services partner at Deloitte
Businesses are under pressure to meet a range of new challenges, such as new compliance requirements; extracting maximum value from IT by shared services and chargeback models; better allocating responsibilities; and managing workplace issues such as the growing use of social media and personal mobile devices.
Information technology (IT) lies at the core of these trends.
To extract maximum value from IT, a business may, for example, opt to migrate its technology staff from individual teams to centralised shared-services, or adopt cloud computing as an IT service delivery model. From a regulatory perspective, the business may have to change the way it operates to comply with legislation such as the Future of Financial Advice or the Dodd-Frank Wall Street Reform and Consumer Protection Act. To perform any of these activities the business has to have efficient IT governance.
Efficient IT governance
Efficient IT governance enables an organisation to ensure its IT staff and resources are focused appropriately and to be sure its business units are confident about the level of support they receive from IT.
The best way for a business to develop and implement an IT governance framework is to create one that complements its existing corporate governance and reporting structures. This framework must be fully supported by senior management and permeate all levels of the business.
The alternative – an IT governance framework that exists in isolation – can compromise an organisation’s ability to extract value from IT. Such a situation is becoming increasingly less acceptable within a business, as boards take a greater interest in IT governance structures, processes and outcomes.
Two IT governance states
Businesses that have not embedded IT governance throughout their operations tend to fall into two camps those:
• without IT governance
• that do not know whether they have IT governance in place.
For example, a chief financial officer may not know whether or how the IT department is supporting the business efficiently and cost-effectively. Alternatively, a chief information officer may believe the IT function is fulfilling its obligations to the business, but not be able to demonstrate this to other C-level executives or the board. The best way for a business to understand whether its IT function is delivering value and supporting its broader objectives, is to undertake a detailed assessment of its governance and then identify how and where it needs to improve, and act accordingly.
Risks and challenges
An external evaluation needs to account for the objectives, needs and operating environment of individual businesses.
The most effective way of doing this is to explore IT governance through the risks and challenges confronting a business.
Risks and challenges can be identified by understanding the:
• current state of that business across IT management and governance
• financial management and return on investment in measures supporting an IT strategy
• technology’s role in the business
• fitness for purpose of an application architecture and
• role of internal IT and third-party providers
Approach
Clarifying risks and challenges is only the first step for a business. The next step is to understand the current level of maturity of IT governance and what measures are needed to improve.
Senior executives should decide on a ‘goal state’ maturity for IT governance. This should be based on a realistic assessment of a business’s culture and ambitions; some businesses may be determined to achieve ‘best in class’ status, while other businesses may settle for ‘fit for purpose’. Whatever maturity it chooses, a business must commit fully to achieving this it to minimise the chance of its IT governance project failing.
To obtain an impartial view of its current IT governance, a business should base its evaluation on a globally recognised and universally applicable standard, such as the International Standard (ISO/IEC 38500) for Corporate Governance of Information Technology. This standard covers six principles:
• responsibility
• strategy
• acquisition
• performance
• conformance
• human behaviour
These are then translated into an IT governance model which covers allocation of responsibilities, how a technology strategy supports broader business outcomes, IT resource purchase and delivery, performance monitoring, compliance and the management of human factors.
Once a business identifies the gaps between current and goal states, it needs to identify the actions necessary to make the transition. This includes involving all relevant staff from the business, not just the IT team. These actions should be tracked closely and regular work in progress meetings held to maintain the organisation’s commitment to the project.
Many organisations recognise the burdens these governance frameworks can place on line managers in the IT department and across the business.
As a result, some are investing in enterprise governance, risk and compliance technology systems to manage and automate many of the required processes.
Benefits
For most businesses, the benefits of reaching a goal state of IT governance are considerable.
From our experience, few businesses have achieved, or are close to that state and there is considerable potential for improvement.
In addition, positive changes generally start appearing early during the transition from the current state, ensuring returns on the investment in the project accrue quickly.
- Categories
- Technology
- Tags:
- Rody Posthuma, Deloitte
- Author:
- Rody Posthuma
- Article Posted:
- February 15, 2012
Review this content
Fields marked with an asterisk (
) are mandatory.