Value in Governance of Information Technology | My Assignment Tutor

The Value in Governanceof Information TechnologyA Standards Australia thought leadership paperThe Value in Governance of Information Technology 2IntroductionThe recent high profile failure of public sector projects againraises the issue of governance of Information Technology.According to Victoria’s Ombudsman, every major IT project inthe State over the last few years has failed to meet expectations,has been late and has – on average – been more than 100%over budget 1.This is not unique to Australia: the US Department of Defence isdriving emergency reforms after 11 major projects went US$6billion over budget and 31 years behind schedule 2. Nor is thisa purely public sector problem: the UK’s RBS Group recentlymade international headlines when a systems failure left millionsof customers unable to access their money 3.IT is an essential and inescapable component of today’sorganisation. Not a function happens without an IT system beinginvolved. Trends like cloud computing and the consumerisationof IT are placing more and more computing power with usersrather than the IT department. Yet, as IT has moved into thehands of the business, too often its governance has not.Any senior leader can read financial statements and understandsthe principles of law. They have a sound grasp of marketing,resourcing and strategy but too many are content to leave ITto the geeks.IT can no longer be just for IT managers. Last year, the USfinance firm AXA Rosenburg Group was fined US$25 million forhiding a software error 4. In Queensland, continuing problemswith a new payroll system have impacted tens of thousandsof employees and led to the resignation of senior leaders fromacross the organisation 5.1 Source: Source: Source: Source: Source: Available as a PDF file at: is as critical as finance, yet imagine running an organisationwith no audit function, procurement policy or financial controls.The OECD Principles of Corporate Governance 6 clearly placeresponsibility on an organisation’s board to act on a fullyinformed basis, to set strategic aims, provide leadership,supervise management and report to shareholders on theirstewardship. This can only be achieved in today’s organisationif there is strong governance of the vital asset and infrastructurethat IT represents.IT is too critical to an organisation’s survival for directors not toexercise an appropriate level of governance.Value to the organisationEach successive generation of IT – from mainframe to clientserver to internet to cloud computing and the consumerisationof IT – has been more dispersed, more democratised and moredisaggregated. The benefits that come with placing informationsystems in the hands of the business, rather than in the ivorytowers of the IT department are immense. Organisations aremore agile, more responsive and more competitive as a result.The trade-off is that the control of sensitive data and thestewardship of critical computing assets has become equallydispersed and, sometimes, somewhat nebulous.As cloud computing becomes an ever larger part of IT estates(with all of the cost benefits and flexibility this brings) thesechallenges will be exacerbated. Business functions and riskwill increasingly move outside the organisation to IT providers.And, as data passes through a wider range of “consumer”– or user-selected – devices, potential susceptibility to cyberattack will grow.  “The Consumerisation of IT brings an increasing and welcome ability for individuals to use IT but it increases the potential for those uses to slip out of governance.” John Sheridan, First Assistant Secretary, AgencyServices at Australian Government InformationManagement OfficeThe Value in Governance of Information Technology 3With the increasing complexity of IT solutions andmethodologies the concept of governance over IT projectsmust evolve from a long-neglected “nice to have” into acritical process. Effective governance of IT brings five distinctadvantages to the organisation:• Risk Management and Stewardship – Governance frameworksprovide boards with the tools to assess and question the risksand costs associated with IT investments. An establishedprocess ensures the board has early and ongoing insight intoa project and, as organisations roll out major infrastructureprojects, governance helps establish standards andrequirements for procurement: are there national securitystandards that suppliers should meet; does the system meet theorganisation’s requirements on sustainability? Good governanceanticipates problems.• Business Value and Alignment to Strategy – Goodgovernance places business value at the heart of IT decisions.The standard ISO/IEC 38500 7 recommends that decisionmaking responsibility be given to “business managers whoare also responsible for the organisation’s business objectivesand performance, assisted by IT specialists who understandbusiness values and processes.”• Emerging Threats – The rapid evolution of IT increasespotential, inadvertent exposure to unanticipated risks. Astrong governance framework supports boards in anticipatingthreats. For instance, as employees increasingly use personaliPads and smart-phones to manage email and other businessinformation, governance establishes – in advance – whetheradequate consideration has been given to security and whatsafeguards are required 8.• Transparency – Good governance establishes the distinctionbetween management and governance, articulatingbetter decision making and procurement processes toaid transparency.• Competitive Advantage – An established and understoodgovernance process means that better decisions are madefaster resulting in greater organisational agility, fewer failures andreturn on investment.Value to the VendorShould IT vendors care whether their customers have agovernance process in place?Strong governance of IT within customers delivers substantialbenefits to vendors:• Better Decisions and Outcomes for Customers – Corporategovernance establishes the early support (or otherwise) of seniorstakeholders. In a well-governed environment, vendors can beassured that issues important to the customer – such as datasovereignty, security, accessibility and privacy – have beenadequately addressed and that there is a clear understandingof the project’s business value. Consequently, a project is lesslikely to encounter major, unanticipated problems that lead toadditional cost, risk and potentially damaging publicity.• Transparency and a Level Playing Field – Corporategovernance renders the decision making and procurementprocess transparent, ensuring a level playing field for all vendors.• Reducing Complexity – Good governance lowers thetransactional frictions, risks and costs associated with havingunknown stakeholders with differing requirements involved ina decision. Known decision making processes enable betterscoping of solutions and more effective tendering.• Raising Standards – General acceptance of the need forgovernance raises the standard for how IT solutions are framed,procured, implemented and managed. Good governance filtersout providers that lack the required depth of expertise for agiven solution to the benefit of customers and vendors of allsizes: small, boutique providers will more easily demonstratetheir thought leadership and value proposition; large multinationals may be forced to address individual situationswith greater specificity.7 AS/NSZ ISO/IEC 38500:2010 Corporate Governance of Information Technology is the Australian implementation of international standard ISO/IEC 38500:20088 For example, see recent coverage of vulnerabilities in Apple and Android devices: and to the organisation Continued  “Governance improves the ability to accurately arrive at a best-fit solution for the customer, navigating the potentially conflicting requirements of the business, procurement and IT functions.”Greg Stone, CTO Microsoft AustraliaThe Value in Governance of Information Technology 4Value of a goVernance standardIf the governance of information technology is a worthwhile goalin itself, is there value in adopting a standardised approach tosuch governance?Many organisations that have already implemented agovernance process for IT projects have found AS/NZS ISO/IEC38500:2010, Corporate Governance of Information Technologyto be a useful and informative guide to developing andenhancing governance of IT. The standard describes itself as:“a high level, principle based advisory standard. In additionto providing board guidance on the role of a governing body,it encourages organisations to use appropriate standards tounderpin the governance of IT.”Adopting a standard approach to the governance of IT enables:• Recognised Best Practice – Adoption of a recognised standardapproach assures boards that their governance processadheres to best practice and is “fit for purpose”. For externalstakeholders, a recognised standard gives enhanced confidencethat can lead to such benefits as higher share price and fewerad hoc regulatory inspections. Internationally adopted standardssuch as those developed by ISO and IEC help companies tacklesome of the most demanding challenges of modern business• Improved Effectiveness – A standard approach equips boardsand stakeholders with the ability to ask the right questionsof IT projects by providing a common lexicon. Boards, theirbusiness and IT departments can communicate effectivelybetween themselves and with their suppliers. Questions areaddressed and information provided at the optimum point inthe project, frictions are reduced and productivity increasesas customer and supplier engage in a familiar process. Peoplewith recognised expertise can be hired more easily and becomeeffective more quickly.• Addressing Emergent Issues – A standardised approachprovides a common framework for addressing new technologydevelopments and emerging threats (for example, how is citizenor customer privacy protected when an open data approach isencouraged). In addition, as consensus on an issue is reachedacross organisations, a standard approach enables a bestpractice solution to be implemented quickly and effectively.• Economic Opportunity – At a government level, adoptingan internationally recognised standard reduces barriers totrade, opening opportunities for domestic firms to growon the international stage. A widely adopted standard alsocreates opportunities for businesses to foster innovation andenhance productivity.ConclusionInformation technology is essential. It organises, communicatesand creates the life-blood of a modern organisation: businesscritical data. Increasingly pervasive, IT eliminates barriers andboundaries – enabling innovation but risking security, even theorganisation’s survival, if mishandled.Board level governance of Information Technology is nolonger a bureaucratic nicety, it is as critical to the strategy andstewardship of an organisation as financial audit. Implementedwell, governance not only delivers an essential safeguard butoffers an effective, sustainable competitive advantage.Copyright © 2012 Standards Australia Limited. All Rights Reserved.  “Australian and international standards are fundamental to the effectiveness of the governance of IT. This paper elevates governance of IT as a critical component and enabler of best practice management.”  Colin Blair, CEO, Standards AustraliaStandards Australia LimitedLevel 10, 20 Bridge Street, Sydney NSW 2000GPO Box 476 Sydney NSW 2001Phone: +61 2 9237 6000Fax: + 61 2 9237 6010Email: [email protected]:


Leave a Reply

Your email address will not be published. Required fields are marked *