12 steps to IT governance

While most organisations go to great lengths to ‘comply’ with requirements related to corporate governance, the increasingly important area of IT basically remains overlooked.

March 19, 2013

While most organisations go to great lengths to ‘comply’ with requirements related to corporate governance, the increasingly important area of IT basically remains overlooked.  Perhaps it is largely due to the fact that most directors don’t have the necessary knowledge, skills or experience to ‘apply’ comprehensive oversight of this area of the business. Nevertheless, IT forms a significant part of a business’s core competency and any comprehensive corporate governance strategy focusing on maximising value for all stakeholders must include IT.

“The same rigours that are applied to other areas of corporate governance should also be applied to IT,” says OverSight Solutions Mike Jarvis.

In this regard OverSight Solutions has developed a 12 step programme to help organisations address their IT governance requirements. These steps involve a detailed plan for IT governance that not only meets compliance requirements but predominantly focusses on maximisation of stakeholder value.

Companies should begin by clearly defining their IT governance objectives within the organisation’s corporate governance strategy, and establishing appropriate structures (organisation and accountabilities, roles and responsibilities). These will mainly involve a Board sub-committee, established on similar lines to the audit or risk committees, together with Executive and Management Committees to supervise day to day IT activities. Following this directors and executive management need to be carefully selected, based on their previous exposure to IT, and appointed into the IT governance functions.

Once these structures have been established and appointments made, the IT governance model and frameworks can be constructed. These are vital to the ‘oversight’ of IT since they describe all the key components that ensure a holistic view of IT governance. Having established the components, they can be expanded into the domains, capability groups and capabilities that make up all world class IT organisations.

At this stage, it is crucial that a significant number of awareness campaigns are conducted with all stakeholders to bring everyone to the same level of understanding and, most importantly, to encourage stakeholder by-in.

Principles and value drivers need to be established for IT governance as a whole and also for all components of the IT governance model. It is these principles and value drivers that will provide directors with the direction needed to extract the maximimum benefits from IT.

With this in place the real IT governance work can start. At the outset there needs to be an accurate and honest assessment of the current maturity of the IT capabilities. Then a picture of the future can be painted, bearing in mind timeframes, costs and practical knowledge and experience.

The next step is for companies to establish the priorities they want to pursue. Most gain or most pain is normally a good starting point. Armed with these priorities, the organisation can plan, agree, develop and implement solutions to meet its corporate objectives. Progress must be tracked and monitored to measure benefits, and results should be reported in a transparent way. Ongoing assurance and reviews need to take place to inform improvements in the future.

“While these 12 steps can help organisations develop a complete IT governance plan, they will not be successful without the full support and commitment of the board of directors and executive management team,” says Jarvis. “Knowledge about IT governance can be taught and learned but the determination to evaluate, direct and monitor cannot. Once a detailed IT governance implementation plan is established and communicated, directors must drive IT governance in the same way that they drive overall corporate governance. They must use whatever experience is available, internally and externally, to help them discharge their obligations,” says Jarvis.

OverSight Solutions is a start-up company focused exclusively on assisting boards of directors and executive management identify and deliver value from IT. Oversight Solutions approach is to provide directors and executive management with the right questions to ask of IT management to maximise value; to provide CIO’s and IT management with the right answers in business terms; and to support the primary advisors with the right information, methodologies, dashboards, scorecards etc. in guiding individual implementation programmes.

OverSight Solutions has established a very comprehensive IT Governance Model; a robust and complete library of processes; an extensive catalogue of products and services and a group of very competent subject matter experts. With these key ingredients it is able to support whatever value drivers, whatever implementation programme and whatever priorities an organisation wishes to pursue.