Many companies are treading a fine line between success and disaster when it comes to IT governance, says Foster-Melliar.
Foster-Melliar, which was recently acquired by AltX-listed Xantium, operates in the IT services management arena and is an IT Infrastructure Library (ITIL) training company.
Consultant Ian Clark says most companies are looking to Cobit (Control Objectives for Information and Related Technology) as a comprehensive checklist to enable IT governance, but this is not enough.
"Someone ticks 50 boxes and says the other 150 still need to be ticked, so companies get a whole lot of documents together so they can tick the boxes," he says. "But just checking the boxes doesn`t mean things are fixed. Just because you get the scratches on your car fixed doesn`t mean it won`t get scratched again."
He adds that there appears to be a paper chase to ensure compliance by collecting a pile of audit checklists rather than real-life process improvements. "But there are time restrictions with regard to regulations, and that almost forces a paper chase."
According to Clark, Cobit provides a good broad-based view of what should be in place in a well managed IT organisation, but it does not address the quality of the processes, procedures and work instructions that not only achieve the tick in the box, but ensure sustainability and a culture of continual improvement.
Clark says the SANS 15000 (BS15000) standard, based largely on ITIL, allows an IT organisation to be formally assessed and audited by an external body and focuses on the quality of IT service management.
Says Foster Melliar CEO David Anderson: "South African companies are not under as much pressure as overseas companies. They aren`t directly affected by Sarbanes-Oxley and there is no real legislation in SA on corporate governance - only guidelines.
"But legislation is coming. If it hasn`t hit your company yet - you`re not listed in SA and you`re not in finance - it will hit in the future, and when legislated, it will have deadlines."
The Sarbanes-Oxley Act is a US law establishing stringent financial reporting requirements for companies doing business in the US.
"The question is whether people are going to wait and then panic, or do something about it now," adds Clark.
He says IT governance does not end once the ticks are in the boxes, but is a continuous process of measuring and monitoring, and getting an effective, quality result based on realistic time frames and standards.
Share
