Establishing an IT governance road map
In today's world, where most of organisations' business functions are supported in some way by IT, it is important that IT is governed according to the needs of the business.
So said Pete Savin, principal technical sales specialist at IBM Systems, speaking at the TWeb Governance, Risk and Compliance Summit in Johannesburg yesterday.
He pointed out business leaders are looking to establish a strong IT governance position which provides an understanding of IT and technology-related risks relative to business processes.
According to Savin, 71% of business leaders now believe that their success or failure will be defined by technology. However, companies need to have structures that will help organisations align IT strategy with business strategy, he explained.
Business leaders need IT to support new business initiatives yet IT is often unable to provide the necessary systems to support these, said Savin.
Also, mergers and acquisitions multiply the problem - the IT operating environment director is left to deal with new software and hardware that is completely incompatible with the current environment, he added.
If that is not managed properly it could have a severe effect on the strategic business objectives, noted Savin.
He believes aligning IT with business operations is a long process.
For organisations to harmonise their IT strategy with business strategy they need to follow a road map, said Savin.
To begin this journey, the organisation needs to create IT policies, processes and strategy that cover areas such as information security policies that define employee usage of applications, he explained.
It also should establish appropriate processes and procedures to support IT policies, such as the process for escalating and resolving a discovered IT risk, said Savin.
Essentially, companies need to develop a flexible IT strategy that provides maximum organisational elasticity to adapt to changing market dynamics, he added.
According to Savin, when an organisation has established a full set of IT policies and strategies, the next step is to manage those IT risks proactively.
IT risk management also requires that organisations to do a thorough inventory of all IT applications and systems to monitor risks in a coordinated fashion, he said.
In addition, organisations must be able to link business processes to IT systems and assets as well as leverage IT best practice frameworks to harmonise control practices, Savin continued.
"IT can prioritise and respond to risks and events that can affect critical business processes, thus reducing losses and mitigating risks."
Moreover, businesses should stay aligned with both evolving business environment and rapid pace of technological change, he concluded.