What’s behind flopping IT governance?
Poor recipe alignment, rather than bad recipes, is at the root of flopping IT governance. Companies can achieve consistency in governance, ensure predictability and get the value they seek from IT by aligning their people with proven processes.
Cecil Munsamy, Managing Director at AVeS Cyber Security, says when tech governance knowledge meets tech skills, technology can be sweated for real business benefits including cost efficiencies, compliance, better returns on investment in IT, continuity and resilience.
“There’s a historical vacuum between what businesses want from IT and what they are doing, resulting in chaotic rather than proactive IT governance. Closing this gap means following the processes that align people to technology so that everyone understands the business expectations for IT and works towards enterprise goals. The recipes for governance success are available. People need to be shown how to follow them.”
IT is expected to add value to business by improving productivity, increasing efficiency, driving profitability, optimising communication, enabling more effective decision-making and reducing risks. Despite technology advancements alongside an increased awareness of technology management, IT deployments don’t always deliver the desired outcomes. Poor IT governance is often the cause of the mismatch between business expectations and what IT is doing.
Working within a governance framework such as COBIT 2019 creates a game plan, the core recipe for how things should be done. It ensures a more predictable outcome in terms of how people, technology and processes behave and work together within an organisation. It also facilitates consistency and helps to prevent unwanted or unexpected outcomes.
Information security management systems, like the ISO ISO/IEC 27000 family of standards, offer a systematic approach to managing sensitive company information and encompass people, processes and IT systems by applying a risk management process.
As a Certified ISO/IEC 27001 Lead Auditor and Trainer in the ISO/IEC 27001 standard and a member of the Information Systems Audit and Control Association (ISACA), the professional body for IT governance, Munsamy says these frameworks are regarded as useful guides for the implementation of IT governance.
“They provide the structure for how companies align IT strategy with business strategy to ensure that they remain on track to achieve their goals and can measure IT’s performance against those goals. They also provide insights into how IT departments are functioning, whether stakeholders’ interests across the enterprise are being considered, and importantly, the returns and value IT is delivering.
“The issue is how to practically apply these frameworks in real, business life if knowledge of governing technology isn’t inherent. People leave university with or get promoted to positions with technology backgrounds, but they haven’t had the training to govern technology for business benefit. They hit the ground running, without the basics in place. Unfortunately, it’s hard to say whether you will arrive at a destination if you don’t have a route to get there,” says Munsamy, adding that frameworks such as COBIT 19, ISO 27001 and ISO 27002 guide what needs to be done, how it should be done, who needs to do it and when.
“These are the basics for achieving the enterprise goals.”
According to Munsamy, the successful application of COBIT 19 and other frameworks in any business depends on building internal capacities to incorporate the processes and policies they teach as part of everyday habits.
“It’s important for everyone, from the IT Manager to the CIO, to understand how to use the frameworks, and why. Good IT governance and all its welcome by-products come when there is alignment.”
With over 24 years of experience in delivering IT governance and architectural services, AVeS Cyber Security has developed online I&T Governance and Management Masterclasses based on COBIT 2019 and Information Security Masterclasses based on ISO 27001/02 to help organisations bring together and align I&T to the frameworks and their enterprise goals.
The two-day Masterclasses are open to anyone who wants to learn how to practically incorporate these frameworks in business.
The courses are presented by AVeS Cyber Security’s Managing Director & Lead Information Security Auditor, Cecil Munsamy.
For more information on the Online Information Security Masterclass based on ISO 27001 and ISO 27002, go to https://aves.co.za/it-governance/online-information-security-masterclass-iso-27001-and-iso-27002/.
For more information on the Online I&T Governance and Management Masterclass based on COBIT 2019, go to https://aves.co.za/it-governance/online-it-governance-and-management-masterclass-cobit-2019/.