COBIT vision nears realisation
Gary Hardy, Deloitte IT Governance Centre of Excellence lead and one of the originators of the COBIT initiative, says the IT governance vision is nearing realisation at last.
Hardy says South African enterprises are now seeing the business benefits of IT governance, rather than viewing it as a 'grudge initiative' driven by IT.
When the COBIT framework first saw light in the early 1990s, IT operated in a silo, separate from business.
Now, says Hardy, enterprises are realising that IT is integral to every facet of business, and are approaching IT governance more as a business imperative.
"In the past few years, South African enterprises, and even government, are seeing the importance of best practice," says Hardy.
"COBIT is being taken more seriously now and we are seeing growing numbers of business people at COBIT classes. This is almost like Nirvana for me," he says.
Once, IT governance - like audit - was regarded as a negative initiative aimed at pointing out weaknesses. Now, he says, there is a growing awareness that it also facilitates improvement, helps monitor and measure ROI, and generally drives business value.
"The more people see examples of how it has helped drive business value - such as greater efficiency, fewer incidents and greater success in big implementations - it can swing from historical lack of faith in IT to realising that it drives innovation, agility and cost saving."
However, there is more work to be done, he says." While King III is very balanced and possibly ahead of the world in terms of achieving national recognition of the need for IT governance and driving value into the enterprise, we still need more focus on the full integration of IT into business," he says.
"IT is integral to every single activity. There's no business process that hasn't got IT embedded in it. Therefore, there needs to be proper engagement between IT and business."
Standing in the way of full integration between business and IT, and thus effective IT governance, is the question of accountability, says Hardy. "There may be a lack of business accountability for IT projects. In fact, we try to avoid terms like IT project - there's no such thing anymore. Now with IT intertwined with business, it's a business project. So now business should own and drive these.
"The board needs to delegate oversight of IT decisions to the right kind of body, but IT needs to remain on the board's agenda. King III makes it clear that the board's skills need not be technical, but they must understand the issues and ask the right questions. Boards must take ownership, ensure transparency and due care."
Making IT governance a business imperative requires work from business, organisational culture changes and better communication from IT, he says.
"We need CIOs with a new way of thinking and a willingness to approach IT solutions from a business perspective. One of the challenges is enabling a culture change and a willingness to collaborate. We need senior management to get more engaged."
Gary Hardy will address the upcoming ITWeb IT Governance, Risk and Compliance conference on IT governance, the structures and role of the board, and operational roles and responsibilities. For more information about this event, click here.