IT Governance for the Non-Techy - Episode 1 - What is IT Governance?
General Information
In the last 10 years we have been listening the term "IT Governance" to represent a part of corporate governance related to Technology and technical resources. For non-technical business people, exclusively Business managers and Board members, this information is like speaking English to someone that doesn't speak this language, or backwards, do you understand Chinese?
This post will try to transform all "tech language" in plain business language that you can understand. I will clear your path, taking complex information and ripping it out so you can digest it and understand the concepts.
IT Governance - What is This?
In Isaca (2012), the definition of IT Governance says:
"IT Governance is doing what the IT Department is supposed to do"
But, What is this stuff you have to know? what is supposed to be done by the IT Department? this questions are answered when you answer the next question: What do you want the IT department to do for your business? It's important that you, as the owner or as a board member, to have a clear view about what should IT deliver to you. The IT department must give results in 3 main aspects of IT Governance:
Value Delivery
IT Delivers value when all IT Related results are oriented to fulfill business Results (Make Money and produce positive benefits). For example, If there is an important expenditure in a server for the company, there should be a need related to business performance. The department can't make this purchase without Business knowledge. This gets even better, if the said server won't provide future benefit to the business, it should't be purchased!
Risk Management
Risk is anything that could happen and that could harm Your business. IT Related Risk is also a mayor concern due to the fact that IT can run your business dry if IT related risks are unknown and unmanaged. The business should define a tolerance level for IT Risk, as for business risk too, by doing this the company will ensure that there won't be surprises when an incident strikes and mitigation plans enter in action.
##Resource Management
A Resource is Something (or Someone) that will help you achieve your goals or do your work. A Resource should be a co-worker, a computer, a phone, a disk drive, an audio recorder, anything that would provide aid to achieve results in the business. Every asset in the business is a business resource. So, you should know How is IT managing their related resources to achieve their goals.
#Results Oriented management as a help in IT Governance
As you have read, there are three main perspectives over IT Governance. When you manage to deal with this information on the board, then you are providing alignment to the Business strategy. Now, How do you know IT is delivering value, managing risks and/or managing resources? The right way to know is when you monitor IT performance. The business mus have a small set of measures (metrics) that will provide you the information about how good or bad IT is performing.
Wrapping up all this information, You are, as a business owner or board member, the one responsible to ask for results to the IT Department. This will be true as there always be a need in the business to leverage all processes in the business with technology to present better and faster services everyday. You are the main stakeholder related to IT results for the business because you need to know how is the business running and what is being performed with your hard earned money. You should ask for information about IT performance to steer the wheels when you need to.
As far as i have came with this article, I think that if there is a comment you would like to add to the conversation or a question you may like to ask, then this is the right moment. Please comment and provide your feedback.
In the next Episodes I will provide more insight about IT strategy and performance management.
Thanks for reading. Have a nice Day.
Oliver S. Concepción C. MASI, CISA, CRISC, COBIT 4.1, COBIT 5