Saturday, August 29, 2020

Align IT GRC Framework with IT management to Improve Organizational Maturity

IT departments that have their own house in order, have absorbed compliance and operational risk management, and align IT GRC framework with IT management seamlessly can move on to greater, more strategic business needs.

Many IT organizations are at the crossroad to either become the business growth engine or turn to be irrelevant. In some circumstances, IT management seems to miss a relatively important measure of success or failure, the ability to be agile; the ability to meet the needs of the business, or the ability to delight end customers. 

Therefore, it’s important to take a holistic IT GRC approach that aligns the framework approach with tailored IT organization’s governance capability in order to unlock IT performance.

Identify IT pain points and assess the maturity of IT function: Organizations rely more and more on information technology; there are both hard barriers and soft cultural issues IT has to overcome in order to make a smooth digital transformation. IT has been traditionally treated as a cost center in large enterprises, which in turn fostered the defensive and sometimes adversarial attitudes in some IT people. There is a myriad of information, conflicts, and change inertia in modern businesses today, the major factor is lack of honesty about the realistic and reasonable plan that can be achieved without the worry of executives and others pulling the plug.

To improve IT organizational maturity, IT management should make an objective assessment of their organizational strength and weakness, identify IT pain points which have surfaced (Delayed Projects, Cost Overrun, No Innovation, No business involvement, Rogue IT – Every organization will have some quandaries with IT) IT organizational leaders need to check: If you redesigned the IT department, how is the structure of your IT department aligned with the organization? Does IT drive team building and organizational learning and change? Does governance focus on business effectiveness - doing the right thing first before doing things right? Etc. The best way to make IT more effective is not taking away their power or putting more boxes around it, but to integrate IT as part of the business, and unlock its performance.

Incorporate the Enterprise Risk Management output into IT strategic planning and implementation: IT governance evolves the leadership and organizational structures and processes that ensure the IT organization sustains and extends the enterprise strategies and objectives. In reality, very few organizations manage to incorporate the Enterprise Risk Management output into their planning and standard operating procedures. Absence of integration between the ERM process and the business planning processes, so much so that the two-run as parallel exercises; also, lack of integration between project and business risk management, thus, creating the silo effect, losing the benefit of cross-sharing and cost-saving, and impeding strategy alignment.

The governance is an organizational capability for risk mitigation, that’s why it has usually been put into the overarching GRC (Governance, Risk, Compliance) umbrella. GRC is not a single process, but a collection of processes with other governance mechanisms, such as roles and technologies. There are potentially multiple joint business/IT processes that could define the scope of IT Governance, Risk, and Compliance. High performance IT organizations align IT governance framework with IT planning and implementation. IT GRC enforcement makes complex things less complex. focus on IT service/solution delivery, cost optimization, availability of talents, scalability of operations, ensure people, processes, technologies, culture, etc, working in harmony, and drive IT-driven business initiatives to increase revenues.

Optimize ways of working, and decision-making approach in the organization: IT is often one of the biggest investments the business ever makes. IT management needs to understand the ways of working and operating style of the IT organization. Who holds the decision-making power, Is it with the CEO, Board, CFO, PE Investors, or someone else. Know what view each of the CXO roles has on organization priorities and the role they consider IT has in the organization. Sometimes the decision is managed as the end effect, not the beginning. At the other times, strategic decision-making lacks the updated information and much needed essential iterative process dynamics. Decision effectiveness relies on an agreed common approach, not a predetermined set of "one size fits all" planning. An effective IT governance framework helps to improve decision making effectiveness and organizational maturity.

IT maturity is proportional to overall business maturity. Excessive IT complexity limits innovation and enlarges gaps between IT and business. Senior executives and business managers should foster communication and have IT really understood their goals and plans for expanding the business, as well as their expectations of IT. By aligning a holistic IT governance approach, the systematic decision-making processes are not linear steps, but iterative continuum-including understanding the need, engaging key stakeholders, ensuring effective communication, assessing alternatives, developing consensus, planning, executing, and following up.

With fierce competition and rapid changes, digital IT is a paradigm shift in role, responsibility, attitude, and aptitude, and has to meet the needs of the business timely. IT has evolved significantly in running businesses today, not simply as a tool or mechanism to support business goals, but a digital catalyst to achieve strategic business goals. IT departments that have their own house in order and have absorbed compliance and operational risk management and align IT GRC framework with IT management seamlessly can move on to greater, more strategic business needs, accelerate performance and improve the overall organizational maturity.


Post a Comment