Monday, May 17, 2021

Insight of IT Governance

Corporate governance discipline can fulfill its purpose as a high-level corporate enabler by providing a structured communication bridge between shareholders and top business leaders 

We live in an era, full of uncertainty, velocity, complexity, and ambiguity. The result is the higher risk of conflicts and inertia. Often a big risk is that the risk management system is detached from the real management of the business. Sound governance is part of eliminating risks and doing the right thing. 

However, governance has been one of those concepts that has received a lot of "lip service" and most businesses have depended on outside help to guide the minimum they need to do to get a "pass" mark. IT governance is an integral component of corporate governance, how to improve its effectiveness?

Governance needs to go beyond the bottom line: Governance is critical. GRC is all about setting up a governance initiative in an organization for identifying those common risks which various stakeholders and actors in the organization have to deal with and aim to minimize; various rules and regulations the organization has to comply with in a holistic way, and all this in a composed fashion. Some old school of management thinks governance is only for the bottom line, statistically, the organizations with governance competency will outperform competitors significantly. It doesn’t matter what the drive is, in a well aligned and architected organization, governance must be assessed at the enterprise level.

If your organizations are highly regulated, then your GRC would focus on compliance and audit foremost. If you are less regulated, you can use the GRC to facilitate discussion of common risks and issues across the enterprise and avoid duplicating efforts for risk remediation. The latter is where GRC can be used to drive business change and business value the most. To move up GRC maturity, governance is a management tool, and even more as a learning tool. There are two foundational requirements to enforce GRC: Management commitment and Discipline. If you don't have either, don't bother with any governance.

IT Governance is a critical responsibility and a subset of Corporate Governance: GRC is not about a single role or reporting structure, as there are separate functions/roles. Neither is GRC about lumping them together but allowing different roles to work together in harmony. As governance has costs associated with it and partly is to do with the way a business perceives risk, opposed to focusing on the benefits that a well-governed business can bring to their strategic stance.

IT governance is an integral component of business governance and it’s also a critical cultural issue. By implementing a centralized IT governance program, corporations can deliver immediate benefits to the entire organization. IT governance is primarily operational with the focus on directing how IT enables business operations through people, process, service catalog, SLAs, reporting, etc, gaining an understanding of the operating style of the organization; knowing what view each of the CXO roles has on organization priorities and the role they consider IT has in the organization.

Present to business about benefit & cost: Corporate governance has a direct link to each business and its processes. Not only from the financial results, but also from the involvement and signs being displayed inside the organization, about what guidance, values, and principles governing the company's commercial activities. Proper IT Governance will have incorporated a process for change and innovation. This should allow for IT innovation to excel within the constraints of the hierarchy of the organization.

Unmanaged endogenous risk does not dissipate but is communicated and amplified through multi-scalar interactions. Solid governance discipline can not only mitigate risks, but also more crucially, manage risks. The thing that the management wanted to see is how the implementation of the strategy proposed will affect the existing business processes, roles, and responsibilities, and how much it will cost to change the processes in order to establish good IT governance and risk management, and of course, what exact benefits it will bring at the end.

Corporate governance discipline can fulfill its purpose as a high-level corporate enabler by providing a structured communication bridge between shareholders and top business leaders such as corporate directors. The ultimate 'governance' authority is the Board of Directors; all other governance 'authority' is derived from the authority delegated downward by the Board of Directors.


Post a Comment