The Holistic IT Governance

It takes strategic and systematic thinking and holistic IT governance approach in running an Agile IT.

Digital IT is permeating into the very fabric or core processes in modern organizations, thus, IT governance is crucial to steer business toward the right direction and make effective business decisions. However, what is the best approach to begin implementing formal IT Governance specifically aimed at improving the quality of demand? How can the “competition” for finite dollars be structured so that the end game, best benefit for the enterprise, is achieved? How much of a decision making body (vs. advisory or discussion forum) is the IT Steering Committee (ITSC) and how do they make those decisions? How does one keep the ITSC focused on WHAT IT should work on and not HOW IT accomplishes it (“If IT was more efficient at keeping the lights on, you could have more dollars to spend on new things”)?

Starting with the Board sponsorship: Make the recognition by the BoD and officer team that the IT dollars are enterprise resource and are finite, and must be leveraged to the benefit of the enterprise. IT governance’s purpose is to facilitate all business units in competing for the dollars based on benefit to the enterprise.Begin with the CIO identifying every component of cost associated with “keeping the lights on”, then the current approved projects by title, executive sponsor, budget, schedule and resources dedicated to each project.

Categorization and prioritization: There is no reason the executive team shouldn’t be completely aware of where and how IT assets are being deployed. Next in exactly the same format, show the requested projects for which there are no resources in the current budget. Informally the resources can be bucketed under the run, grow, transform category at the broad organization level. This will help the organization keep a tab on the type of the expenditure and ensure that a significant portion of the resource is used to create new capabilities which help business transformation. Now the CIO asks the senior executive team and officer of IT steering committee what they’d like him/her to do, he/she has to keep explaining what they are doing to make operations more efficient, outside consultants, benchmarks etc. The CIO’s willingness to do anything to improve IT performance usually puts more pressure on the justifications the other officers are offering.

Holistic governance approach: Each Organization is different; hence IT governance should be looked more holistically in an enterprise, Try out the approach with following steps:
(1). Understand the operating style of organization. Who holds the decision making power, Is it with the CEO, Board, CFO, PE Investors or someone else. Know what view each of the CXO roles has on organization priorities and the role they consider IT has in the organization.

(2) Assess IT performance. This should give a clear idea about the maturity of IT function (Sourcing Unit, Order Taker, Solution Provider, Innovation Partner) – A CXO survey could help at this stage.

(3) Identify IT pain point: By Now some pain points from IT would have surfaced (Delayed Projects, Cost Overrun, No Innovation, No business involvement, Rogue IT – Every organization will have some quandaries with IT).

(4) Formal governance domains: Once the ground is firmed up, a formal IT Governance can be established – Consider following governance can be around:
a. IT Operations – Service Catalog , SLA
b. Business Management- Projects, Innovation, Demand
c. Sourcing ,Vendor Management and Control
d. Organization Structure, Learning, Leadership Development
e. Data, Process , Architecture etc
f. Security and Compliance – Information Security, Risk and Compliance

(5) Governance practices: Pick what is most relevant to gain trust of leaders, execution approach could consider following in any order what works best for your organization:

a. Newsletters – Issue Newsletters, Broadcasting good and bad about IT, This could be about ROI of IT, Project delays, Benefits Realization etc.

b. Gamification – Create IT scorecards and benchmarking performance of business units on IT benchmarks to generate a spirit of competition.

c. Decision Entities – Implement Delegation of Authority for IT, This way all the decisions are not cascaded up to IT Steering Committee. Let the Project Manager and Business Manager resolve some things at their own level.

d. Audits – While no one likes them, however, sometimes they just help in drawing attention to CXO’s ears. Partner with the Audit team and explore how they can help.

e. End to End Demand Management Process – Implement an end to end Demand management process which takes care of new project validation, business case approval, project development and design, user training and rollout, user adoption and change management and benefits realization.

(6). The best approach for IT governance has been the one which has aligned the framework approach with
a. maturity of IT function and the expectations business leaders have from IT
b.immediate and long term priorities of organization
c. ways of working, political equations among key leaders and decision making approach in the organization.

IT management and IT governance are interdependent disciplines. The purpose of IT management is to optimize IT resource and catalyze business growth; the goal of IT governance is to ensure making the right decisions and running an effective and agile IT.


What Is Risk Management and Why Do We Need It?

Every business is prone to risk is everyday operations. Risks can be analyzed through scenario analysis, which involves the study of possible future happenings. The approach places risk into three probabilities; the probability of the occurrence, the probable loop holes and the probable impact.


Risk management is the act of identifying the potential risks and developing strategies to decrease their chances or eliminating them altogether. Here’s a list of the possible risks that a business can face.

1. Health and safety

There are health and safety risks for all businesses. For example, a customer or an employee can slip on a wet floor. An employee with an infected disease can prevent harm to the co-workers, and an overtime shift of employees can lead to headaches. Therefore, risk management is important for every type of business.

2. Financial risks

Financial risks are mostly faced by financial institutions. According to J.P Morgan, one of the major reasons of sub-prime mortgage crises was poor risk management. Small and large companies are at a risk of client confidence, bankruptcy and dissolution of the business. These financial risks can be avoided through a sound strategy.

3. Legal risks

Legal risks are present for any business, and they can expose the business to big financial penalties. Arthur Andersen, the accountancy firm, lost the trust of its clients and investors due to the Enron debacle. Many partners and employees also resigned.

Businesses may be overwhelmed as all risks are a priority. So how does a business owner manage all the risks taking into consideration the budgetary constraints? The idle solution lies in enterprise risk management, which is a holistic risk management solution. Professional risk management strategies are also available for businesses such as LexisNexis risk management. All risk management solutions and strategies include these 3 processes.

1. Identification and assessment of risks

After taking the service of a professional company, the senior authorities have to agree to the process. It’s importance to identify those risks for the organization that are talked about but not documented. Identification will require carrying out different processes and activities such as holding workshops and meetings among employees and management. This will allow for the input of those who may have documented variety of risks.

2. Creating a strategy

After the risk has been identified, a strategy is going to be required. Enterprise diversification strategy requires creating backups in perfect correlation. Risks will also be prioritized depending on the extent of harm they can cause during strategic planning.

3. Regular reviews

Risk management needs to be a long term process with frequent reviews of the strategy designed to reduce or eliminate the risks. Through regular reviews, the risk management company and business can find out whether the strategy needs to be revised or not. It’s also important for businesses to consider it as a part or the overall planning and decision-making.

Risk management can have a positive effect on the overall image of the company. It also improves the decision-making process and leads to the efficient use of resources, leading to higher revenue in the long run.


Security vs. Privacy

If there’s a debate that sums up post-9/11 politics, it’s security versus privacy. Which is more important? How much privacy are you willing to give up for security? Can we even afford privacy in this age of insecurity? Security versus privacy: It’s the battle of the century, or at least its first decade.

In a Jan. 21 New Yorker article, Director of National Intelligence Michael McConnell discusses a proposed plan to monitor all  that’s right, all  internet communications for security purposes, an idea so extreme that the word “Orwellian” feels too mild.

The article (now online here) contains this passage:

In order for cyberspace to be policed, internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer or Web search. “Google has records that could help in a cyber-investigation,” he said. Giorgio warned me, “We have a saying in this business: ‘Privacy and security are a zero-sum game.'”

I’m sure they have that saying in their business. And it’s precisely why, when people in their business are in charge of government, it becomes a police state. If privacy and security really were a zero-sum game, we would have seen mass immigration into the former East Germany and modern-day China. While it’s true that police states like those have less street crime, no one argues that their citizens are fundamentally more secure.

We’ve been told we have to trade off security and privacy so often  in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric  that most of us don’t even question the fundamental dichotomy.

But it’s a false one.

Security and privacy are not opposite ends of a seesaw; you don’t have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it’s based on identity, and there are limitations to that sort of approach.

Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and possibly sky marshals. Everything else — all the security measures that affect privacy  is just security theater and a waste of effort.

By the same token, many of the anti-privacy “security” measures we’re seeing national ID cards,warrant less eavesdropping, massive data mining and so on  do little to improve, and in some cases harm, security. And government claims of their success are either wrong, or against fake threats.

The debate isn’t security versus privacy. It’s liberty versus control.

You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligence. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who — presumably — get to decide how much of it you deserve. That’s what loss of liberty looks like.

It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don’t subscribe to Maslow’s hierarchy of needs, it’s obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it’s a social need. It’s vital to personal dignity, to family life, to society  to what makes us uniquely human  but not to survival.

If you set up the false dichotomy, of course people will choose security over privacy especially if you scare them first. But it’s still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s also true that those who would give up privacy for security are likely to end up with neither.


Posted By: Cristina O. Libuna


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s