While most organisations recognise the importance of IT governance, the majority of these do not have a holistic view that considers all of its dimensions. This is the conclusion of a worldwide study recently conducted by PricewaterhouseCoopers (PwC).
The main objective of the PwC report is to provide more details to the survey statistics as presented in the second global status report on IT governance commissioned by the IT Governance Institute (ITGI), elaborating on a number of practices and issues gathered through face-to-face interviews with CIOs (chief information officers) and IT governance specialists within large organisations worldwide.
Survey findings also indicate that IT alignment was the most appealing result from these practices. Respondents confirmed the importance of IT alignment for the deliverance of sustainable business results, indicating IT governance as one of the best means to achieve it.
The focus of most activities was mainly on IT risk and control activities, thus narrowing the focus of IT governance to a very limited scope. Such initiatives are not considering IT governance holistically as a tool used to enhance the value of IT for the organisation.
The study also found out that most outsourcing arrangements lack appropriate IT governance considerations and that the IT governance aspects of outsourcing agreements are almost exclusively centrally managed by the corporate CIO office.
Risk management implementation: Risk register
The tool or risk register (in this case, a Microsoft Excel Spreadsheet) provides a mechanism for capturing project risks and issues, yet also covers all of the PMBOK® KPA processes, with the exception of risk planning. We suggest risk planning can be covered within one’s project management plan. The planning component within the risk management plan can be relatively short (summarised within a couple of paragraphs) by referencing the self-contained risk register, identifying the methods for updating the risk tool, and communicating the risks and issues from the risk tool.
As project managers, we have our hands full with the day-to-day management of our initiatives, and it is difficult enough to keep a lid on all the tactical actions that are taking place, let alone plan for the future. Nonetheless, we all know that planning is a key element to project success. Most successful project managers are effective because they simultaneously balance the immediate challenges and demands facing them with future needs, opportunities and risk-avoidance. In particular, they are able to do so because they identify and communicate these elements at the right levels throughout the organisation.
A specific risk management strategy which can be simple to implement and can directly help to improve one’s ability to identify, manage and effectively communicate risks.
Assemble Your Information Security Team and Evaluate Risks
As a precursor to developing (or revising) a data security plan, assemble a team of individuals in your organization responsible for ensuring information security, privacy compliance and data protection, as well as a board member and personnel from your legal, IT, human resources and communications/public relations departments.
Once your team is assembled, generate a list of the risks associated with noncompliance with privacy laws, mishandling of personal data and data breaches. The risks may include loss of customers and business, investigative costs, regulatory actions, fines, litigation, disclosure obligations and unfavorable publicity. Once this risk analysis is complete, identify one or more methods for mitigating each risk. Revisit this risk assessment regularly to re-rank the risks as your company’s organizational controls and systems evolve and improve.
Posted by: Edna Mae Buniel