IT Governance

In an environment where so much of our businesses are now digital and online, compliance with evolving legal an regulatory requirements is necessary, and myriad threats as well as opportunities exist online your IT Governance for your organisation is not just a matter for the IT function.

Decisions made about your IT infrastructure, strategy and tactics can affect the future and the very existence of your organisation and this highlights how IT Governance is now a core responsibility of the Board of Directors. Competent planning management and monitoring of Information Technology can be source of competitive advantage as well as a source of value delivery for stakeholders.

Giving IT Governance a high value and priority in all aspects of an enterprise including the culture, policies and practices can deliver multiple benefits in terms of competitiveness and profitability as well as protection e.g. from cyber crime and data security.

Applying IT Governance

IT Governance sits under the umbrella of Corporate Governance and should be integrated into Enterprise Governance.

Your IT Governance is about making sure that you have an up-to-date IT infrastructure framework in place that works according to the law and regulations while at the same time supporting your organisations goals, strategies and objectives, and enables your organisation to achieve them.

Important areas to focus on therefore include:

  1. How you align your IT strategy with the business strategy and the business services, products and projects.
  2. How IT within your business is linked to value creation and maximising ROI.
  3. How you manage risks. This involves making sure that Risk Assessments are managed e.g. for IT investment, and that you have the right processes in place to manage risks.
  4. How you manage your resources. This involves good decision making and direction as to how IT resources are sourced and used, managing the funding, and planning to make sure that the capability and infrastructure will support your IT plans both now and in the future.
  5. Ongoing performance measurement + feedback. It is vitally important to be able to measure in order to manage. Making sure that your company’s strategic objectives are being met along with your IT performance targets, and all in a way that is compliant in a changing business and legislative / regulatory environment are necessary in order to operate successful IT Governance.
  6. How you manage newer areas of the business such as the Cloud. Being able to able to develop and implement a successful Cloud governance framework is now an important responsibility of the board of many organisations.

Successful IT Governance should therefore involve your organisation:

Getting to grips with and having a clear understanding of where and how IT and your IT Department fit into the business and what their task is. Ideally it should not just be confined to facilitating, but should also add value, create new opportunities, and even be an important source of competitive advantage.

Ensuring that you comply with all rules and regulations. This means compliance with the Data Protection Act, and the General Data Protection Regulation (GDPR) which is the new EU Regulation due to come into force in 2018 in order to strengthen and unify data protection for individuals within the EU as well addressing the export of personal data outside the EU. You will also need to ensure that your IT Governance activities enable compliance with your specific industry regulations e.g. Basel III he 2013 banking regulations agreed by The Basel Committee on Banking Supervision (BCBS), SEPA the Single Euro Payments Area, and International Financial Reporting Standards (IFRS) accounting standards. The fact that you have obligations to comply with laws and regulations or face stiff penalties as an organisation should help to emphasise the fact that IT Governance is not just a job for the IT department.

Addressing the human factor. For example recent UK government research revealed that 75% of large organisations suffered security breaches in 2015 that were staff related, and that more that 50% of the worst of those breaches were caused by human error. Important steps that can be taken help include creating a positive atmosphere where critical conversations are welcomed and where people feel safe enough to raise concerns and to speak up when they see something wrong relating to Governance and Compliance issues.

How We Can Help You

IT Governance Auditing

Finding out just how well the IT governance of your organisation is working in terms of supporting the aims and objectives is something that can be uncovered by internal IT Governance Auditing. Really effective auditing of this kind can also help to retain the trust and the confidence of stakeholders in terms of them being able to see more proof that management understand the role of IT and are able to manage all aspects of it to the required standard. An IT Governance Audit can also reveal the performance of the organisation in terms of compliance, having the right IT framework and contingencies in place, managing risk and identifying opportunities.

Recognised IT Governance models and standards that can help in providing effective frameworks for audits include elements of ISO/IEC 38500, GTAG® (Global Technology Audit Guide from the Institute of Internal Auditors) and COBIT®

Information Security Training

One of the most important ways that your organisation can arm itself effectively in the ongoing battle against cyber and data security breaches and cyber crime is through the education and training of staff.

If every member of your organisation is given the awareness and capability to spot the risks and threats and respond accordingly the investment made in Information Security Training could represent a huge saving compared to the damage to reputation, loss of customer trust and competitive advantage, and the financial penalties that data and cyber security breaches can bring.

Human Error - Biggest Cause of Security Breaches

Recent UK government research has revealed the shocking statistic that 75% of large organisations suffered security breaches in 2015 that were staff related, and that more that 50% of the worst of those breaches were caused by human.

Is Your Information Security Training Effective?

The results of a study by Alexos published in March 2016 found that even though 99% of executives responsible for Information Security Training in organisations of 500+ employees thought that security awareness as important to minimising the risk of security breaches, the majority of them doubted the effectiveness of their own organisation’s training. Only 42% for example thought that their training was effective at providing general awareness of information security risks. Even less - only 28% thought that their training was effective in the most vital area which is the actual changing of behaviour in relation to their organisation’s information security.

Less Than Half Complete Their Training!

In fact the same survey showed that no more than 50% of staff in the respondents’ organisations were thought to have even completed their for Information Security Training which of course means that half if their staff could represent a risk to their own organisation.

One area that is of major importance to today’s organisations is compliance with Information Security regulatory requirements, especially with the introduction of the new EU GDPR scheduled for 2018. Training and education is one key way in which organisations can help to ensure compliance but if like the respondents of the Alexos survey only 37% find their training very effective for compliance and only a third find it effective in reducing exposure to security breaches.

We can provide reliable and effective Information Training to help equip your organisation’s staff with the skills they need to manage and maximise value creation and opportunities using IT while avoiding the main risks and pitfalls.

If you are a UK business looking for help with any (or all) of your IT requirements, click here.