The word IT governance sounds so bombastic that almost everyone is using it nowadays. We use it freely in our conversations that in the end, we do not really care what the real meaning is.
So, what is IT governance, actually?
Google IT governance, and no doubt that you’ll find zillions definitions for it. To me, there is no single and concrete definition of IT Governance. Quoting from IT Governance Institute, “IT Governance is the responsibility of the Board and executive management. It is an integral of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”
So, in my understanding, in an organization, there must be a unit/committee/individual that has specific and defined roles with respect to IT decisions or actions and it is the Board or top management’s liabilities. IT Governance is a vital element in enterprise governance, in which, to ensure that enterprise governance issues are addressed, IT first needs to be properly governed. In simpler words, IT is an enabler and not a driver. IT enables the business processes and to meet business objectives.
Is IT Governance important in an organization?
I would say yes, because IT is critical in supporting and enabling enterprise goals, as mentioned in earlier paragraph. For example, an organization would like to achieve an increase of 30% growth in its business; it may want to invest in IT to enable the organization to achieve the goal by reducing the manpower cost and so forth.
Apart from that, we are all aware that IT is evolving at a very fast pace and parallel to this; risks associated to IT will also increase. Therefore, there is a need to manage and mitigate the IT related risks to avoid undesirable events or loss. There should be an entity that drives or oversees the surveillance of the management of IT related risks in an organization.
Besides that, IT Governance is important to govern or control the accessibility of IT technology in an organization. As the old saying goes, “to err is human”. So there is a tendency of people misuse or manipulate the IT systems in an organization to serve their personal needs.
As a central banker dealing with the soundness of IT infrastructure among banks, I have seen the strong and weak IT governance and its implications in their respective organizations. Let me share some of the early symptoms of ineffective IT Governance that I have observed:
IT seen as a cost rather than as a provider of value – As mentioned earlier, IT should be regard as an enabler and not a driver to a business. If it is the other way round, IT would definitely be seen as a cost to an organization rather than added value element.
IT and business strategy not concurrently prepared and aligned – Since IT should be supporting business strategy, it should be aligned at any point of time. If both entities are not aligned, how would IT be able to support the business strategy.
In a nutshell, IT Governance, if it is not managed and enforced properly, it may create mishaps and involve many other risks such as reputation risk, financial loss and many more unwanted scenarios. Over time, IT will become a necessity rather than a luxury as it had happened before, thus we need to understand the importance of a strong IT Governance and implement it properly.
Let’s not repeat the tragedy that rocked the banking world history in which, the Société Générale trading loss incident that occurred sometime in early 2008. The French Bank lost $7.2 billion in fraudulent trades involving an insider and rumours has it that the rogue had unauthorized access rights to the trading system that he should not have had in the first place and was able to carry out unauthorized trading transactions. So, this shows that even if the organization has the latest infrastructure and technology system in place, but with weak IT governance and control, it may cause unwanted incidents and loss.
So, what is IT governance, actually?
Google IT governance, and no doubt that you’ll find zillions definitions for it. To me, there is no single and concrete definition of IT Governance. Quoting from IT Governance Institute, “IT Governance is the responsibility of the Board and executive management. It is an integral of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”
So, in my understanding, in an organization, there must be a unit/committee/individual that has specific and defined roles with respect to IT decisions or actions and it is the Board or top management’s liabilities. IT Governance is a vital element in enterprise governance, in which, to ensure that enterprise governance issues are addressed, IT first needs to be properly governed. In simpler words, IT is an enabler and not a driver. IT enables the business processes and to meet business objectives.
Is IT Governance important in an organization?
I would say yes, because IT is critical in supporting and enabling enterprise goals, as mentioned in earlier paragraph. For example, an organization would like to achieve an increase of 30% growth in its business; it may want to invest in IT to enable the organization to achieve the goal by reducing the manpower cost and so forth.
Apart from that, we are all aware that IT is evolving at a very fast pace and parallel to this; risks associated to IT will also increase. Therefore, there is a need to manage and mitigate the IT related risks to avoid undesirable events or loss. There should be an entity that drives or oversees the surveillance of the management of IT related risks in an organization.
Besides that, IT Governance is important to govern or control the accessibility of IT technology in an organization. As the old saying goes, “to err is human”. So there is a tendency of people misuse or manipulate the IT systems in an organization to serve their personal needs.
As a central banker dealing with the soundness of IT infrastructure among banks, I have seen the strong and weak IT governance and its implications in their respective organizations. Let me share some of the early symptoms of ineffective IT Governance that I have observed:
IT seen as a cost rather than as a provider of value – As mentioned earlier, IT should be regard as an enabler and not a driver to a business. If it is the other way round, IT would definitely be seen as a cost to an organization rather than added value element.
IT and business strategy not concurrently prepared and aligned – Since IT should be supporting business strategy, it should be aligned at any point of time. If both entities are not aligned, how would IT be able to support the business strategy.
In a nutshell, IT Governance, if it is not managed and enforced properly, it may create mishaps and involve many other risks such as reputation risk, financial loss and many more unwanted scenarios. Over time, IT will become a necessity rather than a luxury as it had happened before, thus we need to understand the importance of a strong IT Governance and implement it properly.
Let’s not repeat the tragedy that rocked the banking world history in which, the Société Générale trading loss incident that occurred sometime in early 2008. The French Bank lost $7.2 billion in fraudulent trades involving an insider and rumours has it that the rogue had unauthorized access rights to the trading system that he should not have had in the first place and was able to carry out unauthorized trading transactions. So, this shows that even if the organization has the latest infrastructure and technology system in place, but with weak IT governance and control, it may cause unwanted incidents and loss.
Nor Diana binti Abd Karim
2008269968
No comments:
Post a Comment