Business IT leaders have added yet another buzzword to their vernacular - IT governance. Faced with growing demands for financial and technological accountability, organisations are realising the necessity of creating a framework which defines how IT should support business.

IT governance is a framework for the leadership, organisational structures and business processes, standards and compliance to these standards, which ensure that the organisation's IT supports and enables the achievement of its strategies and objectives.

In other words, IT governance is concerned with the strategic alignment between business goals and objectives, and the utilisation of IT resources to effectively achieve desired results.

The need for IT governance
Businesses must pay attention to IT governance because of the need to satisfy two critical requirements - risk mitigation and compliance.

A serious technology mishap can affect not only business processes but also relationships with customers. Critical failures in IT can shake consumer confidence, which organisations cannot afford at any cost. An appropriate framework ensures that IT systems, processes and infrastructure are adequate, and can protect and mitigate against business risks.

Another key consideration is the regulations imposed on companies regarding data retention, confidentiality, financial accountability and disaster recovery. IT governance establishes standards and synthesises processes and systems. In this way, IT governance helps an organisation achieve regulatory compliance, and be proactive about the security and integrity of its data and processes.

IT governance guidelines for Directors
Directors need to take leadership and craft an IT governance framework that is realistic yet flexible for their organisation. Here are some guidelines for consideration.

Assess risks
One of the main goals of IT governance is to manage business risks. In order to know which system to adopt as part of IT security strategy, an organisation first has to gain a thorough understanding of the current risks it is exposed to. Doing so will allow meaningful discussions and facilitate decision-making.

Get everyone on board
Effective IT governance requires standards and processes to be implemented in many areas within the enterprise architecture. Therefore, the Board of Directors must be willing, informed and active champions for IT governance and the changes and practices the organisation requires.

Provide strategic oversight
The Board of Directors should provide strategic oversight of information security by:

  • understanding how critical information is, and the importance of information security to the organisation
  • reviewing investment in information security systems for alignment with organisational strategy and risk profile
  • endorsing the development and interpretation of a comprehensive information security programme
  • requiring regular reports from management on the programme's adequacy and effectiveness


Creating a steering committee

Information security impacts the entire organisation, and all stakeholders affected by security issues should be involved. To accomplish this, appointing a steering committee which includes business leadership as well as representatives from all functions is a great step forward. The steering committee must meet and review the IT policies and procedures regularly.

Conduct audits
To ensure adherence, conduct regular audit of the processes implemented for IT governance. The findings from the audit can be used to fine-tune the programme.

IT governance is an area that businesses must take into account seriously. An organisation that strategically aligns IT to meet its objectives not only gains viable buffer against risks, but also facilitates compliance to regulations. Engage the services of a professional IT firm for an expert and unbiased perspective with which to formulate clear and powerful IT governance for your organisation.