In a meeting with some information security personnel, the chief executive officer (CEO) of a bicycle company in Lagos quipped that, “We only sell bicycles. Why should we be spending so much on Information Technology (IT) Governance?” With that statement, he cut the budget for IT governance and proceeded to pour more money on the marketing of the bicycles through their website. Days later, their website crashed for three days, and there was no plan in place to ensure that the website was back up on time, and through that singular crash, they lost millions. The physical shop where they displayed the bicycle lost visitors.
But, if the CEO understood critical areas of IT governance or how they speak for and on behalf of businesses, he would have acted right. In this piece, I focus on critical areas stakeholders can pay attention to in IT governance.
First is strategic alignment. The combination of IT governance and strategic alignment allows the business to utilise IT to achieve business goals effectively. In our example, the CEO should understand that without IT, the company might not be profitable. More importantly, he should know that the core functions of the business, for example, sales, depend on the business’s IT functions. Strategic alignment also enables the company to synergise its business functions with IT processes that make the day-to-day deliverables easy.
Without adding value to customers and other stakeholders, the business fails. An excellent IT governance framework articulates a vision regarding IT investments that deliver maximum business value at an acceptable level of risk. In our case, the business must measure the business value and manage and communicate value delivery through the components within the IT. If, for example, the company says that they will deliver bicycles within twenty-four hours, they would have processes to meet that time value. If there is no appropriate IT structure, meeting that particular goal will be difficult. Value delivery answers the following questions: Are we doing the right thing? Are you getting benefits? Are we meeting customers’ demands?
In every organisation, there is a risk. In every facet of our lives, there is a risk. The management of the risk is what makes existence worthy. Every business comes with its own risk, and as such, companies must invest in IT risk management. The company’s function within the company would be as follows, to identify risks within the IT structure, assess those risks that are most capable of crippling the business functions, and mitigate those risks immediately. Another aspect that most IT risk managers face focusing on is creating an incidence response. The question here is, what happens when all the processes in place fail? As part of the risk management structure, the company must develop contingency plans to ensure that the business can run after an incident or a crisis occur and constantly review those risk-mitigating actions.
Another one is resource management. Resource management is not human resources management. It is how businesses manage their various resources effectively to meet their business goals. In the above example, this will mean planning so that the right resources are assigned to complete multiple business tasks. Managing resources involves scheduling and making budgets for people, projects, equipment and supplies to meet the overall business goals.
And the last focus is performance management. IT performance management drives the business value creation and defines how to optimise business value based on business needs. One such need might be operational stability and operational excellence. This need varies as business environments change.
By focusing on these areas, companies will see a return on investment on their IT infrastructure and build that competitive edge that companies need in this technologically driven environment.