Disruptive innovation, evolving demands and growing dependencies on advanced technology favor organizations that are agile and resilient. Rigid adherence to strained or outdated practices can threaten value creation and hamper an organization’s performance. Better performance requires better decisions, and as opportunities and expectations shift, the timeliness and quality of an organization’s decisions will determine its success.
All organizations exist to create value
To effectively create value, organizations must deliver stakeholder benefits at the right resource cost with an acceptable level of risk. Value creation requires reliable governance, risk and control (GRC) practices. Properly integrating these practices helps organizations reduce uncertainty, enhance performance and avoid drift while pursuing their objectives.
Governance provides the structures through which organizations pursue these objectives. It operates from a unique set of relationships between the organization’s board, its management and its stakeholders. These structures and relationships influence how the organization improves performance, manages risk and achieves success.
Long-term, low-tech strategies are rare
Today’s reliance on technology to execute critical business processes introduces significant risk. To manage that risk, organizations must effectively integrate sound information technology practices into their overall governance framework.
An IT governance framework that is aligned with the mission, vision, values and objectives of the organization can complement and enhance existing governance programs, improve control over IT and assure compliance with external requirements.
Although better IT governance has become a concern for boards and executive management, implementing a framework can be challenging. A focus on existing issues can often create the sense of urgency needed to launch an IT governance initiative. Consider questions such as:
- Has the organization experienced an information security or business continuity failure?
- Are technology-driven changes failing to meet the organization’s needs?
- Are projects delivered late and over budget?
- Is the organization failing to recognize and satisfy its legal and regulatory requirements?
Identifying such highly visible concerns can create opportunities for quick wins that demonstrate value, secure support for further improvements and establish the foundation for better IT governance practices.
IT governance practices drive better outcomes
Organizations that establish IT governance frameworks are more effective at identifying and managing risk, their IT investments deliver higher value, and they improve their IT performance through better leadership and management.
While established guidance exists and adopting standards-based frameworks is recommended, introducing better IT governance practices doesn’t have to be difficult. At your next board or senior leadership meeting, simply ask some exploratory questions such as:
- How critical is technology to protecting and sustaining the organization, and what happens when it isn’t available?
- Does the organization exploit innovative technologies when pursuing its objectives?
- How is the organization managing its technology resources and performance?
Providing input and raising questions regarding IT governance is but one place leaders can play a role in developing the right governance, risk and control framework for their organization. This dialogue and investment will help organizations evolve, continue creating and preserving their value, and ultimately embrace the change that is required to be a successful and future-focused organization.
If you’d like additional information, or can’t wait to get started, you can contact Brian Johnson using the information below.
Senior Vice President
Brian leads the firm's technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance and advisory services. He has extensive experience in information security, network engineering and solution development, with recognized specializations in governance, risk, control and related consulting services.
Brian is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC). He is a member of ISACA (previously known as the Information Systems Audit and Control Association), the American Institute of Certified Public Accountants’ Information Management and Technology Assurance (IMTA) Section, and APICS (the Association for Operations Management).
Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned a master's of accountancy and bachelor's in business administration.