IT governance practices

IT governance drives better outcomes

Today’s reliance on technology introduces risk. Managing that risk requires effectively integrating sound IT practices into an organization’s overall governance framework.

Disruptive innovation, evolving demands and growing dependencies on advanced technology favor organizations that are agile and resilient. Rigid adherence to strained or outdated practices can threaten value creation and hamper an organization’s performance. Better performance requires better decisions, and as opportunities and expectations shift, the timeliness and quality of an organization’s decisions will determine its success.

All organizations exist to create value

To effectively create value, organizations must deliver stakeholder benefits at the right resource cost with an acceptable level of risk. Value creation requires reliable governance, risk and control (GRC) practices. Properly integrating these practices helps organizations reduce uncertainty, enhance performance and avoid drift while pursuing their objectives.

Governance provides the structures through which organizations pursue these objectives. It operates from a unique set of relationships between the organization’s board, its management and its stakeholders. These structures and relationships influence how the organization improves performance, manages risk and achieves success.

cybersecurity-email-series New call-to-action

Long-term, low-tech strategies are rare

Today’s reliance on technology to execute critical business processes introduces significant risk. To manage that risk, organizations must effectively integrate sound information technology practices into their overall governance framework.

An IT governance framework that is aligned with the mission, vision, values and objectives of the organization can complement and enhance existing governance programs, improve control over IT and assure compliance with external requirements.

Although better IT governance has become a concern for boards and executive management, implementing a framework can be challenging. A focus on existing issues can often create the sense of urgency needed to launch an IT governance initiative. Consider questions such as:

  • Has the organization experienced an information security or business continuity failure?
  • Are technology-driven changes failing to meet the organization’s needs?
  • Are projects delivered late and over budget?
  • Is the organization failing to recognize and satisfy its legal and regulatory requirements?

Identifying such highly visible concerns can create opportunities for quick wins that demonstrate value, secure support for further improvements and establish the foundation for better IT governance practices.

IT governance practices drive better outcomes

Organizations that establish IT governance frameworks are more effective at identifying and managing risk, their IT investments deliver higher value, and they improve their IT performance through better leadership and management.

While established guidance exists and adopting standards-based frameworks is recommended, introducing better IT governance practices doesn’t have to be difficult. At your next board or senior leadership meeting, simply ask some exploratory questions such as:

  • How critical is technology to protecting and sustaining the organization, and what happens when it isn’t available?
  • Does the organization exploit innovative technologies when pursuing its objectives?
  • How is the organization managing its technology resources and performance?


Providing input and raising questions regarding IT governance is but one place leaders can play a role in developing the right governance, risk and control framework for their organization. This dialogue and investment will help organizations evolve, continue creating and preserving their value, and ultimately embrace the change that is required to be a successful and future-focused organization.

If you’d like additional information, or can’t wait to get started, you can contact Brian Johnson using the information below.

Brian Johnson

Senior Vice President
Technology Services

Brian joined AGH in 1992. He leads the firm’s technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and the Association for Supply Chain Management (ASCM). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), and Certified in Production and Inventory Management (CPIM).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned Master of Accountancy and Bachelor of Business Administration degrees.

Information security is more than technology, it requires educated staff.
See how we can help identify and mitigate your security vulnerabilities.