IT governance practices

IT governance drives better outcomes

Today’s reliance on technology introduces risk. Managing that risk requires effectively integrating sound IT practices into an organization’s overall governance framework.

Disruptive innovation, evolving demands and growing dependencies on advanced technology favor organizations that are agile and resilient. Rigid adherence to strained or outdated practices can threaten value creation and hamper an organization’s performance. Better performance requires better decisions, and as opportunities and expectations shift, the timeliness and quality of an organization’s decisions will determine its success.

All organizations exist to create value

To effectively create value, organizations must deliver stakeholder benefits at the right resource cost with an acceptable level of risk. Value creation requires reliable governance, risk and control (GRC) practices. Properly integrating these practices helps organizations reduce uncertainty, enhance performance and avoid drift while pursuing their objectives.

Governance provides the structures through which organizations pursue these objectives. It operates from a unique set of relationships between the organization’s board, its management and its stakeholders. These structures and relationships influence how the organization improves performance, manages risk and achieves success.

Long-term, low-tech strategies are rare

Today’s reliance on technology to execute critical business processes introduces significant risk. To manage that risk, organizations must effectively integrate sound information technology practices into their overall governance framework.

An IT governance framework that is aligned with the mission, vision, values and objectives of the organization can complement and enhance existing governance programs, improve control over IT and assure compliance with external requirements.

Although better IT governance has become a concern for boards and executive management, implementing a framework can be challenging. A focus on existing issues can often create the sense of urgency needed to launch an IT governance initiative. Consider questions such as:

  • Has the organization experienced an information security or business continuity failure?
  • Are technology-driven changes failing to meet the organization’s needs?
  • Are projects delivered late and over budget?
  • Is the organization failing to recognize and satisfy its legal and regulatory requirements?

Identifying such highly visible concerns can create opportunities for quick wins that demonstrate value, secure support for further improvements and establish the foundation for better IT governance practices.

IT governance practices drive better outcomes

Organizations that establish IT governance frameworks are more effective at identifying and managing risk, their IT investments deliver higher value, and they improve their IT performance through better leadership and management.

While established guidance exists and adopting standards-based frameworks is recommended, introducing better IT governance practices doesn’t have to be difficult. At your next board or senior leadership meeting, simply ask some exploratory questions such as:

  • How critical is technology to protecting and sustaining the organization, and what happens when it isn’t available?
  • Does the organization exploit innovative technologies when pursuing its objectives?
  • How is the organization managing its technology resources and performance?

Summary

Providing input and raising questions regarding IT governance is but one place leaders can play a role in developing the right governance, risk and control framework for their organization. This dialogue and investment will help organizations evolve, continue creating and preserving their value, and ultimately embrace the change that is required to be a successful and future-focused organization.

If you’d like additional information, or can’t wait to get started, you can contact Brian Johnson using the information below.

Brian Johnson

Senior Vice President
Technology Services and Administration

Brian Johnson is an experienced technology executive and consultant with a proven track record of leadership in technology management. As a technology and business leader with more than 30 years of experience, Brian successfully leverages his technology background, business acumen, and people management skills to help organizations link innovative technology solutions to their strategy and mission. Brian’s technology experience and credentials are supplemented by his training as a certified public accountant.

Brian is a frequent speaker and advisor on technology developments and trends. A certified public accountant, he has extensive expertise in IT risk advisory services and has earned the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified In the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC), credentials as well as additional certifications in operations management, systems engineering, and solution development. Brian was named one of the Wichita Business Journal’s CIO of the Year honorees in 2015.

Information security is more than technology, it requires educated staff.
See how we can help identify and mitigate your security vulnerabilities.