Information Technology has become a key component in corporate governance. Previously information systems were used as enablers to businesses, but however with the surge in internet, information systems have become pervasive and
IT has to be considered when crafting an organisation’s strategy. IT has become an integral part of the business and is fundamental to support, sustain and grow the business. IT is an operational enabler for a company, but also it is an important strategic asset that business uses to exploit market opportunities in the creation of competitive advantage.
IT is now a game changer in the market place especially with the emergence and evolution of the internet, ecommerce, on-line trading and it enables companies to perform electronic transactions instantly. With the increased use of IT, companies are invariably investing heavily in IT. These developments in IT bring in significant IT risks that need to be governed and controlled.
The complexity of IT systems does create operational risks which raises such concerns as unauthorized use and access, disruption or changes to the information system or risks related to disclosure of confidential information outside the company.
Other issues of concern will be the integrity and availability of the system, authenticity of system information and assurance that the system is usable and useful. As a result of these risks IT governance (ITG) is now a critical component of enterprise governance.
In the US it is now a requirement, under the Sarbanes-Oxley Act (2002), that US companies must monitor IT governance as part of their compliance with the provisions of the Sarbanes-Oxley Act (2002).
As IT has become more critical to an organisation’s success and IT-related decision making becomes more complex, boards are realizing that IT governance processes are becoming a necessity.
IT governance has been defined as “the management process which ensures delivery of the expected benefits of IT in a controlled way to enhance the long-term, sustainable success of the enterprise.
IT governance is considered important because it enables an organization to effectively address major business issues, to protect its strategic information systems, and to manage its significant investment in IT including systems and networks and extracting the value from the investment.
ITG is comprised of five key dimensions namely, strategic alignment, value delivery, IT resource management, risk management and performance measurement.
Strategic alignment is concerned with whether a firm’s investment in IT is in harmony with its strategic objectives (intent, current strategy and enterprise goals) and thus building the capabilities necessary to delivery business value.
So strategic alignment ensures that the organisation will be more likely to use its IT resources to achieve its business objectives in an efficient and effective manner and work towards common business goals.
IT value delivery is concerned with delivery of information, service on time, within budget and with the benefits that were promised. In business terms, this often translates into: competitive advantage, reduced time for order/service fulfilment, customer satisfaction, reduction in customer wait time, improvement in employee productivity and profitability.
This critical component of ITG processes aims to confirm that IT architecture is designed to get maximum business value from IT, oversee the delivery of value by IT to business and assess return on investment
IT resource management is concerned with the management of IT resources and the organisation of IT infrastructures within a corporation.
This critical dimension of ITG processes aims to provide high level direction for sourcing and use of IT resources, to oversee the aggregate funding of IT at the enterprise level and to ensure that there is adequate IT capability and infrastructure to support current and expected future business requirements. It’s important to staff the IT department with the necessary skills and resources to effectively execute the committed programs.
On the Risk Management Dimension, risk management activities for boards have become increasingly important in this era of increased litigation. Risk management is one of the three key board responsibilities. Business organisations have traditionally focused on financial risk, but have more recently become concerned with operational and systematic risk.
Technology risk and information security issues form a prominent part of operational and systematic risk considerations. It is therefore important for the boards to ensure that they implement effective risk management processes that ensure regulatory compliance, accountability, transparency and resiliency.
The fifth dimension is ITG Performance measurement which is concerned with determining whether IT systems have achieved the goals set for them by the Board and senior management. These measurement systems aim to assess the ability of organizations to achieve the other four dimensions of ITG discussed above. The board should create a financial scorecard that tracks approved IT investments to each desired outcome measured in delivered business benefits.
In carrying out its responsibilities in ensuring sound IT Governance the board of directors is required to perform the following:
- The board should ensure that an IT charter and policies are established and implemented. The board should ensure promotion of an ethical IT governance culture and awareness of a common IT language.
- The board should ensure that an IT internal control framework is adopted and implemented.
- The board should receive independent assurance on the effectiveness of the IT internal controls from internal audit.
- The board should ensure that the IT strategy is integrated with the company’s strategic and business processes.
- The board should ensure that there is a process in place to identity and exploit opportunities to improve the performance and sustainability of the company through the use of IT.
- The board should delegate to management the responsibility for the implementation of an IT governance framework
- The board should monitor and evaluate significant IT investments and expenditure
- IT should form an integral part of the company’s risk management
- The board should ensure that information assets are managed effectively
- A risk committee and audit committee should assist the board in carrying out its IT responsibilities
Since IT has a significant impact on corporate performance and competitiveness, failing to effectively manage IT-related activities will have a definite impact on a company’s growth capacity. The board should therefore monitor IT related activities as part of its responsibilities.
Stewart Jakarasi is a business and financial strategist and a lecturer in business strategy, advanced performance management and entrepreneurship.
For assistance in implementing some of the concepts discussed in these articles please contact him on the following contacts: sjakarasi@gmail.com, call on +266 58881062 or WhatsApp +266 62110062.