How to make IT governance work

Governance is undoubtedly an important subject for any organisation, but what does it really involve?

This article can also be found in the Premium Editorial Download: Computer Weekly: The rise of home automation

Many drivers feel capable of exceeding the speed limit and handling their vehicle appropriately. How do you feel when you find yourself behind the wheel on a deserted highway late at night? At that point, do the traffic laws feel somewhat restrictive and even a little pointless?

Speed limits are like regulations affecting IT - sometimes we simply do not see their value. We only recognise they make our life more difficult. 

When it comes to information technology and the role of governance in an organisation, the situation is often similar as individuals are reluctant to be fenced in by rules and regulations.

I recently had a discussion with several managers of a large corporation with which I am working. Compliance officers, information security officers and the like were discussing how difficult it is to make the regulations tangible for the organisations. 

For instance, legal regulations are extremely stringent when it comes to the security of personal data, and yet they regularly have employees who write passwords on Post-it notes.

Governance is undoubtedly an important subject for any organisation, but what does it really involve? If you were to ask 10 experts you would end up with 11 explanations. It is therefore important to distil the topic down to its key elements.

Read more on IT governance

What does IT governance really mean?

IT governance is about managing the IT organisation of a larger corporate, in a manner that not only works according to all rules and regulations, but also makes sure the business works according to all rules and regulations. This is not an easy task to manage with an influx of new regulations from, among others, federal, state and European governments.

If IT governance is only viewed as a "regulation enforcement initiative", it will be a hard sell to management and staff alike. It is, therefore, much more and requires:

1. A clear understanding of the real task of the IT department: I encourage every leader in this area to be self-confident in this respect. IT is and will be a game-changer for many industries.

2. A clear and understandable message of what IT does: In most cases, this is a massive challenge for the IT department. The IT team will never be seen as a true partner for the business if it cannot communicate in a way others understand. 

When I look for a new car, I do not care about how many extra gadgets it has, how many kilometres of wire they used to connect them or how complicated it was to build. I simply want a car I can drive. In essence, this is what the business functions expect from IT. But they should expect more. 

The true value of IT comes when it generates new business opportunities through the use of technology and is capable of selling these opportunities to the business side of the organisation.

3. The obligation to ensure all rules and regulations are met: This is where the communication side of things becomes even more difficult.  Basel III, SEPA and IFRS are business-related regulations that IT needs to cover as much as IT-driven regulations, such as  security or data protection issues like whether HR data of a German company can be stored at a UK, Czech or Indian datacentre.

I often hear IT complaining, that the business does not understand the implications of, for instance, data security. If the business unit believes data security to be a purely IT topic and does not act, IT has not been able to communicate the real impact of the regulations on the business.

I have previously faced this situation with a client. What we did was deliver a presentation that showed the company’s board members behind jail bars. This was to demonstrate the possibility of incarceration should they not comply with the necessary regulations. The point was made.

4. For IT to clean up its own act: There are legacy systems that no IT department would develop with today’s knowledge. If that is the case, take a stand and change it.

The most important ingredient of successful governance

The most crucial factor in any process, regulation or governance is not the systems, which might not be perfect, or the lack of definitions. It is the human factor.

When things go wrong, people notice. If they speak up, then governance can be a value-generating approach to IT’s biggest challenges. To achieve this, a positive atmosphere for critical conversations has to be generated. This environment needs to be cultivated first within IT and then within the business functions.

A client of mine did a survey among their top managers and only 60% of them felt able to raise concerns. That means that two out of five executives will not speak up if they see something going wrong. Unbelievable. 

No compliance or governance system can outweigh the lack of trust. No company or department can expect to identify governance and compliance issues if people do not feel secure in raising concerns.

This in turn will result in a company where innovative ideas are few and far between as speaking up is relegated to the scrap heap. An innovative idea must challenge the status quo, which will make some executives, who believe in the status quo, defensive.

If you want to know where you stand right now, why not conduct a short survey within your IT organisation? Everyone can answer anonymously. Ask these questions:

  1. Do you know the strategy of your IT organisation?
    If yes: Describe it in your own words.
  2. Do you feel safe to speak up if you see the need for a change of the status quo?
  3. Are you able to say something if you notice a superior not adhering to the rules and regulations?
  4. Have you ever experienced, personally or as an observer, an instance when someone wanted to raise a concern but got interrupted or blocked?
  5. When was the last time you received recognition for your work from, firstly within IT and secondly from the business functions you are working with?
  6. Do you believe IT has the influence in the business it should have?
  7. What do you believe IT needs to improve to be a respected partner for the business?

If you conduct this survey and proceed to act upon the information you gather you are going to make a positive move forward -a move that will benefit your IT governance and your organisation.

Axel Rittershaus is an executive and leadership coach at The Executive Coach and president of the Cape Town chapter of the International Coach Federation (ICF)

Read more on IT governance