still King but the new prince is information… and while financial governance has been developed over centuries information governance is new, fragmented and chaotic
Evolving Level Strategic Policy Requires governance maturity Information Technology Governance Established Level Operational Process Develops with use of ICT * Or EBTG From the work of Elizabeth Valentine
essential for critical operational processes AND essential for organisation and service decisions AND is part of the product or service AND is the product or service HOW DO YOU USE TECHNOLOGY? Fundview, NZ Navigator Quitline, Depression Contract for Services Providing Public Services Every Organisation
files Continuity and crisis plans – at least in outline Security for confidential information Use databases not spreadsheets where possible Cloud offers far superior security than the “server in the cupboard” Someone holds responsibility for technology Watching brief on changes Targeted research when needed Agreed technology criteria Integrate around core applications; e.g. finance What is in-house, what is outsourced? Use of social media framework MINIMUM: FOR EVERY ORGANISATION – TECHNOLOGY IS NO LONGER OPTIONAL
Rely on third party standards Core policies defined Data management (includes security) Staff use of technology (BYOD, electronic identities, own interests) Procurement Basic technology management Staff support and training Risk register, active performance monitoring Cost monitoring (acquisition, staff time, usage) STANDARD: MOST ORGANISATIONS WITH STAFF AND/OR PUBLIC SERVICES
maintenance and development Operationally independent project and change management IT management is standards based e.g. ITIL, COBIT Separate technology management from operations Formal KPI reporting Value not cost – e.g. triple bottom line or contribution Breakdown available by service or contract Technology planning is integral to planning processes “vision” exists for technology ADVANCED: LARGER ORGANISATIONS; HOLD GOVERNMENT SERVICE CONTRACTS
distinct from finance and risk Guided by ISO/IEC 38500 Active Board development includes technology External audit Major project reviews IT plans and performance Security No Technology projects Only organisational projects that incorporate technology Investment business case essential Track project delivery against project promises FULL: MATURE BOARD; MISSION GRAFTED TO TECHNOLOGY
Technology negates the need for this. So do new ideas. New operational models (usually technology based) can be revolutionary Your technology governance may need to ramp up fast. A FINAL THOUGHT
DIY toolbox. Ask if you want something added! The Common Good Organisation Development model is explained in the book or at a workshop. I recommend a manager and a board member attend the workshop together for best results. Some of the best enterprise business technology advice is available free from McKinsey and Company. Sign up for free and select “business technology” under “client services” The NZ Privacy Commissioner has an excellent plain English guide to cloud computing covering many risk areas as well as compliance. The IITP Cloud Computing Code has more technical details and questions to ask suppliers. Some LinkedIn groups technology governance. My profile links to several. Please connect. If in doubt - Google your question and watch the videos!