Deloitte’s Technology Trends 2013 report mentions that the five technology forces — analytics, mobile, social, cloud and cyber — are going to dominate the post-digital enterprises in the coming years.
And the trend compels organisations to rethink their governance, more precisely IT governance.
Let us explore how governance can be redefined in this parlance.
The Kumar Mangalam Birla Committee Report says the “fundamental objective of corporate governance is the “enhancement of shareholder value, keeping in view the interests of other stakeholder”.
This statement emphasises the continuous need to enhance shareholder value and it would be harder to achieve the required governance level ignoring IT governance. The IT Governance Institute (ITGI) formed by ISACA, a global body of information security professionals, in 1998 defines IT governance as the board’s ability to direct and control the enterprise’s use of IT resources in line with strategic goals.
Leadership, organisational structure and processes are used to leverage IT resources and drive alignment, the delivery of value, management of risk, optimisation of resources and performance measurement.”
It is a very comprehensive definition and it establishes the link between IT resources and entity’s strategic goals.
Technology research firm Gartner’s definition further splits the concept of IT governance into two aspects — IT demand governance (ITDG) and IT supply-side governance (ITSG).
While ITDG is a business investment decision-making and oversight process, and a business management responsibility,ITSG is concerned with ensuring that the IT organisation operates in an effective, efficient and compliant fashion, and it is primarily a CIO responsibility.
The Value Puzzle When it comes to the investment in IT, measuring the value that IT delivers is a complex puzzle to solve. For instance, while measuring net costs saved and business efficiencies achieved by setting up an enterprise resource planning (ERP) system in place of the old system, one has to take an overall view and consider qualitative aspects along with the quantitative aspects.
Globally, methodologies exist to logically measure these costs and benefits. Yes, we are referring to the more sophisticated systems such as IT balanced scorecard (BSC). It helps IT professionals — and typically CIOs and CTOs — to demonstrate to the senior management and board members the real value delivered by the IT.
Bridging the control gap The key question is how to implement the ITG?
Control objectives in IT (COBIT) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. One may visit the ISACA website for a detailed discussion and guidance on IT governance and COBIT. At the end of the day, IT governance has to create value for the business over and above associated costs.
Here are some pointers:
Ensuring that IT and business priorities are aligned
Ensuring that IT can follow the evolution of business products and markets
Running business processes more efficiently, and accurately
Ensuring that the IT systems are compliant with regulations
Supporting the corporate governance imperatives
Protecting intellectual property
Providing transparency on IT costs
In sum, while the corporate governance basics remain the same, they have to be essentially applied in the IT parlance. This requires companies to have people who understand both business and IT.
Finding solutions The CTO’s or CIO’s role is no longer confined to ensuring the timely implementation of systems, subsequent enhancements and attending to ‘Help Desk’ issues, they should understand business challenges and find solutions.
It is essential for them to demonstrate to the board and senior management that their entities have the required level of IT governance.
This will help directors to do their job effectively, especially in terms of the requirements of the Directors’ Responsibility Statement as defined in the Companies Act, 2013 relating to internal financial controls and compliance with the provisions of all applicable laws.
(The author is Partner, Deloitte Haskins & Sells)