Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Getting the Big Guns Onside

In this post-Enron era of corporate accountability, boards of directors aren’t afraid to intervene when IT projects spiral out of control. But if executive management really want to help their organisations navigate technological change, they’ll introduce some basic IT governance principles instead
Page:

By the late 1980s, a major IT project under way at the Society of Worldwide Interbank Financial Telecommunication (SWIFTsc) was beginning to drain significant resources, with the well quickly running dry. The project, according to former SWIFTsc security adviser Erik Guldentops, now a management consultant and executive professor at the Management School of Antwerp University, suffered from "moving goalposts" for requirements, budgets and objectives. Business, IT and audit management began sparring over who should take the blame. Tensions escalated to the point where hostility and friction were close to paralysing the project.

It is a scenario familiar to many organisations attempting to undertake wide-scale IT reform, but for SWIFTsc, which provides secure global communication to more than 7000 financial institutions in more than 190 countries, the consequences could have been catastrophic. Eventually the board was forced to step in, becoming by doing so one of the earliest boards of directors to intervene and implement basic IT governance practices. Belatedly, that is a fashion more companies look set to emulate.

Intent on protecting the organisation as it navigated technological change, SWIFTsc's board of directors and executive management: set clear IT strategy through a dedicated board committee; relied on measurable and controllable performance indicators initiated by the audit department and further developed with - and agreed to by - IT management; and, monitored progress against the performance indicators, again leveraging the dedicated board committee. It was a highly successful intervention, Guldentops says.

Historically, boards have seldom been involved in IT issues, intervening mainly when IT problems threatened the viability of the business. Boards rushed to intervene in some of the online retail companies, including Amazon, when fulfilment problems threatened the credibility of the company and buyers were still skittish about online buying. Boards have also intervened in some companies in which IT was seen as integral to the business model. Otherwise, it has been rare for an IT issue to attract the attention of a board of directors. As leading global businesses increasingly recognise the imperative for strong IT governance, some boards are stepping up to adopt a much stronger oversight role, and leading institutions are proposing those organisations as role models for the rest of the business world.

"It's crucial that board members provide oversight regarding IT issues," Guldentops says. "IT is key to the continued existence of the world's largest enterprises. Boards and executives must ensure that IT delivers appropriate value to the business, IT risks are mitigated and IT practices are aligned with business objectives." Guldentops was commenting at the launch last year of two new high-level documents from the IT Governance Institute, together designed to help enterprise board members and executive managers focus their attention on vital and complex IT governance and security issues.

The IT Governance Executive Summary and a related publication, IT Strategy Committee, address the roles and responsibilities of boards and management regarding IT. Both publications are available as open standards and complimentary downloads via the IT Governance Institute's Web site at www.ITgovernance.org. Guldentops says the key message of these publications is that board members do not need to be technology experts, but they do need to understand their changing roles regarding oversight.

A not-for-profit organisation dedicated to sharing better practices for IT governance, the institute, founded in 1998 by the Information Systems Audit and Control Association (ISACA - founded in 1969), has also developed a comprehensive framework for IT governance implementation, known as Control Objectives for Information and Related Technology (CobiT).

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACT, Curtin University, Curtin University of Technology, Deloitte Touche Tohmatsu, Deloitte Touche Tohmatsu, Financial Institutions, Gartner, HIS Limited, IMS, NRMA, PLUS, Queensland University of Technology, Queensland University of Technology, University of South, University of South Australia, University of Technology Sydney, VIA

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Book 2 - The Executive Guide to Securing Assets
    Keeping your information technology (IT) systems and information secure in the face of constant changes in hardware, software, threats, and regulations can seem like an impossible task. You must constantly monitor and evaluate asset security controls effectiveness in addition to monitoring regulatory and contractual security requirement compliance. To be effective, you must implement IT controls in context with your entire organization assets.
    Learn more »
  • Improving Productivity in the Connected Enterprise Through Collaboration
    In the market for collaborative applications, a large convergence is beginning to take hold, and the consumerization of IT is central to this movement. The technologies that people use as consumers are impacting the way employees, customers, and partners want to interact and collaborate at work. People want to take the same technology experiences that are available at home and plug them into their daily work lives. This movement is setting worker expectations as both employees and corporate consumers. Workers need to have the choice and flexibility to consume the applications they want, where they want, and on their preferred device. Read on.
    Learn more »
  • Cloud printing in the enterprise: liberating the mobile print experience from cables, operating systems, and physical boundaries
    In recent years, mobile technology has proliferated throughout the enterprise. Today, virtually no one in the workforce is bound to a desk to work, check email or communicate with co-workers and customers. Notebooks and personal data assistants (PDAs) have evolved into all-in-one smartphones, and broadband wireless networks make it possible for people to be connected where business takes them. At the same time, we’re seeing the rise of cloud technologies to manage data and software that used to run solely on PCs. This merger of mobile and cloud technologies is on its way to becoming one of the most significant enablers of business productivity and innovation in the past decade.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.

HP and IDG news, product videos and resources