- 10 things to help you identify intruder threats faster
- Can a DDoS attack on Whitehouse.gov be a valid protest?
- Dutch dev stole 20,000 passwords from websites he built for businesses
- Think employers must protect workers’ personal info? Think again
- Sensitive access tokens and keys found in hundreds of Android apps
Why best practice is risky
A well-governed organisation implies that it operates within an appropriate framework of structured controls, policies and processes, all driven by best practice. But is this really what is needed in a time of disruption and change?
Governance frameworks exist for almost every aspect of an organisation to ensure it operates as intended, and in support of its overall mission.
Entire industries thrive on the evolution, implementation and maintenance of these governance frameworks, which underpin the development of published standards.
Mature governance frameworks embody so-called ‘best practice’, which implies the adoption of these frameworks will help the organisation achieve its goals with a higher degree of reliability.
Indeed, the Oxford dictionary defines ‘best practice’ as: “Commercial or professional procedures that are accepted or prescribed as being correct or most effective”.
Selecting, adapting, designing and integrating the various governance frameworks across the organisation is no trivial task, and is especially important for organisations with an enterprise-wide dependency on IT.
In an environment that is not changing very rapidly, or has a very high cost of failure, such as commercial aviation, accepted ‘best practice’ generally makes sense and with good reason.
If followed, best practice maximises the likelihood of the intended results being achieved. After all, the ‘recipe’ has been shown to work, and is often backed by evidence that reinforces adherence to the relevant standard yields results. Reinventing the wheel is a potentially risky and expensive process.
But does best practice + disruption = worst outcome?
Accepted ‘best practice’ may no longer be up to the task in the face of fundamental technological or marketplace disruption. If your organisation is dealing with a rapidly changing, innovative and disruptive competitor, rote adherence to such standards may be anything than ‘best’ for you.
On the flip side, if your organisation is the one doing the disrupting through innovative technologies, processes or business models, you have more likely than not broken ranks with those still constrained by the prevailing governance models based on demonstrated best practice.
But if your organisation is rusted onto ‘best practice’, how can it adapt to the change to ensure survival? Through IEDs, enterprise IT, disruption and governance.
For many organisations, and irrespective of whether it is in-house, outsourced or in the cloud, IT underpins the operation of most (if not all) aspects of the organisation. In such instances, any assumptions about the interplay between IT and enterprise governance need to be carefully considered in a disrupted environment.
But just believing the organisation can head off on its merry way, leaving the CIO to take care of IT governance as well as delivering on the value from investments made in IT-enabled change, should be seriously questioned.
The case of the £1.5 billion capital shortfall announced by the UK’s Co-operative Bank in June 2013, which arose from a failed attempt to replace the Banking Group’s IT platform, offers valuable insights into the role of governance, disruption, the expectations of IT and in particular, the role of the CIO.
The bank’s response was to commission an independent review by Sir Christopher Kelly entitled ‘Failings in management and governance’.
For any CIO dealing with major technology transformation, there are few lessons to take away from this:
- Such initiatives should not be treated primarily as IT projects;
- You need to ensure the responsibilities for key deliverables by executives other than the CIO are clearly and explicitly stated
- The abdication of responsibility to the CIO by the board is a warning for future potential problems.
As an IT leader, what’s your approach to steering the organisation’s strategy in optimising ‘best practice’ when faced with disruption?
- Answer 5 quick questions and you could win a Lego Mindstorm EV3, (valued at $499).
- 6 cities | 20 exhibitors | International & local keynotes | Hear from Mark Loveless 'Simple Nomad' & Jeff Lanza Former FBI - Save your seat at CSO Perspectives Roadshow
- WIN a HTC Vive Kit valued at $1399, take this 3 minute survey for your chance to WIN!
- Participate in this market research and go into the draw to win a Lego Death Star, (valued at $999).
- Deloitte taps former VCPro director to join local cloud and infrastructure solutions practice
- Where will enterprise automation leave Aussie workers?
- Toshiba may sell its semiconductor business to stay afloat
- HPE forks out $860M for SimpliVity in hybrid IT push
- onPlatinum ICT - Channels within channels