- The week in security: As business and CISOs struggle to unite, hackers scoring big hits
- Mass CCleaner malware attack actually targeted tech giants
- NotPetya costs FedEx $300m, now weighs up cyber insurance
- Pen-testing may pacify auditors, but it won’t stop hackers from taking your data
- As Equifax jettisons CISO and CIO, survey finds CISOs feel devalued by business leaders
Why best practice is risky
A well-governed organisation implies that it operates within an appropriate framework of structured controls, policies and processes, all driven by best practice. But is this really what is needed in a time of disruption and change?
Governance frameworks exist for almost every aspect of an organisation to ensure it operates as intended, and in support of its overall mission.
Entire industries thrive on the evolution, implementation and maintenance of these governance frameworks, which underpin the development of published standards.
Mature governance frameworks embody so-called ‘best practice’, which implies the adoption of these frameworks will help the organisation achieve its goals with a higher degree of reliability.
Indeed, the Oxford dictionary defines ‘best practice’ as: “Commercial or professional procedures that are accepted or prescribed as being correct or most effective”.
Selecting, adapting, designing and integrating the various governance frameworks across the organisation is no trivial task, and is especially important for organisations with an enterprise-wide dependency on IT.
In an environment that is not changing very rapidly, or has a very high cost of failure, such as commercial aviation, accepted ‘best practice’ generally makes sense and with good reason.
If followed, best practice maximises the likelihood of the intended results being achieved. After all, the ‘recipe’ has been shown to work, and is often backed by evidence that reinforces adherence to the relevant standard yields results. Reinventing the wheel is a potentially risky and expensive process.
But does best practice + disruption = worst outcome?
Accepted ‘best practice’ may no longer be up to the task in the face of fundamental technological or marketplace disruption. If your organisation is dealing with a rapidly changing, innovative and disruptive competitor, rote adherence to such standards may be anything than ‘best’ for you.
On the flip side, if your organisation is the one doing the disrupting through innovative technologies, processes or business models, you have more likely than not broken ranks with those still constrained by the prevailing governance models based on demonstrated best practice.
But if your organisation is rusted onto ‘best practice’, how can it adapt to the change to ensure survival? Through IEDs, enterprise IT, disruption and governance.
For many organisations, and irrespective of whether it is in-house, outsourced or in the cloud, IT underpins the operation of most (if not all) aspects of the organisation. In such instances, any assumptions about the interplay between IT and enterprise governance need to be carefully considered in a disrupted environment.
But just believing the organisation can head off on its merry way, leaving the CIO to take care of IT governance as well as delivering on the value from investments made in IT-enabled change, should be seriously questioned.
The case of the £1.5 billion capital shortfall announced by the UK’s Co-operative Bank in June 2013, which arose from a failed attempt to replace the Banking Group’s IT platform, offers valuable insights into the role of governance, disruption, the expectations of IT and in particular, the role of the CIO.
The bank’s response was to commission an independent review by Sir Christopher Kelly entitled ‘Failings in management and governance’.
For any CIO dealing with major technology transformation, there are few lessons to take away from this:
- Such initiatives should not be treated primarily as IT projects;
- You need to ensure the responsibilities for key deliverables by executives other than the CIO are clearly and explicitly stated
- The abdication of responsibility to the CIO by the board is a warning for future potential problems.
As an IT leader, what’s your approach to steering the organisation’s strategy in optimising ‘best practice’ when faced with disruption?
- How surfing dogs helped VetShopAustralia drive customer engagement
- Coyne takes up chief customer officer post at Stars Group
- CMO interview: What it takes to align with your CEO
- Nine digital and former marketing chief, Alex Parsons, announces exit
- CMO's top 8 martech stories for the week - 21 September 2017