Why best practice is risky
A well-governed organisation implies that it operates within an appropriate framework of structured controls, policies and processes, all driven by best practice. But is this really what is needed in a time of disruption and change?
Governance frameworks exist for almost every aspect of an organisation to ensure it operates as intended, and in support of its overall mission.
Entire industries thrive on the evolution, implementation and maintenance of these governance frameworks, which underpin the development of published standards.
Mature governance frameworks embody so-called ‘best practice’, which implies the adoption of these frameworks will help the organisation achieve its goals with a higher degree of reliability.
Indeed, the Oxford dictionary defines ‘best practice’ as: “Commercial or professional procedures that are accepted or prescribed as being correct or most effective”.
Selecting, adapting, designing and integrating the various governance frameworks across the organisation is no trivial task, and is especially important for organisations with an enterprise-wide dependency on IT.
In an environment that is not changing very rapidly, or has a very high cost of failure, such as commercial aviation, accepted ‘best practice’ generally makes sense and with good reason.
If followed, best practice maximises the likelihood of the intended results being achieved. After all, the ‘recipe’ has been shown to work, and is often backed by evidence that reinforces adherence to the relevant standard yields results. Reinventing the wheel is a potentially risky and expensive process.
But does best practice + disruption = worst outcome?
Accepted ‘best practice’ may no longer be up to the task in the face of fundamental technological or marketplace disruption. If your organisation is dealing with a rapidly changing, innovative and disruptive competitor, rote adherence to such standards may be anything than ‘best’ for you.
On the flip side, if your organisation is the one doing the disrupting through innovative technologies, processes or business models, you have more likely than not broken ranks with those still constrained by the prevailing governance models based on demonstrated best practice.
But if your organisation is rusted onto ‘best practice’, how can it adapt to the change to ensure survival? Through IEDs, enterprise IT, disruption and governance.
For many organisations, and irrespective of whether it is in-house, outsourced or in the cloud, IT underpins the operation of most (if not all) aspects of the organisation. In such instances, any assumptions about the interplay between IT and enterprise governance need to be carefully considered in a disrupted environment.
But just believing the organisation can head off on its merry way, leaving the CIO to take care of IT governance as well as delivering on the value from investments made in IT-enabled change, should be seriously questioned.
The case of the £1.5 billion capital shortfall announced by the UK’s Co-operative Bank in June 2013, which arose from a failed attempt to replace the Banking Group’s IT platform, offers valuable insights into the role of governance, disruption, the expectations of IT and in particular, the role of the CIO.
The bank’s response was to commission an independent review by Sir Christopher Kelly entitled ‘Failings in management and governance’.
For any CIO dealing with major technology transformation, there are few lessons to take away from this:
- Such initiatives should not be treated primarily as IT projects;
- You need to ensure the responsibilities for key deliverables by executives other than the CIO are clearly and explicitly stated
- The abdication of responsibility to the CIO by the board is a warning for future potential problems.
As an IT leader, what’s your approach to steering the organisation’s strategy in optimising ‘best practice’ when faced with disruption?
- Translating Security Leadership into Board Value : Download Now
- Everything You Need to Know About Cyber Threats But Were Too Afraid To Ask: Download Now
- Emerging Cyber Threat Summit | Cybersecurity strategy for business leaders in the digital age | 6-8 June | Sydney | Get the agenda
- Advanced endpoint protection test report : Download Now
- CSO Webinar: Business Email Compromise | Head of Fraud Risk Strategy - ANZ Bank, Australian Centre for Cyber Security & more | Register now
- Security Exhibition & Conference | Intelligent Strategies for Australia’s Security Industry 26-28 July 2017 | ICC Sydney, Darling Harbour | Find out more
- 22 Experts Share How to Communicate Security Program Effectiveness to Upper Management : Download Now
- Network Professionals Survey with Computerworld Australia Enter this survey and you could WIN one (1) of two (2) Microsoft Surface Pro 4 128GB Tablet valued at AU$999 each. *Terms & Conditions Apply
- Matt McGrath switches off Network Ten, turns on Deloitte
- Nudge nudge, wink wink: How far is too far in influencing consumer behaviour?
- Samsung hunts for new CMO following Newton's departure
- CMO's top 8 martech stories for this week - 25 May 2017
- Qantas CMO: What it's taking to evolve our customer experience