IT Governance

IT Governance: Guidelines for Directors

ALAN CALDER
Copyright Date: 2005
Published by: IT Governance Publishing
Pages: 182
https://www.jstor.org/stable/j.ctt5hh6pw
  • Cite this Item
  • Book Info
    IT Governance
    Book Description:

    This book is an essential read for those sitting on the board of any organisation that wants to secure its information, its intellectual property and its competitive advantage. Written for a non-technical, commercially-minded audience, this book offers a comprehensive introduction to the critical subject of IT governance.

    eISBN: 978-1-905356-02-7
    Subjects: Business, Technology

Table of Contents

  1. Front Matter
    (pp. 1-3)
  2. About the author
    (pp. 4-4)
  3. Table of Contents
    (pp. 5-8)
  4. INTRODUCTION
    (pp. 9-18)

    ‘Can IT alien with the business?’¹

    Your immediate response to this question gives a sense of the adequacy or otherwise of your IT governance arrangements. If you think it’s a good question, one worth pursuing, then you’ve just identified the first, and most critical, symptom of inadequate IT governance: a disjunct between your most important business enabler and the business itself.

    If you find the question incomprehensible – because, to you, it’s axiomatic that IT aligns with the business – you may not need this book. However, before putting it aside, consider this: a late-2004 global study² of North American...

  5. CHAPTER 1: WHY IT GOVERNANCE MATTERS
    (pp. 19-32)

    In the 21stCentury. IT governance is, within the broader corporate governance context, critical for all organizations. Those without an IT governance strategy face significant risks: those with one perform measurably better.

    The ‘greed is good’ business philosophy of the 1980s and 1990s seemed to give way, at the end of the 20thCentury, to a ‘looting is good’ approach. Catastrophic financial failure is, of course, a characteristic of the business cycle Looting has happened before: BICC and Maxwell Communications are good examples. Corporate collapse, originating in a failure of internal control, has happened before: Baring is an instance. The...

  6. CHAPTER 2: GOVERNANCE AND RISK MANAGEMENT
    (pp. 33-55)

    Chapter one observed that corporate governance is overtly concerned with board structure, executive compensation and shareholder reporting, but the underlying assumption is that theboardis responsible for managing the business and controlling the risks to its assets and trading future. Governance matters, and not just to the press: 20 out of the 30 largest European asset managers now factor governance into their investment assessments; institutional shareholders (particularly in the US and UK) are increasingly militant, with big pension funds under government pressure to exercise their votes in favour of effective corporate governance; and the regulatory objectives of governments across...

  7. CHAPTER 3: INTELLECTUAL CAPITAL
    (pp. 56-71)

    ‘What's new? Simply this: Because knowledge has become the single most important factor of production, managing intellectual assets has become the single most important task of business.’40

    Most people are aware that, for most organizations, the value of their tangible assets – land and buildings, plant and machinery, cash and so on – is different from the value of their intangible assets – the ones not carried on their books. The value of the intangible assets is usually taken, in simple terms, as being equal to the difference between the net book value of the business and its current market...

  8. CHAPTER 4: COMPLIANCE
    (pp. 72-91)

    Privacy and data protection are linked and relatively new business issues which are now a global business imperative. The origins of worldwide data protection legislation are in a report, produced by Sir Kenneth Younger in the UK in 1972, which attempted to tackle the potential risks to privacy posed by the growing use of computers to process personal information. Personal privacy was enshrined in the 1948 Universal Declaration of Human Rights, was further entrenched in the 1950 European Convention for the Protection of Human Rights and Fundamental Freedoms and, in a further advance, included in the Charter of Fundamental Rights...

  9. CHAPTER 5: INFORMATION RISK
    (pp. 92-110)

    All organizations possess information, or data, that is either critical or sensitive. As discussed in Chapter 3, this information is a substantial component of the organization’s intellectual capital. In the ‘Information Security Breaches Survey 2004’, the UK Department of Trade and Industry commented: ‘information is widely regarded as the lifeblood of modem business.’ 87 percent of businesses now identify themselves as ‘highly dependent’ on electronic information and the systems that process it.

    Threats in the digital world, as in the analogue one, originate with people. These people fall into five groups:

    Criminals (thieves, fraudters, organized crime),

    Malefactors (hackers, vandals, terrorists,...

  10. CHAPTER 6: SYSTEM DEPLOYMENT AND PROJECT RISK
    (pp. 111-119)

    The fast-changing information economy drives organizations to continuous information innovation, to find new ways of manipulating information to identify new avenues for competitive success. This, combined with relentless cost pressure, drives organizations to attempt continuous system and process improvement, usually expressed in the form of system upgrades, system development, or system deployment. Increasingly, organizations ‘bet the farm’ on the successful development and deployment of new systems, in a business environment that can change so fast that the original assumptions on which a project’s rationale were based can become fatally undermined prior to its completion.

    These projects have ceased to be...

  11. CHAPTER 7: DESIGNING AN IT GOVERNANCE FRAMEWORK
    (pp. 120-141)

    While there are certain immutable principles of good governance – accountability, shareholders’ rights and transparency – every organization has to design and implement a corporate governance framework that fits with its own business culture, business strategy and business model. There’s no ‘one-size-fits-all solution to corporate governance.

    Practically speaking, every best-practice corporate governance framework is likely to have a number of elements in common, including: separation of the roles of Chairman of the Board and CEO, with the Chairman likely to be non-executive and probably not a past CEO of the organization; a majority of outside or non-executive directors on the...

  12. CHAPTER 8: IT GOVERNANCE IN ACTION
    (pp. 142-161)

    Guideline for Directors: unless and until you have a working IT governance framework in place, you should not invest a cent (in any currency) in any of the increasing number of ‘IT governance solutions’ available from IT vendors. IT governance is about the internal organizational structure for making decisions about using IT to improve the organization’s competitive position; software ‘solutions’ can’t create this structure if it doesn’t already exist.

    This chapter is about the implementation of an IT governance framework that was designed following the guidelines suggested in the previous chapter. IT governance is NOT a framework for how the...

  13. CHAPTER 9: ISSUES FOR THE PUBLIC SECTOR AND NOT-FOR-PROFIT ORGANIZATIONS
    (pp. 162-169)

    Public sector and not-for-profit organizations face all the same external challenges as do private sector organizations – all the issues discussed in the earlier chapters of this book – but they have some additional challenges unique to themselves which require specific additional governance decisions.

    ‘Public sector organization’ is a term that includes a wide variety of organizational types, ranging from central government, through non-governmental organizations to local government and inter-governmental bodies. And these organizations are engaged in a range of activities, from policy making through government to health, defence, intelligence, education, social services and regulation. The public sector probably contains...

  14. CHAPTER 10: IT’S ALL ABOUT LEADERSHIP
    (pp. 170-176)

    The IT Governance Institute recently observed that, while boards are happy to focus on strategy and strategic objectives, they are far less happy to deal with IT, even though IT is so fundamental to business success. It identified three reasons for this state of affairs:

    ‘IT requires more technical insight than do other disciplines to understand how it enables the enterprise and creates risks and opportunities.

    IT has traditionally been treated as an entity separate to the business.

    IT is complex, even more so in the extended enterprise operating in a networked economy.’66

    This statement is kind, and true –...

  15. FURTHER READING
    (pp. 177-178)
  16. USEFUL WEBSITES
    (pp. 179-182)