Thomas P. Gresham, Assistant Director, County of Santa Barbara
What is IT Governance?
IT governance is a framework that enables organizations to realize the full benefits of IT investments. IT governance promotes transparency of IT value to the topmost levels of executive management as well as elected officials. It allows for prioritization and informed decision making at an elevated level. Governance aligns the function of IT directly to the organization’s most critical business operations. Particularly important in the public sector, IT governance enables an organization to implement and track compliance and other regulatory requirements at several stages within IT.
Operational & Fiscal Benefits
Organizations have become more reliant on IT to enable business operations, including critical mission functions. Thus, the activities undertaken to change IT have a cascading effect on the organization’s health and viability. Aligning IT operations to the priorities and critical functions of an organization will direct the appropriate focus and level of resources to best support the most important areas. Similarly, IT operations that have no direct alignment or benefit to the organization’s mission can be identified and reduced if not eliminated.
Financially, IT governance allows the ability to realize the benefits of IT as they are tied directly to overall business objectives. Tracking and managing the performance of IT directly to the outcome of the business operations allows for greater alignment and demonstrates realized value. With the constant pressure to cut costs and streamline government operations, IT governance provides greater insight into how IT is managed, allowing for strategic cuts rather than large general reductions.
Benefits to Risk Management and Legal Compliance
With the everchanging threat of cyberattacks, privacy law and compliance frameworks, the ability to delivery IT services becomes difficult, especially in the public sector.
I have observed the most successful IT departments are the ones where the entire organization has embraced IT governance and elevated its importance to the top elected officials
Having an IT governance structure allows a greater ability to govern risk at an acceptable level depending on the organization’s risk appetite. In the government environment, risk tolerance is much less. This is evident by the number of compliance and regulatory frameworks imposed on public entities. Managing multiple, potentially competing regulations, is facilitated through IT governance.
Within the various stages of IT initiatives, risk and compliance can be assessed at the strategic investment level, throughout project management and post-implementation support. Governance can be applied at many stages such as policy creation, stakeholder oversight, sourcing strategies and legal counsel consultation. These integration points will minimize risk and ensure legal compliance. Additionally, governance can help deconflict and reconcile regulatory requirements through proper data governance and classification strategies.
How do I begin to implement IT Governance?
Beginning IT governance implementation may seem daunting. However, there are key areas that government organizations can start with that will yield immediate benefits. In order for any governance initiative to succeed, support from the highest levels of management is needed. Endorsement from elected officials and executive staff is critical to effectively changing the organization’s culture to have greater involvement among business leaders and IT. Winning over support at the top is best accomplished by referencing two key points. Demonstrating how IT will not only improve the organization’s efficiency (financial) but also how it can reduce risk the organization (liability).
Elevating IT discussions is made possible through the establishment of ownership and clear communication channels through governing bodies comprised of both IT and business decision-makers. The recommended approach is to create cross-departmental governing bodies with the appropriate level of management representation. One model that works particularly well is to have an executive IT council that is supported by a policy and standards committee. The hard work to establish good IT policies and technology standards occurs within these committees. The final polished product is then given to the executive council for endorsement and acceptance across the organization.
Having held careers in many public sector organizations, I have observed the most successful IT departments are the ones where the entire organization has embraced IT governance and elevated its importance to the top elected officials. IT cannot be treated as a separate cost center hidden in the basement of a building. IT is now a crucial function that can build or ruin an organization more so now than at any other time in the past and should be respected and discussed at every level. IT governance is the structure by which these discussion and decisions can be effectuated. Key IT decisions can then be made in an informed manner that will have more direct impact to the success of any organization.