IT Governance in a Government Environment

Having an IT governance structure allows a greater ability to govern risk at an acceptable level depending on the organization’s risk appetite. In the government environment, risk tolerance is much less. This is evident by the number of compliance and regulatory frameworks imposed on public entities. Managing multiple, potentially competing regulations, is facilitated through IT governance.

Within the various stages of IT initiatives, risk and compliance can be assessed at the strategic investment level, throughout project management and post-implementation support. Governance can be applied at many stages such as policy creation, stakeholder oversight, sourcing strategies and legal counsel consultation. These integration points will minimize risk and ensure legal compliance. Additionally, governance can help deconflict and reconcile regulatory requirements through proper data governance and classification strategies.

How do I begin to implement IT Governance?

Beginning IT governance implementation may seem daunting. However, there are key areas that government organizations can start with that will yield immediate benefits. In order for any governance initiative to succeed, support from the highest levels of management is needed. Endorsement from elected officials and executive staff is critical to effectively changing the organization’s culture to have greater involvement among business leaders and IT. Winning over support at the top is best accomplished by referencing two key points. Demonstrating how IT will not only improve the organization’s efficiency (financial) but also how it can reduce risk the organization (liability).

Elevating IT discussions is made possible through the establishment of ownership and clear communication channels through governing bodies comprised of both IT and business decision-makers. The recommended approach is to create cross-departmental governing bodies with the appropriate level of management representation. One model that works particularly well is to have an executive IT council that is supported by a policy and standards committee. The hard work to establish good IT policies and technology standards occurs within these committees. The final polished product is then given to the executive council for endorsement and acceptance across the organization.

Final Thoughts

Having held careers in many public sector organizations, I have observed the most successful IT departments are the ones where the entire organization has embraced IT governance and elevated its importance to the top elected officials. IT cannot be treated as a separate cost center hidden in the basement of a building. IT is now a crucial function that can build or ruin an organization more so now than at any other time in the past and should be respected and discussed at every level. IT governance is the structure by which these discussion and decisions can be effectuated. Key IT decisions can then be made in an informed manner that will have more direct impact to the success of any organization.