Killing the Evil Clown: Why IT Governance Belongs at the Board Level
Yannick Bartens, PhD
Head of Technology Governance & Strategy, CTB Technology & Transformation @ M.M.Warburg & CO
In today's digital age, information technology (IT) is the backbone of virtually every organization and businesses are defined by their technological prowess - effective IT Governance becomes a critical for success. But where should IT Governance reside within the corporate hierarchy? Many businesses relegate IT Governance to the IT department, assuming that IT experts should handle it. After numerous discussions over the past years, in this article, I will outline the compelling reasons behind this paradigm, revealing why IT Governance is not merely a technical matter but a strategic imperative that demands the board's unwavering attention. A former mentor once said to with regards to this matter:
Having IT Governance residing in IT is like having an evil clown deciding on one of the strategically most important matters of your enterprise.
Strategic Alignment
When IT Governance operates within the IT department, it often becomes isolated from the organization's strategic goals. Placing it under the board's purview ensures that IT decisions are tightly aligned with the overall business strategy. The board can oversee that IT investments and decisions are in harmony with the company's long-term objectives.
Risk Management
IT systems are susceptible to various risks, including cybersecurity threats and data breaches. A board-level IT Governance framework allows for a holistic risk management approach - boards are well-equipped to evaluate the business impact of these risks and implement measures to mitigate them effectively.
Accountability
Accountability is fundamental in IT Governance. When IT Governance is nestled within the IT department, there may be a lack of independent oversight. Placing it at the board level establishes accountability and transparency, as the board can demand answers and demand responsibility for the performance and strategic fit of IT.
Resource Allocation
Budget allocation for IT projects is a significant aspect of IT Governance. Decisions about where to allocate resources should align with the company's strategic priorities. A board's oversight ensures that resources are distributed wisely, with the best interests of the entire organization in mind.
Long-Term Sustainability
IT Governance is not just about immediate technological concerns. It's about securing the organization's long-term sustainability. The board, as the ultimate custodian of the company's future, is best positioned to ensure that IT investments are aimed at sustaining growth and competitiveness.
Regulatory Compliance
In an era of ever-evolving regulations, compliance is non-negotiable. Boards are ultimately responsible for ensuring the organization complies with these regulations. Placing IT Governance at the board level guarantees that legal and regulatory requirements are met with due diligence.
Innovation and Change
IT is an enabler of innovation and change. The board can encourage a culture of innovation by overseeing IT decisions. It can set the tone for embracing technology as a driver of positive transformation.
Board Expertise
Boards can bring in outside experts in IT Governance to advise and assist them in making informed decisions. This can be challenging if IT Governance is deeply embedded within the IT department.
In the era of digital evolution, the path to organizational success is drastically influenced by the ability to set up and execute IT Governance adequately. IT Governance must transcend its commonly seen traditional boundaries and rise to a position of prominence directly beneath the board. The benefits are clear: strategic alignment, comprehensive risk management, meticulous compliance, resource allocation that mirrors the business strategy, and a culture of innovation. Elevating IT Governance to the board level isn't just a pragmatic move; it's a necessity. In doing so, organizations can harness the true potential of IT as a driving force for their growth, longevity, and competitive edge in the digital age.
Michele Rochefort MARK THOMAS Steven De Haes Markus Sontheimer Mirco Diehl Ulrich Reidel Dr. Karsten Zimmermann Johannes Kresse Jacqueline Wild Jacqueline Guichelaar John Thorp Patrick Wild Triona O'Keeffe Andrea Smith Anestis Karagiannidis Catalin Barbulescu Hanno Boekhoff Timo Salzsieder Christian Rhino Peter Gantner Patrick Quellmalz Dr. Christoph Böhm Tilo Böhmann
Technology for People
6moDorothee Löser
Technology for People
6moIT has do get it done. Every CxO should have a closer look of the topics of IT Governance - without knowing what that is in detail. Technology is critical to every business. And it has a long history of failure. Empathy & real interest on both sides makes the difference.
Geography MSc | Enterprise Engineer | Wine specialist (Vinoloog)
6moRunning a business involves finding and operating a mix of human, financial, physical and digital resources that attracts and retains customers, returns a profit, and does not harm the planet. So the people responsible for this mix must be skilled in all these areas. In the past, many, if not all businesses separated the concerns of HR, Finance and Digital from the (physical) Factory, but over time most of us got used to hiring, coaching and appraising our own staff, steering our own revenues and cost, and investing in our appropriate digital technology. What remains today, are HR, Finance and IT teams that support ‘the business’ with standards that ensure the operation can be run as one (1) business. Think of standards for job descriptions and appraisals, accounting and investing, and digital security and enterprise architecture. So ‘the evil clown’ of separating Business from IT (and business projects from IT projects) is a sign of business management not fully mature in their digital competencies.
VP IT Business Relationship Management & Consulting | Kellogg-WHU Executive MBA Candidate
6moContentwise I agree, but regarding the wording I would disagree. It is the way how we often perceive IT Governance and this is being seen quite different on a global scale (as a police or as an enabler) At the end it is about the role of IT and we should avoid pushing IT into a direction where it just provides service delivery. But yet, I too often hear the words „demand delivery“. For me it is about joint accountability and therefore Tech/IT in whatever form needs to have a seat at the table. It means that IT has a Governance and Enabling role which is intrinsically interwoven into business.
Yannick Bartens, PhD I´d go one step further: as G in GRC is becoming an overarching function, as are digital trust and trustworthiness, it will likely need a full 2nd line support structure. Where IT is still separate from the fabric of general management, too many governance-related issues are likely to fall through the cracks simply because Board members are unable to fully understand them. In public companies, we are seeing increasing activity at the supervisory board (Aufsichtsrat, Verwaltungsrat) level where larger organizations are beginning to look for members with the requisite knowledge and competencies.