The U.S. government established several IT governance laws and regulations after the nation experienced frauds in the past. Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act are the most notable ones. In this article at CIO, Kim Lindros shares FireMon CTO Paul Calatayud’s views on how to implement IT governance successfully.
Basic Facets of IT Governance
IT governance provides your company with a structure which helps it to check if the IT spending is realizing business benefits. Following are the key facts that Calatayud shared with Lindros:
Its essence lies in the structural alignment of your business and IT strategies. The standardized framework allows you to measure the performance of processes and functions. You also get to keep pace with your stakeholders’ demands while looking after the needs of the employees.
2. IT Governance and GRC—Two Sides of the Same Coin?
As per Calatayud, you can count IT governance and GRC as synonymous. However, if the chief information security officer (CISO) reports to CIO, GRC is based on IT. If the CISO is independent, GRC takes a more organizational approach in terms of security.
3. Why the Requirement?
Organizations must implement and comply with several international and corporate laws and regulations nowadays. To retain interests of stakeholders and customers, they must follow standard industry best practices.
4. Organizational Type That Fit the Bill:
Any organization, be it public or private, can establish IT governance. You need to devote a sizeable amount of time and effort to the implementation. Small businesses prefer to work in specific areas while the larger enterprises encourage the framework across the organization.
5. How to Start?
Start with a framework that many organizations have tried and achieved success. COBIT, ITIL, COSO, CMMI, FAIR are the most popular among all the known governance processes.
6. Choosing the Right Structure:
The basic function of a governance framework is to monitor the IT health of your company. If you are overwhelmed with the available options, go with the one that would fit your organizational culture the best. COBIT, FAIR, and COSO are used for risk management and ITIL for monitoring services and operations. You can use CMMI for software, hardware, services, and purchasing purposes. If needed, use more than one framework.
7. Tangible Outcomes:
Calatayud suggests that you create a risk management committee with all the business heads and sponsors. Also, share the project outcomes across the board so that all have clarity about the organizational ups and downs. Establish proper communication channels and hierarchies. Supervise the functions and processes closely. Take help from external advisors for better understanding.
To view the original article in full, visit the following link: https://www.cio.com/article/2438931/governance/governanceit-governance-definition-and-solutions.html