Ineffective governance has a substantial impact on business alignment and risk management. Malformed alignment can result in improper identification of sensitive data, critical services and substandard security controls. Additionally, impaired alignment between the enterprise and information technology (IT) enfeebles communication and priorities, resulting in poor allocation of resources and a lack of transparency in actual risk reduction. Common enterprise governance issues comprise obscure or ill-defined risk thresholds, a false sense of confidence, and inadequate performance measurement.
Subsequently, weak governance processes result in deficient management of IT-enabled investments throughout their economic lifecycle. Strong governance of IT can extend business value by optimizing risk and managing resources to support the organization’s mission, goals and objectives. Many companies misunderstand IT governance's purpose and value because few qualified professionals are adept in IT governance. However, governance and assurance professionals can change this perception via strategic alignment and the effective use of governance enablers such as principles, processes and policies. Additionally, via the employment of information and technology, enterprises can tailor the governance of enterprise IT (GEIT) framework to optimize its people, skills, and competencies and improve their culture, behavior, and ethics. By aligning assurance functions like risk management, IT audit and cyber, organizations can create strong governance. Assurance helps companies create plans toward optimizing business goals, establishing alignment and reducing risk to enterprise objectives.
What is Governance?
Most enterprises exist to provide services to create value for their customers, stakeholders and shareholders. Enterprise processes emanate from the enterprise's mission, objectives and strategy. Through organizational structures and leadership, companies can establish objectives that support their mission and satisfy their stakeholders and customers. The board of directors establishes the strategy, and the enterprise derives its principles from this plan. Next, organizational leaders can support the company's objectives and prioritize decision-making by evaluating the risk and benefits associated with various investments. Lastly, senior managers identify the capabilities that contribute value to the company's strategy.
Assurance Accountability and Business Performance
Governance ensures the company conforms to applicable laws and regulations and establishes mature organizational structures to help enforce due care and due diligence. For example, due care describes how a coherent individual with similar aptitudes would act under comparable conditions. Additionally, due diligence is the process that succeeds due care and protects the company against negligence. Furthermore, due diligence is a legal mandate that requires companies to take appropriate measures to reduce risk and conform to applicable laws. One aspect of governance deals with assurance accountability and ensures the board and senior managers execute the appropriate procedures. The second aspect of governance deals with performance. Performance assures the company can create value, measure success, meet enterprise objectives, and ensure stakeholder satisfaction. This component of governance focuses on the company's ability to optimize resources and manage risk to the company's objectives.
What is Governance of Enterprise IT (GEIT)?
GEIT leverages critical assets like human, financial, physical, intellectual property, information, and relationship assets to create the IT governance framework. The GEIT framework relies heavily on the enterprise's organizational structure and culture. Enterprises acquire a framework and tailor it based on their needs. The goal of GEIT is to leverage technology to support and optimize company needs. Businesses should pursue a GEIT framework if they need to optimize resources, establish effective communication and manage risks to enterprise objectives. GEIT helps senior managers address common pain points like applicable laws, regulations, and compliance. Additionally, GEIT helps enterprises satisfy internal and external stakeholder needs. IT governance empowers companies and helps establish and monitor accountability for IT activities to ensure IT-enabled investments support enterprise objectives. Furthermore, GEIT can uncover underlying issues that have existed for years. These issues can result in unidentified risks such as revenue loss and services that seldom create value for the business.
The Value of GEIT
Many companies misunderstand IT governance's purpose and value because few qualified professionals are adept in IT governance. For example, there are fewer than 10,000 professionals who hold the Certified in the Governance of Enterprise IT (CGEIT) credential worldwide. Governance and assurance professionals must have an adequate understanding of how IT supports company goals and optimizes IT-enabled investments. Adequate comprehension allows assurance professionals to determine if technology creates value and reduces risks to enterprise goals and objectives. From a due care perspective, the board and senior managers are responsible for the effective governance of IT. Furthermore, business managers and IT should collaborate to meet company objectives. GEIT extends the mission and strategy throughout the organization and directs IT processes to ensure technology aligns with objectives. Subsequently, GEIT enables companies to take advantage of opportunities and maximize their return on IT investments.
Many enterprises consist of a mix of technical and non-technical professionals who struggle to communicate and establish priorities. Modern research highlights a positive relationship between the enterprise and IT when measuring GEIT's impact on appropriate training, stakeholder involvement, and IT performance. Today, most companies rely on IT-enabled investments to provide value for its customers and stakeholders. Therefore, it is important that companies realize that ineffective communication and misalignment can result in inefficient use of resources. Additionally, inadequate communication and alignment can create material risk to enterprises' mission and objectives.
Effective governance can help companies prevent fraud and data breaches. On the other hand, poor governance, inefficient communication and conflicts of interest are barriers to strategic alignment and risk reduction. GEIT helps companies translate their mission and goals into IT objectives and create stronger alignment for the company and IT. Governance and assurance professionals can change the perception of GEIT by demonstrating its ability to identify problems and underlying issues. Effective IT governance encourages companies to utilize existing processes and enablers to reduce risk, optimize resources and create value.
Editor’s note: ISACA is updating the content outline for its CGEIT certification exam to reflect the evolving technology environment, as well as the knowledge and skills that today's professionals need to strengthen governance at their organizations. For more information about the changes, see our FAQs.
Author’s note: Blake Curtis began his career in IT in 2009 and has over ten years of experience in engineering, networking, virtualization, IT service management, cybersecurity, and risk management. Blake is from Nashville, Tennessee, USA, and currently serves as an Information Security & Compliance Adviser for Cigna's Global Security Assurance Team. He advocates for continuous education and has over 15 industry certifications across diverse disciplines. Blake's primary interests exist within Governance, Risk, and Compliance, and he emphasizes the significance of acting as the bridge between the enterprise and information technology. Blake's hobbies comprise music production, Stoic philosophy, Trivium, and online gaming. Blake is currently completing his doctorate degree in cybersecurity at Capitol Technology University. To learn more about Blake Curtis, contact him at http://www.linkedin.com/in/reginaldblakecurtis.