In another post, I have shared an article of mine from 2010 on IT governance and internal audit.
But, has IT governance changed in the meantime?
I believe the principles are unchanged, but there are a few critical changes in how IT governance should be practiced, and the risks if it is not done well.
I would appreciate your thoughts on these points:
- Technology is even more essential to an organization than before. Not only is it critical to the provision of reliable, cost-effective, and quality business processes, but it is how organizations communicate with customers (including the end-customer) and it is changing the nature of the products and services that are offered. If technology is not part of strategy-setting, if it is not aligned with the business, the business may fail.
- Mobile applications mean that enterprise applications are coming to the palm near you. Employees will perform procurement and even IT security functions with smart phones and tablets. Are your organization's IT processes ready to provide change control over diverse mobile devices, each with a different operating environment and with the employee's personal applications in the same environment? (And, let's not forget security over the data on mobile devices).
- Business is getting faster and decisions have to be made at speed. Does IT provide reliable, quality, timely, and current information to the manager — wherever he is — in a form that can be used? Can the manager review the information and obtain answers to two or three follow-up questions? Quickly?
- Apps used in the business can be acquired quickly and inexpensively. Are the IT governance processes for selecting and acquiring such apps effective, or are they bureaucratic so that employees bypass IT? Is IT even involved in selecting apps used in the business?
I would appreciate your views.
Have the principles for IT governance changed? Should the practices for IT governance change? How much should the board be involved?