IT governance takes its place at the boardroom table
The way in which information is stored, secured and used has become critical in the context of King III’s governance guidelines. For the first time, responsibility for IT governance has been escalated to the company boardroom.
King III recognises that IT is a strategic asset to the company, as well as being a business enabler. At the same time, it presents organisations with significant risks. These assets and risks should be well governed to ensure that IT supports the strategic objectives of the organisation.
“The good news,” says Sean Paine, director of EnterpriseWorx, “is that King III confirms that the interests of the business and the IT department do not run in separate silos; in fact they intersect.”
The growing global focus on IT governance has come about largely for two reasons. One is the increasingly central role that IT plays in an organisation. The other follows from compliance initiatives such as Sarbanes-Oxley in the USA, Basel II in Europe and King III, which became effective in South Africa in March 2010, and has – for the first time – included a section on IT governance.
As a result, the need to manage information has become a priority for businesses, and IT issues are taking up time in the boardroom. “In essence, this means that IT must become a transparent business tool,” says Paine. “It can no longer remain the preserve of rarefied IT gurus and be expected to function independently. In short, the board must understand the role of its information resources in maximising business revenue and profits.”
King III states that IT should be aligned with the performance and sustainability objectives of the company. IT should support and enable the business strategy, deliver value and improve performance. The board should ensure that its information and intellectual property are protected and managed effectively to ensure their confidentiality, integrity and availability.
“The starting point,” says Paine, “is to ensure the integrity of the information. This involves putting the necessary rules and structures in place to ensure that the company’s data is consolidated, integrated and accurate.
“Data integrity means consistent and authentic data that makes it possible to formulate predictions and make well-informed decisions.”
According to King III, the board should ensure that the company’s information assets are managed effectively. “If the IT department is doing its job efficiently by following the steps laid out in the DAMA Data Management Body of Knowledge, for example, it will go a long way towards achieving this objective,” says Paine.
Data management, as part of enterprise content management, covers areas from data architecture, analysis and design, through database management, data security, data quality and data warehousing to business intelligence (BI).
“However, data governance goes beyond this,” says Paine. “It is the set of processes that needs to be put in place to ensure that the data assets are consistently managed throughout the organisation. It is about being proactive and preventing possible data problems arising.
“Once sound data management and governance is in place, BI tools can be used to assign key performance indicators to critical business drivers so as to measure performance against these. In short, BI can be used to ensure that the company’s operations are aligned with the board’s strategic objectives.
“The benefits of IT governance include improved data security and increased confidence in the accuracy and credibility of the data, along with establishing individual accountability and creating performance benchmarks against which to measure progress towards achieving corporate goals.”