Opinion: It's time to take IT governance seriously
LATEST NEWS
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
New Zealand needs more IT experience at board level, says Paul Matthews
By Paul Matthews | Auckland | Tuesday, 21 June, 2011 | 8 Comments
Whether we as an industry like to admit it or not, we have a problem when it comes to how IT is regarded in the boardroom and at the senior executive level of many New Zealand organisations. However, this is not an IT problem; this is an overall corporate governance issue and the consequence of failing to understand technology deployments at board level is significant.
There are two important reasons successful companies ensure there is IT and IT governance experience at their board level.
The first is around efficiency, innovation and competitive advantage. Technologists understand the value a good business-aligned IT strategy brings to an organisation. For example, the increased business opportunities in being the first supermarket offering online shopping, or the airline providing full-service online, or the increased yields by incorporating IT in farm or stock management. The possible scenarios are endless.
However, none of this is any good without IT vision and understanding at board level. Without a strong board driving IT strategy and supporting investment in technology, it becomes difficult for the CIO (if the company still has one that is!) to deliver the sorts of improvements in efficiency, service and competitive advantage that IT can and does deliver.
And if the board and senior executive team have no understanding of this potential there are two possible outcomes, both equally disastrous. Either they under-invest in IT, often disestablishing the CIO role and moving it into a purely operational mindset under the CFO, or they “leave it to the IT guys” without any form of mandate from the board, or strategy or governance.
As a technologist you might think this second option is acceptable, however companies have boards for good reasons — to provide organisation-wide strategy and oversight. Boards do not leave all financial aspects to the CFO or accountant and they should not do the same for IT.
The second issue is around the legal, regulatory and ethical responsibilities placed on directors and boards and this is often overlooked in New Zealand. Call this the “butt-covering principle” if you like.
Whether a company views IT as an investment or an expense, there is no getting around the fact that technology is expensive. Not just in terms of the cost to put it in place, but also the pay-off of driving a well-defined and superior IT strategy.
If you are a director, since 2008 there’s been a formal international standard (ISO/IEC 38500) that covers the corporate governance of IT. This means you could be found personally liable should things go pear-shaped, for not meeting your obligations as a director.
ISO/IEC 38500 sets out six principles for good corporate governance of IT, being Responsibility, Strategy, Acquisition, Performance, Conformance and Human behaviour. It also provides a framework of definitions, principles and a model for good governance of IT. It has a strong link to New Zealand, in that Wellington-based NZCS Fellow Alison Holt chaired the group that created the standard.
Conversely, if you’re a company director or CEO there is now an independent professional certification in IT in New Zealand called ITCP. And, if you don’t insist that the CIO and other senior IT executives are independently accredited under the ITCP programme and they are later found wanting, you could be held responsible by angry shareholders.
You probably, at least implicitly, insist that your company’s accountant is a CA, your lawyer is qualified and your builders and plumbers are certified; you would certainly be asking questions if you found out they weren’t. How, though would you explain to your shareholders after one of your software projects went belly-up why you didn’t insist on the same from the person with overall responsibility for one of your largest assets – your critical IT infrastructure? Not a good position to be in.
So what to do about it? There are three options and the best strategy is to utilise a little from each of them.
Firstly, you really should ensure that a portion of directors in your company have a senior IT background or familiarity with IT governance principles, in much the same way you’d always ensure a portion had good financial credentials.
Secondly, ensure all directors have undertaken at least base-level IT governance training and have some experience of governance of IT. NZCS now offers low-cost courses covering the basics of IT governance and ISO/IEC 38500 suitable for non-IT people as well.
And thirdly, if IT is important to an organisation’s ongoing operations and especially if the board lacks depth in IT, ensure that the board has an independent advisor in the same way good boards have independent advisors in other areas providing financial and legal guidance.
IT can be a scary topic for those that have little IT understanding or background in the profession. However it is time more local boards and the directors took their responsibilities in this area seriously to allow more of our companies to reap the rewards of a well executed and board-driven IT strategy.
To not do so provides significant unnecessary risk for both the company and its directors.
Matthews is Chief Executive of the New Zealand Computer Society
Comments
Some good points, some dubious points
I agree with Paul about the need for IT understanding at board level, and the importance of strategic guidance to ensure the organisation's IT people, services and products are aligned with the overall corporate goals, in the same way every other area of the business should be.
I strongly feel we need to move beyond talking about "the business" and IT as if they are somehow separate; for most organizations today it would be nigh-on impossible to do business without using their IT systems and the IT people need to star seeing themselves as business people with a technical bent.
On the certification issue I'm not convinced by Paul's arguments. Personally I have three professional certifications in IT as well as a Master's degree in Information Management, I pay annual subscriptions and have to prove ongoing professional development in all three certifications - why should I add the NZCS certification on top of those I already have (for a cost of approx $700 to again and retain the certification for the first two years). Nothing in the ICTP assessment will make me better at my job, and it replicates much of what I already have, would the NZCS disbar me from practice because I chose an internationally recognized bundle of certifications instead of theirs?
Posted by Shane Hastie at 7:59:43 on June 27, 2011
I strongly feel we need to move beyond talking about "the business" and IT as if they are somehow separate; for most organizations today it would be nigh-on impossible to do business without using their IT systems and the IT people need to star seeing themselves as business people with a technical bent.
On the certification issue I'm not convinced by Paul's arguments. Personally I have three professional certifications in IT as well as a Master's degree in Information Management, I pay annual subscriptions and have to prove ongoing professional development in all three certifications - why should I add the NZCS certification on top of those I already have (for a cost of approx $700 to again and retain the certification for the first two years). Nothing in the ICTP assessment will make me better at my job, and it replicates much of what I already have, would the NZCS disbar me from practice because I chose an internationally recognized bundle of certifications instead of theirs?
Posted by Shane Hastie at 7:59:43 on June 27, 2011
Some good points, some dubious points
Shane,
I'm not sure which your Certs are, however ITCP has a cross-recognition arrangement with other quality international professional accreditation programmes such as CP in Australia.
If you're referring to vendor or technical Certs, these are different things. An Accountant, for instance, might have their "Chartered Accountant" cert (like ITCP) but may also be certified to use specific tools (such as MYOB or Xero etc). This is not the same thing.
Hope that helps
Posted by Paul Matthews at 9:29:29 on June 27, 2011
I'm not sure which your Certs are, however ITCP has a cross-recognition arrangement with other quality international professional accreditation programmes such as CP in Australia.
If you're referring to vendor or technical Certs, these are different things. An Accountant, for instance, might have their "Chartered Accountant" cert (like ITCP) but may also be certified to use specific tools (such as MYOB or Xero etc). This is not the same thing.
Hope that helps
Posted by Paul Matthews at 9:29:29 on June 27, 2011
Selling ITCP again
Selling his ITCP again, yawn. Choose your standards, apply quality assurance lean and wisely and you don't need to rely on ITCP. Certification is union stuff protecting the mediocre
Posted by Anonymous at 9:20:59 on June 22, 2011
Posted by Anonymous at 9:20:59 on June 22, 2011
Selling ITCP again
True,only thing worse than an average IT employee is an average certified employee
Posted by Anonymous at 10:09:10 on June 22, 2011
Posted by Anonymous at 10:09:10 on June 22, 2011
Selling ITCP again
Another pair of anonymous twits rallying against standards and independent accreditation, yawn.
I guess the same goes for Engineers, Lawyers, Architects, Builders, etc, etc. Standards are only there to unionize and protect the mediocre, nothing to do with weeding them out at all.
Logic dictates and history shows that it's the mediocre that rally against standards and independent assessment against those standards and given the intellectual mastery of the anonymous clowns that pop up here throthing at the mouth whenever anyone talks standards I'd say that's a fair assessment.
Good on NZCS I say. It may not be perfect but it's the best we've got. For those that continue to promote IT as the haven of cowboys without standards, be warned: the rest of us have had enough
Time to grow up and act like professionals.
Posted by Anonymous at 13:36:27 on June 22, 2011
I guess the same goes for Engineers, Lawyers, Architects, Builders, etc, etc. Standards are only there to unionize and protect the mediocre, nothing to do with weeding them out at all.
Logic dictates and history shows that it's the mediocre that rally against standards and independent assessment against those standards and given the intellectual mastery of the anonymous clowns that pop up here throthing at the mouth whenever anyone talks standards I'd say that's a fair assessment.
Good on NZCS I say. It may not be perfect but it's the best we've got. For those that continue to promote IT as the haven of cowboys without standards, be warned: the rest of us have had enough
Time to grow up and act like professionals.
Posted by Anonymous at 13:36:27 on June 22, 2011
too true
There has been much talk of the need to align the IT function with the business. The theory being that if the IT function is heading in the same direction as the business it can begin to actually help, rather than hinder, the business to meet its wider objectives.
The reality is that IT departments are largely left to function in isloation with little or no impact on business strategy. Just take a look at the organisations recently that have disbanded the CIO position. And how many CIO's of the MIS100 have a seat at the top table reporting directly to the CEO?
As we move into the recovery of the economy, IT has a huge role to play to help business become more responsive, agile and efficient. The sad fact is many will not embrace this opportunity.
The purpose of running a business is to make the maximum possible return for the stakeholders. The purpose of the IT function is to facilitate, enable and support the business.
Posted by JB at 19:25:48 on June 21, 2011
The reality is that IT departments are largely left to function in isloation with little or no impact on business strategy. Just take a look at the organisations recently that have disbanded the CIO position. And how many CIO's of the MIS100 have a seat at the top table reporting directly to the CEO?
As we move into the recovery of the economy, IT has a huge role to play to help business become more responsive, agile and efficient. The sad fact is many will not embrace this opportunity.
The purpose of running a business is to make the maximum possible return for the stakeholders. The purpose of the IT function is to facilitate, enable and support the business.
Posted by JB at 19:25:48 on June 21, 2011
Real Actions
This article shouldn't be under the category "Opinion" as it provides at least two very real and true things we need to do to improve IT in NZ. One; board members/directors need to take responsibility under ISO/IEC 38500, and two; IT professionals should have ITCP certification to become accountable. Today we have free rein as we don't have accountability.
You know who you are - let's move forward NZ!
Posted by Scott Groombridge at 13:25:11 on June 21, 2011
You know who you are - let's move forward NZ!
Posted by Scott Groombridge at 13:25:11 on June 21, 2011
Almost
But HR probably rank a little higher. Everyone says their greatest asset is their people and the hardest thing to find but no one has their HR guys at board level - madness
Jack Welsh famously asked a large contingent of CEO level people at a presentation how many of them rated their people as their key asset - they all, bar none, put their hand up. He then asked how many HR people were there - Zero..........
"Bit #1:
"Look, HR should be every company's "killer app". What could possibly be more important than who gets hired, developed, promoted or moved out the door?"
Bit #2:
"If you owned Real Madrid, for instance, would you hang around with the team accountant or the director of player personnel? Sure, the accountant can tell you the financials. But the director of player personnel knows what it takes to win: how good each player is and where to find strong recruits to fill talent gaps."
Bit #3:
"Leaders need to put their money where their mouths are and let HR do its real job: elevating people management to the same level of professionalism and integrity as financial management."
Full article - http://www.telegraph.co.uk/finance/2942953/Winning.html
And lets face it, Jack didn't get alot wrong
Posted by Anonymous at 13:07:43 on June 21, 2011
Jack Welsh famously asked a large contingent of CEO level people at a presentation how many of them rated their people as their key asset - they all, bar none, put their hand up. He then asked how many HR people were there - Zero..........
"Bit #1:
"Look, HR should be every company's "killer app". What could possibly be more important than who gets hired, developed, promoted or moved out the door?"
Bit #2:
"If you owned Real Madrid, for instance, would you hang around with the team accountant or the director of player personnel? Sure, the accountant can tell you the financials. But the director of player personnel knows what it takes to win: how good each player is and where to find strong recruits to fill talent gaps."
Bit #3:
"Leaders need to put their money where their mouths are and let HR do its real job: elevating people management to the same level of professionalism and integrity as financial management."
Full article - http://www.telegraph.co.uk/finance/2942953/Winning.html
And lets face it, Jack didn't get alot wrong
Posted by Anonymous at 13:07:43 on June 21, 2011
MOST POPULAR
- NZ game industry: Govt support for development increasing
- Raspberry Pi arrives in New Zealand
- Video, connection costs major factors in broadband uptake: ComCom
- Spotify launches in New Zealand and Australia today
- NASA on 'brink of a new future' with SpaceX launch
- No more risk to privacy on Facebook, than web: MED
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
