Seven mistakes in IT Governance and how to avoid them

Everyone makes mistakes , But when CIOs screw up , The consequences may be for the initiator and the whole IT Departments and enterprises have a devastating impact .

Information technology research group (Info-Tech Research Group) Donna, chief research officer · Bear (Donna Bales) Suggest ,IT Governance should be clearly defined 、 Clear understanding , And to reflect its corporate mission 、 The principles of vision and strategy .“ Good governance should delegate and empower individuals , In order to achieve some established results , Thus, it will help the enterprise to embark on its development direction .”

Despite the CIO's best efforts , But in IT There are still almost countless pitfalls in governance . It is extremely important to pay close attention to the following seven common mistakes , Even the most careful IT Supervisors can also make mistakes .

1、 Can't keep up with the growing business priorities

Business practices and priorities often change , To adapt to emerging technologies 、 Customer expectations and delivery needs of products and services . Bear warned ：“ Subsequent governance changes should be consistent and effective , This is crucial .”“ Organizations often fail to recognize this ( The need for ), And once governance is in place , It is seldom adjusted .”

Bell said , Adaptability should be taken into account when designing governance work , In order to ensure that IT Align with business objectives , Provide value sustainably , At the same time, it can effectively prevent the Department from potential risks .“ Effective governance ensures the right technology investment at the right time , To support organizational change and successfully achieve business results .” She added. .

Bell said , Governance should be your business DNA Part of —— Is the core of the enterprise , And it's unique .“ Your governance structure should be dynamic ,( Aimed at ) The triggers that enable the adjustment operation can be found , And its effectiveness should be continuously measured , In order to maintain correctness .”

2、 Poor risk planning

CIOs often launch strategic plans without fully considering all relevant risks . Global network security assessment agency Schellman Scott, head of encryption and digital trust services · perry (Scott Perry) say ：“ This leads to the idea of making governance an afterthought , Instead of making the governance approach an integral part of the risk management plan .”“ By that time , The governance structure was hastily established , Risk mitigation measures will be ineffective .”

Usually , The CIO drives some key initiatives without fully understanding whether the system can meet its strategic objectives .“ This may create risks , For example, technical loopholes 、 Uptime is limited 、 Continuity is affected and customers reject ,” Perry reminded me . Fully identify these risks early in the process , And address these risks as part of the overall governance plan through an orderly risk mitigation process , This is critical to the success of the strategic plan .

Perry suggested developing a monitoring plan , This includes risk assessment 、 Governance requirements established to reduce controllable risks , And internal and external audit procedures to measure compliance with governance requirements . He also suggested a residual risk assessment , To determine if there is any residual risk , And establish a plan feedback loop .

3、 Insufficient operational visibility

Although most CIOs have developed a complete and detailed governance plan , But many IT Supervisors lack the necessary operational visibility , To assess their enterprise's acceptance and practices of specific governance strategies and tasks . Business and IT Consultancy, Capgemini Americas Edge center of excellence (Edge Center of Excellence) The director of the Azadeh Dardras Express , Although many CIOs believe that all enterprise leaders can easily understand and understand IT Governance Strategy , But that's not the case .

Dardras Express , in many instances ,IT The Department works independently .“ If you don't know the background and results of your governance decisions , Then your strategy may have a negative impact on the business ,” She reminded that . If IT Governance does not touch and involve all important stakeholders , Especially the team members working in the enterprise business department , Key decisions may be made without adequate and appropriate consideration . “ This will seriously affect the work of relevant teams , And ultimately affect the entire business .”Dardras Pointed out that .

4、 Failed to put IT Governance is fully consistent with corporate governance

IT Executives often strive to complete projects as quickly as possible to meet specific business needs .“ To do so , They may not be able to properly engage the corporate governance team ( For example, the law 、 Compliance and information risk management team ) involved .” Insight and data management platform providers Aware Brian, chief legal and data protection officer · Mannyn (Brian Mannion) A reminder .

To prevent potential incoordination of governance work , CIOs should encourage them to IT Department representatives work regularly with the corporate governance team . At the tactical level ,IT Teams and corporate governance teams should regularly target new tools , And communicate with each other about new and enhanced features designed for existing tools . Teams should also propose and coordinate potential solutions to identified risks .

Mannian suggests , A standard set of minimum management measures should be identified and agreed .“ Last ,( Enterprises ) The governance team must have enough technology focused people to support IT Work .” He said .

5、 Use past methods to measure future progress

Many businesses continue to base performance-based service level agreements (SLA) To measure its IT Governance work . Unfortunately , These indicators are often lagging indicators .

Global technology research and consulting company ISG Digital strategy and Solutions Partner prasant · Kelk (Prashant Kelker) Suggest ,IT Governance should focus on leading indicators , And reflect future investments and expenditures . Leading indicators are a predictive measure . Leading indicators include revenue growth 、 Revenue per customer 、 The profit margin 、 Customer retention and customer satisfaction .

6、 Treat data as scrap

as everyone knows , Data has become a very valuable asset . For many information driven enterprises , Data is their most valuable asset . Silicon Valley digital engineering professional service company Apexon Chessen, director of digital transformation • Laxman (Chethan Laxman) call , For all that , There are still a staggering number of enterprises that always treat data as waste .

As data increasingly AIDS decision making , And digital innovation to automate more business processes , The value and integrity of data are becoming more and more important .“ All enterprises , Regardless of its size or industry , We need to change our ideas , No longer view data as a troublesome cost center , Instead, consider it reliable 、 Can be obtained 、 Safe and available assets .” Laxman said .“ After investing in data and Analysis , Business and IT Executives now urgently need to ensure good governance , To achieve operational efficiency 、 The goal of higher growth and better customer experience .”

7、 Ignore internal threats

long-range / Mixed office environment , Plus the record employee turnover rate , This makes internal threats a huge risk faced by enterprises of all types and sizes .

All types of internal threats can cause potential harm , Malicious employees and insiders working with external attackers can be particularly destructive .“ in fact , The average cost of an enterprise per internal accident is 644852 dollar ” Content security and governance platform providers Egnyte Chris, the chief security officer of • Rahiri (Kris Lahiri) Pointed out that .

Rahili suggested that IT Governance takes a holistic approach , Including giving priority to data security 、 Implement network security best practices and maximize user network education . He said , To establish an effective content governance plan , An in-depth understanding of structured and unstructured data is also extremely important .“ If you don't know the data , Then you can't manage it correctly .” Rahiri said .

Rahiri also suggested , Centralize data views to understand what is being accessed and who the visitors are .“ This will enable enterprises to identify malicious behaviors by identifying common user behaviors and patterns .”