Four Ways to Realign IT Governance for Flexibility and Agility without Compromising Security

IT governance entails laying down policies, processes, and tools to ensure robust operations. Innovation is critical for competitive differentiation. But enterprises pursuing innovation often encounter a roadblock in IT governance.

Traditional IT governance values stability, availability, and predictability over risk-taking or improvisation. IT governance becomes a way of controlling or restricting things that could go wrong. For instance, if a new process comes with a security risk, governance would limit such a process. Users have to go through multiple hoops to get things done. Such an approach stifles risk-taking and innovation. It makes the enterprise incapable of moving fast to fulfil market demands and blunts competitiveness. The business suffers from lost opportunities, low growth, customer discontent, and profit erosion. But, doing away with the restrictions imposed by IT governance is also dangerous. Compromising security risks cyber attacks, attracting fines, reputation loss, and customer base erosion.

Here are four ways to reconcile IT governance with enterprise agility and innovation.

1. Use guardrails for risk management

Traditional enterprises apply IT governance as roadblocks or humps. Smart enterprises overhaul their systems for adaptability and speed. They position IT governance as guardrails. 

  • Empower employees to undertake tasks and make them accountable for such tasks. Employees get decision-making powers combined with accountability. They also get role clarity. Individuals receive clear-cut roles and responsibilities. They have freedom to undertake tasks within their responsibilities.
  • Lays down procedures, guidelines, and checklists to acceptable quality standards and compliance.
  • Embed risk assessment into decision-making processes. Use workflow tools to automate adherence to rules and regulations.
  • Apply validations instead of restrictions. For instance, shadow IT impedes network security, hampers network visibility, and creates silos. Such concerns are still valid. But restrictions on shadow IT inhibit business executives from setting up ad hoc resources. Business exigences may necessitate ad hoc resources to seize an opportunity. Routing the resources through the IT team would lead to missing the opportunity. Approaching governance as a guardrail empowers the executive to deploy cloud and other resources. The employee may validate these resources with the enterprise security policies.

2. Embrace agile

Enterprise agility is the ability to adapt to the business environment and respond to customer feedback in double-quick time. Complex IT governance and approval processes become barriers to rapid change. Often, unclear and conflicting priorities compound the barriers and impede agility. Forward-looking enterprises change their approach to IT governance to make their enterprise agile. They:

  • Adopt less formal policies to improve flexibility and responsiveness of enterprise systems, and enable improvisation as per situational needs.
  • Review workflows. Many enterprises remain struck with workflows, and work habits developed over the years. Such legacy workflows run at cross purposes in today’s fast-changing business environment.
  • Put in place policies that enable shorter software development cycles.
  • Empower teams to manage risks. Delegate authority to the lowest possible levels. Establish guidelines on the risk scenarios that need discussion with senior leaders.
  • Develop policies, procedures, and tools specific to agile development. Tweaking legacy rules, framed for monolithic application deployments, becomes counterproductive. Conventional governance structures mandate committee reviews and approvals for planned software releases. This is a significant roadblock for agile. Instead, empower product owners to manage roadmaps, and empower product teams to decide. Make these teams accountable for their choices.

Here is how to develop a data governance model that delivers value.

3. Make IT policies flexible

A one-size-fits-all approach to governing IT initiatives is a recipe for disaster in today’s age of flexibility. Traditional IT governance is a hangover from the days of centralized processing and mass storage. The best governance model now depends on the specific circumstances of the enterprise. The governance model for, say, a toy manufacturer differs from the governance model for an insurance company. Business goals differ for each initiative, even within the same enterprise.

  • Embed flexibility into IT governance. Blunt one-size-fits-all approach leads to shadow IT, and compliance, and regulation dereliction.
  • Tailor IT governance strategy, especially risk mitigation approaches and management oversight, at the enterprise or functional level, as appropriate.
  • Decentralize IT governance responsibilities. Empower functional divisions to decide on the appropriate IT governance measures, using the overall corporate strategy as guidelines. The IT team become facilitators rather than enforcers.
  • Break down application development into small iterations, to enable rapid changes.

4. Reinvent IT governance models

Competitive pressures blur the difference between functional IT and IT as a core business process. For many start-ups in today’s digital era, the business model or operations do not go beyond IT.

To ensure IT governance model reflects the new reality of IT as a core business activity rather than as a functional department:

  • Capture the business value of IT applications and processes. Define metrics to measure business value. Examples of such metrics include “net revenue increases,” “OPEX reduction levels,” “productivity improvement metrics, and more. Risk mitigation and network security, the key focus is on traditional IT governance, also become part of business value.
  • Strive for simplicity. As the adage goes, KISS. Keep it short and simple. Having clear and concise goals of IT Governance makes the model understandable and executable.
  • Do not override the basics of IT governance, such as security, access authorizations, backups, and more, in the rush to reinvent new models for Industry 4.0. 
  • Ensure robust data management framework as the core of IT governance framework for Industry 4.0

The general perception is that IT governance prevents anyone from getting anything done. The issue with IT governance is not the concept per se, but the model of governance applied. Formal and traditional models of IT governance have become obsolete for the new realities. The need for the hour is a fresh approach towards wise governance. CIOs have to push for a frictionless governance model that supports innovation and makes the enterprise more adaptable to constant market changes. IT governance stays relevant when it enables enterprises to leverage the latest technology without getting in the way.

Tags:
Email
Twitter
LinkedIn
Skype
XING
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.