The document discusses issues for boards of directors to consider regarding information technology (IT). It recommends that boards provide oversight of IT as IT is critical to most organizations and carries risks. It also recommends using formal IT governance frameworks to align IT with business strategy and ensure accountability. The document provides examples of current and emerging IT trends and issues for boards to discuss with management.
2. 1. Is IT a Topic for the Board?
2. Current and Emerging IT Trends
3. IT Governance
4. Questions to Ask Your CEO
5. Questions / Comments
3. ◦ Technical
◦ Focused on formal governance frameworks
◦ Beyond the scope of any Corporate Director
4. Most organizations are highly dependent
upon their IT systems
Major IT initiatives involve major risks, large
capital expenditures, and significant trauma
to the organization
The pace of technology change continues to
be very fast
5. “IT Governance is the responsibility of the
board of directors and executive management.
It is an integral part of enterprise governance
and consists of the leadership and
organizational structures and processes that
ensure that the organisation’s IT sustains and
extends the organisation’s strategies and
objectives.”
IT Governance Institute
6.
7. What is It?
◦ The demand for IT continues to increase
◦ Colleges are producing fewer IT graduates
◦ “Boomers” are starting to retire
Why is it Important?
◦ Supporting legacy applications is becoming more
difficult
◦ Recruitment and retention of human resources with
the necessary skill sets in new technologies is
becoming more difficult
8. What is It?
◦ Connectivity of everything to everything
◦ Access 24 / 7 / 365
◦ SOA [Services Oriented Architecture]
Why is it Important?
◦ Internet enabled applications
◦ PCs -> Laptops -> Tablets -> Smart Phones
◦ Security
9. What is It?
◦ Browser based applications
◦ Massive data
◦ Centralized control
Why is it Important?
◦ Mainframe skills are in short supply
◦ Mainframes are expensive
◦ Sharing [Outsourcing] may be appropriate
10. What is it?
◦ Separation of physical and logical storage
◦ Virtual storage (you don’t know where data is
stored or on what device)
Why is it important?
◦ Reliance upon 3rd parties (good and bad)
◦ Data crossing borders
◦ An answer to continual hardware/software
upgrades (?)
11. What is it?
◦ FaceBook, Twitter, LinkedIn, YouTube, …
◦ Accessible at any time from anywhere on any device
◦ Instant!
Why is it important?
◦ Communication method of choice for a significant
portion of the population and growing dramatically
12. What is the trend?
◦ From 1.0 (Static Information Presentation) to
◦ 2.0 (Interactive Transaction Processing) to
◦ 3.0 (Smart Applications / Data Intensive) to
◦ 4.0 (???)
Why is it important?
◦ The platform for Social Media
◦ Sophisticated [complex] architectures
◦ New skill sets required
13. What is it?
◦ Bring Your Own Device
◦ Staff use of personal Smart Phones, Laptops, and
Tablets for company business
Why is it Important?
◦ Complexity [Support of Multiple Platforms]
◦ Security / Confidentiality
◦ Liability
14. What is it?
◦ Separate IT organizations to “Keep the Lights On”
vs. Plan and Introduce New Functionality
Why is it Important?
◦ Radically different skill sets are required
◦ Dedicated resources are required for both
15. What is it?
◦ Use of 3rd party organizations to provide IT services
◦ Can be Hardware / Application Support / Help Desk
◦ Can be local, regional or international
Why is it Important?
◦ Can help address IT skill shortages
◦ Can allow the business to focus on its primary
mandate
◦ Often gets screwed up
16. What is it?
◦ Formal training and certification of Project
Managers, Business
Analysts, Programmers, Security Specialists, …
◦ Periodic re-certification
Why is it important?
◦ Base level competency
◦ Common terminology
◦ The business of IT constantly changes
17. What is it?
◦ Use of powerful software tools to sift through
massive amounts of data to extract trends
◦ Sophisticated reporting
◦ Includes: Data Cleanup / “Deduping” /
Consolidation
Why is it Important?
◦ Stability of data over time
◦ Reliability of data – definitional issues
◦ FOIP
18. What is it?
◦ A vendor raises the bar by offering everything the
competition has plus more - and sometimes for
less
Why is it Important?
◦ “Best of Breed” is a transient measure
◦ Both IT professionals and IT users often get into
“religious wars” concerning what is best
◦ The reality is that the range of technology solutions
will change soon
19. What is it?
◦ Providing the necessary tools to allow IT personnel
and others to work from home
◦ Hardware / network access / security
Why is it Important?
◦ Preferred method of working for many
◦ Cost savings?
◦ “Green”
◦ Helps keep young mothers in the workforce
20.
21. What is it?
◦ Alignment of IT with Business
◦ Introduction and use of formal frameworks to guide
IT investment and use
◦ Identify and mitigate risks
◦ Confirm that value is commensurate with
investment
Why is it Important?
◦ Places accountability in the right places
◦ Transparency
◦ A baseline to audit against
22. How are IT decisions made? Who makes them?
Who owns accountability for IT – your IT Dept.
or your IT users?
Is investment in IT planned and continuous or
ad hoc and infrequent?
Are major projects given sufficient
transparency?
Formal approaches exist and require investment
23.
24. Is succession planning well in hand? [How old is
your IT leadership team?]
Are we using a formal IT control methodology
such as COBIT or ISO?
Do we have PMPs (certified Project Management
Professionals) leading all strategic projects?
Do we have external oversight on all large and/or
strategic projects?
25. How many “failed” projects has your PM and team
experienced? [Too many should raise a flag.
None should also raise a flag. How experienced
is your PM? Good PMs tend to get pulled into
failing projects.]
How long since the last major project? What has
changed - Technology platform? Architecture?
Key Users? Methodology? Major business
transformation? Regulatory rules? The project
complexity [risk] increases significantly with each
new component.
26. Has the primary business user been through a
large IT project before?
How will the day-to-day responsibilities of users
seconded to the project be handled?
[“I also have a 9 to 5 job!”]
Who is leading the Change Management? [New
processes, new job specs., re-training, org.
design, communications plan, …] Has this team
done it before?
27. Who owns the project and is ultimately
accountable?
Do they have the authority to:
◦ Change dates?
◦ Reallocate user resources?
◦ Reduce or add functionality?
◦ Change the project budget?
◦ Hire external resources?
28.
29. The Board does have a role in the oversight of
Information Technology
The basic questions that need to be
addressed are not technical
Formal methodologies and models exist and
are important
Good IT governance requires training and
investment