Governance can be a complex and painful topic - no doubt, but our key message is that it doesn't have to be!
Our approach to IT governance is based on Australian Standard AS ISO/IEC 38500:2016, which is quite flexible in that it focuses on principles and models rather than prescribing implementations. It's also compact (under 20 pages!) and very relatable in its language resulting in a robust-yet-lightweight instrument for ensuring formulaic discussions are productive and relevant from the outset.
What can governance do for your business?
IT governance is often viewed as an obligation - a response to risk and regulatory requirements (i.e. compliance), with IT being viewed as an operational cost rather than a strategic partner. But as AS 38500 illustrates, there's a real opportunity for IT to improve organisational performance through:
- Aligning IT with business requirements;
- Improving regulatory and legislative compliance;
- Driving efficiency;
- Clarifying responsibility and accountability;
- Improving business continuity and sustainability.
The points above are strategic in nature, so here's some relatable "every day" operational examples of the benefits:
- Projects feeling a lot less chaotic;
- Customer engagements are less ad hoc and risky;
- Improve customer trust (and therefore your brand's reputation) through improving transparency and accountability;
- IT conversations shift from being focused on operations to customer initatives and value.
What's our approach to IT governance?
AS 38500's remit is to provide to the governing body the guiding princples to realise "the effective, efficient, and acceptable use of information technology" (Standards Australia 2016, 1) as a means to improving organisational performance and assurance.
As pictured below, coming up with tangible governance principles and a model is the first and most important step. However, where we distinguish ourselves is with deep, practical experience with the underpinning implementation and how it facilitates the AS 38500 model's tasks of evaluate, direct and monitor.
Our approach revolves around a "best fit" philosophy where only the productive elements are taken from the standards and technology layers. For example, a small organisation wouldn't fully adopt the ITIL framework but may benefit from cherry-picking the change control practice to address the issue of ongoing IT operational firefighting taking valuable resources away from customer/business initatives.
We know how to work with your business and your stakeholders to maximise buy-in from the ground up.