‘IT governance’ is the newest addition to the lexicon of IT buzzwords. Vendors are hosting roundtables to discuss it, research and surveys abound, and Financial Director recently hosted a master class at the Softworld show dedicated to governance and the role of IT.
But what exactly is IT governance as opposed to good old corporate governance? The first thing to note is that when most people in business talk about governance, they are actually talking about compliance – meeting the requirements of the Higgs report, Sarbanes-Oxley and the like. Corporate governance is something a little subtler than that – it’s about doing business better.
Norman Green, UK finance director of Oracle, hit the nail on the head at Softworld when he said: “It’s not all about rules and regulations … Corporate governance is actually about understanding your business and how you use information to ensure you have a safe business and drive shareholder value.”
But, as this information is largely driven by IT, businesses must make sure that their software, IT storage and security measures are well managed as to provide reliable numbers for reporting purposes, prevent security breaches, and ensure business continuity and transparency. This is where IT governance and the chief information officer come in.
The problem for many CIOs and IT directors is that while the business is screaming at them for better systems, information and complete regulatory compliance, all this has to be done on top of keeping the lights on. In turn, IT guys end up screaming back at the board that they are not being given the resources or tools to be accountable for governance.
This was highlighted at a recent roundtable hosted by US technology optimisation company Mercury. “What you really need is a fact-based discussion, where the guys from IT, finance and the business talk the same language – budgets, risks and strategy,” said Chris Lochhead, Mercury’s chief marketing officer. “That means IT can prioritise projects and get away from this image of them being a firefighter by day and arsonist by night.”
The key to making this work is for IT to be better at communicating its needs internally. Many IT managers who are hard done by would argue that the only way for this to happen is for IT to be directly represented on company boards and not through the finance or operations functions. But it is not a simple transition from the server room to the boardroom – IT directors have to earn their place round the top table.
The development of the IT function is rather like that of the finance function over the past 25 years. Business accounting used to be just about the numbers, but now accounting is a subdivision of the more strategic world of finance. Finance directors and CFOs sit on boards because they talk the language of business and are integral in shaping company strategy. Likewise, technology is no longer just about data processing; it is about driving value. IT directors need to understand this distinction and become versed in the language of business if they want to take their place on company boards.
Financial services company Abbey is a case in point. When it was looking for a new IT director, it didn’t turn to the systems department but to Graeme Yorston, former retail director of the bank. Yorston says that what Abbey needed was a good communicator of IT issues and strategy – not a tech head. “The advantage of not having a background in IT is that I can bridge the gap in communication between IT and the business,” Yorston says. “There are much better communicators in the IT world now, but IT departments have traditionally not been good at communicating and marketing IT throughout the business. This is key to getting more direct IT representation on company boards. You can’t just be an IT person now. You have to contribute at a business level.”
As businesses have become dependent on IT, not just for keeping the lights on but also in shaping company strategy and direction, it makes sense that IT should be driving the governance agenda. But companies should be aware that CIOs are not going to be able to deliver transparent and accountable business processes and systems unless they are encouraged to take part at the highest level of business strategy. And, above all, companies should realise that governance is not solely the responsibility of finance, IT or operations – it is the responsibility of the board.