RETHINKING TECHNOLOGY GOVERNANCE Big Data, Security & Privacy

“Information flow is as important as Cash flow”

2 LEVELS OF TECHNOLOGY GOVERNANCE

Organisational Technology Governance

Evolving Level

Strategic

Policy

Requires governance maturity

Information Technology Governance

Established Level

Operational

Process

Develops with use of ICT

Organisational Maturity

Structure of Organisation

Role of Technology

FACTORS SHAPING ORGANISATIONAL TECHNOLOGY GOVERNANCE

Founding Forming

Establishing Organising

Becoming Productive Managing

Leading Governing

Charting new waters Elaborating

ORGANISATIONS EVOLVE – PURPOSE & PROCESS

Common

Good

Organisations

WHAT KIND OF CGO ARE YOU?

THREE LAYER • Board + GM + Staff • Team > Board • Delegated authority

MULTI-LAYERED • Executive Team

& Departments • Commercial-ish

Board

TWO LAYER • Small staff • Board > Staff • Board direct

operations

VOLUNTEER • Volunteer led • Board = Team • Single Layer

decisions

Role of Technology

Cost

E-mail, documents and online presence

AND essential

for critical operational processes

AND essential for organisation and service decisions

AND is part of

the product or service

AND is the

product or service

HOW DO YOU USE TECHNOLOGY? Fundview, Disaster

Response Quitline, NZ

Navigator Contract for

Services Providing Public

Services

Every Organisation

ALL THESE FACTORS ALIGN

CGO STEP

Structure

Use of Technology SIM

PLE

CO

MP

LEX

Minimum Advanced Standard Complex

technology governance requirements

Risk management Back-ups Controlled access to organisational files Continuity and crisis plans – at least in outline

Security for confidential information Use databases not spreadsheets where possible Cloud offers far superior security than the “server in the cupboard”

Someone holds responsibility for technology Watching brief on changes Targeted research when needed

Agreed technology criteria Integrate around core applications; e.g. finance What is in-house, what is outsourced? Use of social media framework

MINIMUM: FOR EVERY ORGANISATION – TECHNOLOGY IS NO LONGER OPTIONAL

Recognise responsibilities

Cannot “abdicate” compliance to suppliers

Core policies defined

Data management (includes security)

Staff use of technology (BYOD, electronic identities, own interests)

Procurement

Basic technology management

Staff support and training

Risk register, active performance monitoring

Cost monitoring (acquisition, staff time, usage)

STANDARD: MOST ORGANISATIONS WITH STAFF AND/OR PUBLIC SERVICES

Ensure core roles and responsibilities covered

Data quality, maintenance and development

Operationally independent project and change management

IT management is standards based e.g. ITIL, COBIT

Separate technology management from operations

Formal KPI reporting

Value not cost – e.g. triple bottom line or contribution

Breakdown available by service or contract

Technology planning is integral to planning processes

“vision” for using technology

COMPLEX: LARGER ORGANISATIONS; HOLDS GOVERNMENT SERVICE CONTRACTS

Board level technology advisory group Integrated with or distinct from finance and risk

Guided by ISO/IEC 38500

Active Board development includes technology

External audit Major project reviews

IT plans and performance

No Technology projects Only organisational projects that incorporate technology

Investment business case essential

Track project delivery against project promises

ADVANCED: MATURE BOARD; MISSION GRAFTED TO TECHNOLOGY

Everything discussed today assumes evolutionary

organisational growth and maturity.

Technology negates the need for this. So do new ideas.

New operational models (usually technology based) can

be revolutionary

Your technology governance may need to ramp up fast.

A FINAL THOUGHT

USEFUL LINKS

My website www.dalejennings.co.nz has an ever developing DIY toolbox. Ask if you want something added!

The Common Good Organisation Development model is explained in the book or at a workshop. I recommend a manager and a board member attend the workshop together for best results.

“Waltzing with the Elephant” by Mark Toomey is possibly the best in depth guide in plain English. Sample or buy at the Infonomics web site

The NZ Privacy Commissioner has an excellent plain English guide to cloud computing covering many risk areas as well as compliance. The IITP Cloud Computing Code has more technical details and questions to ask suppliers.

Some LinkedIn groups technology governance. My profile links to several. Please connect.

If in doubt - Google your question and watch the videos!

ISO/IEC 38500 CORPORATE GOVERNANCE OF IT