Upload
hazel-jennings
View
93
Download
1
Embed Size (px)
DESCRIPTION
An overview of technology governanace at non-profits and charities based on organisational maturity, size and use of technology. First presented at the NZ NFP Finance conference 2014
Citation preview
RETHINKING TECHNOLOGY GOVERNANCE Big Data, Security & Privacy
“Information flow is as important as Cash flow”
2 LEVELS OF TECHNOLOGY GOVERNANCE
Organisational Technology Governance
Evolving Level
Strategic
Policy
Requires governance maturity
Information Technology Governance
Established Level
Operational
Process
Develops with use of ICT
Organisational Maturity
Structure of Organisation
Role of Technology
FACTORS SHAPING ORGANISATIONAL TECHNOLOGY GOVERNANCE
Founding Forming
Establishing Organising
Becoming Productive Managing
Leading Governing
Charting new waters Elaborating
ORGANISATIONS EVOLVE – PURPOSE & PROCESS
Common
Good
Organisations
WHAT KIND OF CGO ARE YOU?
THREE LAYER • Board + GM + Staff • Team > Board • Delegated authority
MULTI-LAYERED • Executive Team
& Departments • Commercial-ish
Board
TWO LAYER • Small staff • Board > Staff • Board direct
operations
VOLUNTEER • Volunteer led • Board = Team • Single Layer
decisions
Role of Technology
Cost
E-mail, documents and online presence
AND essential
for critical operational processes
AND essential for organisation and service decisions
AND is part of
the product or service
AND is the
product or service
HOW DO YOU USE TECHNOLOGY? Fundview, Disaster
Response Quitline, NZ
Navigator Contract for
Services Providing Public
Services
Every Organisation
ALL THESE FACTORS ALIGN
CGO STEP
Structure
Use of Technology SIM
PLE
CO
MP
LEX
Minimum Advanced Standard Complex
technology governance requirements
Risk management Back-ups Controlled access to organisational files Continuity and crisis plans – at least in outline
Security for confidential information Use databases not spreadsheets where possible Cloud offers far superior security than the “server in the cupboard”
Someone holds responsibility for technology Watching brief on changes Targeted research when needed
Agreed technology criteria Integrate around core applications; e.g. finance What is in-house, what is outsourced? Use of social media framework
MINIMUM: FOR EVERY ORGANISATION – TECHNOLOGY IS NO LONGER OPTIONAL
Recognise responsibilities
Cannot “abdicate” compliance to suppliers
Core policies defined
Data management (includes security)
Staff use of technology (BYOD, electronic identities, own interests)
Procurement
Basic technology management
Staff support and training
Risk register, active performance monitoring
Cost monitoring (acquisition, staff time, usage)
STANDARD: MOST ORGANISATIONS WITH STAFF AND/OR PUBLIC SERVICES
Ensure core roles and responsibilities covered
Data quality, maintenance and development
Operationally independent project and change management
IT management is standards based e.g. ITIL, COBIT
Separate technology management from operations
Formal KPI reporting
Value not cost – e.g. triple bottom line or contribution
Breakdown available by service or contract
Technology planning is integral to planning processes
“vision” for using technology
COMPLEX: LARGER ORGANISATIONS; HOLDS GOVERNMENT SERVICE CONTRACTS
Board level technology advisory group Integrated with or distinct from finance and risk
Guided by ISO/IEC 38500
Active Board development includes technology
External audit Major project reviews
IT plans and performance
No Technology projects Only organisational projects that incorporate technology
Investment business case essential
Track project delivery against project promises
ADVANCED: MATURE BOARD; MISSION GRAFTED TO TECHNOLOGY
Everything discussed today assumes evolutionary
organisational growth and maturity.
Technology negates the need for this. So do new ideas.
New operational models (usually technology based) can
be revolutionary
Your technology governance may need to ramp up fast.
A FINAL THOUGHT
USEFUL LINKS
My website www.dalejennings.co.nz has an ever developing DIY toolbox. Ask if you want something added!
The Common Good Organisation Development model is explained in the book or at a workshop. I recommend a manager and a board member attend the workshop together for best results.
“Waltzing with the Elephant” by Mark Toomey is possibly the best in depth guide in plain English. Sample or buy at the Infonomics web site
The NZ Privacy Commissioner has an excellent plain English guide to cloud computing covering many risk areas as well as compliance. The IITP Cloud Computing Code has more technical details and questions to ask suppliers.
Some LinkedIn groups technology governance. My profile links to several. Please connect.
If in doubt - Google your question and watch the videos!
ISO/IEC 38500 CORPORATE GOVERNANCE OF IT