Home opinion-and-analysis A-Meaningful-Look Corporate governance of IT - Critical for all organizations, large or small (iTWire podcast)

Corporate governance of IT - Critical for all organizations, large or small (iTWire podcast)

HTML clipboardIn this iTWire podcast interview, Mark Toomey of Infonomics explains why IT governance is so critical to organizations of any size, and how it is non-IT executives and directors who play the key role in effective governance.

HTML clipboard

Herein lie some very important messages for all board members and non-IT executives who are involved with governing the use IT in any sort of organization, commercial or otherwise, from the very largest to the very smallest.Mark Toomey - Managing Director of Infonomics.

Mark Toomey is managing director of Infonomics, which focuses on helping organizations ensure that their use of information technology is efficient and acceptable. "That's what you get when you have effective governance of IT," he says.

"Our specialty is corporate governance of IT, helping the people who own and run the company make sure that IT is doing for them what they need."

Infonomics has clients in Australia and overseas, but in between his overseas trips to run workshops and conferences I managed to catch him to record this interview. have no business relationship with Infonomics, but I regard the matter of IT governance to be of such importance that I simply had to catch Mark Toomey and record this interview for you.

I hope that my efforts in producing this podcast are not in vain, and that you to pass it on to the non-IT top executives and directors of your organization responsible for running your organization. Of course, CIOs and other IT technology-oriented people also will do well to heed the underlying messages, but it is not primarily directed at IT practitioners.

The essence of corporate governance of IT was summed up by Mark's statement that "A lot of the problems that exist in the use of IT today come not from technology issues but from organizational and management issues."

"That has enabled me to focus on this question of what are the governance issues for organizations around making sure that IT actually works properly."

"I became involved in governance of IT around the year 2000, and it was pretty much a follow-though of experiences of the previous years, where I had encountered a number of situations where the technology itself was just fine but the organization that were using the technology were treating it as a black box rather than as a tool of business."

"Through looking at organizations that were having problems with projects and with operational systems, it became fairly clear to me that there was a big gap between the Chief Information Officer and the chairman of the board,  where the conversations weren't able to happen effectively because pretty much people were talking different languages."

"The board thought that it needed to ask questions about technology, when in fact what the board needed to do was ask questions about how the technology was being used. That's quite a different set of questions."

PLEASE READ ON...



To illustrate this basic point, Mark Toomey continued: "If we moved onto a filed where everybody can visualize what we're talking about, if we were a customer looking to but a new motor car from a car dealer, we would be asking questions about fuel consumption, about number of passengers, about how frequently we have to service the car and about how costly it is to service."

"But if were doing that in the way that we talk about IT we'd be talking about very, very technical details of things like how the transmission operates, how the suspension is designed, and so on. Things that are not really relevant at all to the person who is wanting to know whether the car is going to suit their needs."

Marks says that a culture originally developed where, due to high cost in the early days, you talked about the very technical elements of the technology. In the last twenty years, information technology has come out of the laboratory, onto the street, onto the desktop, and the discussion that we need to have about it today is vastly different."

"It's not a question of which technology is better, which processor chip is faster, how much memory you have."

"It's a question of what can I do with this thing to effectively run my business, and how do I make sure that when I invest in technology I actually get a return on that investment."

I asked about the ever-decreasing cost of technology. "Not too many years ago," responded Mark Toomey, "you used to talk of the rule of thumb that said that any investment in information technology was fifty percent the technology and fifty percent the change effort."

"I think —  and this is purely anecdotal —  that that figure has moved to somewhere around 20/80, or maybe 25/75 now, but only a minor portion of the cost of a new business capability is in the IT components and that a much greater portion of the cost in in developing the organizational capability to use the new technology component."

"It astounds me," he continued, "that, even though that reality is becoming more and more obvious, we see organizations still running IT projects rather than business change projects where they have estimated the cost as being just the IT component. And then they're surprised when it comes in late and over budget because they hadn't planned for all the other activities."

We covered many other aspects of governance  in our discussion. The theme that kept coming through, whether for very large-scale multi-organization projects or for single organizations and even down to the smallest of organizations, is as Mark Toomey put it: "It's still vitally important to recognize that when you're using information technology to drive some change, what you are doing is actually changing the way that your business operates."

"You're changing jobs that people do, you're changing the way that your customers and your suppliers interact with your company, and all of those factors combine with the fact that you're building some new technology or you've bought some new technology and you're implementing it to make the project that you're undertaking somewhat more significant than merely installing a piece of software."

Mark makes the point that the ease of buying a computer game and installing it on your home computer has somehow given some people the idea that you can do the same with a piece of business software: you buy it, hand it over to your  IT people, they install it, and everybody can just start using it.

"That cargo cult mentality of course completely forgets about the fact that the majority of the people who work in an organization (a) they're busy, and (b) they're pretty averse to change. And organizations that have done things like that have found out to their regret that generally their new software doesn't get used, and that things don't change."

PLEASE READ ON...



Mark Toomey next described the focus that Infonomics has. "We've decided that we focus not on helping the technologists do the technology."

"We focus on all the other things: helping the leaders of the organization, particularly the top-level executives and the board, understand the part that they have to play in making sure that all of the activities are actually done to produce a result with information technology. And that set of activities we call collectively corporate governance of information technology."

He explained that in about 2003 he became involved in the development of an Australian standard for corporate governance of information technology. That standard is known as AS 8015."

"It was published in early 2005, and during 2006 it started a journey to adoption as an international standard. That journey reached its final climax in June 2008, when international standard ISO/IEC 38500 was finally published."

"That standard is very consistent with the Australian standard that was its forerunner, and it is written for the board of directors and the top executives of an organization to explain to them the fact that they have a responsibility to govern the use of IT and to provide the m with a very simple framework that they can use to perform that role of governing IT."

"One of the key elements in that standard is the recognition that, to govern the use of IT, no director and no top executive actually needs to even be able to turn on a computer let alone understand how computers are programmed!"

"Instead of asking the IT Manager or the Chief Information Officer or the Project Director technical questions about the project, and when all the problems are going to be solved, all the board needs to ask is: What's the business case for continuing?"

PLEASE READ ON...



We are now at a point just under half way through the recording, at which point I must leave you to listen to the second half so as not to miss out on its very important content (as I have run out of both time and column space to transcribe the rest of the podcast).

Whether you are running a large organization of a tiny one, you are duty bound — legally, that is — to do a proper job as a top executive or director.

You most definitely should listen to the remainder of this interview with Mark Toomey. You will  collect extra pearls of wisdom about IT governance that will be of great assistance in meeting your obligations.

"It's a challenging concept," he says, "for a director or a top executive who's never had to deal with computers to actually stand up and ask questions about information technology. But as you start to learn from the standard there are some very, very straightforward questions that can be asked."

"One of my favorites — it's not actually written in the standard this way —but if the board has approved an IT project some time in the past, and that IT project is chugging along."

"We all know that IT projects eventually get into trouble: they run into budget problems, they run into time problems." Listen to the podcast to discover the key governance question that needs to be asked under such circumstances.

Also listen for the example Mark gives of how IT governance might be applied even to a single-person organization, and how the business principles behind effective IT governance can help organizations in difficult times.

Visit the Infonomics site to obtain information about and links to the ISO 385000 standard and other important resources.

You may enrol for the Infonomics newsletter and view other useful resources there too, things that we didn't have time to cover during the interview including presentations and brief slides (such as The Gershon Review and IT Governance).

Download the Infonomics corporate governance of IT podcast from here (MP3 format, file size 11.9 MB, duration 31:03).

I have gone to considerable lengths to arrange, record and prepare this podcast for publication (as with my previous and imminent podcasts). Has it been of interest and relevance to you?

See all my articles, including podcasts ...
A Meaningful Look at Desktop and Enterprise Computing

Have some fun and test your grey matter at the same time!
Go visit the iTWire TechWords Interactive Crosswords section.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Tony Austin

Worked at IBM from 1970, for a quarter century, then founded Asia/Pacific Computer Services to provide IT consulting and software development services (closed company at end of 2013). These says am still involved with IT as an observer and commentator, as well as attempting to understand cosmology, quantum mechanics and whatever else will keep my mind active and fend off deterioration of my grey matter.