At the apex of the organisation is the board of directors. Once, governance issues were low on the agenda and the responsibilities for it delegated to lower levels. As the focus for non-compliance shifted from persuasion to punishment, especially of those at the top of an organisation, the significance of good governance has increased. Measures aimed at addressing these top management concerns are now actively promoted by the governance layer of an enterprise. Boards and executive management now need to extend an awareness of governance, already exercised over the enterprise, to IT by way of an effective IT governance framework. This is the way to addresses strategic alignment, performance measurement, risk management, value delivery and resource management.
In the United Kingdom, the Turnbull Report was issued as a guide for company directors on how they should comply with the UK Combined Code. These guides covered internal controls and addressed the areas of operational, risk and compliance management. The report recognised the central role of IT and the dependency on information systems. Practical implementation of effective systems of control is seen as the way to ensure real governance. Through these, transparency and risk management are made real. For example, the application of standards, notably ISO standards, is an option. Implementing large frameworks can prove to be expensive. Every firm must judge for itself how far such frameworks are applicable, especially for smaller firms.However, as management models, standards and the frameworks they imply represent a form of benchmark. One standard, ISO 17799, has been widely adopted for implementing an Information Security Management System (ISMS). The secure accessibility of information based on thorough risk analysis is a critical priority for any organisation in the information economy. This applies particularly to financial organisations.
The information economy relies on a model of ecommerce where data is secure, accessible and reliable across multiple systems. Internet access and the ongoing struggle with fraud insists on this. In a sector where trust and confidence are paramount, any deviation from a high standard in these areas is too high a risk to tolerate; the integrity of an organisation's information is central to its future prospects. Consumer confidence in the security and accuracy of investments, savings and personal information is directly related to how the protection of that data is perceived. Failures in one sector can have adverse affects on others, as was the case with Enron - a failure in the energy sector has affected all others, especially finance.
‘Every deployment of information technology brings with it immediate risks to the organisation' At one time it seemed that the opportunities made possible by IT were so beneficial, it was only necessary to purchase a solution and implement it for the business to grow and expand into new markets. But, as with all business activity, the risks soon became apparent. In the age of mainframes, IT control was paramount, but it was a slow, limited development as access to business information was limited by dumb workstations and centralised processing. As local area networks, and wide area networks, introduced more and more power to the desktop control devolved to the user, information sources proliferated. By the advent of the Internet the interface to business life had morphed beyond recognition: personal computers, laptops, PDAs and even mobile phones. The challenge for IT departments still charged with accountability for the storage and access to information is daunting. E-mail alone is a massive load on storage; business data accumulates at astonishing speed; for reasons of compliance and business need, all this information has to be retrievable, almost instantaneously. Running through all this is the balancing factor of risk.
For every benefit there is a risk and the size of the risk matches the potential of the benefit. It is no surprise then that much of IT governance is concerned with identifying, prioritising and mitigating risk. Effective IT governance has two fundamental components: First, the way IT is strategically deployed in an organisation, as a significant investment, managed and accounted for; Second, the way the associated risks of that deployment are defined and managed.
However, as we empower consumers by pushing more and more financial decision making on to them, providing more and more information to help form opinions, perception and reality overlap. The risk burden is also spread - the financial decisions made by individuals are the results of balancing qualified risks, which are, however, often poorly understood. For financial institutions their responsibility is to be more efficient, more accurate and more informative on financial matters. User access is widened, through Internet access and home ownership of personal computing. With this power comes risk as the weak links in networks and personal administration of systems is exploited. Security has been the Cinderella of the IT world. The emphasis has been on growth and access rather than discretion and control. Competitive business instinctively distrusts barriers and restrictions. Regulation, forced on corporates and the public is resented. The result is a compromise, which sometimes fails.
Our website is not responsible for the information contained by this article. Articleinput.com is a free articles resource thus practically any visitor can submit an article. However if you notice any copyrighted material, please contact us and we will remove the article(s) in discussion right away.
Note: This article was sent to us by: Shirley J. Martin at 01172010
1. Technology projects and firm resources
All articles are property of their respective authors. Please read our Privacy Policy!
© 2009 ArticleInput.com.