Governance and Management of Information
Technology - An International Perspective
How well do organizations govern their use of information technology? What resources are needed to help improve the effectiveness of that governance?
These questions were at the core of the international survey on governance and management of information technology, conducted by Infonomics during February and March 2010. The first report from the survey paints a grim picture and provides significant insight to the reason that so many so-called “IT projects” fail, and why organizations seem so vulnerable to operational disruption due to problems with information technology.
One director who commented on the report noted that the survey results, while grim, probably paint a more optimistic picture than reality, because:
1. Companies with self awareness of poor performance often do not participate; and
2. Those that do respond are usually reluctant to be completely frank if things are not as they know they should be.
The survey results point to considerable gaps in the ability of boards to provide appropriate oversight of IT, compounded by corresponding weakness in executive management’s capability to set appropriate direction, control and monitor the IT agenda.
Thus, organizations seem to have delegated important decisions and tasks too deeply into the organization, where they can be influenced by factors other than strategic intent and a rational approach to risk management. This failure to appropriately assign responsibility is compounded by an apparent reluctance to formally document and communicate responsibility for IT-related decisions in a substantial percentage of organizations.
Data from the survey will be considered by the ISO Working Group on Governance of IT at its forthcoming meeting in Helsinki from May 2 to 5.
With the survey having pointed to poor allocation of responsibility as one significant factor in poor governance of information technology, this Infonomics Letter concludes with a brief extract from Waltzing with the Elephant, overviewing the application of the Responsibility Principle defined in ISO/IEC 38500