• First Reference
  • About us
  • Contact us
  • 24th Annual Ontario Employment Law Conference 📣
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / Is it time for directors to take responsibility for IT governance and strategy?

By Adam Gorley | 2 Minutes Read December 19, 2011

Is it time for directors to take responsibility for IT governance and strategy?

The International Organization for Standardization (ISO) thinks so. It has developed ISO 38500 to complement COBIT and ITIL, comparing the standards to the roof, walls and foundation of a house:

If the board tried to implement the roof, ISO 38500, without the foundation or walls, it would collapse. Furthermore, without the roof, enterprises would be exposed to the elements. ISO 38500 … does not replace COBIT, ITIL, or other standards or frameworks, but, rather, it complements them by providing a demand-side-of-IT-use focus. …
This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations regarding their organizations’ use of IT. The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations.


Without direction—and, crucially, understanding—from above (i.e., owners, board members, directors, partners and senior executives), information technology can’t be aligned with strategic objectives. ISO 38500 sets out three main tasks for directors with respect to IT:

  1. Evaluate the current and future use of IT
  2. Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives
  3. Monitor conformance to policies and performance against the plans

COBIT Focus also offers some tips to implement the standard:

  • Make ISO 38500 a board and executive management priority; if it is to succeed, IT governance must be directed from the top
  • Make IT governance part of the IT strategy, which is, in turn, part of the business strategy
  • Look for tangible benefits as opposed to “compliance for compliance’s sake”
  • Acknowledge the people factor, and incorporate it into key performance indicators (KPIs)
  • Prioritize IT governance activities with clear milestones

I last wrote about IT strategy a year ago. That post focused more on management than directors, but it demonstrates nonetheless how organizations can benefit from engaging those at the top in IT discussions.
Adam Gorley
First Reference Internal Controls, Human Resources and Compliance Editor

  • About
  • Latest Posts
Follow me
Adam Gorley
Editor at First Reference Inc.
Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.
Follow me
Latest posts by Adam Gorley (see all)
  • Can you implement a mandatory vaccine policy or ask employees if they have been vaccinated? - June 10, 2021
  • Do you know the latest on terminations? Find out at the Ontario Virtual Employment Law Conference - May 11, 2021
  • Announcing the 2021 Virtual Ontario Employment Law Conference - April 15, 2021

Article by Adam Gorley / Business, Privacy / beyond compliance, business strategy, COBIT, information technology, International Organization for Standardization, ISO, ISO 38500, IT governance, IT priorities, IT strategy, ITIL, strategy review

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Adam Gorley

Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy