• First Reference
  • About us
  • Contact us
  • Blog Signup 📨
  • 22nd Annual Ontario Employment Law Conference 📢

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
You are here: Home / Business / Is it time for directors to take responsibility for IT governance and strategy?

By Adam Gorley | 2 Minutes Read December 19, 2011

Is it time for directors to take responsibility for IT governance and strategy?

The International Organization for Standardization (ISO) thinks so. It has developed ISO 38500 to complement COBIT and ITIL, comparing the standards to the roof, walls and foundation of a house:

If the board tried to implement the roof, ISO 38500, without the foundation or walls, it would collapse. Furthermore, without the roof, enterprises would be exposed to the elements. ISO 38500 … does not replace COBIT, ITIL, or other standards or frameworks, but, rather, it complements them by providing a demand-side-of-IT-use focus. …
This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations regarding their organizations’ use of IT. The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations.


Without direction—and, crucially, understanding—from above (i.e., owners, board members, directors, partners and senior executives), information technology can’t be aligned with strategic objectives. ISO 38500 sets out three main tasks for directors with respect to IT:

  1. Evaluate the current and future use of IT
  2. Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives
  3. Monitor conformance to policies and performance against the plans

COBIT Focus also offers some tips to implement the standard:

  • Make ISO 38500 a board and executive management priority; if it is to succeed, IT governance must be directed from the top
  • Make IT governance part of the IT strategy, which is, in turn, part of the business strategy
  • Look for tangible benefits as opposed to “compliance for compliance’s sake”
  • Acknowledge the people factor, and incorporate it into key performance indicators (KPIs)
  • Prioritize IT governance activities with clear milestones

I last wrote about IT strategy a year ago. That post focused more on management than directors, but it demonstrates nonetheless how organizations can benefit from engaging those at the top in IT discussions.
Adam Gorley
First Reference Internal Controls, Human Resources and Compliance Editor

  • About
  • Latest Posts
Follow me

Adam Gorley

Editor at First Reference Inc.
Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.
Follow me

Latest posts by Adam Gorley (see all)

  • Announcing the 2021 Virtual Ontario Employment Law Conference - April 15, 2021
  • Legal recreational marijuana: how can you address the workplace risks? - October 15, 2018
  • Jeffrey Sherman to present at GTA Accountants Network | Early-bird rates, CPD hours - September 28, 2018

Article by Adam Gorley / Business, Privacy / beyond compliance, business strategy, COBIT, information technology, International Organization for Standardization, ISO, ISO 38500, IT governance, IT priorities, IT strategy, ITIL, strategy review

Share with a friend or colleague

Learn the 10 essential HR policies in the time of COVID-19

Get the Latest Posts in your Inbox for Free!

About Adam Gorley

Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.

Footer

About us

Established in 1995, First Reference Inc. (known as La Référence in Quebec) provides Canadian organizations of any size with practical and authoritative resources to help ensure compliance.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2021 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy