First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

You are here: Home / Business / Is it time for directors to take responsibility for IT governance and strategy?

By | 2 Minutes Read

Is it time for directors to take responsibility for IT governance and strategy?

The International Organization for Standardization (ISO) thinks so. It has developed ISO 38500 to complement COBIT and ITIL, comparing the standards to the roof, walls and foundation of a house:

If the board tried to implement the roof, ISO 38500, without the foundation or walls, it would collapse. Furthermore, without the roof, enterprises would be exposed to the elements. ISO 38500 … does not replace COBIT, ITIL, or other standards or frameworks, but, rather, it complements them by providing a demand-side-of-IT-use focus. …
This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations regarding their organizations’ use of IT. The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations.


Without direction—and, crucially, understanding—from above (i.e., owners, board members, directors, partners and senior executives), information technology can’t be aligned with strategic objectives. ISO 38500 sets out three main tasks for directors with respect to IT:

  1. Evaluate the current and future use of IT
  2. Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives
  3. Monitor conformance to policies and performance against the plans

COBIT Focus also offers some tips to implement the standard:

  • Make ISO 38500 a board and executive management priority; if it is to succeed, IT governance must be directed from the top
  • Make IT governance part of the IT strategy, which is, in turn, part of the business strategy
  • Look for tangible benefits as opposed to “compliance for compliance’s sake”
  • Acknowledge the people factor, and incorporate it into key performance indicators (KPIs)
  • Prioritize IT governance activities with clear milestones

I last wrote about IT strategy a year ago. That post focused more on management than directors, but it demonstrates nonetheless how organizations can benefit from engaging those at the top in IT discussions.
Adam Gorley
First Reference Internal Controls, Human Resources and Compliance Editor

Follow me

Adam Gorley

Editor at First Reference Inc.
Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.
Follow me

Latest posts by Adam Gorley (see all)

Share with a friend or colleague

Learn the 10 essential HR policies in the time of COVID-19

Get the Latest Posts in your Inbox for Free!

About Adam Gorley

Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.

Footer

About us

Established in 1995, First Reference Inc. (known as La Référence in Quebec) provides Canadian organizations of any size with practical and authoritative resources to help ensure compliance.

Main Menu

Stay Connected