Stripping Off the Monster Tag from IT Governance An Inclusive Approach

Stripping Off the Monster Tag from IT Governance An Inclusive Approach
Author: Ookeditse Kamau, MBA, CDPSE, CEH, CIA, CISA, CRMA, ISO 27001 Practitioner
Date Published: 9 July 2019

It is said that anything with two heads is a monster. I usually think of this saying when carrying out IT governance reviews, as inclusive governance seems to be a missing link.

The study of governance has been fragmented and so diverse that it has birthed different specializations. But governance is the only head that should exist in any organization. Governance represents direction, strategies, policies, regulations and actions that influence how an organization is to be managed. Governance is a singular term; however, many organizations have adopted governance as a plural term and have adopted different leadership stances and priorities over management of financial governance, health governance and/or IT governance, with financial governance taking the center stage. Ask any finance director director – he or she will tell you that they do not need to remind any board member about the importance of financial regulation and how financial performance is a reflection that the board is executing its mandate.

Through specialization, “governance” has been stripped of its overarching position. It is the board’s responsibility to ensure that direction is provided for the entire organization as much as it is the government’s role to ensure that appropriate acts and regulations are available in all industries and sectors. Any industry that is not governed is prone to abuse.

When I was first introduced to COBIT®, I viewed it as an IT framework in the same way as the majority of IT personnel and experts view it. Trainings and workshops for COBIT were to be exclusive to IT personnel, as the framework is perceived as belonging to the IT experts. The exclusivity of IT-related governance frameworks to IT has given IT a little head that has proven to be a monster in many boardrooms. With so many new technology buzzwords such as artificial intelligence, robotics, Internet of Things, red teams, blue teams, etc., this little monster will continue to terrorize board members and executives in many organizations, as many don’t know how to control it.

Reading the definition of COBIT in the COBIT 2019 Introduction and Methodology publication, I see an opportunity for governance to take its rightful position as an inclusive concept rather than the current fragmented one. COBIT is defined as a framework for the governance and management of enterprise information and technology aimed at the whole enterprise, a departure from COBIT 5, which indicated that COBIT is a framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. COBIT 5 omitted an importance phrase, “aimed at the whole enterprise.” The inclusion of this phrase in COBIT 2019 strips off the “monster” tag from IT. IT governance should no longer be viewed as an exclusive term but part of the singular governance of an organization.

The opportunity to attend COBIT trainings and workshops therefore should not be limited to IT teams but should be open to all members of the executive team, as well as the board.