IT Governance is not the most sexy topic in the world of IT. Even to people that wake up every morning thinking technology and who actually do get excited about trends and innovations in the sector, this topic is boring.  But when things aren’t working properly, or files are missing, or when data gets corrupt, the first question often asked is “how did this happen!

IT governance is more of a bucket that several topics fit in, some of the more common are:

  1. IT Policies and Procedures
  2. IT Risk Management / Vendor Management
  3. Reporting and Metrics / IT Steering Committee
  4. Business Continuity / Disaster Recovery
  5. Auditing and Assurance
  6. Budgeting / Strategic Planning

Again, these all seem like no brainer programs that all organizations would for sure have in place.   The reality is that most organizations see these items as ‘nice to haves’ and not necessities.  That is if they think of them at all.  In our experience, there are typically so many initiatives involved with simply keeping the IT systems running, moving forward, or simply just dealing with the day to day operations of the business – there is often very little time to innovate or drive strategic projects that impact the business in a positive way.  Another big factor in this discussion is skillset, once businesses reach a certain level of complexity and/or size it becomes virtually impossible to hire the right resource who can manage the day to day IT function while driving strategic initiatives.  What are these businesses to do?

A recent example of this scenario is one where the business had a great staff around IT, and had made several investments into the IT infrastructure that were intended to protect against risk, as well as provide adequate disaster recovery and business continuity to the critical applications of their organization. As a matter of necessity, due to the high workload of the IT staff, the firm applied a ‘set it and forget it’ strategy to the tools utilized for this purpose and also trusted the vendor of the application without verification. To their astonishment, when the exact event they had planned for (and invested in protections against) happened, they were unable to easily recover.  The end result was the loss of an entire year of data, and a substantial impact to their productivity as employees had to recreate information (to the best of their ability). They took on this huge project, while at the same time continuing to achieve their own goals and objectives, as well as those of the company.  One could argue that the psychological damage was worse than the data loss.

So what happened?  Even the best of breed systems and tools are not designed to govern themselves.  Vendors genuinely do their best job, but verification is always needed.  Quite simply, IT Governance didn’t happen.  In a similar situation, a lot of companies would blame the IT staff or go after the vendor.  In this case, the business has used this scenario as an opportunity to mature their own practices around IT Governance, and has specifically sought to understand why the following conditions were allowed to happen:

  • There were not standing reviews of reports from the various backup and replication systems in place.
  • There was not a regular restore from the backup files, or replication process.
  • There was not a regular review of the risk profile associated with aging hardware or a review of a vendor who was not meeting expectations for some time.
  • There was not a clearly defined set of vendor metrics and expectations for the application that was very critical to the organization.
  • There was not a tight strategic plan or IT Steering Committee that addressed the shortcomings of the application, well before it reached critical mass.

The organization has also recognized the need to partner with a firm that has the skillset necessary to fully analyze their current environment for the purposes of identifying other areas of risk, and to help them define an IT Strategy that fits their desired risk profile and budgeting process. By leveraging the RSM Rapid Assessment process, this business will be able to not only rest at night knowing exactly how their IT infrastructure is going to perform day to day, but they will also have a strategy in place that they understand and trust. Operating their business with this in hand is a critical element to their organization’s path forward, as well as regaining the trust of the hard working professionals that drive their business.

In conclusion, IT Governance does not have to be a mysterious or out of reach function in your organization. Let RSM help you build an IT strategy that includes proper IT Governance and limits the amount of surprises you may encounter as you continue to grow your business! The Rapid Assessment process will help align the people, process and technologies present in your business for the maximum amount of return on your investment.  Contact us if we can help you with this or any technology issue you may be facing.