Information Technology Governance costly?

I often hear individuals in an Information Technology (IT) organization complain that the compliance effort, or the implementation of an IT Governance framework to bring compliance and security, “takes too much time” or “stops us from working on our projects.” The reality is that an IT governance framework does not need to take that much time away from current projects and, once the framework is implemented properly, the benefits will be more than worth the cost in the form of more efficient operations, greater cost benefit from IT dollars and fewer costly mistakes. The key is in the proper implementation done by an expert and the ongoing maintenance of the framework supported by an informed staff and management team.

Saying that IT Governance and security (ITGS) takes time is like saying that pit stops cause slow lap times in a NASCAR race. Of course ITGS takes time, just like pit stops in a race, and ITGS has a cost, just like tires on a racecar. But if you want to finish the race it has to be done. The difference is when a racecar runs out of gas or blows a worn tire it stops. There is no finish and there is no more forward motivation. When an organization has a security breach or a failed audit the reaction is often to write lengthy excuses blaming someone or something along with an ambiguous explanation telling how the current problem will be prevented in the future. And, unfortunately, few actual changes are made to the system or processes and the rest of the organization keeps moving, however ineffectively, until the next breach happens or audit fails. And this is where the organization pays the cost in the form of fines, consequence mitigation and damage to reputation.

How can this be allowed to continue? It continues because few people understand the broad scope of ITGS or the benefits of an up-to-date IT Governance framework. Fewer still understand the relationship between business strategy and IT strategy. Most of the individuals, at all levels of staff and management, in an IT organization exist in silos and they have trouble seeing beyond that silo and their own responsibilities or projects. But it does not have to be that way. By incorporating an IT Governance framework into every day operations the cost will be minimal and the benefits will be great. Imagine being able to quantify the risk associated with every system in your organizations IT infrastructure and being able to compare the quantified level of risk to see which system is most vulnerable. Then imagine being able to qualify the level of risk to each system with an intelligent analysis of each system that describes hardware, software, processes and policies involved. Can you see how that kind of up-to-date information could help you make an informed and effective decision on where to spend your next IT dollar? No more guessing and no more costly mistakes.