Bruno Wildhaber started his career in industrial electronics over twenty years ago and became a shareholder and manager in one of the first IT security enterprises in Switzerland. Since the successful sale of this business to Entrust he has participated as an expert in the establishment of the German Signature Law, and is a member of the expert group for "IT and the Law" of SWICO (the Association of the Swiss IT Industry). From 1995-1999 he was President of the Swiss Chapter of ISACA. He is a founder of the Competence Centre for Records Management. He has published several books on information security, IT-Governance and a practice guide for records management. Here's a link for Bruno.
[My keynote presentation at AIIM On Demand, if you didn't get a chance to see it.]
8 Ways Information Management (IM) and IT Governance (ITG) Will Support Each Other
1 -- "IT doesn't matter."
When Nicholas Carr published this statement in the Harvard Business Review in 2002, there was an outcry from the IT pundits. Obviously the fear of becoming irrelevant seemed exaggerated. Today we know Carr was right. He realized that we should talk about services and information, delivered based on our requirements fitting the needs of the business and other stakeholders such as employees and clients, instead of concentrating our energy on running bulky machines heating up the environment and driving up the electricity bill. So the T in IT is becoming less important. Typical IT Governance initiatives are still focused on in-house IT installations and software development; this will have to change. IM can support this.
2 -- IM will allow IT Governance to leave the conformance niche.
Although many IT Governance experts might strongly disagree, IT Governance is still a very defensive and cost and risk oriented topic. Coming mainly out of the auditor scene, IT Governance always came up short on the "value" side of the equation. If “Management is the balancing act between Conformance and Performance decisions," IT-Governance clearly addressed only the conformance side.
The five cornerstones of IT Governance: Risk management, Business/IT alignment, Value Delivery, Resource Management, and Performance Measurement (ITGI definition) have not been treated equally. Business/IT alignment -- one of the goals IT governance tried to accomplish -- was never really a core issue. Consultants stuck with the old risk and control focus. IM can help to change this view.
3 -- It's the fuel that powers the engine - it's information that creates value.
Information as a production factor has seen growing importance for some years. But things are changing faster then ever. Realizing that true business benefits will be created by having the right information in the right place, the importance of cloud computing and outsourcing services has grown. Business and other stakeholders should be in focus.
In many organizations it was the IT department that controlled the use of data -- a world upside down! Information Management is the key to better Business/IT alignment. Due to the decoupling of information and the technology to process it, the information owners are the new chiefs. IT Governance needs to adapt this view and focus more consequently on the business benefits of I. Many organizations won’t produce software or run hardware any longer, so the ITG domain models need to change. This will allow ITG to become a more business oriented topic.
4 -- Storage cost will be one of the drivers for better IT Governance.
Whereas all typical IT costs have come down, the cost of storage in total is increasing. This is true for the HW cost, but even more for the data management cost: If management of data costs 10 times the HW cost, data management is becoming a factor that directly affects the bottom line and shareholder value. Eliminating stovepipes and building a data highway are key components of an information strategy and need to be supported by IT Governance. The optimized management of data will become one of the more important drivers for value delivery.
5 -- Measure, measure, measure.
One key lesson we’ve learned from implementing ITG also be applied to IM. Maturity models are very useful tools to implement IM/ITG and to measure the success of the implementation. However, monitoring is key. Measuring the right things means to measure not only the amount of concrete you transport to the construction site (typical KPI) but also measure what has been built (typical KGI = Key Goal Indicator). Use only a few indicators, but track them permanently and with persistence.
6 -- Forget “best practice," use “adapted” or “optimized” instead.
One of the biggest misunderstandings when talking about maturity levels is the widespread (or consultant driven) idea, that a higher maturity level means it’s better for your organization. This is nonsense, because the level to be achieved depends solely on your organization and the goals deduced from the business you’re in. So in certain domains, a level 2 maturity might more than enough, whereas in other domains a 3 can be minimum. This also means: Get rid of best practice thinking. A focus on optimized practice thinking enables you to create the maximum benefit for your organization. Challenge standards and frameworks and adapt them to your needs.
7 -- IM must be governed.
If information is put in the hands of the business, the educated and controlled handling of this vital resource is key to the success of the organization as a whole. So Information Governance -- the subset of IM which takes care of all the conformance aspects -- needs to be harmonized with the domain control objectives for this area.
Therefore, an information management strategy is key and life cycle management a must. Coordination and governance of data spread throughout the cloud is not an easy challenge. Relying on the over-potent search engine will fail, so better tackle the challenge now!
8 -- IT Governance 2.0.
The next generation of IT governance will move away from in-house, IT-shop centric controls and must focus on cloud computing, the lifecycle of data, social media and the integration of data from a dozen different sources.
Security, privacy and control will remain very important topics, so will cost issues and resource management. But because costs are more transparent and resources calculable, business IT alignment will be even more in focus. The significance of your internal IT shop is decreasing -- the governance and control aspects must be concentrated on delivering services and less on software development or things like disaster recovery and physical security. However, a slavish implementation of so called “best practice” standards will not support your business. Only optimized practice will empower your organization.
Also of interest...
8 reasons why information governance makes sense
8 things to consider when developing an information retention policy
8 Things You Need to Know About the CMIS Standard
As an IT consultant I am fully aware that IT management is struggling with whether social media is productive or obstructive for companies and their employees. Software is being developed and policy and restrictions are being decided everyday by IT managers. The security of company networks are at stake but the potential for innovation using social media is a large enough carrot for the discussion of how to properly utilize the medium continues. Palo Alto networks came up with a whitepaper, http://bit.ly/d2NZRp, which will explore the issues surrounding social media in the workplace. It is important to not only understand the immediate benefits of doing business how one lives, but the threat it presents to a company's greater ROI and productivity when it comes to the server's safety and security.
If your IT Department wants to block social media apps on the company network... http://bit.ly/d2NZRp and http://bit.ly/cR80Al
Posted by: Kelly Monroe | June 24, 2010 at 03:14 PM