// IT GOVERNANCE

Purpose

IT is highlighted when applied to an Optimized Process.

Most organizations use IT as a fundamental business tool and few can operate effectively without it. IT is also an important factor in the future business plans of many organizations. Organizations that use IT as a fundamental business tool are called IT – Enabled.

IT expenditures can represent a significant percentage of an organization’s spending on technical resources and personnel. However, the return on this investment is often not fully realised, the adverse effects can be significant and the causes of the failure to make good use of resources are often not easy to identify.

Although there are many internationally recognized standards for the governance of aspects of IT, we adopt ISO/IEC 38500:2015 which provides principles, definitions and a model for good IT governance to help those at the highest level of management in organizations to understand and fulfill their legal, regulatory and ethical obligations regarding the use of IT to serve the purposes of their organizations.

The IT governance model is aligned with the definition of corporate governance published as the Commission’s Report on the Financial Aspects of Corporate Governance (the Cadbury Report) in 1992. The Cadbury Report also provided the fundamental definition of corporate governance as formulated by the OECD in 1999 and revised in 2004. Governance is different from management and to avoid confusion, the two concepts are defined in this International Standard and elaborated in ISO/IEC TR 38502.

This International Standard, in addition to providing broad guidance on the role of a governing body, encourages organizations to use appropriate standards to support more specific aspects of IT such as Information Security Management through ISO/IEC 27001:2013 or ISO 27701:2019 on Privacy from Processing of Personal Data.

 

The main concern of the IT Department function is to work constructively with the IT team in order to be able to deal effectively with both day-to-day operations and the constant changes towards the future.

 

The selection of optimal solutions is often achieved through a process of careful evaluation of the available options even in a crisis situation.

 

Establishment of an annual strategy

The preparation of the annual IT strategy captures in a functional document the annual objectives for the improvement and evolution of the IT function.

It includes practical objectives related to, amongst others, IT cost control, risk management, security improvement, productivity development and adaptation to new conditions.

The strategy should encourage proposals for innovative uses of IT that enable the organisation to respond to new opportunities or challenges, take on new business or improve existing processes.

 

Preparation

As part of the establishment of the annual strategy, the following shall be evaluated without limitation

– Τhe current and future requirements of the organisation

– Technological developments that may have a positive impact on the efficiency and cost of IT operations

– Suggestions for improvement to address issues that have arisen in previous periods

– Issues of alignment with stakeholder requirements

– Market research activities as well as scientific research on the adoption of solutions and best practices taking into account emerging trends.

Approval

Only approved proposals are reflected in the Annual Strategy form in the form of the “Approved IT Strategy for the year XXXX”

Monitoring good execution

The management entities should monitor the progress of the implementation of the approved strategy to ensure that it achieves the objectives within the required timeframes, using the required resources.

Establishment of the annual budget

The annual budget is based on real offers received from approved suppliers with whom the organisation works or intends to work.

Even in cases where available funds may not be sufficient to achieve a complete plan, good collaboration between Strategy and Budget is intended to leverage each step in a way that brings us closer to the desired goal.

The budget is usually structured as follows :

Regular budget

The regular budget is used to track all approved IT expenditure. It includes without limitation the following categories:

– Subscriptions to communications services

– Subscriptions for Domain Name Registration and certificates

– Subscriptions to Internet services

– Maintenance and support contract values

Investment budget

The investment budget is used to monitor all expenditure on approved IT projects. It includes without limitation the following categories:

– Supplies of new systems

– New system installations: new systems; configuration services

– Software development services

– Consulting services

Budget execution

The execution of the approved budget is implemented in cooperation with the management in order to take into account the cash flow and the availability of the required funds.

Project management

The management of the Approved Projects through which the Approved Strategy is executed follows the PMBOK® (Project Management Body) guide. The Project Management Body of Knowledge (PMBOK) is a document that contains standard terminology, best practices and process guidelines related to project management as defined by the Project Management Institute (PMI – pmi.org ). The standard is very comprehensive, can be applied to organizations of any size and provides the subject matter to consider when asked to apply it.

Not all of the standard is applicable either in scope or depth. However, the standard helps the practitioner not to forget those issues that will be considered critical for each application. These issues are organised in the following sections:

  1. Start: These are processes that initiate the start of a new project, such as identifying a need, addressing a concern, or obtaining authorization.
  1. Planning: these are processes that define the initial project proposal, such as narrowing the scope, communicating objectives, and defining the plan.
  1. Execution: These are the processes that are completed to implement the project. They include, among others, analysis into individual actions, assignment of responsibilities, setting deadlines.
  1. Monitoring and control: These are the procedures performed to monitor the progress of the project, making changes and extending deadlines as needed.
  1. Closure: These are the procedures that check and finalize qualitatively and quantitatively all the work completed and authorize use.

Change management

The purpose of effective change management in the form of mapped plans is to transition to new situations without interrupting the day-to-day operation of the business. Even in the event that an operation has to be interrupted, this must be done in a controlled manner and within predefined timeframes to ensure business continuity.

Resolution of issues

This module is interested in the effective application of IT in the daily life of a business, requires close cooperation with the Help Desk and includes among others:

– The analysis of security issues.

– The analysis of the source of recurring issues.

– Working with the organization’s staff to address the source of recurring issues

– The investigation and evaluation of technical issues of interest