By RV Raghu, Director of Versatilist Consulting India Pvt Ltd and Member of ISACA Emerging Trends Task Force
Not so long ago, someone said that every company was going to be a technology company. Then someone else followed up that comment with a more pungent quip that all companies are going to be software companies. Over the years, both of these statements have become true, and more so with the rise of SaaS, no-code development, DevOps, and other similar advancements that enable easy and rapid adoption of the latest technologies and more efficient.
Companies do all of this and more in operating expense (opex) mode without having to consider pesky things like ongoing support, ease of use, and obsolescence. Digital transformation has become so trendy that the global digital transformation market is expected to grow from $469.8 billion in 2020 to $1,009.8 billion by 2025, at a compound annual growth rate (CAGR ) by 16.5% over this period (Research & Markets, 2020), with research also indicating that more than 70% of companies are either engaging in digital transformation or are already on the path to transformation. But the widespread and rapid adoption of technology is not all rosy, with research also indicating that nearly 70% of digital transformation projects fail. Although there are a host of factors that contribute to this failure, in my opinion the main reason is poor governance.
Now, if you’re a governance professional in the field, I’m sure you sometimes feel like a deer in the headlights given how difficult and complex technology governance is and how difficult it is to properly solve the problem of bad governance and deciding where to focus efforts.
Here are five things I recommend you prioritize to have the biggest impact on governance this year.
1. Align technology and business
Ensuring alignment between technology and business will be key. This requires a clear and well-articulated strategy on both the business side and the technology side. Alignment is key, especially when technology is no longer just a support tool for businesses, but the way the business itself is conducted. Alignment is not one-size-fits-all and requires ongoing attention. A key aspect of ensuring this ongoing alignment is ensuring that all stakeholders are on the same page when it comes to managing related risks. Technology risk management effectively supports alignment and ensures ongoing funding for technology initiatives, which is also critical to continued success.
2. Closing the skills gap
Another important element of technology governance is understanding and managing the skills gap that exists, which can single-handedly derail your initiatives. While companies would do well to take a multi-pronged approach to managing the skills gap, it’s also important for you as a governance professional to take the initiative to better equip yourself. With regard to technology, companies should put in place programs to retrain/upskill existing staff in addition to seeking outside help, including through education and credentials. ISACA’s CGEIT certification is a great resource that can arm you as a professional with best practices, tools, and even a helpful peer group, in your technology governance journey. In addition to CGEIT, ISACA offers several certificates related to emerging technologies such as IoT and cloud, which can also contribute greatly to the success of digital transformation efforts while keeping your team’s skills in step with the evolution of technology.
3. Manage Tech Debt
No company is doing a clean slate when it comes to technology. This means that to have successful technology governance, it is imperative not only to manage all existing technologies, but also to include a roadmap for the future of the existing technology. It is important to understand the interfaces between the new and the old, as this is where risks and threats abound. Often, the focus on new and shiny technology leads companies to ignore the risks and threats associated with existing technology, which affects ongoing performance.
4. Leverage frameworks and best practices
A key aspect of effective governance is ensuring uniformity, repeatability, and consistency of what is governed, whether business or IT processes. This may seem counterintuitive, especially when it comes to some of the cutting edge technologies, such as IoT or quantum computing, where best practices and frameworks evolve with the technology itself. But without underlying frameworks and best practices, it may not be possible to implement the technology in a robust way, which in itself may be a failure. Frameworks such as COBIT or ISACA’s Capability Maturity Model Integration (CMMI) can also be adopted for the governance aspect itself, as they can provide useful guidelines, tools and techniques for driving effective governance and putting implement practices for effective IT implementation and success.
5. Focus on cybersecurity
From my perspective, cybersecurity is another key area of focus for governance professionals and critical to the successful use of technology. While the position and relative importance of cybersecurity on this list may be debatable, its criticality is not. Cybersecurity, or lack thereof, is expected to be a $10+ trillion business by 2025, which means governance professionals would do well to pay attention to it without fail. Effective cybersecurity will require, among other things, having a seat at the table and buy-in from all stakeholders involved. To do this, the governance professional must communicate with each stakeholder in a language they understand while educating the board about the importance of cybersecurity and how they can be an effective partner in helping the company to adopt the right cybersecurity posture. This will go a long way to ensuring effective operational cybersecurity, which is essential not only from a pure technological standpoint, but also necessary for the continued delivery of value from IT to the business.
As a governance professional, focusing on these key priorities will go a long way to strengthening governance as well as building skilled teams and advancing technology and business goals.
If you have an interesting article / experience / case study to share, please contact us at [email protected]