Grasping governance | TahawulTech.com

In recent years, the concept of IT governance has garnered much interest due to the integral role IT plays in both commercial and public organisations. Pallavi Sharma discovers the challenges associated with IT governance and its adoption in the Middle East.

In an era where globalisation and competition dictate strategic initiatives, firms are using technology to develop, manage and exchange intangible assets such as information and knowledge with their stakeholders in a bid to gain a significant advantage.

Many believe that this dependency on IT opens organisations up to huge vulnerabilities associated with the abuse of intellectual property, fraud and cyber crime, which are inherently present in complex IT environments..

As organisations work to counter the risk that comes with the pervasiveness of IT, more attention is being paid to IT governance policies, which is believed to help mitigate risks while outlining best practices to enable operational efficiency and business growth.

IT professionals believe that in a dynamic and competitive business environment where firms spend a significant percentage of their revenues on IT to stay competitive, good IT governance is no longer nice to have but is a must have.

“Extracting greater value from IT is rarely a matter of just working harder or longer. Instead it requires development of new techniques for designing, implementing and involving different people in the IT decisions. High-level IT governance models are therefore being created and today IT governance is high
on the agenda in many organisations,” says Wissam Khoury, managing director, SunGard Financial Systems, Middle East.

He believes that in the face of an economy slowly recovering from a global debt crises, these policies become the very base of the business growth cycle. This is because organisations can no longer afford
to indulge IT as a mere cost centre, but must view IT investments in the overall business context, and understand how a particular investment could contribute to revenue generation and business success.

Decision makers point out that this alignment between business strategies and IT initiatives is the most crucial element of IT governance.

“All enterprises have IT governance, but enterprises with effective IT governance have actively designed a set of mechanisms that encourage desirable behaviour. This behaviour is defined as a set that is consistent with the organisation’s strategy, mission, norms, and culture,” says Bobby Gupta, vice-president and head, Mahindra Satyam, MENA.

Khoury explains that aligning IT strategies with business outlook involves three key elements. “Operational efficiency involves analysing how the existing IT set up contributes to the achievement of
business objectives. Operational innovation then focuses on reviewing or reengineering the IT infrastructure to enhance business processes and enable quicker and better results. Finally, operational compliance requires that organisations implement policies conforming with international regulations and reporting standards. This is because compliance with internationally recognised standards will enable decision makers within the organisation to analyse the current state the of operations in comparison to the desired state and thereby increase operational transparency across the board.”

Overlapping boundaries
IT professionals agree that one of the challenges with implementing IT governance is being able to describe it to non-IT personnel, who often confuse it with IT management. However, decision makers point out that the difference between the two is fundamental and distinguishable.

“Unlike management, IT governance is not about what specific decisions are made but rather the determination of who within the organisation is responsible for making decisions spanning disparate business units, who has input to a decision, and how these people are held accountable for their role,”
points out Vikram Suri, managing director for the Middle East and India at Sage Software.

Mahesh Vaidya, CEO, ISIT Middle East says, “The domain of IT management focuses on the effective and efficient supply of IT services and the management of day-today IT operations. On the other hand, IT governance is a broader canvas that centres on the contribution of IT operations to business performance and growth, while transforming and positioning IT to meet the future needs of the business.”

Dr. Angelika Plate, director of strategic security consulting, helpAG adds that IT governance provides guiding principles to the influencers and decision makers within the organisation on the, efficient and acceptable use of IT.

“Ensuring that organisations follow these principles will assist directors in balancing risks and encouraging opportunities arising from the use of IT. If applied correctly, IT governance will help directors to conform to given obligations (such as legal, regulatory or contractual requirements) and to ensure that the organisation’s IT is fit to support identified business goals,” she says.

Over the past few years several frameworks aimed to define, assess and improve internal controls of organisations have been brought out. These are aimed at assisting managers in the tasks of measuring and monitoring IT performance and effectiveness. Some examples of these frameworks include Information Technology Infrastructure Library (ITIL) principles, Information Security Management
Standards (ISMS), Control Objectives for Information and Technology (COBIT) among others.

Vaidya opines that IT governance frameworks are based on the ‘plan-do-checkact’ methodology. “IT governance begins with setting objectives and providing direction followed by implementing the planned
activities. Once the execution is completed, decision makers must measure and review the implementation to compare actual vs. planned results, and finally tweak the plan to correct any errors, fill any gaps or improve the process,” he says.

Industry experts point out that there isn’t much overlap across different frameworks. For instance, where COBIT details IT controls and metrics, ISMS covers IT security and ITIL emphasises processes, notably those surrounding the IT helpdesk.

Consultants agree that the best approach is to research the standards, review the needs and then move forward with the standard that is the best initial fit, and focus on areas that are of the greatest concern to all the stakeholders.

“All of the standards are huge undertakings and you are far better off to phase in various elements over time than to try and implement everything at once,” says Plate.

Gupta recommends an adopt and adapt approach. “Rather than select one approach, organisations would be wise to get an overview of the different frameworks and then work out a policy that blends the best practices to suit the needs of the organisation,” he says.

Help at hand
Experts largely agree on broadly defined principles that must form the very crux of an effective IT governance initiative.

Plate explains, “IT governance must ensure that individual business units and stakeholders understand and accept the need for these policies and go on to assigning specific roles and responsibilities in respect of both supply and demand of IT. This is followed by clearly outlining the business strategy to incorporate the current and future capabilities of IT, and then aligning these strategies with IT initiatives that are capable of satisfying the current and ongoing need of the organisation’s business strategy.”

According to Plate, in addition to the above, IT governance must also take into account the need and basis for IT acquisitions. These acquisitions must be made for valid reasons, on the basis of appropriate and
ongoing analysis, with clear and transparent decision making. “It is imperative that there is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term,” she adds.

Following this she recommends that senior management within the organisation outline the best use of these acquisitions by plugging them into spaces where they prove most beneficial. This must be supported
with measurement metrics and performance indicators to ensure that IT platforms are delivering the promised levels of serviceand quality to meet both present as well as future requirements.

Additionally, IT governance policies must be established keeping in mind mandatory regulations and best practices to minimise cost of errors or re-implementations. Finally, IT governance policies must demonstrate respect for human behaviour including the current and evolving needs of all the people
involved in the organisation.

When discussing the challenges associated with implementing a robust IT governance framework, vendors often point to lack of senior management commitment as being a major obstacle.

Khoury says, “Internal education is definitely a challenge and this has much to do with the organisation’s culture. Since IT governance requires more collaboration across IT and business operations, the challenge is often associated with convincing departments to share what is considered sensitive information about their internal success and performance with one another. This is an attitude that has to be corrected
from the senior management down. So the success of an IT governance policy depends on the commitment of top management to the need and execution of these frameworks.”

“Much like other aspects of IT, governance policies require constant monitority and day-to-day maintenance of standards defined by them. All of this also requires sign-off and support from top
management,” states Sage’s Suri.

IT professionals recommend that the best way to address this challenge is through investing in a pre-planned environmental assessment that proactively addresses issues relating to organisational culture, leadership and communication challenges. “IT governance and implementation must be integrated with the company’s corporate governance initiatives to strengthen top management involvement and commitment,” he adds.

Making waves
Despite this daunting challenge, industry analysts believe that organisations in the Middle East are making great strides in formulating and executing successful IT governance policies.

Suri says, “Organisations in the region are fast realising the need to adopt IT governance principles conforming to international standards. The BFSI and telecommunications sectors in the region
are leading this adoption fuelled by legal and audit requirements that are critical to their operations and long term success.”

Vaidya believes that although IT governance policies are quickly becoming an area of focus for CIOs in the region, there is room for more growth. “IT governance has been present in one form or another but in a more or less unstructured manner. The need to comply with regulations and laws for conducting business internationally combined with the push from companies operating in the governance space has contributed to the growth in adoption, albeit in bits and pieces.”

“Over the last few years, we have witnessed increasing numbers of organisations hiring consultants to help them emulate best practices to reduce costs and enhance efficiency,” says Gupta.

He predicts that technologies like cloud computing and mobility will only further necessitate the need for organisations to invest in IT governance policies to both monitor outsourced applications as well as control business operations across employees working on site and on field.

Vendors and industry stakeholders believe that the future is set to witness a spurt in IT governance policies across the globe. This will include policies centred on the monitoring and management of mobile
devices across the enterprise space and the integration and use of social media tools for business and cloud technologies. Clearly, one can now say where IT governance is concerned; this is just the tip of the iceberg.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

AI and advanced analytics drive sustainability and efficiency

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design

xCube launches the UAE’s first fully automated SLB service for retail investors

Pure introduces first external block storage for Azure VMware Solution

RUCKUS Networks launches AI-driven solutions for hospitality

Genetec announces availability of Security Center SaaS