IT governance is often seen as a grudge endeavour, something businesses need to do in order to meet their regulatory compliance objectives. It is typically challenging to achieve, which adds to the resentment around it.
By Simeon Tassev, MD and qualified security assessor at Galix
This multi-faceted business imperative incorporates many areas, including IT and cybersecurity, payments and online transactions, data management and more. However, what businesses need to take cognisance of is the fact that effective IT governance means reduced risk in a number of areas, which in turn improves continuity and ultimately results in a more successful and profitable business as a whole.
IT governance is all about transparency and proving that the organisation has done everything it can to ensure that risks in all aspects of IT have been minimised. Here, security is often one of the biggest challenges, especially around cybercrime, since the threat is constantly evolving.
Preventing a cyberattack may not be possible given the rapidly changing nature of malware, but it is still essential to have the most up to date and comprehensive security available. Organisations also need to have processes in place to mitigate threats from breaches and deal with any attacks that breach their perimeter.
Cybersecurity strategy must be reviewed frequently to ensure that it remains relevant and covers all of the bases.
Hand in hand with cyber security, online payments also pose challenges for IT governance. With the rise of cryptocurrencies this is particularly difficult, since the very nature of cryptocurrencies resists governance. The entire process is anonymous, so there is no transparency.
In order to ensure governance, businesses need to know who their customers are and who is paying for a service. All payments must be auditable and accountable. It is essential to therefore have strict rules and processes in place to ensure governance around payments, especially when cryptocurrencies are involved.
Regulatory technology (Regtech) can be greatly beneficial in assisting IT governance, as part and parcel of the governance process is the ability to measure processes, procedures and policies.
Regtech essentially allows organisations to log data, analysing and assisting with audits, thereby enabling quick incident management, response and security monitoring. This not only aids governance, it can be an essential tool in the ongoing struggle against cyberattacks.
There are also frameworks available to assist with achieving governance, including King IV and COBIT (Control Objectives for Information and Related Technologies). COBIT specifies several information related processes that need to be put into place. This includes application development, monitoring, IT strategy and others, as well as IT service management. In addition, ITIL (Information Technology Infrastructure Library) is useful to aid organisations to improve processes.
The definition of “rigorous” IT governance differs according to the organisation and its requirements. However, there are certain must-haves and one of those is cybersecurity. Risk is the enemy of business continuity and profitability. Once effective IT governance frameworks and controls are in place, organisations benefit from minimising their risk exposure, and thereby improving business continuity and services.