IT governance
Executive summary
IT governance is a significant aspect that needs to be taken into consideration in any organization. With the rise of information systems use and the need to have automation of many business processes, there is a need to ensure that there is better management of IT processes. Also, there is a need to ensure that the IT processes optimize the functioning of the business within an organization. Security is a significant aspect of IT. It is for this reason that there is a need to have a structure and framework that will be used to manage the security and privacy of organizational data and information. There are frameworks that have been developed in order to guide and ensure that data security is assured within organizations. This research study will focus on assessing the governance structure for privacy for Biocon Company, which deals with data management. The company is a research entity that handles voluminous data that is being processed in the servers every day. One maturity level that needs to be addressed in Biocon Company Ltd., is that of governance maturity level (Al Omari, Barnes, & Pitman, 2012). There is a lack of sufficient maturity for the IT component in the organization. The company has not reached a level where It and business executives can discuss a strategy that can be used in order to attain goals and Biocon Company Ltd. Active together. It is important to understand the issues and the strategies that are required in order to achieve the desirable results within the organization. Although there is formal business strategy meetings, there is a lack of focus on IT budget and having IT alignment and strategy meetings. IT is thought to be a support function and not a core function where competitive advantage can be drawn.
Introduction
Information security is an important issue that needs to be taken into consideration in any organization. With the heavy reliance of information systems to process information, organizations are now shifting their strategies to managing the IT component. In the quest to have this change/shift, there is a need to understand the management and the governance within the organization. It is one of the maturity levels that needs to be worked on in order to have better understanding of the strategy that is to be implemented. In the sections that will follow, there will be the definition of the various aspects of Biocon Ltd., in order to achieve a good alignment with the Biocon Company Ltd. Active. One problem that is evident with the Biocon Ltd., is that there is a lack of separation between IT governance and management. The entire management function is not differentiated with the IT governance aspect. Most of the management decisions are done and managed by the executive management of Biocon Company (Alramahi, Barakat, & Haddad, 2014).
- Audience and Purpose
This paper is aimed at IT directors and manager. It is also intended for senior executives who will want to tap the competitive advantage of IT component to gain an edge over the competition. The document is also intended to be a reference for unit managers and leaders who want to tap the use of information technology to manage their business processes.
The paper serves the purpose of assessing the requirements of IT component and the need to optimize IT operations for Biocon Company Ltd. It is used to enhance the management and enhancement of IT component for Biocon Company Ltd.
2. Organizational context
Data interaction and models that exist in a given system are a significant development that should be included in data architecture description. The contextual data architecture process of the data in Biocon Company Ltd., is that there are different domains that the data is accessed. These various points form pivotal points in which the data will interact with the system. In the Sales and Service business cases, there are different data domains that are stored. There is data about the retails sales. It is the data domain that holds the data about the different transactions and sales. The data in this case will be used to hold information about the various vendors that supply the goods. There is also information about the data that hold the customer transactions. There is also data describing the e-commerce model. It helps to understand the e-commerce process and model for the data that are being handled and processed. The e-commerce data domain is a crucial data segment that is to be managed because of the security issues that come with the data. Membership sales are essential information in the data domain. The membership information is about the customers that make purchases in Biocon Company Ltd., There are also the issues about the services that are offered in Biocon Company Ltd. The customer services are included in this domain. There is a need to ensure that there is a better understanding of the processes and instances where the data will interact. There is also the marketing data domain. It is where the data about the marketing is included in the data architecture. All this information is available in the tables (Costa, 2011).
The business model of the data in this case is enterprise architecture of the data. It is essential to understand the requirements of the different enterprise segments and the data that are processed in these segments.
The physical data for Biocon Company Ltd., include the messages and the data format that is currently being used. The data is stored in records. The records are the different entries that are entered in the database tables. Most of the fields in the data stored are composite where the data will have different data combination in the process. There are many data points that are siloed in the company. There is a need to understand the way in which the data are organized within the organization. This arrangement calls for Biocon Company Ltd., to have a way in which the data can be organized in order to understand the way the data is organized. It is crucial to understand the requirements and have ways in which this will be achieved (De Haes, & Van Grembergen, 2012).
3. Assessment of IT governance maturity levels
There are four stages in the maturity of the enterprise architecture of any organization. These are the business silos, standardized technology, optimized core, and business modularity. The business silos is where technology is invested and integrated to an entity independently.
The current company is in the standardized stage of the standardized core in IT operations and management. The company has integrated in their systems IT components that help in the management and enhancement of business processes. They have invested in technology that is used to manage and process data. There are up-to date systems and database systems that are used to manage the research data that is being corrected. The database is connected to the information systems that are in use in the company.
The company is in transition to optimized core. It is common in the way they are trying to capture research data through the use of smart devices. There is no longer the collection of data using papers. Everything is being done in order to ensure that there is better management and enhancement of the data collection process. The processing and cleaning of data is being optimized in the entire process.
IT and business are now being integrated with the hope that they will serve and work together effectively. There should be a model and framework that can be used in the integration process between the governance of IT side and that of the business side. Although it has been stated that the integration should start with the business side and then to IT/IS side, there is a need to have governance of the enterprise architecture done in parallel. There are technical requirements that are needed to be assessed from the IT/ARE side. The two governance approaches cannot use the same framework and model (Bartens et al., 2014).
There is an aspect of enterprise architecture (EA) and the relation it has with e-commerce. It has been stated that EA can adopt EA governance. I still insist that there be a need to have a different model that will suit different scenarios. E-commerce is more of the business than technical. There is a need to have some consideration like security and how data sharing will be undertaken. They should be incorporated in the e-commerce model.
4. Rationale for IT governance management practice
For the steps that I have indicated to go through, the commitment of the senior management is paramount. This commitment must be communicated through the management of each department of and coordinated through the efforts of the committees that will be set to execute the recommendations hereof. The committee will see to it that the strategy plan which has been suggested here is turned to reality. The first challenge was to come up with an effective framework for information technology investment for effective decision making. The investment approach is in Appendix B. I have also suggested that the projects that will be performed will be categorized into three. These categories include Corporate IT driven, Department driven jointly with the company’s IT department and Department driven with a third party. The IT department will develop a set of key milestones that must be achieved.This achievement is meant for meaningful tracking and reporting of the programs in each of the three categories that have been stated and clearly defined (Bünten et al., 2014).
Among the milestones that must be achieved will be that there is a need for the development of an overall Enterprise Architecture (EA). The EA approach takes a whole and complete view of the data architecture, application architecture and technology architecture. The process of designing an IT service delivery must include important consideration of Nextel/Sprint EA as a base for the IT strategy to be realized.
Context of IT strategy
In the past, and even currently, information technology was acquired in response to the requirements that are needed at that time and are related to the corporate or departmental initiatives. Sometimes these initiatives were carried at different times and locations; they were independent of each other. It resulted in duplication of data, systems and IT infrastructure. Redundancy was unavoidable because there was poor execution of this strategy (Ferguson, Green, Vaswani, & Wu, 2013).
The planning of information technology requirements did not look beyond the requirements that could be required in the next business planning cycle. The planning is performed basing on the perspective of an individual departmental organization. There were synergistic opportunities for sharing data and technology which were skipped due to this poor approach to planning.
5. Content of the key output of the structure
The purpose of IT strategy in any organization is to come up with a roadmap that will chart the course for the company for a period. The content output is found in Appendix C. In the process of charting this roadmap, the long-term vision of Biocon Company Ltd., must be taken into consideration and there must be considerations to be made which will assist in the accomplishments of the said goals. The strategy should also be a in such a way that there is delineation of the directions by use of a set of programs and project activities; this will help the regional departments of Biocon Company Ltd., to achieve the broader goals and oBiocon Company Ltd.,active (Hagmann, 2013).
The achievement of IT strategy will lie in the company’s decision-making process. These decisions are associated with costs and benefits. The IT strategies should be within the constraints of the fiscal realities of the company. The strategy was also built for the purpose of building a consensus with the stakeholders.
The IT strategy is also about leveraging the resources of the company so the projects and programs which have been identified will be accomplished. The strategy will involve the adoption of an IT service delivery. The strategy will ensure that the resources of the company with the people in the company are optimized by delineation of roles and responsibilities, project partnership and effective decision making.
The last use of this strategy is to enable the stakeholders to look further into the horizon in anticipation of technological changes that can be used and tapped for keeping Biocon Company Ltd., competitive.
6. Approach to be taken
The approach that will be taken will be to use COBIT framework to integrate and assess management and governance together. One of the guiding frameworks that will be used in the development of the solution to the problem of Biocon Company Ltd., is the separation of management and governance. There is a need to have management giving support to the IT security governance. The decisions that are made should come through the use of IT governance. There should be a differentiation between the two practices. COBIT framework has defined the practices and the principles that are observed by the two aspects of management. With Biocon Company Ltd., there is a need to have a team that will look into the IT component. The team should be technical and should understand the business and the IT aspect of the organization (Hovenga, & Grain, 2013).
Differentiating data governance and management
Data governance is an emerging discipline which has been argued about by many professionals. The discipline encompasses a convergence of quality of data, management of data, business process management, and management of risks that surround the handling of data in any organization. It is through the use of data governance that organization gets a chance to exercise control over the business process and methods that are used by the stewards that handle data (Kooper, Maes, & Lindgreen, 2011).
Data governance is a collection of processes that ensures that important and confidential data are managed in a formal way throughout the enterprise. This process ensures that the integrity of data is assured and that people can trust data at any stage of handling the data. For this to be achieved, people are held accountable for the management of the organization data and that they make sure that the quality of data is always high. It is also making sure that people are given the responsibilities of fixing and preventing data issues whenever these issues arise. This way, data is always efficient. It is about using technology, empowering people on the importance and the techniques that are required for the data to be managed efficiently (Mangalaraj, Singh, & Taneja, 2014). When companies desire to have a total control of their data, they have to empower their people and employ the right technologies so that this is tenable.
Data governance is as a result of bodies that are pushing for good data governance structures. Examples of this regulation include Sarbanes-Oxley, Basel I, Base II and HIPAA. There are also private data privacy organizations that have been set up to look into the implementation of data governance practices.
Timeline for completion
The implementation of data governance will vary depending on the scope and the origin. I have attached the requirements for Biotcon Company. It is represented in Appendix A. Sometimes an executive will initiate the mandate to start managing the data, sometimes it is the initiative of the management council. It depends with the degree of receptiveness of new procedures within the organization. In all aspects, data governance is one of the practices from the COBIT framework that will help in the management of the strategy that has been identified (Moeller, 2013).
Goals of data governance
The main goals that are required to be achieved for any company and organization seeking to gain control of their data include increasing the consistency and confidence in decision making. There is also the reduction of fines that arise from regulations, data security improvement, increasing the potential of income from the data, defining accountability for assuring information quality. The implementation of data governance programs and initiatives ensure that this is achieved (Novotny, Bernroider, & Koch, 2012).
Organizations are coming up with data governance frameworks so that they will use it to measure and monitor conformance to expectations of business data, along together with the protocols for documentation, reaction to data quality. The issue of severity is dealt with accordingly. The act of making sure that the policies that surround data governance are updated everyday policy by policy is called operational data governance.
The guiding principles
For any strategy to succeed there must be guiding principles that are often overarching, and extend beyond the horizon of the strategic plan. The guiding principles that seem fit for this cause include:
- Customer-centric services. This principle entails designing and delivering services that are geared for the satisfaction of the customer. It forms the primary reason for the existence of Biocon Company Ltd
- Support Biocon Company Ltd., business needs. The purpose of the It function in any organization is to ensure that the operations of the operating departments are achieved smoothly and also ensure efficient service delivery. There must be close cooperation with the business units when there are planning, development and application support.
- Integration of IT applications. The purpose of this is to integrate technology, information and data sharing so that business-driven initiatives are enabled. The accuracy and service quality is also assured with this.
- Strategic IT investment. Strategic investment means that sound investment decisions with business cases which are sound and the support of optimization of cross-department interests. There is also the reuse of existing systems and applications being encouraged. It will ensure that the untapped potential in the existing systems are properly used so that the company will not be in a hurry to adopt new systems to satisfy their quest for new systems. The return on investment (ROI) on the systems that are already installed should be realized before shifting to new systems (Radovanovic, Lucic, Radojevic, & Sarac, 2011).
- Collaboration and cooperation. The achievement of collaboration within the various departments of the company is one of the most effective ways to align corporate IT perspective and the departmental perspectives. The achievement of this will make sure that the multiple skills and talents throughout Biocon Company Ltd., will be taken full advantage of. The use of these talents will be achieved through the collaborative nature if the IT systems in place (Seiler et al., 2012).
- Alignment with the vision and government jurisdiction. The company must ensure that the goals that have been set should be well aligned with the strategies that are in place. The principles that have been thus defined ensure that the IT strategy is an integral component of the company’s long-term vision.
- Secure and responsible information management. With the current trends of attacks in computer systems, there have been legislation that have been put in place to ensure that data integrity is always assured. The government has come in rescue to make sure that information and systems are not compromised. Information management must be made to comply with the requirements of the government.
Conclusion
Management and IT governance are two separate functions that should be handled differently. Most senior executives have ignored the IT governance and do not give the IT governance team to have their say in the management of the IT function. For the IT function to be as strategic and as successful as possible, there is a need to differentiate the two and understand the roles they play.
References
Al Omari, L., Barnes, P. H., & Pitman, G. (2012, December). Optimising COBIT 5 for IT governance: examples from the public sector. In Proceedings of the ATISR 2012: 2nd International Conference on Applied and Theoretical Information Systems Research (2nd. ATISR2012). Academy of Taiwan Information Systems Research.
Alramahi, N. M., Barakat, A. I., & Haddad, H. (2014). Information Technology Governance Control Level in Jordanian Banks Using: Control Objectives for Information and Related Technology (COBIT 5). European Journal of Business and Management, 6(5), 194-206.
Bartens, Y., De Haes, S., Eggert, L., Heilig, L., Maes, K., Schulte, F., & Voß, S. (2014). A Visualization Approach for Reducing the Perceived Complexity of COBIT 5. In Advancing the Impact of Design Science: Moving from Theory to Practice (pp. 403-407). Springer International Publishing.
Bünten, S., Joshi, A., De Haes, S., & Van Grembergen, W. (2014). Understanding the Association between IT Governance Maturity and IT Governance Disclosure. International Journal of IT/Business Alignment and Governance (IJITBAG), 5(1), 16-33.
Costa, J. F. M. (2011). Data driven decision support systems as a critical success factor for IT-Governance: an application in the financial sector.
De Haes, S., & Van Grembergen, W. (2012). An Academic Exploration into the Core Principles and Building Blocks of COBIT 5. International Journal of IT/Business Alignment and Governance (IJITBAG), 3(2), 51-63.
Ferguson, C., Green, P., Vaswani, R., & Wu, G. H. (2013). Determinants of effective information technology governance. International Journal of Auditing,17(1), 75-99.
Hagmann, J. (2013). Information governance–beyond the buzz. Records Management Journal, 23(3), 228-240.
Hovenga, E. J. S., & Grain, H. (2013). Data Governance Frameworks and Change Management. Health Information Governance in a Digital Environment,193, 108.
Kooper, M. N., Maes, R., & Lindgreen, E. E. O. (2011). On the governance of information: Introducing a new concept of governance to support the management of information. International Journal of Information Management,31(3), 195-200.
Mangalaraj, G., Singh, A., & Taneja, A. (2014). IT Governance Frameworks and COBIT-A Literature Review.
Moeller, R. R. (2013). Executive's guide to IT governance: improving systems processes with service management, COBIT, and ITIL. John Wiley & Sons.
Novotny, A., Bernroider, E. W., & Koch, S. (2012). Dimensions and Operationalization’s of IT Governance: A Literature Review and Meta-Case Study.
Radovanovic, D., Lucic, D., Radojevic, T., & Sarac, M. (2011, May). Information technology governance—COBIT model. In MIPRO, 2011 Proceedings of the 34th International Convention (pp. 1426-1429). IEEE.
Seiler, M. F., Landy, D. B., Alexander, A., Clark, T., Nelson, D., Olds, S., & Spurlock, E. (2012). Governance of Education Data Security in Kentucky. Legislative Research Commission.
Appendix A: User requirements for Biocon Company
(Reference: Ferguson, Green, Vaswani, & Wu, 013)
Appendix B: IT investment approach
(Reference: Mangalaraj, Singh, & Taneja, 2014)
Appendix C: Overview of the key output
- Executive summary
- Purpose and scope
- Organizational context
- Rationale for IT governance practice
- Content of the governance output
- Approach to be taken
- Conclusion