Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

7 IT governance mistakes — and how to avoid them

Everybody makes mistakes, but when a CIO messes up, the consequences can be devastating to the instigator, as well as the entire IT department and enterprise.

IT governance should be well-defined, clearly understood, and led by principles that reflect your organization’s mission, vision, and strategy, advises Donna Bales, principal research director at Info-Tech Research Group. “Good governance should delegate and empower individuals to deliver to defined outcomes that support organizational direction.”

Still, despite CIOs’ best efforts, there are an almost endless number of IT governance pitfalls. It’s particularly important to keep an eye peeled for the following seven common mistakes that can bite even that most careful IT leader.

1. Not keeping pace with evolving business priorities

Business practices and priorities shift frequently to accommodate emerging technologies, customer expectations, and product and service delivery demands. “It’s critical that governance changes in tandem to stay aligned and effective,” Bales warns. “Organizations often fail to recognize this [need] and rarely want to change governance once it’s in place.”

Governance should be designed with adaptability in mind to ensure IT remains in alignment with business objectives, continually providing value while effectively safeguarding the organization against potential risks, Bales says. “Effective governance ensures that the right technology investments are made at the right time to support organizational change and enable successful business outcomes,” she adds.

Governance should be part of your organization’s DNA — central to its being yet unique to your organization, Bales says. “Your governance structure should be dynamic and [designed to] identify triggers that may evoke a revision, and its effectiveness should be constantly measured so that it remains relevant.”

2. Poor risk planning

CIOs frequently launch strategic initiatives without fully considering all the risks involved. “This leads to adding governance as an afterthought instead of using a governance methodology as an integral part of a risk management program,” says Scott Perry, principal for crypto and digital trust services at Schellman, a global cybersecurity assessor. “By that time, governance structures are rushed and risk mitigation measures lose their effectiveness.”

All too often, critical initiatives are pushed through by CIOs without fully understanding whether the system will be able to meet its strategic objectives. “This can create risks, such as technical vulnerabilities, uptime constraints, improper continuity, and customer rejection,” Perry cautions. Properly identifying these risks early in the process, and addressing them with an organized risk mitigation process as part of an overall governance program, is essential for strategic initiative success.

Perry suggests instituting an oversight program that includes risk assessment, governance requirements established to mitigate controllable risks, and internal and external audit programs to measure the effectiveness of governance requirement conformance. He also recommends conducting a residual risk evaluation to determine any remaining risk exposures, as well as a program feedback loop.

3. Insufficient operational visibility

While most CIOs have already created a complete and detailed governance plan, many IT leaders lack the operational visibility necessary to assess their organization’s acceptance and practice of specific governance policies and mandates. Although many CIOs believe that all enterprise leaders have easy access to and understand IT governance policies, they really don’t, says Azadeh Dardras, Edge Center of Excellence director for business and IT consulting firm Capgemini Americas.

In many cases, the IT organization works in isolation, Dardras says. “If you don’t understand the context and results of your governance decisions, then your policy can have a negative effect on the business,” she warns. If IT governance doesn’t reach and involve all essential stakeholders, particularly team members working within the enterprise’s business segments, key decisions might be made without full and proper consideration. “This can seriously impact the affected teams’ work and, ultimately, the business as a whole,” Dardras notes.

4. Failing to fully align IT governance with enterprise governance

IT leaders frequently strive to complete projects as quickly as possible to meet a particular business need. “In doing so, they may not properly involve their company’s governance teams, such as legal, compliance, and information risk management,” cautions Brian Mannion, chief legal and data protection officer at insights and data management platform provider Aware.

To prevent a potential governance misalignment, CIOs should encourage their IT representatives to routinely partner with their enterprise governance counterparts. At a tactical level, IT and enterprise governance teams should regularly educate each other on new tools, as well as new and enhanced features designed for existing tools. The teams should also propose and coordinate potential solutions to identified risks.

A standard set of minimum controls should be identified and agreed on, Mannion suggests. “Finally, [enterprise] governance teams must have sufficient and technology-focused staffing to support IT,” he says.

5. Using past methods to measure future progress

Many enterprises continue to base their IT governance on cost and performance service level agreement (SLA) metrics. Unfortunately, these metrics tend to be lagging indicators.

IT governance should focus on leading indicators and reflect the investments and spends of tomorrow, suggests Prashant Kelker, partner for digital strategy and solutions with global technology research and advisory firm ISG. A leading indicator is a predictive measurement. Leading indicators include revenue growth, revenue per client, profit margin, client retention rate, and customer satisfaction.

6. Treating data like a waste product

It’s no secret that data has become a highly prized asset. For many information-driven enterprises, data is their most valuable asset. Still, a surprising number of organizations continue to treat data as if it were nothing more than a waste product, alleges Chethan Laxman, digital transformation executive at Apexon, a Silicon Valley digital engineering professional services firm.

As data increasingly guides decision-making, and digital innovations automate more business processes, data value and integrity become more important. “All organizations, regardless of size or sector, need to shift from viewing data as an inconvenient cost center to an asset that’s reliable, accessible, secure, and usable,” Laxman says. “Having invested in data and analytics, business and IT leaders now urgently need to ensure good governance in order to meet their goals of operational efficiency, increased growth, and improved customer experience.”

7. Overlooking insider threats

The remote/hybrid work environment — combined with record-high employee turnover — has made insider threats a huge risk to organizations of all types and sizes.

While all types of insider threats are potentially harmful, malicious workers and inside agents partnering with external attackers can be particularly damaging. “In fact, companies spend an average of $644,852 on each insider incident,” notes Kris Lahiri, CSO at content security and governance platform provider Egnyte.

Lahiri suggests taking a holistic approach to IT governance that includes prioritizing data security, implementing network security best practices, and maximizing user cyber-education. He says that it’s also important to have deep visibility into both structured and unstructured data in order to build an effective content governance program. “If you can’t see the data, then you can’t properly govern it,” Lahiri says.

Lahiri also recommends centralizing data views to understand what content is being accessed, and by whom. “This will enable the organization to detect malicious activity by recognizing commonplace user behavior and patterns.”

IT Governance


Read More from This Article: 7 IT governance mistakes — and how to avoid them
Source: News

Category: NewsJune 21, 2022
Tags: art

Post navigation

PreviousPrevious post:CIO Leadership Live with CIO Neville Richardson of GallagherNextNext post:FAQ 1024

Related posts

Start small, think big: Scaling AI with confidence
May 9, 2025
CDO and CAIO roles might have a built-in expiration date
May 9, 2025
What CIOs can do to convert AI hype into tangible business outcomes
May 9, 2025
IT Procurement Trends Every CIO Should Watch in 2025
May 9, 2025
‘서둘러 짠 코드가 빚으로 돌아올 때’··· 기술 부채 해결 팁 6가지
May 9, 2025
2025 CIO 현황 보고서 발표··· “CIO, 전략적 AI 조율가로 부상”
May 9, 2025
Recent Posts
  • Start small, think big: Scaling AI with confidence
  • CDO and CAIO roles might have a built-in expiration date
  • What CIOs can do to convert AI hype into tangible business outcomes
  • IT Procurement Trends Every CIO Should Watch in 2025
  • ‘서둘러 짠 코드가 빚으로 돌아올 때’··· 기술 부채 해결 팁 6가지
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.