Page 93 - DCAP307_PLANNING_AND_MANAGING_IT_INFRASTRUCTURE
P. 93

Unit 5: Corporate Governance and IT




          We would like to mention here that in order to help with this analysis; organisations like IBM  Notes
          have developed frameworks such as the IBM Resilience Maturity Assessment Framework, which
          deconstructs a client environment into six layers that include strategy, organisation, processes,
          technology, applications and data, and facilities.
          “A structured governance framework helps the entire organisation to work in a synchronised
          fashion towards the common goal of risk mitigation. It also enables uniform enforcement
          across the organisation by a CIO organisation. By adopting a structured framework, we can get
          good references and case studies and also assistance from the standards bodies.”

          5.3.3 Plans Falling Short?

          Here, we would like mention that risk mitigation plans at many organisations fall short simple
          because they are not comprehensive and fail to take into account the reach and range of all the
          risks that they face.
          This is also true because the nature of risks is quite diverse. While previously risks were thought
          of only in terms of technological glitches, the last year and a half showed us that it can be man-
          made, natural and even from internal sources. Therefore, it is never too late for an organisation
          to put together a risk mitigation plan. It can bank upon its past learning to build robust risk
          mitigation systems.
          Also, unless the structured governance framework is properly institutionalised, the solution
          could end up being incomplete and the results would only be visible when the organisation in
          question tried to recover from a disaster. Besides, the other aspect here is that if the risk mitigation
          strategy is not aligned with the organisation’s business goals then it would be bound to fail and
          would compromise the organisation’s as well as stakeholders’ value.

          It is, therefore, important to understand the business objectives and provide IT and infrastructure
          risk management and business resilience expertise, to assess a range of risks to the IT resources
          and assets on which business processes depend. The whole point here is that companies have to
          be alert in anticipating possible risks and be quick to learn from their mistakes as well as from
          those made by others.

          Self Assessment

          Fill in the blanks:
          6.  .................................... is basically a process to bring the level of risk to one that is acceptable
              and can be dealt with by an organisation.
          7.  A .................................... governance framework helps in achieving compliance by means of
              structured auditing and assessment of the risk mitigation processes.

          5.4 Need of Understanding IT Governance


          Since organisations are increasingly dependent on IT for their operations and profitability, the
          need for better accountability of technology-related decisions has become a key part of corporate
          governance, making IT governance a highly strategic subset of the overall enterprise governance.
          In the case of IT, governance – or the rules – links IT strategies to the overall enterprise goals and
          strategies. It also institutionalises best practices for planning, acquiring, implementing and
          monitoring IT performance; it manages the risks that IT poses to business and it ensures
          accountability of IT costs.






                                           LOVELY PROFESSIONAL UNIVERSITY                                   87
   88   89   90   91   92   93   94   95   96   97   98