Discussion: Understanding the Work of the IT Governance Board
In this final week of your internship, your rotation assignment takes you back to the Chief of Staff’s Office where you started out seven weeks ago.
Among other things, the Chief of Staff’s organization is responsible for organizing meetings and providing support to the various internal governance boards and executive committees that comprise the internal governance infrastructure. Last week, you had a brief introduction to the work of one of these boards the IT Governance board when you helped the Chief Financial Officer and CFO staff put together a briefing to inform the board’s members about a technology problem.
The work of the company’s governance boards and committees is extremely important since these groups plan, design, negotiate, implement and provide oversight for the processes, policies, procedures, and other mechanisms used to guide, monitor, control, and assess the operations of the company. Each board is comprised of executives who each represent their functional areas or a group of internal stakeholders.
Usually, there is a chair position that rotates among the members. If you would like to learn more about corporate governance in general, Deloitte’s report Developing an effective governance operating model: A guide for financial services boards and management teams provides a brief but comprehensive overview (see https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Financial-Services/dttl-fsi-US-FSI-Developinganeffectivegovernance-031913.pdf).
You may also find this article What is a management system?, from the International Standards Organization, helpful as it explains what a management system is and why standards are needed to define repeatable steps that organizations can use to ensure the effectiveness and efficiency of their management activities.
The IT Governance board operates under authority delegated by the corporate governance board. This board’s charter gives it responsibility for governance, risk management, and compliance management (GRC) for corporate IT processes, policies, and technologies. Members of the board each serve for a three year term. Of the 24 members, 8 have just begun their terms.
The IT Governance board focuses upon ensuring that the company achieves maximum value for each dollar spent on information technology capabilities. The board’s members must exercise due diligence to ensure that the company complies with laws and regulations that apply to the use of Information
Technology (including privacy and security requirements). The board is also charged with ensuring that the company complies with voluntary standards such as PCI-DSS since these have an impact on the company’s business operations.
The next meeting of the IT Governance board will include a set of orientation briefings for the new members.
Prepare for this orientation meeting by developing a short (5-minute) briefing on one of the following IT management / IT security management frameworks, standards, and models.
