IT service management enables better IT governance {writer: Jayen Vyravene}

As a direct result of the recent release of the King Report on Governance for South Africa, more commonly known as King III, the spotlight has become firmly fixed on information technology (IT) governance and, as a result, on IT service management (ITSM), which is a prerequisite for organisations to meet the requirements of King III.

Whether an organisation provides services externally as its core business or IT forms part of internal services, ITSM acts as an enabler for King III, which requires the IT department to transform into a service management department.

In order to achieve this, there are many standards and guidelines such as the IT Infrastructure Library certification (ITIL) and ISO 20000, which act as guiding principles to help IT departments become oriented toward service support and delivery.

One thing that many organisations do not consider, is that at the end of the day, IT governance is corporate governance.

IT has been separated from the overall business for too long, operating in a silo and supplying technology to keep up with demand, but failing to address real business problems due to a lack of understanding of business needs.

Governance regulations

With new governance regulations becoming commonplace, however, this can no longer occur. The executive needs to be involved in IT purchases and investments, often in the form of a chief information officer, to assist the Board of directors gain an assurance that what is being spent will help the business become more efficient and productive and will address real business challenges.

IT governance at its most basic involves governing the business to ensure that IT is integrated as part of that business.

The role of IT should be to deliver and support services; in order for this to be effectively governed, the organisation needs to understand whether or not this is happening – and if it is, helping to contribute to the overall objective of the business.

Internal requirements

Internal requirements for IT governance are dependent on the nature of the organisation, as different sectors have to comply with various laws and regulations, both locally and internationally.

Externally, IT governance is about managing risk, which again depends on the core business of the organisation, as different sectors need to comply with various legal requirements and standards for security management and business continuity management.

There are many laws and regulations with which to comply, and the reality is that going forward, the number of these will only continue to increase, as the major threats and risks to business are all technology based – such as cyber threats.

Cornerstone of good governance

Going back to ITSM, this way of focusing the business toward continual improvement forms the cornerstone of good governance. This comes as a result of putting into place people and processes and relationships between these and technology, assisting all of them to form integral parts of the overall business objectives.

ITSM takes an approach of governing services, with metrics, dashboards and the like to assist organisations to measure their service levels.

At the end of the day, you cannot govern something if you cannot measure it, so ITSM is vital in helping organisations achieve better governance.

Once in place, this system of continual improvement works on processes and links these to people, ensuring that processes are not built without considering the impact they will have on the people within the organisation.

This in turn ensures that people, processes and technology are all considered as a whole, not as silos, which helps to improve not only efficiency and reliability but visibility and accountability as well.

By implementing ITSM within an organisation, IT governance can effectively be installed, helping to achieve a large portion of the guidelines set out in the King III report.

ITSM is backed up by an assurance, as it can be verified to discover whether it is working or not – particularly if processes such as ITIL are backed up by standards such as ISO 20000.
Improving service delivery in this fashion enables organisations to meet the guidelines set out in King III – not only in terms of IT but also with regard to security management, business continuity, risk management and compliance.

Siloed approach will not do

When it comes to examining governance, risk and compliance within an organisation, a siloed approach will not yield optimal results. If such an approach is taken, each department will have its own ideas around what needs to be complied with, and the organisation will not view IT as part of the business and a part that will help it meet business objectives at that.

IT can no longer be isolated from businesses. Almost every aspect of modern business relies on IT, which means that it needs to be integrated into the business and into the governance, risk and compliance (GRC) approach.

The company should have one umbrella approach for GRC across the organisation.

If IT is integrated into the GRC process and linked to business objectives, the organisation will not only be better governed, but it will become more efficient and save money as a result.

ITSM therefore will not only ensure compliance, better governance and business continuity, but it will also ensure the organisation remains as profitable as possible using IT as an integrated, strategic business driver.

Jayen Vyravene is managing partner at Quency Advisory Services