Information technology governance and risk management have operational collaboration. Both can mitigate risks within organizations together. Nonetheless, many people suggest that the governance of enterprise IT (GEIT) is critical for business growth. Do you think GEIT is enough to execute and maintain governance visibility? In this article at ISACA, Guy Pearce explains poor management’s ramifications and how it may be detrimental for an organization.
Learn from an Instance
The UK financial services regulator has penalized the Royal Bank of Scotland (RBS) with US$9.7 million for poor governance practices. Long-term shareholders have suffered a loss of more than 95 percent of their overall investment. It happened due to a failure of corporate governance on numerous fronts.
Where is the Gap?
Optimization of IT risks is one of the prime reasons for GEIT execution in businesses. The board members and employees are responsible for IT governance and risk management. Creating a compliance culture is imperative to encourage qualitative and quantitative assessments. Its failure directly impacts risk management.
Given the intricacies of institutionalized transformation, the critical driving forces encouraging undesirable behavior are:
- Limited understanding of the client’s demand
- Leadership behavior to influence staff
- Exceptional talent acquisition yet selection of limited skilled employees
- Reinforcing a formal mechanism to build business infrastructure, processes, and technologies to support business transformation
The success of GEIT depends on your risk management strategy. However, overlooking critical success factors (CSF) of culture might also turn ineffective. Take RBS as an example to understand how IT governance failure happened due to vulnerabilities in user engagement. Proactive incorporating culture is the by-product of GEIT and is necessary for the success of enterprise IT governance. Thus, develop a strong grasp over the risk, regulation, and compliance needs and maintain visibility for effective governance.
Click on the following link to read the original article: https://www.isaca.org/resources/isaca-journal/issues/2019/volume-3/the-sheer-gravity-of-underestimating-culture-as-an-it-governance-risk