IMPLEMENTING IT GOVERNANCE USING ARTIFICIAL INTELLIGENCE

Digital Disruption

Digital businesses are disrupting almost all traditional industries across the globe. Over the years, CIOs have had to balance change vis-à-vis stability and status quo. And today is no different, except that the pace of change is far greater than what it was 10 years ago. Digital investments will continue to grow, and these initiatives must improve product and service capabilities or create new market opportunities. A “Fit for Purpose” and “Fit for Use” IT Governance model is very critical in this journey.

With organizations embracing a more open and transparent culture, exposing their applications and services over the cloud, across multiple devices, IT leaders are more conscious than ever about security, privacy and compliance. A highly agile and responsive business requires an equally agile and responsive risk strategy.

IT leaders today find it increasingly challenging to assess the maturity of their IT organization against the IT Governance paradigm.  Assessments are a time-consuming process that does not reveal any results in real-time or online. This paper opens up a discussion to leverage Artificial Intelligence (AI) in automating the implementation and management of IT Governance. The solution will blend into the organization policies, processes and tools, imbibe data and proclaim the level of compliance and maturity, all the while providing recommendations on how to improve.  

IT Governance – An Overview

Governance for major organizations is four-fold, viz., Enterprise Governance, Corporate Governance, Business Governance and IT Governance. Enterprise Governance is an overarching set of responsibilities and practices that set the direction and strategy of the company, ensuring optimal use of resources for maximum benefit. The other three are parts of Enterprise Governance, dealing with different aspects of an organization’s wellbeing. Corporate Governance is all about compliance and risk management while business Governance is more about utilizing resources to earn more revenue. IT Governance supports both by enabling systems that support corporate and business governance in implementing the enterprise strategy. 

IT Governance manages demand and supply of IT within an organization leveraging IT resources to achieve the organization’s overall vision. It is a set of disciplines that are implemented to ensure the effective and efficient use of Information and Technology.

Key focus areas of IT governance

The following are considered the key focus areas of IT Governance. 

Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT. 

Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organization. 

Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.

Strategic alignment focuses on ensuring the linkage of business and IT plans defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations.

Resource management is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimization of knowledge and infrastructure. 

IT Governance frameworks

The Information Systems Audit and Control Association, better known as ISACA, is an international professional association focused on IT Governance. It originated in the US, with a group of individuals working on audit controls who realized the need for a centralized source of information and guidance on IT Governance. ISACA functions as an independent nonprofit global association, engaging in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA formed the IT Governance Institute (ITGI) to focus on original research on IT governance and related topics. CoBiT (Control Objectives for Information and related Technology (COBIT®)) and ValIT are two widely accepted frameworks for governing IT, published by ISACA.  

COBIT provides a comprehensive framework for the management and delivery of high-quality information technology-based (IT-based) services. Val IT complements COBIT from a business and financial perspective and will help all those with an interest in value delivery from IT. Val IT focuses on IT-related investment decision processes and COBIT focuses more on the IT execution processes.

IT governance is a highly-integrated process that is spread out into various aspects of an organization and its success depends on how thoroughly the organization assesses the various challenges in the implementation. The common challenges of IT governance are collection of data, Effective Migration, Asking the right questions and Solid Framework.

1. Real Time Data & Analytics is crucial in making effective decisions on the fly. Current method relies on external individuals to analyse the different domains of the industry and provide a report from the data. The time duration between the collection of data, analytics and implementation of solutions can span out over a long period of time which in-turn reduces the effectiveness of the implementation more so over a problem that is redundant.
2. Collection of Data is strictly based on individual perception of a situation, In the current organizations the evaluation data is collected through interviews and other interactive sessions. For IT governance to have a successful implementation there needs to be improved ways of collecting unbiased data. 
3. Standardized Analytics are already present for ensuring the organization is operating at its peak performance, but these standards are generalized. Like an organization’s motto their IT governance should be designed and specified to their appropriate needs and requirements. 
4. Solid Framework does not depend on using the best framework but rather on how effectively these frameworks are used. The common problem in any organization is to neglect existing systems while implementing the new framework. Understanding the undocumented terminology and methods of solutions is essential to building a solid framework by leveraging the already existing systems and methodology. This does not normally happen.
5. Asking the Right Questions is the stepping stone for a proper evaluation of effective and efficient use of IT, rather than relying on objective questions, asking subjective questions will yield more usable data that can be analyzed and used for decision making. Asking “is the project doing good?” would yield a “yes” or “no” response. Meanwhile asking “how well are the deadlines met?” would yield a statistic response such as “The deadline is met 80% of the time”. 
6. Effective Migration to the new framework depends upon employee’s willingness to adapt to the new system. Management is faced with a resistance from their employees when a new system is implemented, the terminology “Old is gold” is thrown around and the employees avoid or delay the switch to the new framework. 

A product view - Intelligent automation of IT Governance

Implementing good IT governance requires a framework. A framework that defines the ways and methods through which an organization can implement, manage and monitor IT governance within an organization, providing guidelines and measures to effectively utilize IT resources and processes. Digital waves impact firms globally, across traditional silos, requiring more coordination and effort when making decisions, compared to the way we usually do business. Below is the high-level view of the IT Governance product.  Define section will provide an option to select the applicable/implemented COBIT and Val IT control objectives. These control objective is integrated with the underlying processes, tools and data to continuously assess, analyze and provide guidance to fix the gaps and mature leveraging AI/ML capabilities.

An automation suite that will oversee your entire IT, enabling stakeholder collaboration, incorporating AI and Machine learning to assess, track, guide and mature the IT Governance implementation within your organization. Combining principles of CobiT and ValIT, integrating with existing processes, tools and data, the product will provide real time assessment with gap analysis, recommending the best way to move forward. The product we have ideated will follow a 4 stage approach.

Define: Master IT Governance controls list ( COBIT & VAL IT) with associated framework processes. 

Sense: Capability to sense the current state of processes and gather data for further analysis. 

Analyze: Analyze the data gathered from processes and provide insights into what is good and what is bad. An integrated IT governance dashboard will be published based on the analysis.

Guide: Providing guidance on the actions to be carried out. In future, this can be integrated into cognitive IT operation automation platforms to enable self-healing of gaps in IT governance framework.