IT governance a time bomb

“Ignorantia juris non excusat!” This is Latin for “ ignorance of the law is not an excuse”. No matter how much you might profess your ignorance, not knowing a statute can expose one to legal implications.

Report by Toneo Rutsito

Information technology (IT)governance structures have been around for more than a decade, but have remained a total stranger to our corporate world.

In nearly 10 years that I have been in the IT industry, I have worked and consulted for different organisations that know nothing about IT governance. I am also not spared from this group, but agree information does come in phases.

IT companies and organisations in Zimbabwe have managed to pull through thus far without standing structures and statutes of IT governance. IT auditors, risk and penetration experts confirm that the majority of Zimbabwean public and private companies are not implementing IT governance.

Most companies have been running their business quite well outside the implementation and recognition of these structures, but can the same trick that sustained them in the yesteryear work well today?

Many CEOs and directors tend to distance themselves from the day-to-day operations of their IT departments, trying not to be accountable for any mishaps there.

DBut do IT managers and administrators have the power to implement a policy without the nod from their executives? Have you ever had serious downtime that grounds all company operations because the server has just packed up or is under cyber attack?

Computer networks have lately been under siege. The Hackers Network reports that hundreds of networks are attacked, denied service or redirected every day, but simply because this part of the continent has been calm does not mean that we are safe or immune to attacks. International hackers might not be targeting Zimbabwe, but have we done enough against local or internal attacks?

We had reports where Zesa lost a fortune of US$3 million to IT fraud; Econet Wireless was not spared either when their airtime system was compromised; last year their broadband website was defaced with embarrassing messages and they had to take it offline. ZABG Bank’s IT personnel also allegedly connived and defrauded the bank. The list of IT fraud cases is already alarming, but it looks like companies are not waking up and smelling the coffee.

Who should be answerable when a company is faced with such a scenario? Should the CEOs and directors be let off the hook? Is justice being done by holding the IT manager solely accountable? Is it not time we started having IT being represented at board level, with IT directors and chief information officers? It is absurd for an IT manager to report to a financial director who cannot even distinguish between a server and a saver. Is it not time Zimbabwean companies started to open up positions for Chief Information Officers (CIOs)?

If all these questions are making sense, then it should follow that the missing link here is IT governance. It is the solution that Zimbabwe has been dragging its feet on.

IT governance can be defined as a structure of processes that govern a company or its board’s ability to direct and control the company’s use of IT resources and decision-making processes. It helps establish accountability in the day-to-day operation of an entity.

IT governance defines processes that help to organise IT activities in a manner that is intended to be efficient and effective for the growth of a company.

An expert in IT governance Thagraj Moodley visited Zimbabwe last year and highlighted the need for and values of IT governance and how best it could be implemented. In a seminar, he covered much on the structures that drive the spine of IT. Governance codes for IT come in different structures, but the internationally-recognised ones are ITIL V3, Prince 2, COBIT 5 and ISO 38500.

Most of these structures are available in the public domain for free download, but you will have to endure hundreds of pages filled up with technical jargon. Implementation is not easily achievable without proper guidance from industrial gurus.

As crusty pundits, we really think the Information Communication Technology ministry has a task to pioneer and encourage companies to implement such noble structures. We will need to start somewhere as a nation and it really takes the first step to complete a million miles journey.

Rutsito is the chief architect and founding editor at http://tech.co.zw, E-mail: asktoneo@tech.co.zw follow me on Twitter @toneo1st