IT Governance Value and the Pandemic

IT Governance Value and the Pandemic
Author: Graciela Braga, CGEIT, COBIT Fundamentals, CP, GPDR Foundation
Date Published: 18 September 2020

Today, more than ever, people, business and information & technology are related: I&T are essential resources to facilitate the survival of people and business. Information sharing, the exponential growth of virtual commerce, teleworking and telemedicine and the increase in virtual meetings are just a few examples of how I&T have become critical in this difficult pandemic era.

Here are some reflections to maintain and improve these achievements in this “new normal” age:

Corporate governance and I&T governance must be aligned. Professionals working in I&T need to understand the company board’s strategy in this time and propose adequate services and new processes that take into account those needs and decisions. Business continuity was and will be one of the most critical themes during this period. Based on The IIA Bulletin Rethinking Preparedness: Pandemics and Cybersecurity, we can ask some questions that COBIT can help to answer:

  • What are business-critical processes or activities to achieve objectives and maintain value?
  • How does IT ensure the critical infrastructure components are enabled to allow for the business continuity and/or recovery requirements?
  • What business objectives would be affected if there was limited or no internet or cellular access?
  • Are IT and/or the cloud provider capable of running a “lights out data center,” meaning no workers present for an extended period due to pandemic?
  • What training have employees and business associates received on teleworking and cybersecurity?
IT Governance Value and the Pandemic 

Corporate governance and I&T governance must reinforce the social aspect of Environmental, Social and Governance (ESG) ESG criteria for investment and resources allocation.  All stakeholders must be considered, including internal, external and all those who are affected by enterprise IT and/or this pandemic in a broad sense, like employees, business partners, private citizens, governments and NGOs.

Corporate governance and I&T governance must continue being held accountable for their decisions, but not only about how enterprises and IT satisfy their own objectives. Now is a time when enterprises and IT must work to help humanity. This is the only way enterprises and IT will generate value for themselves, too.

Editor’s note: To find out how ISACA’s Certified in the Governance of Enterprise IT (CGEIT) certification helps professionals elevate IT to a value center, visit http://6x0.601951.com/credentialing/cgeit.