IT governance in higher education

Educational institutes and students have to help create a future fan-following for IT governance

Information technology (IT) was born in educational institutions but grew into the practice of IT governance, directly impacting the corporate world across core areas such as responsibility, strategy, acquisition (of IT resources), performance, conformance and human behaviour, which form the cornerstone of the corporate governance of IT. Today, e-Governance is meant to provide the common man with the government services enabled through IT and the Prime Minister’s dream of a ‘Digital India’ will depend only on an effective IT governance of the government’s IT initiative.

IT governance is about benefit-realisation, risk-optimisation and resource-optimisation of investment into IT for the stakeholders. The internet is a testimony of the ubiquitous presence of IT in our lives. Huge investments are planned in IT in almost every sector. But can one be sure that every investment in IT is meeting stakeholders’ needs, benefiting them and optimising the risks and IT resources?

Hardly anyone gives a thought to these essentials of good IT governance while deciding IT investments. Generally speaking, IT governance is an afterthought. This lack of forethought results in many IT projects underachieving key business objectives.

Educational institutes would save a lot of heartburn if they teach ‘IT governance framework’ at college levels. This will ensure that IT investment is forethought by trained personnel before the investment in IT is made.

Prioritisation of goals for meeting stakeholder needs is a balancing act performed by the governance team overseen at the highest levels, i.e. Board of Directors. Enterprise goals have to be converted into measurable and time-bound IT goals by the executive team. ISACA’s COBIT 5 is one such business framework for governance and management of enterprise IT that can be easily adapted by educational institutes for their own needs. Meeting IT goals cannot be done through technology alone. A holistic approach consisting of seven enablers is needed. These are: (1) principles, policies and frameworks; (2) processes; (3) organisational structure; (4) culture, ethics and behaviour; (5) information; (6) services, infrastructure and applications; and (7) people, skills and competencies.

To illustrate the seven enablers of COBIT 5, let us take the example of a pressing challenge to implement good cybersecurity in India. COBIT 5 suggests that we should have clearly defined principles, policies and framework for cybersecurity (enabler 1); select appropriate processes that support implementation of cybersecurity policies (enabler 2); should have a well-designed organisational structure so the responsibilities and accountabilities for processes are assigned (enabler 3); efforts are taken to create the right security culture, ethics and behaviour to support cybersecurity (enabler 4); accurate, trustworthy and timely information about cybersecurity incidents is made available to take prompt action (enabler 5); rights services, applications and infrastructure is designed and deployed to support cybersecurity processes (enabler 6); and finally the people handling cybersecurity should have right cybersecurity skills and competency (enabler 7). Lack of efforts to deploy any of these seven enablers will lead to failure, hence each enabler should be designed with right goals in mind and achievement of these goals should be monitored.

A good grounding in a universally applicable framework will prepare the students to comprehend and face the real world of business. IT professionals need to be masters of not only information technology but also be able to understand the business needs and talk business language.

By Avinash Kadam

The author is advisor, ISACA India Task Force

Get live Share Market updates and latest India News and business news on Financial Express. Download Financial Express App for latest business news.