A Critical Analysis of the Role of IT Managers in IT Governance

Introduction

IT governance was originally developed as a means of promoting direct management of IT infrastructure, and this process is essential for ensuring that a firm complies with all local and federal legislation. The purpose of this paper is to critically analyze the role of IT managers in IT governance. A brief description of this issue will first be discussed, followed by an analysis of the necessity for IT governance in information systems for modern businesses. The consequences of a failure to impart proper IT governance will then be considered, as well as a discussion of two key acts of legislation, the Sarbanes-Oxley (SOX) and Bank Secrecy Acts (BSA) that regulate IT governance within the United States. This essay concludes with a brief summary and an outline of key points.

Role of IT Managers in IT Governance

As IT governance has become an increasingly important consideration for businesses, IT managers have been tasked with adopting new and dynamic roles within the corporate environment (IBM, 2008). While IT governance varies based on the specific environment and business practice, it is clear that IT managers are essential in maintaining network policies and strategies and ensuring compliance within the business (IBM, 2008). According to IBM (2008), IT managers have two key responsibilities. First, these individuals help to establish a chain of responsibility within the corporate setting that clarifies the authority and communication needs of all parties involved (IBM, 2008). Second, IT managers serve to establish policies for measuring compliance to governance standards, as well as the operational mechanisms needed for all professionals within the chain of responsibility to complete their specific duties (IBM, 2008).

As noted by Huhta (2011) the roles and responsibilities of IT managers may change based on the size and architecture of the organization. For example, for small and mid-sized organizations, the number of roles adopted by the IT manager tends to increase, as there are fewer individuals within the chain of responsibility to take on these roles (Huhta, 2011). Within such organizations, the IT manager is responsible for ensuring the business has quick access to needed compliance information, performs organizational analyses, and must respond to the dynamic and changing environment of the modern business world (Huhta, 2011). Schwartz (2007) also illustrates that there are five main areas that IT managers must focus on, including strategic alignment of the business and IT; ensuring the IT department delivers a valuable service to the organization; effectively managing available resources to ensure efficient operation of IT strategies; managing risk; and measuring performance to identify successes and areas for improvement.

The Necessity of IT Governance

In the increasingly complex business environment, it is clear that IT governance is something that every organization needs. According to Schwartz (2007), large, small, public, and private organizations, all need "a way to ensure that the IT function sustains the organization’s strategies and objectives" (para. 3). While the degree of emphasis an organization places on IT governance is closely related to the size, aims, and regulations of the business, ensuring that IT compliance standards are met is crucial for the effective operation of the business, as well as the minimization of legal risk (Schwartz, 2007). As a rule, larger and more heavily regulated organizations should possess more detailed IT architectures to ensure compliance (Schwartz, 2007).

A recent survey conducted by the Society for Information Management (SIM, 2006) demonstrated that IT governance is one of the most rapidly rising concerns for small and large organizations alike. Based largely on the SOX Act of 2002, which was developed as a result of the numerous scandals and frauds frequenting United States businesses at the time, complying with federal regulations has become an increasing emphasis (Musthaler & Musthlaer, 2008). Interestingly, the SIM report also demonstrated that companies practicing IT governance consistently had higher revenues, higher profits, lower financial risk, and reduced spending on audits. Therefore, the benefits of IT governance appear to lay both in the minimization of risk, as well as fiscal rewards to firms.

Exposure if IT Governance is Ignored

Based on the SIM report described above, the risks of ignoring IT governance clearly do not warrant the presumed increases in costs and time. First, a lack of IT governance exposes organizations to legal risks. Several notable examples of failing to comply with IT legislation (e.g., Enron, Adelphia) illustrate the detrimental impact this neglect can have on a business. Additionally, failing to properly emphasize IT governance exposes companies to potential losses in efficiency and profit. The SIM report was among the first studies to demonstrate the direct link IT compliance has to increases in revenue and profits, as well as the substantially reduced costs associated with audits and potential non-compliance issues. Failure to maintain appropriate IT governance, as well as additional risk management strategies, is unwise in the modern business environment, and potentially results in a lack of general business controls and sometimes disastrous impacts on an organization (Almquist & Cooper, 2013).

SOX and BSA Acts for Compliance

The SOX Act of 2002 was a law passed to reform existing compliance standards for public organizations within the United States. Created due to a high frequency of corporate scandals and frauds, the act possesses 11 individual sections that define the potential penalties of failing to comply with the new standards, as well as policies for implementing these standards within a business (Tan, 2011). The bill resulted in the creation of the Public Company Accounting Oversight Board (PCAOB), which is entitled to perform audits of any public company. Additionally, the bill covers issues such as increasing financial disclosures, improving corporate accountability, increasing reporting and stiffening punishments for failures to comply (Tan, 2011).

The BSA of 1970 was a seminal act of legislation that required all financial organizations within the United States to collaborate directly with the government to prevent the frequent practice of money laundering (Tan, 2011). This act mandated that all such organizations maintain accurate and current records of all transactions made using cash, as well as presenting any such transaction greater than $10,000 to the government. This act has been amended numerous times, and still helps to ensure that financial institutions provide honest and accurate information about all-cash transactions, as well as any potentially suspicious activity that may indicate money laundering (Tan, 2011).

Conclusion

The purpose of this paper was to discuss the emerging role of IT governance within the modern business environment. The role of IT managers in overseeing IT governance was first discussed, followed by the increasing necessity of IT governance within all organizations, regardless of size. The potential exposure risks of failing to comply with IT standards were then considered, as well as major acts of legislation that are currently relevant in regulating IT governance issues. Based on the information presented in this essay, it is clear that the risks of failing to comply with IT standards do not warrant any presumed increases in costs or losses in efficiency. Quite the contrary, those businesses that maintain effective IT architectures and governance are more profitable than those that neglect such practices.

References

Almquist, D., & Cooper, L. F. (2013). Lack of IT governance complicates compliance with costly consequences. Retrieved from: http://www 01.ibm.com/software/solutions/compliance/rc-governance.html. Accessed 19 December 2013.

Huhta, S. (2011). IT architecture for small & mid-sized organizations. Retrieved from: http://www.bizforum.org/Journal/www_journalSH002.htm. Accessed 19 December 2013.

IBM (2008). IT governance: enabling high performance in turbulent times. Retrieved from http://www-935.ibm.com/services/us/cio/pdf/ciw03042usen.pdf. Accessed 19 December 2013.

Musthaler, L., & Musthaler, B. (2008). IT governance best practices are critical for business success. Retrieved from http://www.networkworld.com/newsletters/2008/052608techexec1.html?page=1. Accessed 19 December 2013.

Schwartz, K. D. (2007). IT governance definitions and solutions. Retrieved from http://www.cio.com/article/111700/IT_Governance_Definition_and_Solutions#every. Accessed 19 December 2013.

Society for Information Management (2006). The information technology workforce: IT provider trends and implications 2006-2009. Retrieved from http://www.simnet.org/?page=IT_Workforce#IT%20Provider%20Trends. Accessed 19 December 2013.

Tan, F. B. (2011). International enterprises and global information technologies: advancing management practices. Hershey, PA: IGI Global.