IT for Business (IT4B) and the dilemma of governance

In their fourth post for the ITGP blog, Brian Johnson and Walter Zondervan use their IT for business (IT4B) model to discuss the role of governance in enabling organisations to prioritise and take advantage of new developments while mitigating risks.

Diagram of the IT4B operating model

Figure 1: The IT4B operating model



The enterprise that is not thinking of the future is unlikely to grow. Blockchain, big data and gadgets: who gets to decide what value these add for a business? Could the application of a new development help an organisation be even more effective and efficient? Perhaps it might result in a new value proposition or a new benefit model. In part at least, development and trends would explore the market for new technologies.

The enterprise needs to identify the stategic themes that arise from examining developments and trends.



Identifying strategic themes is about determining what will shape the future direction of the organisation.

Themes can be regarded as the ‘strategy success factors’ – the things that the enterprise must get right to achieve its objectives.

They are the areas of activity that will make the most important contributions to supporting or promoting the business, management or organisational changes and improvements sought by the enterprise in the near future.

It should be possible to express the essence of the strategy in no more than half a dozen thoughtful themes. The description of each theme will include:

  • The reason why the theme is strategically important;
  • The strategic issues that the theme begins to address; and
  • The main changes or developments that the enterprise will expect to achieve.

Each theme will be a significant topic that is of concern to business management. It is a topic that business management will wish to keep under review for the foreseeable future as part of the task of monitoring the performance of the business and the achievement of its objectives. Those responsible for managing opportunities and risks will review a theme. And those responsible for policy and compliance will take responsibility for validation.

Good governance will be key to managing the progress of developments and themes.



Governance (of both business and IT) is the organisational capacity exercised by the board, executive management and (IT) management to control the formulation and implementation of strategy. Where IT is involved (and it usually is), governance is a means of ensuring the fusion of business and IT. The business requires good governance over IT to ensure desirable behaviour is achieved.

In our model, the central tenet of good governance, policy and compliance, is focused on growth through a twin focus on opportunities and risks and developments and trends. In turn, these activities contribute to the overall effectiveness and efficiency of the enterprise by fulfilling the business mission.

Governance and policy, therefore, are integral to management oversight of any overarching enterprise-wide initiatives. Executive decisions will lead to strategic investment, whereas failure to interest executives and to elicit support for improvements will lead to changes being constrained, of limited use and valued only at the operational level.

Governance should focus on:

  • The direction of the enterprise and how well it is positioned for improving;
  • The priorities: what makes them and who sets them;
  • How business and business information activities are broken down, and how they are currently undertaken and organised;
  • Where and why there is potential for increased efficiency, effectiveness and economy, and how IT management might contribute;
  • The geographic distribution of the enterprise units and business processes; and
  • How service-oriented information/data architectures that implement common architectural and design patterns lend themselves to greater levels of consistency, reuse and adaptability.



Policies are specified and documented regulations that govern the supply of systems and services from first principles of identification, planning and development to implementation, operation, improvement and decommissioning.

In the IT4B model the essence of governance is effectiveness and efficiency in validating outcomes and outputs. Necessary developments will inevitably affect the business mission and require a reassessment of the enterprise capabilities. The pivotal role of policy and compliance in the centre of the governance domain cannot be underestimated; it will be necessary to establish a means of ensuring (and proving) compliance.

Translating new developments and trends into new value propositions and benefit models plays a key role in assessing opportunities and risks. Developments and trends and opportunities and risks together form the balance of true innovation. What is expected is realistic innovation; to be open-minded about business and technology opportunities balanced by a healthy risk assessment.



In this blog, we define risk as uncertainty of outcome, whether positive opportunity or negative threat. The term ‘management of risk’ incorporates all the activities required to identify and control the exposure to risk, which may have an impact on the achievement of business objectives.

Every organisation manages its risk, but not always in a way that is visible, repeatable and consistently applied to support decision making. Managing risk is about ensuring the cost-effective use of a risk process that has a series of well-defined steps. The aim is to support better decision making through a good understanding of risks and their likely impact.

There are two distinct phases: risk analysis and risk management. Risk analysis is concerned with gathering information about exposure to risk so that the enterprise can make appropriate decisions and manage risk appropriately.

Risk management involves having processes in place to monitor risks and access reliable and up-to-date information about them, having the right balance of controls in place to deal with those risks, and having a decision-making process supported by a framework of risk analysis and evaluation.

Quite clearly, a certain amount of risk taking is inevitable if your enterprise is to achieve its objectives. Effective management of risk helps you to improve efficiency by contributing to:

  • Increased certainty and fewer surprises;
  • Better service delivery;
  • More effective management of change;
  • More efficient use of resources;
  • Better management at all levels through improved decision making; and
  • Reduced waste and fraud, and better value for money.



The other side of the risk coin is marked opportunity. Without taking risks, many businesses would long ago have gone the way of Laker Airways.

Risk taking is perfectly reasonable in both business and government enterprises if the opportunity for improvement in services or revenues is worthwhile and the risks are reasonable or perhaps can be managed or even avoided.

IT4B will be published in June 2018. Pre-order your copy today and get 15% off by entering discount code ‘IT4Bdiscount’ at the checkout.

To stay up to date with the latest news from ITGP, sign up for our newsletter.