Governing Digital Era Business Capability
Prepared by Mark Toomey
We are well and truly across the threshold and embedded in the Digital Era. Across business and government, we have learned a little, yet there is much more yet to learn. One unsurprising revelation to date: past practices for governing IT, addressing it separately from the business it serves, are obstructing progress, promoting chaos and encouraging anarchy. IT departments impede innovation and respond slowly. Frustrated business users bypass controls to buy online services, increasing complexity and risk.
In ISO 38500 – a Standard to Guide Digital Transformation, we said that organisations could benefit from adopting the three practices and six principles to help them make effective decisions about their progression into the Digital Era.
The principles in ISO 38500 have evolved little since publication in 2005. They remain applicable, but some interpret them narrowly, focusing only on the IT functions and personnel in an organisation.
In the digital era, there cannot be any more separation of technology from business capability than of people from the same capability. We must now focus on governing Digital Era Business Capability, embracing all aspects of how organisations operate to fulfil their purpose.
To help those using ISO 38500 in the digital era, we developed a re-expression of the six principles, showing the progression of those six principles as they have evolved from the original Australian Standard in 2005, to the first version of ISO 38500 in 2008 and the current version published in 2015.
AS 8015: Establish clearly understood responsibilities for ICT.
ISO 38500-2008, ISO 38500-2015: Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. Those with responsibility for actions also have the authority to perform those actions.
Proposed: Everybody involved in the organization understands and accepts assigned responsibility for planning, building and using digital era business capability. Individuals and groups are fully empowered with competence, authority and other resources to discharge their assigned responsibility.
AS 8015: Plan ICT to best support the organization.
ISO 38500-2008: The organization’s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization’s business strategy .
ISO 38500-2015: The organization’s business strategy takes into account the current and future capabilities of IT; the plans for the use of IT satisfy the current and ongoing needs of the organization’s business strategy .
Proposed: The organisation’s plans for its evolving business model and capabilities are properly informed with knowledge of how digital resources can be used to enable new and improved capability and the plans drive appropriate action that achieves intended outcomes.
AS 8015: Acquire ICT Validly.
ISO 38500-2008, ISO 38500-2015: IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision making. There is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term.
Proposed: Decisions regarding the use of digital technology are integral to decisions to invest in new business capability, upgrading existing business capability and winding down of redundant business capability. They address all work required to achieve clearly defined objectives and are made with appropriate consideration of benefits, opportunities, costs, and risks, in both the short term and the long term.
AS 8015: Ensure that ICT performs well, whenever required.
ISO 38500-2008, ISO 38500-2015: IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.
Proposed: Technology enabled business capability, capability management systems and resources are fit for purpose in achieving the organisation’s business objectives, providing the levels of service and service quality (including functionality, availability, reliability, usability, integrity and security) to meet current and future business requirements.
AS 8015: Ensure that IT conforms with formal rules.
ISO 38500-2008: IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.
ISO 38500-2015: The use of IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.
Proposed: Planning, acquisition and use of technology enabled business capability satisfies all relevant internal and external conformance requirements throughout its lifecycle and drives evolution of conformance requirements as appropriate.
Human Behaviour Principle
AS 8015: Ensure IT use respects human factors.
ISO 38500-2008, ISO 38500-2015: IT policies, practices and decisions demonstrate respect for Human Behaviour, including the current and evolving needs of all the ‘people in the process’.
Proposed: Technology enabled business capability and all related policies, practices and decisions demonstrate respect for Human Behaviour, including the current and evolving characteristics of all people who are associated with the capability in any way.
Prepared by Mark Toomey on 4 October 2018.
The member-only version of this paper provides additional discussion of the Evaluate, Direct and Monitor practices in respect of these updated Principle statements. To learn more about efficient, effective and acceptable approach to governance of Digital Era Business Capability, become a member of the Digital Leadership Institute and look out for forthcoming DLI Executive Development Events.
To learn more about efficient, effective and acceptable approach to governance of Digital Era Business Capability, look out for forthcoming DLI Executive Development Events.
DLI Members and other interested persons are welcome to discuss this paper and the shorter public versions on the Digital Leadership Institute group site on LinkedIn.