One of my gripes with how companies approach IT is that it is not taken seriously enough at board level. The Institute of Directors, for whom I act as the local Chair, promotes good governance and best practice in business, and in that capacity, I bang the drum for IT but it largely falls on deaf ears.
Why do Boards not address IT?
They find it boring. I know from talking to executives that the average MD finds the subject of IT dull, which is one reason why they do not get round to addressing the issue or having it represented at the Board level.
They do not understand it. One of the reasons why companies like Lumina exists is because Boards do not understand IT and want to delegate the responsibility. We can take on that delegation so the Board does not have to worry about IT but we still need to report to them.
Ego. Some executives – and hopefully you are not one of them – find it easier not to discuss things than admit they cannot understand them!
Why is governance of IT so important?
The raison d’être of companies like Lumina is to advise companies on their IT and what they need to do to make it work well for them. When we are advising businesses to spend, what can often be a lot of money, on making their IT systems fit for purpose, they are putting a lot of trust in us. But who vets what companies like ours do? How do clients and potential clients know that they are getting good advice?
There are too many bad IT consultants out there who readily tell Boards to spend huge amounts of money on things they actually do not need. This not only risks them losing thousands of pounds but could also put the organisation at risk of total failure – the wrong IT can be fatal to a business, so get it wrong and your company folds.
That is why we would like to see a governance standard to be formally addressed. We want IT to be represented at Board level where it can be assessed in terms of the health and strategy of the company, including a deeper understanding of risks, which will enable them to put mitigation strategies in place. Currently, the IT business continuity strategy of the majority of MDs is to ask one of the technicians if a backup is in place. It seems crazy that people do not spend the time and money to get their IT thoroughly evaluated, given how dependent most companies have become on it.
How do you know Lumina gives good advice?
We have professional indemnity insurance because we care about getting things right. Applying for the insurance involves answering a lot of detailed questions to enable the insurance company to assess the risk of insuring us. So, you can rest assured that not only have we been assessed as a good risk, we are also insured in the unlikely event that something does go wrong.
Good governance is having awareness of risks, having audits to identify risks and forming a mitigation strategy. So, whatever the size of your company, you need to make sure you have regular, external audits of your IT infrastructure.
If you would like to organise an independent audit of your IT, please contact us to discuss it.