As an accountant you must have heard such frustration through the grapevines at your company or while working at your customer. Of course the impact of such frustration will depend on which end of the conversation the frustrated persons sit. For the sake of the story we will assume that their names are Buss and App and both are part of the Exec team. When Buss is the one who expressed the frustration above, then Buss might be driven by the fact that the business just incurred the biggest financial loss due App's people not doing what they are supposed to do. It will then be App who sits, or rather shivers, on the other side of the conversation (in going through all the steps that the processes dictated to the team… trying to re-assess what went wrong… and why the IT group manager authorised last year's intensive and expensive IT Governance project in the first place!).
This story comes to the truth. IT Governance projects are mainly outsourced and are time consuming; introduced by IT with high expectations and accompanied by budgets that definitely reads “ROI” all over them. Yet they do not always deliver the perceived value… and as such turn out to be another cost. Sadly all too often IT Governance is seen as a once-off project and not an ongoing process. This results in necessity for management of outdated processes and procedures.
Should we ask IT to stop their attempts to implement Governance, Best Practices and Standards when most of the attempts seem to be fruitless? No! But we should also not let them consume like blind bats, just to satisfy compliancy requirements nor to govern processes that do not contribute to the success of IT and the critical business it serves in the first place. They should be taught to expect a helping hand from colleagues working in a discipline that is not necessarily directly directly related.
Experts increasingly recognise that Chartered Accountants are no longer to confine themselves merely to accounting for past events, but that they have to broaden their horizons in terms of new and evolving concepts like Management Accounting. That practice extends to areas such as Strategic Management, Performance Management and Risk Management and takes a detour from the pure financial checks and balances to the more forward looking and decision orientated, information “value-creators”. Management Accountants shift the emphasis from the historic area of internal controls, audits and compliancy checks to a level where performance on compliance is challenged against the contributing value to the (future) business. And that is where IT can draw its lessons when embarking on implementing IT Governance processes or executing audits on its practice. Learn to apply one basic rule: Always address the Evidence of Fit! Let us explore what we mean by that.
Evidence, in this sense, is finding the proof that IT processes and Governance structures are in place and properly documented. It also extends to (randomly obtained) proof that operational adherence to and compliance with these documented governance structures and processes is according the expected and (documented) outcome. But the most important part of that evidence is questioning the FIT of it (or IT) towards the actual business objectives and resultant requirements. Bridging the IT performance from the cost perspective side to the value proposition is governing if the bridge fits and serves its purpose. It is of no value to the business when incidents, changes and investments are managed and applied in compliance with the documented generic processes but in reality do not address the immediate business pressures and actual needs.
There is definitely a role that Management Accounting can play in educating the organisation in general, and IT specifically, on how to govern the structures that contribute towards the strategic intent of the business. Applying the basic “Evidence of Fit” rule will help you on that journey.
And remember, collaboration and interrogation might not always go hand in hand. But that is for another time…
Jan van Ommen, Director Governance, Risk & Compliance, Aptronics (Pty) Ltd.