Book Review “IT Governance - Guidelines for Directors”
I have been hearing the name Alan Calder from several sources lately. So, I ordered the book above (Here). It’s definitely worth having on the shelf, even if it does have a fairly high “price per page”.
I found the book to be packed with relevant references for everything from standards to market surveys. I marked it up pretty well inside, making notes to myself on how the information could be used. In particular, it spends a lot of time on how to draw the linkage between IT Governance and IT Security; primarily through the fact that Directors are tasked with managing the risk of an organization, which has much in common with the IT risks, especially since most organizations’ “intellectual capital” far outweighs its traditional counterpart based on “book values” of capital.
From Chapter 1: “Risk management at both the strategic and operational levels is a board responsibility, and is impossible without effective IT governance.”
In fact, because IT Governance itself implies that information is being gathered and processed about all aspects of an organization, there must be some protection of the confidentiality, integrity and availability of that information - therefore IT Security is a must for good governance, and the board should be involved… QED.
The bottom line is that it gives a good case for everyone to urge their Boards of Directors to make sure that IT Governance is on the Board’s agenda. After all, capital investment in IT is now over 50% of most companies’ capital budgets, and as an operating cost IT represents over 30% for most companies. Shouldn’t that get some oversight at the Board level?
Among other things I found valuable in the book was the practical approach to putting an IT Governance framework in place. Instead of a critical path plan, it has a set of useful concepts that can be implemented as needed, allowing you to move over time to a more responsible system of managing IT.
As for the low points, the only thing I could call out is the fact that a disproportionately high number of references and examples come from the UK, where Calder is based. However, it still has plenty of relevant information for us in North America, and the UK/European comparisons are certainly not irrelevant to any global organizations. In reality, it just opened my eyes to how much work needs to be done to align standards for governance globally.
mroonie on 04 May 2007 at 12:39 pm #
This sounds like a book for me and my company. We’re always concerned with how information is being used, especially when it comes to the “unintended” misuse of intellectual property.
Thanks for the tip! I’ll see if we can get a couple copies on our shelves!
Security Views » IP stands for Internet Protocol… what’s the big deal in protecting it? on 23 Jun 2007 at 8:19 am #
[…] We need to start making the connection between individual jobs and their contributed value to the organization. Given that most organizations hold most of their market capitalization (in the private sector) or public trust (in the public sector) in “Intellectual Capital” - this is becoming critically important in keeping culture aligned with the business charter of the enterprise. […]
Alan Calder on 10 Jul 2007 at 8:35 am #
Thanks very much for the positive review – I’m delighted you found the book useful. I thought you might like to know that we have just launched a new US website, www.27001.com, that contains lots of books and other resources specifically geared to North America. Hope this is useful.