IT Governance in a Government Environment

Jim Smith, CIO, State of Maine
267
459
80
Jim Smith, CIO, State of Maine

Jim Smith, CIO, State of Maine

Smart phone access to services, drones, body cameras, sensors, intelligent CRM offerings, cloud solutions, voice response systems—citizen expectations of government services today are high. Citizens, the customers of government, expect a ‘google’ like experience— secure information when they need it, how they need it. These services require tax payer dollars to build and maintain. And there are the inner workings of government—the essential services like citizen protection, health services, unemployment, education, environment protection, licensing—that must be funded. Government Technology Magazine estimates that in 2017, state and local government spending on IT will be $101.3 billion.

How do the ‘customers’ of government know that their tax dollars are being spent wisely? How do Governors and Legislators know they are getting the ‘right’ technology investment?

The answer is Governance.

IT Governance is often described in terms like ‘ensure effective and efficient use of technology’ to support an organization’s mission. In practical terms, it can be frameworks such as ITIL or COBIT or ISO. It can cover items beyond spending such as business continuity, security, data governance, regulatory compliance, project management and risk management. But it all starts with a having a strong IT roadmap and a strong business partnership. To ensure the right investments, communication and joint decision making is the key.

  Governance is making the right decision at the right time with the right information. It is the right thing to do  

How do you build the right Governance (decision making) framework? For the state of Maine, like many states, it starts with having a process in place that ensures the right decision-makers (agency commissioners) are at the table, and that they have a voice in the decisions. In 2016 Maine formalized the Governance framework through an Executive Order from the Governor. The order, which noted that Maine spends about $145 million per year on technology, and that ‘it is essential that IT expenditures are made strategically to support the State’s goals and priorities, formalized the Agency— IT responsibility for technology spending oversight and roadmap:

The Committee shall:

(a) endorse a strategic, enterprise-wide plan for the State’s IT needs;

(b) prioritize and make recommendations concerning IT investment;

(c) suggest a plan for adoption of tools and practices for operations efficiency;

(d) monitor IT performance and benefits across all state agencies;

(e) advise IT risk management including the areas of cybersecurity and disaster recovery;

(f) review vendor management and IT projects costing over $1 million, or other strategic IT investments as determined by the committee;

(g) review application development and investments to ensure compliance with the enterprise-wide plan for IT needs; and

(h) make recommendations regarding the status, recruitment and retention of the State’s IT workforce.

The governance framework formalizes the decision-making process.

It emphasizes the areas any organization—government or private— should be governing for technology. Those areas include enterprise planning (are we spending dollars wisely for the whole organization?), risk management, monitoring, oversight of large expenditures, and application development approaches.

One important aspect that is not part of the Executive Order, but must be part of the process, is education. As IT professionals, we often slip, without realizing it, into ‘IT speak.’ We speak of RTO for DR; we speak of SCRUM and stand-up for Agile; we speak of SLAs and access time and MOUs for contracts. Part of our responsibly to our business partners, the people we need to help make the technology decisions for government, is to ensure that we are in fact communicating. Communicating to make the framework work requires:

• Strong discipline on what items get reviewed—not all issues warrant discussion at this level.

• Strong, understandable explanations— why do we need to do something, what are the alternatives, what is the cost, what is the long-term strategy, what is the impact of doing or not doing it?

• Ensure that decision points are actual decision points—not just information, but what, really, is the decision to be made?

State governments need to use taxpayer dollars very wisely; and they need to prevent multi-million-dollar project failures. State governments, like private industry organizations, must guard against ‘silo’d’ spending, and guard against building the same services (like licensing services) multiple times for different agencies. We must understand the capability and use of technology, and understand that software frameworks today, and software workflow, can be adapted for many purposes. States today are building enterprise level, strategic roadmaps; they are vetting those roadmaps with their business partners at the table.

Governance is making the right decision at the right time with the right information. It is the right thing to do.

Read Also

The Critical Future of Identity and ACCESS MANAGEMENT

The Critical Future of Identity and ACCESS MANAGEMENT

Joseph Carson, Head of Global Strategic Alliances, Thycotic
The Security Industry's Largest Blind Spot That We Are Too Afraid to Talk About

The Security Industry's Largest Blind Spot That We Are Too Afraid to Talk About

Matthew McKenna, Technology Evangelist, SSH Communications Security
Five Traits of an Innovation-Savvy Board

Five Traits of an Innovation-Savvy Board

Mike Fucci, Chairman of the Board, Deloitte