The iTTi Manifesto

ittrendsinstitute.org | 1 @iTTiresearch

The iTTi Manifesto

on Corporate

Governance of

Information Technology

V01.00.20141114

iTTi | Boosting growth


The iTTi Manifesto on Corporate Governance of Information Technology First edition, authored by the iTTi team. With valuable contributions by Elizabeth Valentine and many other members of The iTTi Community and friends. About iTTi® iTTi, the Innovation & Technology Trends Institute, is the not-for-profit independent research source for all those corporate leaders looking for objective opinion and advice on business advancement through Information Technology (IT). iTTi aims to fostering directors and executives’ awareness on their accountability and advocacy for key information, and related technology, assets. iTTi focuses on analyzing the most significant trends regarding the application and use of IT, and its consequences; but primarily on analyzing how organizations make decisions on –i.e., govern–, such issues. At the same time, iTTi helps current technology leaders in becoming business boosters capable of increasing organizational growth through improved IT contribution. About The iTTi® Community An appendix of iTTi, The iTTi Community is the exclusive (invitation-only!) fellowship of digitized leaders concerned with the contribution that IT makes to their organizations. Please, send further questions or your request(*) to join The iTTi Community to: [email protected] You can follow iTTi on: WWW: http://www.ittrendsinstitute.org LinkedIn: http://www.linkedin.com/company/itti-innovation-&-technology-trends-institute Twitter: http://twitter.com/iTTiresearch (@iTTiresearch) Paper.li: http://paper.li/iTTi_news/1350513265 (iTTi Update) Flipboard: http://flip.it/gzGGy (#iTTinerary, ... your path to growth!) Slideshare: http://www.slideshare.net/iTTi_news Copyright © 2014, iTTi, Innovation & Technology Trends Institute. All rights reserved. Copyright © of the photographs, Gema Prieto. All rights reserved. (*) All requests will be assessed prior to approval. Only approved candidates will receive an invitation to join “The iTTi Community”. Eligible candidates are individuals holding positions at board-, executive- or other management-level (i.e., heading any business unit or department; obviously including IT). In general, consultants and other providers of professional or technological services or goods are not eligible, given the non-commercial nature of “The iTTi Community”.


Media partners:

Business partners:

Should you want to partner with iTTi or to sponsor its activities, contact iTTi at [email protected].

Academic & research partners:

PPart

ners

hips


CCont

ents

The iTTi Manifesto ……………………………….

Signatories ……………………………………………

6

10



There is an increasing need for organizations to improve their Corporate Governance of Information Technology (IT); i.e., to enhance their processes of making decisions on the application and use of IT, as well as on how to timely prevent and resiliently overcome the undesired consequences of such use.

-The iTTi Manifesto

iTTi | Boosting growth


TThe

iiTTi

MMan

ifest

o


ittrendsinstitute.org | 7 @iTTiresearch ittitittttrtrenndsdsdssd instststs itute.org | 77@iTTiresearch

The iTTi Manifesto on Corporate Governance of Information Technology

1. Information Technology (IT) –or, in today’s words, “things digital”–, has permeated the

whole Society in all its aspects and will continue doing so. Nowadays there is no single human activity that it is not affected by, or susceptible to, digitization.

2. Nevertheless one cannot ignore:

a. the existence of parts of our society and other societies where such digitization has not yet happened, or where it has only happened partially;

b. the frequent, significant, technology-related frustration, miss-steps, failures and fiascos; and,

c. the negative and increasing IT-related business consequences of poorly devised information systems, the impact of cyber-attacks, the questionable safety and security of certain emergent technologies such as the “Internet of Things”, etc., to name but a few;

which can potentially reduce or dull IT’s extraordinary benefits and promises. 3. That makes IT “something too serious to be entrusted to IT professionals”, as Prof. G.

Vaughn Johnson stated in 1990, paraphrasing France’s former Prime Minister Georges Clemenceau.

4. Hence, there is an increasing need for organizations to improve their Corporate Governance of IT (CGIT), defined as the process of making decisions on the use of IT; or, in ISO’s wording, as “the system by which the current and future use of IT is directed and controlled”.

5. CGIT is the set of high-level mechanisms (structures and relationships, policies and decision-making processes) aimed to determining the why, what, and how of the application and use of IT; and to timely preventing and resiliently overcoming the undesired consequences of such use.

6. Accountability for the use of IT lies with the board of directors (BoD) or equivalent supreme governing body. Corporate governance mechanisms link BoD’s steering activities with the management domain through the chief executive (CEO) and the rest of the C-suite, including the Chief Information Officer (CIO).



The iTTi Manifesto on Corporate Governance of Information Technology (cont.)

7. Boards and executive management have joint but different roles in CGIT: boards evaluate

the status of the enterprise and the requirements of the stakeholders, set strategic direction and monitor outcomes; management, under such direction, details and executes the strategy and reports to the board.

8. The interpretation of CGIT set forth above implies that commonly accepted naming conventions like “IT Governance” may need to be avoided. This is because such a term allows for boards to assume that IT governance is only a matter of IT management and thus the board steps down from its responsibilities; and/or allows for CIOs to run a pseudo-governance of IT, thus providing to the board a false relief while seizing some of the board’s responsibilities.

9. CGIT entails two main –sometimes antagonistic– realms: performance (including IT’s strategic contribution to value generation and innovation, and business risk optimization) and conformance (including legal, regulatory and contractual abidance; as well as safety and security assurance).

10. There is sufficient empirical evidence that enterprises with good corporate governance [of IT] –i.e., meeting generally accepted principles, including recent digital leadership standards– achieve higher differential outcomes in the short-, medium- and long-terms. Such differential results include bolstered trust, improved strategic positioning, optimized risk, and increased growth, revenue, profitability and market value.

11. The “digitized” boards –those populated with an adequate percentage of IT-savvy and IT-concerned directors– of said enterprises are acting in accordance with the demands of the times and endowing their companies with a head start.

12. CGIT calls for local and global approaches by every interested party: corporate governing bodies, executives, professionals (including IT practitioners), governments (even supranational ones), politicians and citizens.

13. Every interested party shall:

a. have access to trustworthy complete information and become aware of its implications;

b. develop appropriate CGIT and digital management knowledge and skills, building competence and capability; and,

c. assume appropriate roles, stances and actions leading to obtaining an affordable, effective, secure and friendly digital world.



The iTTi Manifesto on Corporate Governance of Information Technology (cont.)

14. A world that provides quality digital access and experiences to all in every facet of life:

personal (health, work, leisure, etc.), economic (sustainable smart products and services) and social (e-vote, e-democracy, e-government, political parties, affinity groups, clubs, etc.); respecting inter-personal and -cultural differences; and the environment.

15. CGIT is not the domain of a single person, or a few individuals or bodies. It is a part of digital leadership and culture, a ‘state of affairs’ and an urgent need that appeals to all of us.

16. CGIT should be grounded on sound general principles -as set forth in globally respected and accepted codes, standards and models, that everyone shall ad@pt™ -adopt and adapt.

17. South Africa’s King Code, and international sources like ISO 38500 or ISACA’s COBIT may provide solid initial guidance.

18. Recommendations and works published in the last decade by MIT Sloan School of Management’s CISR & CDB, Antwerp Management School’s ITAG Research Institute, the Swedish Royal Institute of Technology’s Department of Industrial Information and Control Systems and University of Navarra’s IESE, as well as more recent awareness efforts by NACD targeted to corporate America, shall deserve attention, too.

* * *



SSign

ator

ies


ittrendsinstitute.org | 11 @iTTiresearch itittttrrtrtrene dsdsssininini sttttitititute.org | 111@iTTiresearch

Signatories (in alphabetical order, as of 2014/11/14) Institutional endorsements (as notified by an authorized person): ALAMCIA. Spain ATI, Spanish IT Practitioners Association. Spain BAZ IT. New Zealand CCI, Industrial Cybersecurity Center. Spain CommerceLink. Spain Enterprise Governance Consulting. Australia EOA Spain, European Outsourcing Association Spain Chapter. Spain Fundación Compromiso y Transparencia. Spain IEE, Informáticos Europeos Expertos. Spain iTTi, Innovation & Technology Trends Institute. Spain ProcesoSocial. Spain Sinapsis Empresarial. Spain Symbiosis. Spain Personal endorsements: Acevedo Juárez, Héctor. Magazcitum. Mexico Álvarez, Alfonso. Vodafone España. Spain Álvarez Arderius, Luis. Canary Islands Accounting Office. Spain Arroyo, Alberto. ALAMCIA. Spain (member of The iTTi Community) Avelino, Maite. Spain Baena Álvarez de Quevedo, Francisco Javier. MINECO. Spain Barranco, Paco. BETApermanente. Spain Cabezuelo Ortega, Eduardo. Vass. Spain Cabrera, Javier. USA (member of The iTTi Community) de la Calle, Mª José. iTTi. Spain de la Calle, Marina. Spain Caloto, Juan Antonio. AEC. Spain (member of The iTTi Community) Carballo Gutiérrez, Ramiro. CAELUM. Spain Carrillo Verdún, José D. UPM. Spain Castro Requejo, Pedro. ENSILECTRIC. Spain (member of The iTTi Community) Ccoicca, Félix. Peru (member of The iTTi Community)


Should you want to endorse “The iTTi Manifesto” send your full name, your organization (optional) and your country to [email protected].


Signatories (cont.) Colomo-Palacios, Ricardo. Østfold University College. Norway Crespo Romero, Oliver. Grupo Generali. Spain Crespo Vallejo, Jesús. Corporación Masaveu. Spain Curiel, Gabriel. Spain Dacal, Martín. Quint Wellington Redwood. Spain Dalmau Parés, Raimon. GenCat/SEM. Spain (member of The iTTi Community) Dávila Ramírez, Juan. Peru Díaz Amorós, Isabel. Spain Díaz Bañobre, Raúl. Spain Dombriz Espada, Sergio. Afina (a Westcon Group company). Spain Domínguez, Amor. CCI. Spain Esteban Sánchez, José Antonio. Codere. Spain (member of The iTTi Community) Fernández, Cristina. ProcesoSocial. Spain Fernández Martínez, Jaime. ATI. Spain Fernández Torres, Elia. Innovative Soft. Mexico Fraile, Marlon. Spain de la Fuente, José. Cluster IDiA. Spain (member of The iTTi Community) Fuentes Sánchez, Nuria. Ferrovial. Spain (member of The iTTi Community) Fuertes Santaeulalia, Carlos. Symbiosis. Spain (member of The iTTi Community) Gaitero, Domingo. ProcesoSocial. Spain García Carranza, Sergio. SMT Advising. Spain García del Valle, Ignacio. Praxair. Spain (member of The iTTi Community) García Fernández, Jairo. Atos. Spain García-Menéndez, Miguel. iTTi. Spain García-Monedero, Ignacio. Spain Gómez Alfonso, Fernando. Data Adviser. Spain Gómez Ruedas, Jesús. Ministry of Defence. Spain González Canda, Pilar. Autana Business Partners. Spain González, Óscar. AMV Seguros. Spain (member of The iTTi Community) González Hernán, Gustavo. Sinapsis Empresarial. Spain González Fernández, Ana Isabel. Atos. Spain Gutiérrez, Miguel. Grupo SEGUR. Spain (member of The iTTi Community) Heras, Lola. AUREN. Spain




Signatories (cont.) Hernández Arroyo, Daniel. Spain (member of The iTTi Community) Holzhauer, Maik. Siemens España. Spain Jiménez Fernández-Mazarambroz, José. Spain (member of The iTTi Community) Juiz, Carlos. Spain (member of The iTTi Community) Kajimoto, Masatoshi. ITGI Japan. Japan (member of The iTTi Community) Leal, Silvia. Spain Linares, Samuel. CCI. Spain López Benito, Óscar. Spain (member of The iTTi Community) López Guerrero, Diego Ángel. Easycronos. Spain (member of The iTTi Community) Lucero, José Luis. IEE. Spain Martí Manzano, Juanjo. UOC. Spain (member of The iTTi Community) Martín Cavanna, Javier. Fundación Compromiso y Transparencia. Spain Martínez Ruiz, José María. Ferrovial. Spain Mayo Martín, Nuria. Ferrovial. Spain McRitchie, James. CorpGov.net. USA Menéndez, Eduardo. Spain (member of The iTTi Community) Menéndez Piñera, Francisco. Contein XXI. Spain Mínguez López, Cristina. Grupo TPI. Spain Modukanele, Abel N. Prion Group. South Africa Morales, Javier. GDF Suez Energía España. Spain (member of The iTTi Community) Morenilla Salas, José V. Unisys. Spain Moreno del Cerro, David. Grupo Cortefiel. Spain (member of The iTTi Community) Moreno Montero, Esther. Spain Moya Catena, Antonio. Spain Mújica Irarrazabal, Carlos. Cinemark Chile. Chile (member of The iTTi Community) Navarro Alcaraz, Marcos. EOA Spain. Spain (member of The iTTi Community) Pagés Casas, Llorenç. ATI/Novática. Spain Palao, Manolo. iTTi. Spain Palao, Eduardo. Spain Palomares, Javier. Tui Travel A&D. Spain Pardo Martínez, Juan. Spain Paredes, Nacho. CCI. Spain Pérez-Chirinos, César. Spain




Signatories (cont.) Pérez Sánchez, Alejandro M. Telefónica Global Technology. Spain del Peso, Mar. IEE. Spain Pons, Joan. ATI. Spain Prieto Delgado, Agustín. Spain Ramió, Jorge. UPM/Red Temática Criptored. Spain Ramos, Miguel Ángel. IEE. Spain Ravotto, Pierfranco. AICA. Italy Rodríguez de Cora, Rafael. CALS. Spain Rodríguez Ringach, Eduardo. Spain (member of The iTTi Community) Rodríguez Sánchez del Álamo, Juan Luis. Spain (member of The iTTi Community) Rouyet, Juan Ignacio. Quint Wellington Redwood. Spain Rubio, José Antonio. King Juan Carlos University. Spain Rubiralta Costa, Xavier. Spain Sabaté Armengol, Albert. Cafés Bou. Spain (member of The iTTi Community) Sáiz, Julio. Adecco. Switzerland (member of The iTTi Community) Sánchez Rodríguez de Guzmán, Mercedes. Spain (member of The iTTi Community) Sastre, Álvaro. Mutua de Procuradores. Spain (member of The iTTi Community) Sotos Olmo, Elena. Spain Suárez García, Román. Caja Rural de Asturias. Spain (member of The iTTi Community) Torres, Juan Carlos. Accenture. Spain Valentine, Elizabeth. Enterprise Governance. Australia (member of The iTTi Community) Valiente, José. CCI. Spain Vállez Rodríguez, Olga. CommerceLink. Spain Vargas Traid, Rafael. Tecnatom. Spain (member of The iTTi Community) Velarte Carrascosa, David. Spain (member of The iTTi Community) Verdura, Oriol. Grup SERHS. Spain (member of The iTTi Community) Vigo, Juan Carlos. ATI. Spain Wood, Basil. BAZ IT. New Zealand (member of The iTTi Community) Yáñez, Javier. AUREN. Spain Zia-ur-Rehman, Azhar. Rehmaniyah Mgmt. Consultants. UAE (member of The iTTi Community)



ittrendsinstitute.org | 15 @iTTiresearch iTTi | Boosting growth