An overview of technology governanace at non-profits and charities based on organisational maturity, size and use of technology. First presented at the NZ NFP Finance conference 2014

1. RETHINKING TECHNOLOGY GOVERNANCE
Big Data, Security & Privacy

2. “Information flow is as important as Cash flow”

3. 2 LEVELS OF TECHNOLOGY GOVERNANCE
 Organisational Technology
Governance
 Evolving Level
 Strategic
 Policy
 Requires governance
maturity
 Information Technology
Governance
 Established Level
 Operational
 Process
 Develops with use of ICT

4.  Organisational Maturity
 Structure of Organisation
 Role of Technology
FACTORS SHAPING
ORGANISATIONAL TECHNOLOGY GOVERNANCE

5. Founding
Forming
Establishing
Organising
Becoming
Productive
Managing
Leading
Governing
Charting
new waters
Elaborating
ORGANISATIONS EVOLVE – PURPOSE & PROCESS
Common
Good
Organisations

6. WHAT KIND OF CGO ARE YOU?
THREE LAYER
• Board + GM + Staff
• Team > Board
• Delegated authority
MULTI-LAYERED
• Executive Team
& Departments
• Commercial-ish
Board
TWO LAYER
• Small staff
• Board > Staff
• Board direct
operations
VOLUNTEER
• Volunteer led
• Board = Team
• Single Layer
decisions

7. Role of Technology
Cost
E-mail,
documents
and online
presence
AND
essential
for critical
operational
processes
AND
essential for
organisation
and service
decisions
AND
is part of
the product
or service
AND
is the
product or
service
HOW DO YOU USE TECHNOLOGY?
Fundview,
Disaster
ResponseQuitline,
NZ
NavigatorContract
for
ServicesProviding
Public
Services
Every
Organisation

8. ALL THESE FACTORS ALIGN
CGO STEP
Structure
Use of Technology
SIMPLE
COMPLEX
Minimum AdvancedStandard Complex
technology governance requirements

9.  Risk management
 Back-ups
 Controlled access to organisational files
 Continuity and crisis plans – at least in outline
 Security for confidential information
 Use databases not spreadsheets where possible
 Cloud offers far superior security than the “server in the cupboard”
 Someone holds responsibility for technology
 Watching brief on changes
 Targeted research when needed
 Agreed technology criteria
 Integrate around core applications; e.g. finance
 What is in-house, what is outsourced?
 Use of social media framework
MINIMUM:
FOR EVERY ORGANISATION – TECHNOLOGY IS NO LONGER OPTIONAL

10.  Recognise responsibilities
 Cannot “abdicate” compliance to suppliers
 Core policies defined
 Data management (includes security)
 Staff use of technology (BYOD, electronic identities, own interests)
 Procurement
 Basic technology management
 Staff support and training
 Risk register, active performance monitoring
 Cost monitoring (acquisition, staff time, usage)
STANDARD:
MOST ORGANISATIONS WITH STAFF AND/OR PUBLIC SERVICES

11.  Ensure core roles and responsibilities covered
 Data quality, maintenance and development
 Operationally independent project and change management
 IT management is standards based e.g. ITIL, COBIT
 Separate technology management from operations
 Formal KPI reporting
 Value not cost – e.g. triple bottom line or contribution
 Breakdown available by service or contract
 Technology planning is integral to planning processes
 “vision” for using technology
COMPLEX:
LARGER ORGANISATIONS; HOLDS GOVERNMENT SERVICE CONTRACTS

12.  Board level technology advisory group
 Integrated with or distinct from finance and risk
 Guided by ISO/IEC 38500
 Active Board development includes technology
 External audit
 Major project reviews
 IT plans and performance
 No Technology projects
 Only organisational projects that incorporate technology
 Investment business case essential
 Track project delivery against project promises
ADVANCED:
MATURE BOARD; MISSION GRAFTED TO TECHNOLOGY

13.  Everything discussed today assumes evolutionary
organisational growth and maturity.
 Technology negates the need for this. So do new ideas.
 New operational models (usually technology based) can
be revolutionary
 Your technology governance may need to ramp up fast.
A FINAL THOUGHT

14. USEFUL LINKS
 My website www.dalejennings.co.nz has an ever developing DIY
toolbox. Ask if you want something added!
 The Common Good Organisation Development model is explained in
the book or at a workshop. I recommend a manager and a board
member attend the workshop together for best results.
 “Waltzing with the Elephant” by Mark Toomey is possibly the best in
depth guide in plain English. Sample or buy at the Infonomics web site
 The NZ Privacy Commissioner has an excellent plain English guide to
cloud computing covering many risk areas as well as compliance. The
IITP Cloud Computing Code has more technical details and questions to
ask suppliers.
 Some LinkedIn groups technology governance. My profile links to
several. Please connect.
 If in doubt - Google your question and watch the videos!

15. ISO/IEC 38500 CORPORATE GOVERNANCE OF IT