In my many weeks of working from home recently due to the COVID-19 pandemic, I’ve been on regular peer group calls listening to the challenges that my colleagues have dealt with in getting their companies situated to effectively work remotely. There was a small group of us that happily had very few problems to speak of. When we spoke offline about why that was the case, there were two commonalities. First, our companies had already been operating with work-from-home options for some time. Second was a strong foundation of governance in our companies. There were three important governance factors that made the transition relatively easy.
- We had a handle on business continuity management (BCM). Plans were in place, reviewed and tested on a regular basis, and integrated with business operations. This is most achievable when strategies for digital risk management are embedded in the enterprise strategic business plan. BCM and many other work products are derived from that. Don’t have two separate strategic plans because that leaves you open to having disjointed approaches to corporate governance. Additionally, some of us who lived through SARS and H1N1 added pandemic-specific actions when news of the coronavirus first started surfacing.
- Data was truly managed as a corporate asset. There was a strong information governance mindset, which can be cultivated when you can tangibly demonstrate how data impacts the bottom line. The most top of mind example is the costs associated with a data breach, but it could also be analytics that resulted in making a good decision on where to pursue market growth. Being able to correlate data to the bottom line helps to drive the desire to apply governance.
- We had established credibility with our C-suite peers. As many will attest, this isn’t always easy to do. Trust was gained with these people because we understood the business, used the business lexicon, and could talk to the bottom line. When the crisis hit, there was no hesitation in following our lead.
None of us were issue-free in the transition. However, having a strong culture of governance gave us the tools with which to make prudent and timely decisions, and allowed the business to be comfortable in giving us the latitude needed for crisis resolution.
There’s a saying: “When the tide goes out, you see who isn’t wearing pants.” Those that get caught out when the water recedes get flustered and that prevents them from making rational decisions. Some people go a little deeper into the water to cover up the fact that they’re pants-less – and that never ends well. The presence and practice of governance helped us manage the tide with confidence – with or without pants.
Editor’s note: See how ISACA is updating the content outline for its CGEIT certification exam to reflect the evolving technology environment, as well as the knowledge and skills that today's professionals need to strengthen governance at their organizations. For more information about the changes, see our related FAQs.