What are the risks of an organization with no IT Governance policies?

Corporate Governance of Information Technology (ISO38500) is the system directing and controlling the current and future use of IT in an organization. All organizations are subject to regulatory, legislative, contractual, and other obligations. Inadequate implementation of IT Corporate Governance policies or lack thereof may expose managers to violations relating to:

• Security Standards
• Privacy, spam, business practices, health and safety, accessibility laws
• Intellectual property rights, including software license agreements
• Information Retention Requirements
• Environmental laws and regulations
• Social responsibility standards

The standard provides an effective framework to help an organization’s managers understand and comply with their legal, regulatory, and ethical obligations regarding their use of IT.

Risk is reduced by carefully following the proposed model and applying its principles. Thus, good corporate governance contributes to an organization’s performance through:

• Proper implementation and exploitation of IT assets
• Clarity on responsibility and accountability for both the use and provision of IT for achieving the organization’s objectives
• Business continuity and sustainability
• Aligning IT with business needs
• Efficient resource allocation
• Innovation in services, markets, and business
• Good practice in stakeholder relations
• Reducing an organization’s costs
• The actual achievement of approved benefits for each IT investment.