Digital governance isn’t about technology for technology’s sake. It’s about making sure your organisation achieves value from its digital investments while managing the very real risks.
In my previous article, Why boards need to get serious about digital, I highlighted the extraordinary pace of digital evolution.
It’s a tidal wave sweeping across every industry, driven by advances in artificial intelligence, new trust models, relentless cybersecurity threats, and a much-needed focus on data privacy.
In this environment, traditional governance models often fail to keep up and leave decision-makers exposed.
In my experience, boards and CEOs sometimes take a narrow view of digital/IT governance that focuses on what’s front of mind, such as current projects, cybersecurity and AI.
IT governance is complex, and the consequences of poor governance can be catastrophic for an organisation. Boards and CEOs need to acquire a deeper understanding of these complexities to provide the stewardship required.
So, where does digital governance fit in?
At its heart, digital governance is simply about clarity of decision-making and accountability when it comes to technology. It means putting the right structures in place to:
- understand and manage risks tied to technology;
- ensure technology supports the organisation’s goals; and
- oversee how digital investments and assets perform.
Too often however, boards and executives take the view that this responsibility is the sole remit of the CIO or CDO. While those executives play a central role, effective governance of these critical corporate assets requires collective accountability at the board and senior leadership level.
Where to begin
Good governance of technology doesn’t have a single formula—it depends on the organisation’s risk appetite and accountability and decision-making culture.
While there are established frameworks for IT governance, no framework is a plug-and-play solution. Each organisation needs to establish its own meaningful policies and processes.
The key is adopting a holistic mindset (systems thinking) — viewing your digital environment as a connected system, not just a collection of separate projects or IT systems.
Setting a digital strategy – avoiding the short game trap
A mistake I see often is boards and executives falling into “short game” thinking. Under pressure, they push for quick results or urgent priorities but neglect the longer-term investments that sustain capability and drive future value.
A strong digital strategy should balance both. Most digital strategies focus on digitally enabled outcomes for customers/clients, staff and key partners. A digital strategy should also articulate a vision and a plan for:
- the evolution of back-office systems (finance, HR, asset management);
- investment in IT infrastructure (networks, cloud, end-user devices); and
- most importantly, enterprise data management and an integrated data architecture.
Why emphasise data? Because in a world where AI and algorithms are becoming standard, your organisation’s future value will rest on how well you manage and use your data.
Related
Setting a cybersecurity strategy
To complement this strategy, organisations should also consider a separate cybersecurity strategy. Cyber risk deserves its own spotlight. I’ll explore this further in my upcoming article: Cybersecurity: a board imperative.
Beyond a strategy – managing the digital asset lifecycle
Of course, having a strategy is necessary—but on its own, it’s not enough. To make governance real, you need consistent practices across the entire digital asset lifecycle. That means:
- a process to review, prioritise and oversee digital investments (often through a board or subcommittee);
- ensuring every investment aligns with both digital and organisational strategies;
- ongoing monitoring of benefits;
- having clear visibility of your significant IT assets (hardware, software and data) over their lifecycle;
- tracking progress towards digital goals;
- effective project and organisational change management; and
- external benchmarking and independent assurance.
The rise of AI makes this even more pressing. Boards now need frameworks that specifically guide responsible AI use—a topic I’ll delve into in another upcoming article: Navigating the AI revolution: a board’s perspective.
The digital governance journey
For large organisations, the digital environment is often expansive — hundreds of systems, thousands of applications, and a patchwork of processes and interfaces.
Getting on top of this is not about reaching a neat end state; it’s about advancing maturity over time.
In my book on Digital Governance, I describe five clear stages of digital governance maturity:
- Responsibility defined: Technology responsibility is established, and a vision is set;
- Oversight and reporting: Governance oversight and basic performance reporting begin;
- Process maturity: Processes for managing assets and projects become consistent and reliable;
- Portfolio maturity: Investments are managed collectively, with benefits tracked across the portfolio;
- Resource optimisation and external validation: Resources are optimised, and governance maturity is independently assessed and benchmarked.
True progress doesn’t happen overnight. It requires cultural change, particularly around accountability for technology and custodianship of data. But even gradual progress creates visible value.
Key takeaways for boards
- Digital governance is a board-level responsibility, not just a CIO issue;
- Balance quick wins with long-term enablers—your digital future depends on both;
- A strategy is necessary but not sufficient. Execution, accountability, and ongoing monitoring are just as vital;
- Data strategy and architecture are the foundations for AI and the emerging “algorithmic age”;
- A holistic approach to digital systems and infrastructure is needed to drive efficiencies in IT spend and to maximise value to the organisation;
- Governance maturity is a journey—one that requires boards to lead cultural and structural change.
Above all, digital governance isn’t about technology for technology’s sake. It’s about making sure your organisation achieves value from its digital investments while managing the very real risks – some of which are in plain sight and others are hidden.
Dr Malcolm Thatcher is a digital executive, author and advisor. He is the former chief technology officer of the Australian Digital Health Agency. He is the founder of the Strategance Group.
This article was first published on Dr Thatcher’s LinkedIn profile. Read the original here.