In addition to having a governance framework that ensured the constant improvement of their governance practices, Chan's team expected three more objectives to be continually met by the new NLB IT Governance Framework.
One was the provision of "clarity on IT decision rights." "As part of the framework's developmental efforts, NLB has obtained greater clarity on the decision rights and decision-making processes of various parties and platforms, enabling them to tweak and tune them for optimal effect," says Chan. "For example, the composition, roles and responsibilities, touchpoints and reporting lines of the ITAC, ICTSC, CIO Committee, CIO Office, Project Management Office, project approving authority, et cetera, in the context of both IT and non-IT, were clarified and documented as one of two pillars of the framework."
Another had to do with IT compliance and assurance. "Many public servicewide IT policies and directives mandate the performance of audits, self assessments, security reviews, and such, on agencies' IT practices as well as pertinent IT systems-especially those that are mission-critical, of high business impact or security-classified," Chan says. "Such policies and directives include IT policies, standards, architectures, mandatory practices, et cetera. As these originate from various governing agencies, their scope, intents and thrusts are at times inadvertently discrepant and overlapping to some extent."
As such "these discrepant and overlapping compliance 'drivers' necessitate that NLB implements a concerted and systematic approach to ensuring that proactive and streamlined actions are taken to meet the compliance requirements," says Chan. "More importantly, the actions taken must expend the least possible amount of resources to deliver the best outcomes for NLB. Besides service-wide compliance criteria-such as policies that govern IT in general and the government network in particular-compliance actions are often performed against NLB's own criteria, namely the NLB IT Policies. To ensure that the compliance actions are adequate and serve the business objectives of NLB, it is important to ensure that the NLB IT Policies are relevant, up-to-date and well aligned to service-wide criteria."
At the centre of the NLB's efforts toward having IT policies that are completely in line with standard criteria is the IT Compliance and Assurance Program (ICAP). "The ICAP was formulated to address the compliance drivers I mentioned earlier,' says Chan. Indeed, soon after Chan and his team started running the ICAP, they saw results. "Compliance breaches have been visibly decreasing since [we put ICAP in place], and NLB's own policies have become more lucid, up-to-date, streamlined, relevant, as well as better-aligned to servicewide policies."
The third major objective on which the NLB's IT Governance Framework delivered was in the area of value and outcome management. "Without a doubt, improving on the NLB's organisational capability and capacity to achieve optimal value and outcome from IT decisions was the most important impetus for developing the IT Governance Framework," says Chan. "Since [we put up our framework], the NLB has significantly enhanced its business case management process, and is thus better assured that more deserving projects are given higher priority and greter executive support for funding and development."
Sign up for CIO Asia eNewsletters.