ICT Governance – an action plan to improve the way your trustees think about ICT

Simon Davey, preponderate.net

How does a management committee know whether their ICT Governance is effective? There are no clear national standards and many boards don’t know what to do or what impact their actions (or inactions) might have. ICT impacts almost everything an organisation does and managing by ‘ standards’ can help ensure a safe, effective, efficient organisation making the most of the resources available.

The Good Governance: Code for the Voluntary and Community Sector sets out a number of governance principles for general governance of voluntary and community organisations. At preponderate, we’ve drawn on these and our experience working with trustee boards to suggest some key ‘measures’ which trustees and organisations can identify with and which can help to define the composition of a management committee. It’s not a question of right or wrong but we hope it will provide food for thought and the outline of an action plan for your organisation.

The seven key governance principles

1. Board leadership
2. The board in control
3. The high performance board
4. Board review and renewal
5. Board delegation
6. Board and trustee integrity
7. Board openness

This is not simply a question of standards, prescriptions and ‘to do’ lists. Once you have processes and systems in place, ICT governance becomes more straightforward, easy to do and will pay for itself with better issue management and more effective resourcing and ultimately better outcomes for the people you want to help.

Board leadership

Principle - Every organisation should be led and controlled by an effective Board of trustees which collectively ensures delivery of its objectives, sets its strategic direction and upholds its values.

Recommendations:

• Trustees and staff should both be clear about roles around ICT in their organisation – from strategy and budgeting to project management and technical support.
• The organisation has a clear strategy for ICT developments and a clear process for governing ICT

It’s important that roles are clear. One of the biggest failings in organisational ICT is that it’s always perceived to be someone else’s responsibility. You don’t need to be a technical expert to implement ICT and sometimes it’s good to be distant from the mechanics and see what difference ICT really makes (or could make). You will need a clear strategy and process, detailing what you’re doing and why, and when things should be brought to you attention.

The Board in control

Principle - The trustees as a Board should collectively be responsible and accountable for ensuring and monitoring that the organisation is performing well, is solvent, and complies with all its obligations.

Recommendations:

• The organisation is legally compliant with all relevant legislation (and has the documentation to prove it)
• There is a complete set of policies for the effective governance, management and operation of ICT (know where they are and are confident they are being applied)
• Risk has been fully assessed and appropriate systems are in operation for security and management
• There is an ICT budget and defined spending levels around projects and activities
• There are appropriate internal controls for major projects and ICT decisions which significantly impact the organisation or its beneficiaries
• ICT supports equality, diversity and opportunity for all staff, volunteers and service users

How well do you really know what’s going on? You’re ultimately responsible for ensuring legal compliance, safe management and operation and for assessing and addressing risks. You want to get best value for money (even if that means spending a little more now to get a much better return a little later) and to have the right controls for decision making which impacts the organisation. Remember that this is a collective, and individual, responsibility. If you’re not doing it, who is? Accountability matters.

The high performance Board

Principle - The Board should have clear responsibilities and functions, and should compose and organise itself to discharge them effectively.

Recommendations

• All trustees are clear about their obligations and responsibilities with regard to ICT and its place in our organisation
• The board makes best use of ICT in its own operation and communication, supporting individual capabilities and needs
• The board are aware of their own strengths and weaknesses in ICT knowledge and expertise and acknowledge this when making decisions and in seeking outside expert help

You’re trustees and volunteers – no one is expecting everyone to be an expert but it does mean everyone needs to understands their role, responsibilities and obligations. As a board, make good use of ICT where it can help and support you, whether that’s emailing minutes for review or sharing ideas in a discussion forum. Don’t be afraid to admit what you don’t know (in fact you should do that) and be prepared to seek expert help (whether voluntary or paid) if you need it. Be prepared to ask the right questions.

Board review and renewal

Principle - The Board should periodically review its own and the organisation’s effectiveness, and take any necessary steps to ensure that both continue to work well.

Recommendations

• The Board annually review their own effectiveness in ICT decision making and seek training or support as needed
• The Board seeks to induct and retain trustees with good strategic understanding of ICT and those with a passion for learning
• Annual reviews are important. Just as you need to audit your financial accounts, you should regularly review your ICT and your decision making capabilities. Perhaps the time you agree the annual accounts is a good time for reviewing ICT.

Good strategic understanding doesn’t need to mean detailed technical knowledge. Be aware of how individuals can apply strategic skills in other areas to strategic understanding and experience of ICT and above all try and find, and retain, trustees who are passionate about learning about new things and the impact they can have. Use advisers to contribute ICT expertise.

Board delegation

Principle - the Board should set out the functions of sub-committees, officers, the chief executive, other staff and agents in clear delegated authorities, and should monitor their performance.

Recommendations

• The board leads on ICT direction and delegates operational responsibility to the Chief Executive or senior member of staff. Decision making lines are clear to all staff.
• ICT decision making is subject to clear terms of reference.
• All activities are subject to regular monitoring as considered appropriate between Chief Exec and Board

You can’t do everything and you shouldn’t. Lead on direction and then delegate responsibility appropriately but ensure you maintain accountability. Set clear guidelines for how ICT decisions are made – you don’t want to be bothered with every little thing but you do need to know when the ‘ big issues’ come up. Make sure that ICT is regularly monitored and show that you care. Nothing is more demoralising for staff than feeling their Board aren’t interested.

Board and trustee integrity

Principle - The Board and individual trustees should act according to high ethical standards, and ensure that conflicts of interest are properly dealt with.

Recommendations

• Ensure that ICT meets your organisation’s ethical standards and relationships are properly managed
• Make sure your ICT policies meet your ethical standards

There’s nothing to stop trustees recommending suppliers (even when those suppliers are affiliated to the trustee) but you should ensure that no one on the Board is seeking to gain inappropriately from decision making

Board openness

Principle - The Board should be open, responsive and accountable to its users, beneficiaries, members, partners and others with an interest in its work.

Recommendations

• Involve users, beneficiaries and partners in decisions about your ICT
• Use ICT e.g. your website to open communications and demonstrate openness and accountability and allow users an opportunity to discuss ideas

ICT allows you to be transparent and to involve a wide selection of stakeholders in direct communication. You can publish reports, surveys, discuss ideas and solicit feedback quickly and directly. Use the technology to make the best of what you do, to involve as many stakeholders as possible and to provide the most effective means of communication and information sharing.

Conclusion – A recommended approach to ICT Governance - SSS: Set, Support and See through

At preponderate, we recommend the SSS model. It works well, is simple enough for everyone to understand and helps support the roles of all parties.

• SET: Set an overall strategy and direction and agree appropriate risks
• SUPPORT: Provide resources and support to staff leading the project
• SEE THROUGH: Hold staff directly accountable for both success and failure

The SSS model will make a big difference to how ICT impacts your whole organisation and services. Staff need to know which direction to go (and why), feel supported, be given the necessary financial (and other) resources and to be held accountable. You’re acting as a critical friend, managing risk well, probably getting good value for money and are a good governing board.

Things to think about

1. How does your board ‘measure up’ around the recommendations?
2. Are there any specific principles which are less well implemented than others? Does this apply to more general governance as well?
3. Spend some time developing an action plan as to how you can improve both ICT and overall governance. Once complete, make some time to review the plan at a trustee meeting
   

Resources

• Quick questionnaire to explore your approach to ICT Governance – From Nightmare to Nirvana, an ICT survival guide for trustees www.icthub.org.uk/publications
• Code of Good Governance - http://www.governancehub.org.uk/code_of_governance.html
  
  

Simon Davey
Preponderate.network
simon@preponderate.net
www.preponderate.net