Running a business requires knowledge, organisational skills and being able to manage people.  Experience helps, so does patience!

You may have a management degree, diploma or attended one of the various small business courses that include topics such as accountancy, taxation requirements, business planning or marketing.

While these are valuable skills necessary to make any business successful, smaller businesses often forget about IT Governance.

What is IT Governance you may ask? In a nutshell, it’s your ‘IT Strategy’.  It’s how you manage technology in your business.

Why Do I need IT Governance?
IT Governance, in the form of an IT strategy will help you manage and improve productivity, resulting in more profit. It will also help mitigate the risk of virus infections within your computer systems. As we know, viruses on computers causes down time and are costly.

Let’s go through each individual item that makes up IT Governance to help you understand it better. 

IT Risk Management

IT Risk Management for business refers to identifying the risks relating to technology that may be used within your business, and how you mitigate that risk. Some examples are:

  • ·         Do you allow staff to plug in external devices into your computer network?
  • ·         Do you allow staff to use their own technology equipment within the business?
  • ·         Do you have sensitive information on your computers or network, and know who accesses that information and when?
  • ·         Do you have software that can monitor sensitive information being leaked outside of your business?
  • ·         Are your computers sufficiently protected with anti-virus software?
  • ·         Do you filter, block or monitor internet usage?
  • ·         Have you implemented an IS Acceptable Use policy?
  • ·         Do you make staff accountable and do they know the boundaries?

Information Security Management

Information Security Management for business refers to how you secure information in your business. Some examples are:

  • ·         How do you store data in your business? Is it backed up? If so, how often?
  • ·         Are you storing information on a physical device (external hard drive / CD/DVD) or using a Cloud-based solution?
  • ·         Are you using classification for sensitive data such as ‘Confidential’, and if so, do you know who accesses that information and when?
  • ·         Would you know if staff leaked sensitive information outside of the business?
  • ·         Do you transport sensitive information on portable devices, and if so, do you encrypt that data?
  • ·         Have you considered the damage to your business if sensitive data fell into the wrong hands?

Computer Audit

Computer audit in business is necessary to pull your IT strategy together and measures whether your processes around that strategy are being carried out. It also has aspects that will identify whether your staff are working productively!

Some examples to consider for computer auditing are:

  • ·         Do you have processes in place to ensure staff do not share logons and passwords to business systems?
  • ·         Are you ensuring staff access is disabled for departed employees?
  • ·         Do you restrict the ability to download software from the internet?
  • ·         Are you blocking access to certain categories of internet sites such as pornography and adult material?
  • ·         Do you block access to sites such as Facebook and TradeMe?
  • ·         Are you using monitoring software to keep staff accountable with regard to internet surfing?
  • ·         Have you implemented an Acceptable Use policy to set the boundaries with staff and make them accountable?
  • ·         Have you considered a forensic internet audit on a targeted computer to identify internet usage when a staff member is not performing to expectation.



    IT Governance does not need to be difficult and expensive to implement. Two areas to focus on are:

    1.       Implement an Acceptable Use policy. You can provide clear guidelines to staff around your expectation within your computer network and set boundaries.

          2.       Consider implementing monitoring software. Easy to use, this provides hard evidence that can be             utilised to address any concerns.

    Why don’t you implement IT Governance in your business to increase security, accountability and productivity today!

    Dean Stewart – Owner and Director of WebSafety NZ Limited

    www.websafety.co.nz