It has been argued that the IT governance system established in many organisations is incongruent as it has been designed in several different patches of problem solving mechanisms. The designing activity of the governance system reduces the synergy level and limits the opportunities for strategic impact from IT. In order to deal with the issue it is important for the management of the organisation to design the IT governance procedure according to the goals and objectives of the organisation. The notion requires the management of the organisation to actively play part in the procedure. Without the proper support of the management the successful designing and implementation process of IT governance cannot be undertaken. Although it is not possible to actively redesign the overall governance mechanism but it is important to undertake mechanism reviews on regular basis. The Burton report recommends undertaking assessment of IT governance system on regular basis in order to implement security improvement processes at MOD.
The report is full of recommendations for the change in the governance structure at MOD regarding the security of the IT infrastructure. It is also important to undertake change in the behaviour of the employees at the organisation according to the change in governance. The redesign in the governance system will although take some time but its effective implementation will lead to the final objective of making the security of data foul proof.
The report has recommended a change in the organisation perspective according to the direction in which the IT governance system is redesigned. Failure to do so will stultify the whole change process. The Burton report also suggests training and education all across the organisation. Burton suggested reviewing all the current training on Data Protection and Information Management, and identifying the uptake by the relevant post-holders, in order to determine future training needs.
3. Involve senior managers:
The involvement of the senior management of the organization is an important factor in the effective governance of IT in an organization. The report also contains recommendations on the aspect. It has been suggested that the MOD should properly define the responsibilities for the Departmental Chief Information Officer functions. It has been noted that although many managers want to contribute in the IT governance process but fail because they don't have the knowledge of the area where they have to play their part. The report goes further by recommending the formulation of a network of TLB CIOs and SIROs to eke the process of security and assurance of information as a critical business asset. The report also provided the solution of the absence of Defence Operating Board. It recommended the enforcement of the authority of MOD SIRO in order to address the information risk.
4. Make choices:
The successful governance practices require strategic choices. In the case of MOD security of data is an important task. With all the other IT governance issues, the security of data as suggested by Burton is a nonnegotiable issue. As mentioned