3.0 Introduction to Strategy and Governance Discipline

The strategy and governance discipline aims to optimise the way of working by defining the guidelines, rules and framework for the business technology function. The strategy and governance discipline has the following three main topics in its agenda:

  • Set the strategic intention, guidelines, and motivation for the organisation
  • Implement an operating model and organisation to create value for the business
  • Ensure proper management of risks, compliance and security

Figure 3.0.1 Strategy and governance discipline


Strategic intention, guidelines and motivation

As businesses are heavily relying on technology today, business strategy and business technology strategy cannot be separated. The business perspective puts focus on markets, offerings, competition, customer trends and business models. The business technology perspective considers more business platforms, technology opportunities and risks, core competences and prime vendors. These two perspectives merge into one strategy when planning business capabilities, digital transformation, ecosystems and competence synergies.

Strategic planning sets the strategic intention and guidelines for everyone to follow. Objectives define how to reach specific goals and measure progress. Scorecards are often used to build organisational, team level and individual incentives to meet objectives and strategic goals. However, the best way to motivate people to achieve goals is to make sure that the strategic intention has a meaningful purpose and is well communicated throughout the organisation.

Enterprise architecture enables the planning of capability transformations. A business capability consists of people, processes, systems and data. Enterprise architecture focuses on planning processes, systems and data, and has usually less focus on people, competency or way of working. Enterprise architecture is a good tool for assessing the current business technology status, defining the targets state and planning the road maps from current state to target state.


Operating model, organisation and competence

People create change. Therefore, it is essential to have the right competence, logical organisation and efficient operating model to create business value and drive the transformation. The operating model defines the value creation streams and illustrates how the different disciplines and practices interoperate efficiently reinforced by the relevant governance.

Figure 3.0.2 Business Technology Standard operating model


Organisational structure and competence strategy should be based on the operating model. You should be able to see at a glance from the highest-level organisational chart how the value is created. In an ideal case, teams and titles reflect the operating model, disciplines and practices as well.

Because of new requirements continuously arising from the business environment, including technology, business transformation and competence development should be a constant activity. Organisations should make savvy decisions on which competencies they need internally and which ones to acquire from external organisations. Nevertheless, they all should implement the same operating model, get training and have passion to create business value.


Managing risk, compliance, quality and security

Managing risk, compliance, quality and security is often about giving recommendations and instructions and checking that they are followed. However, the impact becomes greater when you raise the understanding and awareness of how to deal with or avoid possible issues. Good guidelines and instructions as well as security tools and controls to detect the possible issues are a good starting point, yet the desired security awareness levels can only be reached when adding the human-centric approach to security.

While it would be hard to gain a major competitive edge through good risk, compliance, quality and security management, it is a crucial factor in preventing the loss of business, revenue, reputation and opportunities. Businesses are more vulnerable than ever before and therefore managing risk, compliance, quality and security is fundamental for every company in order to stay competitive.


Data regulation and protection

Data has an important role in everything any company does today. While data is essential for a company to do business, there are several rules setting limits and rules on how, what and when the data can be collected and how to deal with the collected data. Violating data regulation and protection rules present a major risk to company’s business continuity. Therefore, it is essential that the company is aware of the different regulations that relate to the specific industry the company operates in.

The General Data Protection Regulation (GDPR) is a regulation in EU law aiming at giving people more control over their personal data. It forces the company to make sure that the personal data is collected under strict conditions and protected from misuse and exploitation. The GDPR addresses the export of personal data outside the EU and EEA areas and concerns therefore any company processing the data of EU citizens.