3.0 Introduction to Strategy and Governance Discipline

The strategy and governance discipline aims to optimise the ways of working for the business technology function by defining the guidelines, rules and framework. The strategy and governance discipline’s remit covers these three main topics:

  • Set the strategic intention, guidelines and motivation for the organisation
  • Implement an operating model and organisation that create value for the business
  • Ensure proper management of risks, compliance and security


Figure 3.0.1 Strategy and governance discipline


Strategic intention, guidelines and motivation

As businesses are heavily reliant on technology today, the business strategy and business technology strategy cannot be separated. The business perspective puts the focus on markets, offerings, competition, customer trends and business models. The technology perspective considers the business platforms, technology opportunities and risks, core competencies and critical vendors. Business Technology includes both the business development and the technology management perspective. These two perspectives merge into one business technology strategy when planning business capabilities, digital transformation, ecosystems and competency synergies.

Strategic planning sets the strategic intention and guidelines for everyone to follow. Objectives define how to reach specific goals and measure progress. Scorecards are often used to build organisational, team level and individual incentives to meet objectives and strategic goals. However, the best way to motivate people to achieve goals is to make sure that the strategic intention has a meaningful purpose and is well communicated throughout the organisation.

Enterprise architecture enables the planning of capability transformations. A business capability consists of people, processes, systems, data and ecosystems. Enterprise architecture focuses on business and technology, and covers planning processes, systems and data, and usually has less focus on people, competencies or ways of working. Enterprise architecture is a good tool for assessing the current business technology status, defining the target status and planning the road maps from the current to target status.


Operating model, organisation and competence

People create change. Therefore, it is essential to have the right competencies, a logically structured organisation and an efficient operating model to create business value and drive the transformation. The operating model defines how the value streams create the value and illustrates how the different disciplines and practices should interoperate efficiently. This is reinforced by the relevant governance.

Figure 3.0.2 Business Technology Standard operating model


The organisational structure and competencies strategy should be based on the operating model. You should be able to see how the value is created from just a glance at the highest-level organisational chart. In an ideal world, teams and titles reflect the operating model, disciplines and practices as well.

Business transformation and competencies development should be a constant activity because there will always be new requirements continuously arising from the business environment, including the technology environment. Organisations should make savvy decisions as to which competencies they need internally and which ones to acquire from external organisations. Either way, they all should implement the same operating model, get training and have a passion to create business value.


Managing risk, compliance, quality and security

Managing risk, compliance, quality and security is often about giving recommendations and instructions and checking they are followed. However, when you raise the understanding and awareness of how to deal with or avoid possible issues the impact you can have is far greater. Good guidelines and instructions, as well as security tools and controls to detect the possible issues, are a good starting point, but you can only attain the desired security awareness levels when a human centric approach to security is applied.

While it would be hard to gain a major competitive edge through good risk, compliance, quality and security management, it is a crucial factor in preventing the loss of business, revenue, reputation and opportunities. Businesses are more vulnerable than ever before and therefore managing risk, compliance, quality and security is fundamental to staying competitive.


Data regulation and protection

Data has an important role in everything any company does today. While data is essential for a company to do business, there are several rules that determine how, what and when the data can be collected and how to deal with the collected data. Violating data regulation and protection rules presents a major risk to a company’s business continuity. Therefore, it is essential that the company is aware of the different regulations that relate to the specific industry the company operates in.

The General Data Protection Regulation (GDPR) is a regulation in EU law giving people more control over their personal data. It forces the company to make sure that personal data is collected under strict conditions and protected from misuse and exploitation. The GDPR addresses the export of personal data outside the EU and EEA areas and is therefore applicable to any company processing the data of EU citizens.