The Computer Society of Kenya

Since 1986


Tuesday October 25, 2019

In general, governance is about having structures, processes and procedures in place to ensure that an enterprise achieves its objectives and is accountable to the shareholders.

Many corporates have established structures to oversight typical business functions like finance, accounts and human resources.

National laws have gone further and internalised the importance of governance in these domains, given the enactment of several acts of parliament governing, for example, the conduct and operation of the accounting and human resource professionals.

As such, board members are fairly clear on the expectations from management when it comes to providing oversight to financial, human resource, procurement and other more established organisational functions.


However, with respect to ICTs, very few enterprises in the public or private sector have board-level visibility of what the ICT director is up to, and in many cases they consider ICTs to be too abstract for their deliberations.

No wonder many scandals, particularly in the public sector, revolve around procurement, deployment or operation of new ICT systems.

From the Anglo-leasing, through NYS One to NYS Two, one will find that ICTs are always at the heart of these scandals.

In the private sector, cases of digital or electronic fraud, hacking or simply data breaches are on the rise, causing significant reputational damage or regulatory penalties.

These events can only point to the fact that board-level oversight for ICT matters is not at the same level of maturity as that of its usage within their enterprise and beyond.

The customer demand for enterprises and organisations to leverage ICTs for the delivery of convenient and efficient services has often led to accelerated automation - without commensurate oversight at the board level.

Management, in particular ICT directors, have subsequently found themselves in a ‘sweet-spot’ where they command massive budgets projects with little or no accountability to the board or shareholders.


The high level of scrutiny that boards often give to those who manage finance, human resource or marketing is rarely directed to ICT directors since board members feel ill-equipped to deliberate over ICT matters.

Whereas structures, processes and tools to oversight ICT operations exist in developed economies, they are rarely instituted in local organisations and enterprises.

In other words, ICT governance frameworks rarely exist in our local organisations and when they do, it is perhaps as a consequence of companies headquartered in Europe, US or Asia rather than deliberate board decision.

Many companies have therefore not instituted ICT governance practices and procedures that would have ensured transparency and accountability to the board on a regular basis.

Board members have also continued to shy away from committing time and effort to learn the prerequisites for effective ICT effective oversight.

This can only mean that we shall continue to witness increasing cases of ICT scandals, hackings and data breaches that will damage corporate reputations and reduce bottom lines.

It is therefore high time that public and private organisations gave ICT governance the attention it deserves.

Share this page