Exco Risk Technology Technology, Media & Telecoms (TMT)

How to enable business continuity management through governance of enterprise IT

business continuity

Why focus on Governance of Enterprise IT (GEIT) as an enabler?

In today’s ever changing digital environment and the increasing dependence on information and systems that deliver it, effective governance and management of IT and associated IT risks is of critical importance for the survival and success of most enterprises.

Moreover, enterprises are faced with regulatory requirements, fiduciary responsibilities and contractual issues requiring stricter control over information and supporting technology.  These requirements are best addressed through a process driven approach of IT governance.

IT governance is not just an IT issue or only of interest to the IT function.  In the broadest sense, it is part of the overall governance of an enterprise, but with specific focus on improving management and control of IT for the benefit of the primary stakeholders. Ultimately, it is the responsibility of the board of directors to ensure that IT along with other critical activities, such as business continuity is adequately governed.

IT governance is about leadership and oversight in enterprise structures and processes that ensure that the enterprises’ IT sustains and extends the enterprises’ strategies and objectives.  The purpose of IT governance is to direct IT activities, to ensure that IT performance meets the following objectives:

  • For IT to be aligned with the enterprise and realise the business benefits;
  • For IT to enable the enterprise by exploiting opportunities and maximising benefits from IT;
  • For IT-related risks to be managed responsibly and in a repeatable way; and
  • For IT resources to be used responsibly.

Key Governance of enterprise IT (GEIT) considerations for BCM:

  • Ensure BCM governance through the development of an appropriate business continuity management strategy, with suitable oversight committees;
  • Cultivate a culture of continuity within the enterprise, through the identification and communication of core BCM values.
  • Ensure resiliency through identification of appropriate solutions that will meet your recovery objectives and minimise downtime;
  • Ensure continual improvement of business continuity management capabilities within the enterprise.

IT Governance (similar to BCM) is pervasive and forms part of strategic and operational enterprise objectives. In this regard, there is a need to ensure value from IT enabled investment and manage an increasing array of IT-related risks (including BCM risks).  Organisations need to realise that IT and business activities cannot be separated, similarly Business continuity and IT continuity cannot be separated.

In order for this to happen, GEIT implementation (and similarly BCM) need to be managed as a programme, have executive sponsorship, and have attainable objectives, with an emphasis on building upon what is already in place and adding value.

For more information, contact Carl Kruger at cakruger@deloitte.co.za or Danita de Swardt at ddeswardt@deloitte.co.za or Braam Pretorius at brpretorius@deloitte.co.za

We invite you to subscribe to the Deloitte weekly email where we introduce topical Deloitte articles and to join one or more of our groups on LinkedIn

About the author



  • Carl, thanks for a great article – this is a huge topic, as are all governance issues – one comment, I would not say that IT Governance is similar to BCM, I think it is far broader than that, and that BCM is simply one component to a broad IT Governance framework. If IT Governance is similar to BCM it falls into the trap of being primarily reactionary – governance of any area in business HAS TO BE more proactive than that…

Leave a Comment