Technology

IT Governance
IT Governance Jonathan Poland

IT Governance refers to the way in which an organization’s executive leadership manages and directs information technology. It is a type of corporate governance that involves the use of processes and practices to control and guide the use of technology within an organization. The scope and nature of IT Governance may vary significantly depending on the industry, internal politics, and maturity of the organization. The following are common practices.

Application Portfolio Management
Oversight of applications at the portfolio level. In many cases, an annual health check is performed to identify risks related to legacy systems, compliance, capacity and availability.

Asset Management
Governance of IT asset management processes such as asset life cycle management and IT inventory management.

Audits
Financial, technology and security audits.

Benchmarking
Comparison of IT performance and costs to your industry and competition.

Business Technology Alignment
Strategic management of gaps between business needs and IT capabilities. This includes things such as products that lack IT integration and addressing business pain points with IT. An IT Governance board may sponsor initiatives to analyze gaps that act as an input to strategy formation and tactical actions.

Capability Management
Viewing business and IT as a set of capabilities. A useful technique for executive management of strategy, risk management and performance visualization.

Compliance
Governance of IT regulatory compliance.

Enterprise Architecture
The practice of managing architecture at the organizational level. It is common for an enterprise architecture team to act as working level support for IT Governance. For example, they may propose practices, review project architecture and deliver analysis and reporting.

Facilities And Infrastructure
Governance related to IT facilities and infrastructure such as data centers.

Financial Governance
Financial controls such as budget approvals.

Information Governance
Mechanisms of information governance to support legal, risk and operational requirements. For example, roles and responsibilities such as data stewards and custodians may be established.

Information Security
The practice of defending your information from threats. In many cases, information security garners much attention from both Corporate Governance and IT Governance bodies.

IT Operations
Governance of core IT processes.

Information Technology Performance Management
Monitoring and measurement of IT performance metrics.

Information Technology Practices
Establishment and direction of practices related to IT such as a Project Management Office.

Information Technology Processes
Establishment and oversight of IT processes such as service management.

Information Technology Risk Management
Identification and treatment of risks related to IT. Not to be confused with Risk IT, the technology capabilities used to manage business risk.

Information Technology Strategy
Planning IT strategy and setting goals.

Knowledge Management
Establishing and governing knowledge management practices such as the requirement that application managers and projects document their architecture.

Problems And Incidents
It is common for an IT Governance Board to review a monthly incident report or investigate a particularly high impact incident.

Procurement
Governance of IT procurement processes potentially with approval authority for major deals.

Programs And Projects
Reviews of programs and projects often at defined checkpoints such as budget approval and pre-launch.

Quality Assurance
Governance of quality assurance practices such as development and testing processes.

Reporting And Dashboards
A governance board may sponsor reports and dashboards to support activities such as strategy formation and risk management. Dashboards may also be developed to provide visibility into IT for corporate governance and executive management purposes.

Service Portfolio Management
Governing IT as a collection of services.

Standards And Certifications
Developing or adopting standards and governance of certification processes.

Supplier Management
Governance of vendor management practices.

Risks of Artificial Intelligence
Risks of Artificial Intelligence Jonathan Poland

Artificial intelligence (AI) has often been depicted in science fiction as a potential threat to human life or well-being. In recent years, as investment in AI research and development has increased, some of these fictional threats have begun to become a reality. Some of the common risks associated with AI include:

There are several risks associated with artificial intelligence (AI), including:

  1. Loss of jobs: One of the most commonly cited risks of AI is the potential for it to replace human labor, leading to widespread job loss. This could have negative economic consequences and disrupt entire industries.
  2. Bias in AI systems: AI systems can be biased if they are trained on biased data or if they are designed by biased developers. This can lead to unfair outcomes and discrimination against certain groups.
  3. Security risks: AI systems can be vulnerable to cyber attacks, which could compromise sensitive data or disrupt operations.
  4. Lack of accountability: It can be difficult to determine who is responsible for the actions of an AI system, raising questions of accountability in the event of an accident or other negative outcome.
  5. Privacy concerns: The use of AI can raise privacy concerns, especially if it involves the collection and analysis of personal data.
  6. Misuse of AI: AI can be used for malicious purposes, such as spreading misinformation or engaging in cyber warfare.
  7. Ethical concerns: The development and use of AI can raise complex ethical questions, such as the extent to which AI systems should be granted autonomy and the ethical implications of AI decision-making.

Overall, while AI has the potential to bring many benefits, it is important to carefully consider and address the risks it poses.

Note: Post was written with ChatGPT from OpenAI.

Technology Risk
Technology Risk Jonathan Poland

Technology risk refers to the risk that technology shortcomings may result in losses for a business. This can include the risk of project failures, operational issues, and information security breaches. There are many different types of technology risk that organizations may face, including:

  1. Project failure risk: The risk that a technology project will fail to meet its goals and objectives.
  2. Operational risk: The risk of disruptions or issues with technology systems that impact business operations.
  3. Information security risk: The risk of a data breach or other information security incident.
  4. Compatibility risk: The risk that new technology will not be compatible with existing systems.
  5. Integration risk: The risk that new technology will not integrate smoothly with existing systems.
  6. Upgrade risk: The risk that upgrading technology will result in disruptions or other issues.
  7. Resource risk: The risk that a lack of resources, such as skilled labor or budget constraints, will impact the ability to effectively implement technology.
  8. External risk: The risk of external factors, such as changes in market conditions or regulatory environments, impacting the success of technology initiatives.
  9. Human error risk: The risk of human error leading to technology failures or issues.
  10. Cybersecurity risk: The risk of a cyberattack or other cybersecurity incident.
  11. Data integrity risk: The risk of data corruption or loss.
  12. Business continuity risk: The risk of technology failures disrupting business continuity.
  13. Vendor risk: The risk of technology vendors failing to deliver on their commitments.
  14. Legal risk: The risk of legal issues arising due to technology failures or issues.
  15. Reputation risk: The risk of technology failures or issues damaging an organization’s reputation.
  16. Financial risk: The risk of financial losses due to technology failures or issues.
  17. Compliance risk: The risk of technology failures or issues leading to non-compliance with regulations or standards.
  18. Privacy risk: The risk of technology failures or issues leading to privacy breaches.
  19. Performance risk: The risk of technology failures or issues impacting system performance.
  20. Scalability risk: The risk of technology not being able to handle increased demand or growth.
  21. Reliability risk: The risk of technology failures or issues affecting reliability.
  22. Usability risk: The risk of technology being difficult to use or not meeting user needs.
  23. Maintenance risk: The risk of technology requiring frequent maintenance or repair.
  24. Security risk: The risk of technology vulnerabilities leading to security issues.
  25. Data protection risk: The risk of data not being adequately protected.
  26. Accessibility risk: The risk of technology not being accessible to all users.
  27. Integration risk: The risk of new technology not integrating smoothly with existing systems.
  28. Upgrade risk: The risk of upgrading technology resulting in disruptions or other issues.
  29. Resource risk: The risk of a lack of resources, such as skilled labor or budget constraints, impacting the ability to effectively implement technology.
  30. External risk: The risk of external factors, such as changes in market conditions or regulatory environments, impacting the success of technology initiatives.
  31. Human error risk: The risk of human error leading to technology failures or issues.
  32. Cybersecurity risk: The risk of a cyberattack or other cybersecurity incident.
  33. Data integrity risk: The risk of data corruption or loss.
  34. Business continuity risk: The risk of technology failures disrupting business continuity.
  35. Vendor risk: The risk of technology vendors failing to deliver

Information Security Risk
Information Security Risk Jonathan Poland

Information security risk refers to the potential for unauthorized access, disruption, modification, or destruction of information. This can have serious consequences, including threatening health, violating privacy, disrupting business operations, damaging assets, and enabling other crimes such as fraud. Information security risks can arise from vulnerabilities and threats. Vulnerabilities are weaknesses in information technology systems that can be exploited by attackers, while threats are specific modes of attack, such as malware. To manage information security risk, businesses can implement a variety of strategies, including risk assessment, security policies and procedures, and employee training.

Here are some examples of information security risks that businesses may face:

  1. Data breaches: A data breach occurs when unauthorized individuals gain access to sensitive information, such as customer data or financial records. Data breaches can result in financial losses, damage to reputation, and legal consequences.
  2. Malware attacks: Malware is malicious software that can infect a computer or network and disrupt operations. Malware attacks can result in data loss, financial losses, and damage to reputation.
  3. Phishing attacks: Phishing attacks involve sending fraudulent emails or messages that appear to be from a legitimate source in an attempt to trick individuals into divulging sensitive information or installing malware. Phishing attacks can result in data loss, financial losses, and damage to reputation.
  4. Ransomware attacks: Ransomware is malware that encrypts data and demands payment in exchange for the decryption key. Ransomware attacks can result in data loss and financial losses.
  5. Insider threats: Insider threats involve employees or contractors who intentionally or unintentionally compromise information security. Insider threats can result in data loss, financial losses, and damage to reputation.
  6. Physical security breaches: Physical security breaches involve unauthorized access to a facility or device, such as theft or unauthorized entry. Physical security breaches can result in data loss, financial losses, and damage to reputation.
  7. Network security breaches: Network security breaches involve unauthorized access to a network, such as through hacking or unauthorized access to network devices. Network security breaches can result in data loss, financial losses, and damage to reputation.
  8. Cloud security breaches: Cloud security breaches involve unauthorized access to data stored in the cloud, such as through hacking or unauthorized access to cloud accounts. Cloud security breaches can result in data loss, financial losses, and damage to reputation.

IT Operations
IT Operations Jonathan Poland

IT operations involves the delivery and management of information technology services, including the implementation of processes and systems to support these services. This can include a wide range of activities, such as monitoring and maintaining systems, managing data centers, providing technical support, and implementing security measures. IT operations often involves the use of automation to streamline processes and improve efficiency, with dozens of major processes and hundreds of minor processes that may be heavily automated. The goal of IT operations is to ensure the smooth and reliable operation of an organization’s technology systems and services. The following are the basic elements of IT operations.

Service Desk

A single point of contact for stakeholders to submit requests and questions regarding IT services. This represents as the customer service interface for all IT operations processes.

Request Fulfillment

The process of accepting requests from stakeholders and fulfilling such requests. This often utilizes a ticket management system that allows users to submit requests. Tickets are then prioritized and assigned to individuals or automation for servicing.

Service Strategy

The top level process of assessing customer needs, planning goals and developing strategies for IT services.

Service Design

The design of services to achieve service strategy including elements such as facilities, infrastructure, systems, processes, procedures, information, communications and metrics.

Service Transition

The top level process of deploying new services and changes to existing services. This includes elements such as change management, release management, deployment management and service testing.

Facility Management

The management of facilities such as data centers. This may be handled by an IT operations team or it may fall under a separate facility management department. It is often outsourced.

Asset Management

The process of monitoring and accounting for tangible assets such as computing units and intangible assets such as software and knowledge.

Partner Management

Managing suppliers and outsourcing partners such as infrastructure providers and security monitoring services.

Network Management

The process of deploying and operating networks.

Infrastructure Management

Management of IT infrastructure including network, computing, power, cooling and security services and equipment.

Systems Management

Managing systems and applications. It is common for development teams to manage their own systems but operations often plays a role in monitoring systems to escalate issues, faults and incidents.

Change Management

Accepting, reviewing, prioritizing, scheduling, implementing and communicating change.

Release Management

The process of releasing software to environments.

Deployment Management

Managing the deployment of changes to an environment. An element of release management.

Configuration Management

Configuration management is the process of capturing, retaining and using information regarding the state of infrastructure, software and knowledge to support processes such as release management, deployment, rollback, incident management, problem management, security management and audit trail.

Availability Management

The management of facilities, infrastructure and systems for high availability. This encompasses the end-to-end process of reducing downtime including elements of design, monitoring and testing for high availability.

Demand Management

The process of predicting and modeling demand for IT services to plan strategy and shape operations.

Capacity Planning

Planning resources such as facilities, infrastructure, licenses and labor in order to achieve strategy and service levels.

Service Level Management

The end-to-end process of strategy, planning, design, resource allocation, monitoring and event management to achieve service levels for IT services.

Performance Monitoring

Monitoring the performance of IT services including service desk, infrastructure, platforms and systems.

Risk Management

The identification and treatment of risk.

Service Continuity Management

The management of high impact risks to IT services such as disasters.

Security Management

The top level process of protecting the confidentiality, availability and integrity of IT services and assets from threats and vulnerabilities. A specialized type of risk management.

Security Monitoring

The identification and handling of threats, events and patterns that are relevant to information security.

Physical Security

The process of securing physical environments such as data centers, offices and infrastructure installations.

Access Management

Managing the authorization and authentication of people and digital entities to grant or deny access to physical and digital resources.

Event Management

Detecting, assessing and handling events and patterns of events.

Incident Management

Identifying and fixing issues with IT services. Often results in a quick and temporary fix.

Problem Management

The process of addressing the root cause of incidents so that they do not recur.

Backup & Recovery

Backing up environments and data and recovering them as required.

Knowledge Management

Processes for developing, capturing, securing, sharing and using knowledge.

Service Testing

Testing services against requirements and specifications. Often heavily automated.

DevOps

DevOps is the practice of automating IT operations. In the past, operations teams were viewed as administrators. Devops is a shift whereby operations teams are often developers who reduce toil with code.

Technology Ethics
Technology Ethics Jonathan Poland

Technology ethics refers to the principles that guide the development, use, and management of technology, taking into account factors such as risk management and individual rights. These principles are intended to help ensure that technology is used in a responsible and ethical manner, and to address the potential impacts that technology can have on society, the environment, and individuals.

Technology ethics can cover a wide range of issues, including privacy, security, accessibility, accountability, and sustainability. By considering these ethical principles, organizations and individuals can help to ensure that technology is used in a way that is consistent with values such as fairness, transparency, and respect for the rights and dignity of others. The following are common areas of technology ethics.

Access Rights
Access to empowering technology as a right or freedom.

Accountability
The rules of accountability for decisions made by technology.

Digital Rights
Protection of intellectual property rights, privacy and personality rights.

Environment
How to govern technologies that have potential to damage shared resources.

Existential Risk
Technologies that represent a threat to global quality of life or extinction of advanced life on earth.

Freedom
Technology provides tools that can be used to monitor and control societies raising broad questions related to freedom.

Health & Safety
Health and safety risks posed by technologies.

Human Enhancement
Human genetic engineering and human-machine integration.

Human Judgement
When do decisions require human judgement and when can they be automated?

Over-Automation
When does automation decrease quality of life?

Permanent Records
Retention of personally identifiable information.

Precautionary Principle
Who decides that a new technology is safe?

Privacy
Protection of privacy rights.

Security
What due diligence is required to ensure information security?

Self Modifying Technology
The unpredictable nature of certain types of artificial intelligence such as recursive self-improvement.

Self Replicating Technology
Are self replicating systems likely to become grey goo?

Technology Predictability
Questions around algorithms and artificial intelligence that humans may view as largely unpredictable and cryptic. For example, is it a violation of due diligence for an organization to implement technologies that it doesn’t understand?

Technology Proliferation
Ethics, governance and risk management tend to lag the spread of a new technology.

Technology Transparency
Transparency is the practice of clearly explaining how a technology works and what data it collects.

Terms Of Service
Ethics related to legal agreements such as terms of service.

Structural Capital
Structural Capital Jonathan Poland

Structural capital is one of the three primary components of intellectual capital, and consists of the supportive infrastructure, processes, and databases of the organization that enable human capital to function. Structural capital refers to the intangible assets and resources of an organization that support its operations and enable it to achieve its goals. It includes the systems, processes, policies, and culture that are in place within the organization, as well as the knowledge and expertise of its employees. Unlike human capital, which is the knowledge and skills of individual employees, structural capital is embedded within the organization and can be accessed and utilized by multiple individuals.

Structural capital is a key source of competitive advantage for an organization, as it helps to retain and utilize the knowledge and expertise of employees, enabling the organization to operate more efficiently and effectively. It also plays a role in the organization’s ability to innovate and adapt to change. While structural capital is often overlooked or undervalued compared to tangible assets, such as physical capital and financial capital, it is a crucial component of an organization’s intellectual capital. The following are illustrative examples of structural capital.

Data
Data such as a list of customers.

Documentation
Information created by employees to document processes, procedures, policy, know-how, research, decisions, failures and any other useful knowledge.

Media
Media such as a training video.

Principles
Principles, norms and rules that are adopted as part of a firm’s organizational culture.

Processes
Business processes such as a semi-automated process for fulfilling orders.

Procedures
Documented human steps for achieving a result.

Methods
Exact steps executed by a machine or system. For example, an algorithm for calculating risk.

Tools
Technologies that help employees complete work such as an application.

Automation
Technologies that complete work automatically such as a system or robot.

Intellectual Property
Intellectual property such as brands, trademarks, patents, copyrights and trade secrets.

Data Asset
Data Asset Jonathan Poland

A data asset is any data that is expected to produce future financial returns. The value of a data asset can vary significantly depending on the specific industry and business model in which it is used. For example, data that is highly valuable to one industry may have little value to another industry. It is important for businesses to carefully assess the potential value of their data assets and to develop strategies for leveraging them to generate revenue.

Designs & Methods
Intellectual property such as patents, designs and trade secrets.

Knowledge
Documents and diagrams designed to share knowledge. The term data asset is only applied to knowledge that you own such as a document produced by an employee.

Media
Media such as a film that you produced.

Transactions & Interactions
Historical commercial transactions and interactions. This may have value for decision support and optimization activities.

User Input
User input such as social media posts. This can have value as content or to analyze for decision making or research.

Sensor Data
Data collected from sensors such as a weather research database that contains historical weather station data.

Calculated Data
Calculations such as a market demand forecast generated by an algorithm using hundreds of factors.

Digital Assets
Digital Assets Jonathan Poland

Digital assets are electronic representations of value that can be traded, stored, and managed using decentralized digital technologies such as blockchain. They can take many forms, including cryptocurrencies, tokens, and non-fungible tokens (NFTs).

Cryptocurrencies are digital assets that use cryptography and a decentralized network to secure and verify transactions. They operate independently of traditional financial institutions and are designed to be a medium of exchange, store of value, and unit of account. Examples of well-known cryptocurrencies include Bitcoin and Ethereum.

Tokens are digital assets that represent a specific asset or utility within a particular ecosystem or platform. They can be used for a variety of purposes, such as to represent ownership in a company, to access specific features or services, or to participate in a decentralized network.

Non-fungible tokens (NFTs) are unique digital assets that cannot be exchanged for other assets on a one-to-one basis. They are often used to represent ownership of unique items, such as collectibles or digital artwork, and can be bought and sold on online marketplaces.

Digital assets have the potential to revolutionize the way value is exchanged and stored, providing greater accessibility and security than traditional financial systems. However, they also come with risks, including the potential for fraud and the lack of regulatory oversight. As digital assets continue to gain popularity, it is important for investors to understand the risks and opportunities associated with these assets and to carefully consider their investment strategy. Here are some more examples.

Knowledge
Knowledge recorded in formats such as documents, books, websites and media.

Software
Software in the form of code and deployed services.

Data
Information in databases and unstructured formats.

Designs
Designs such as architectural plans or visual designs.

Patents & Trade Secrets
Details of inventions documented in digital forms.

Art
Visual works of artistic value such as photography and digitized paintings.

Music
Digital music.

Entertainment & Media
Entertainment such as movies and other media such as news or educational content.

Addresses
An electronic address such as a domain name.

Virtual Property
Locations, items and characters in virtual worlds.

Digital Currency
Electronic currency such as a cryptocurrency.

Information Advantage
Information Advantage Jonathan Poland

A unique knowledge that provides a competitive edge in a specific situation is known as an information advantage. This advantage can be strategic or tactical, and it gives a company or individual the upper hand over their competitors. The following are illustrative examples.

Inside Information
Information that originates within a government, organization, industry or group. For example, an employee who knows that their company is looking to make a big investment in renewable energy. This information might be valuable to a sales person at a solar module firm.

Negotiation
A negotiator knows the other side’s best alternative to a negotiated agreement has an advantage in negotiations. For example, a job candidate who knows that an employer has an urgent problem and has been looking hard for someone with their skills for 5 months may push hard for a high salary knowing it is unlikely the employer will back away.

Speed
The ability to acquire and act on public information faster than all other competition. For example, a bank that is able to analyze and trade on a press release faster than other traders.

Analysis
Superior analysis such as an equity analyst who identifies a serious problem at a company that others have missed.

Situated Knowledge
Information that is highly specific to a context. For example, a farmer who knows that a particular field has an excellent terroir for growing unusually valuable grapes.

Situational Awareness
The ability to analyze a fast moving situation. For example, a stock trader who is good at predicting how the market will react to news.

Experimentation
Running experiments to determine what works. For example, a chain of coffee shops that experiments with 30 new desserts a week to scale those that are well received by customers.

Research
Acquiring and analyzing data. For example, market research that identifies exactly why consumers are dissatisfied with a leading product.

Know-how
Practical knowledge that allows you to be more efficient or produce greater quality than the competition. For example, an artisan who produces wooden canoes that are highly valued by customers.

Risk
An ability to identify unknowns and estimate risk. For example, a strategist who holds off on investing in a trendy new technology because they identity dozens of unknowns that make it unlikely to generate a reasonable return on investment.

Learn More
Brand Management Jonathan Poland

Brand Management

Brand management is the process of creating, developing, and managing a brand in order to build brand equity and drive…

Lead Generation Jonathan Poland

Lead Generation

Lead generation is the process of identifying and attracting potential customers for a business. This is typically the first step…

Product Innovation Jonathan Poland

Product Innovation

Product innovation refers to the development and introduction of a product or service that significantly improves upon existing offerings, often…

Segregation of Duties Jonathan Poland

Segregation of Duties

Segregation of duties is a principle in internal control that aims to reduce the risk of fraud or errors by…

Market Research 150 150 Jonathan Poland

Market Research

Market research is a fundamental step for business development as it helps businesses understand their market, customers, and competitors better.…

Regulatory Risk Jonathan Poland

Regulatory Risk

Regulatory risk refers to the risk that a company will face regulatory actions or penalties as a result of non-compliance…

Business Model Examples Jonathan Poland

Business Model Examples

A business model is a framework for capturing value. The term is most often applied to organizations who seek to…

Soft Launch Jonathan Poland

Soft Launch

A soft launch is a product launch that is limited in scope, such as a release to a small group…

Market Risk Jonathan Poland

Market Risk

Market risk is the possibility that the value of an investment will decline due to changes in market conditions. This…

Jonathan Poland © 2025

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Examples of Competency Jonathan Poland

Examples of Competency

Competencies are the various traits and capabilities that enable an individual or organization to be effective and successful. These may…

Infrastructure Risk Jonathan Poland

Infrastructure Risk

Infrastructure risk refers to the potential negative consequences that a business may face as a result of failures in core…

Customary Pricing Jonathan Poland

Customary Pricing

Customary pricing refers to the pricing practices that are considered typical or normal in a particular industry or market. This…

Dismissing Employees Jonathan Poland

Dismissing Employees

Letting go (aka firing) employees is a difficult and sensitive task, and it’s important to handle it with care and…

What are Tactics? Jonathan Poland

What are Tactics?

Tactics are short-term, immediate strategies that are designed to respond to fast-changing realities and situations. They are focused on taking…

Capability Analysis Jonathan Poland

Capability Analysis

Capability analysis is the process of evaluating the capabilities of an organization, system, or process in order to identify its…

First Principles Thinking Jonathan Poland

First Principles Thinking

Overview First principles thinking is a method of reasoning that involves breaking down complex problems into their most basic and…

Competition Jonathan Poland

Competition

Competition is a term that refers to the act of engaging in a contest with others in order to determine…

Quality Management Jonathan Poland

Quality Management

Quality management is a process that ensures products and services meet certain standards of quality before they are released to…

Read More