The corporate application of ICT in social security institutions requires establishing policies and practices to carry out the wide spectrum of ICT-related activities in a consistent and systematic way. Such policies and practices are addressed by the disciplines of ICT governance and management, which aim to guide organizations (in particular, medium and large ones) to improve effectiveness and efficiency in their application of ICT.
ICT governance is a set of processes which ensure the effective and efficient use of ICT in enabling an organization to achieve its goals. It has two major aspects:
- ICT demand governance, to align ICT strategy with the business (“doing the right things”);
- ICT supply-side governance (“doing things right”).
Governance ensures that the institution’s needs and goals are evaluated in order to determine and agree upon balanced objectives, set direction through prioritization and decision-making, and monitor performance and compliance against agreed objectives and direction.
ICT management is closely related to governance but focuses on planning, building, executing and monitoring activities aligned with the direction set through ICT governance, and on achieving its objectives.
ICT governance and management enable social security institutions to improve the performance of ICT-related processes and address the complexities of ICT systems through systematic and standard management approaches. These goals are shared with other large and citizen-service-oriented organizations, especially public ones. However, certain aspects of governance and management are particularly important for social security institutions because:
- The socio-economic impacts and increasing complexity of social programmes are driving the setting up of reliable and rigorously managed ICT services which aim to maximize their quality and continuity;
- The strategic role played by ICT in the implementation of high-impact social programmes motivates board and management involvement in the essential aspects of ICT application;
- The multiplicity of actors, products and services involved in the development and operation of social security software applications necessitates rigorous and standardized approaches to achieve adequate coordination and reach the required service quality;
- A standards-based approach is required to meet financial and technological dependency implications;
- The size and complexity of social security projects necessitates medium- and long-term perspectives on technologies and methodologies.
As an indispensable enabler in the administration of social security systems, ICT often spells the difference between services and processes that can or cannot be done, both within the institution and between the institution and its external partners. For this reason, the board and management should understand the strategic implications of ICT application in social security functions and promote an efficient and adequate ICT platform to support the institution’s operations.
The following guidelines are organized in five sections:
Section A.1, ICT Governance, begins with the definition of an ICT governance framework based on principles defined by the ISSA Guidelines on Good Governance, ISO/IEC 38500 and COBIT®, to guide the institution in setting up its own key governance principles. The guidelines then address the definition of ICT governance processes.
Section A.2, ICT Management, promotes the application of ICT management processes and highlights the importance of defining an ICT strategy and managing service continuity. It also introduces the identification of ICT-based solutions for implementing social security functions.
Section A.3, ICT Service Delivery, addresses issues related to software development and system operations, including the implementation of corporate mechanisms and systems to respond to user requests and deliver customer services – specific themes within mission-critical and user-oriented social security services.
Section A.4, ICT Investment and Value Management, addresses the consideration of ICT investment proposals with appropriate care, diligence and soundness. It first addresses the value of projected outcomes, the cost–result relationship involved in ICT investment and evaluation of return on investment, and the processes of ICT investment, promoting a portfolio-based approach. It then highlights the importance of monitoring and evaluating investment results.
Section A.5, Data and Information Management, addresses data governance and data quality, mechanisms to enable information retrieval and analysis, and the implementation of master data systems in social security.