CITO juggling ICT on one foot, on a wall

Information & Communication Technology

Background to Survey of IT Governance Instruments, Standards, Guides, Regulations, Laws and Frameworks

First Draft: 7 October 2006
Last Amendment: 17 July 2007

This document was initiated for an Australian Computer Society (ACS) submission to a Review of Standards Australia Committee IT-030 ICT Governance and Management Terms of Reference (TOR).

The document was drafted by Marghanita da Cruz, chair of the ACS Governance of ICT Committee (2003-2006), with input from members of the ACS Governance of ICT Committee -Peter Dore, Tom Cleary, John Graham and Chris Skinner via a discussion on the ICT Governance Forum in Early October 2006. Further comments were also received from Tom McBride, Mike Bowern, Nathan Howard, Tom Worthington, Rolf Akker and Ed Lewis and discussion on the ICT Governance Forum in November 2006. Comments were also received from Jan Whitaker.

The IT-030 Terms of Reference were last amended in May 2003. Since then in 2004 Good Governance Principles (AS8000), Fraud and Corruption Control (AS8001), Organisational Codes of Conduct (AS8002), Corporate Social Responsibility (AS8003), Whistle Blower protection programs (AS8004) have been published and AS4360 Risk Management has been revised.

IT-030 has itself, been responsible for:-

In the preface of AS8015, it states "Two Standards that are currently being developed deal with-
(a) ICT Project; and
(b) ICT Operations"

Need for Guidance

The Governance of ICT is of wide interest and relevant to many if not all organisations. Individuals too are affected as investors, consumers, citizens, taxpayers and ratepayers or as professionals and employees responsible for the well being of an organisation or delivery of a government service. There are ofcourse great examples of use of ICT from Google to email.

But there are also numerous Audit Reports, Disputes and negative media coverage about failures. The ACS Governance of ICT Committee website lists numerous Audit reports, articles in the media and academic studies of ICT failure and success.

Dangerous Enthusiasms: E-government, Computer Failure and Information Systems Development by Robin Gauld and Shaun Goldfinch (ISBN-13 978 1 877372 34 6), August 2006, further describes the contributing factors in ICT failure.

Outsourcing whether on or offshore is not in itself a remedy as has been demonstrated in the UK's ailing £12.4 billion (AUD$31 billion) e-health project."Although the project has been delayed by two years already, Connecting for Health insisted it would make up this lost time. Under its settlement Accenture will keep £110 million of £173 million it has been paid by the NHS, and pay back the balance."- Australian IT, OCTOBER 03, 2006

" Skilling Sentence Marks Latest Crackdown on Corporate Crimes - Former Enron CEO Jeffrey Skilling was sentenced Monday to more than 24 years in prison for his part in accounting practices that led to the company's collapse", October 2006.

Anecdotal evidence and visits to websites indicate that organisations are often enamoured with the potential benefits of ICT with limited ability to deal with the complexities and risks that arise from the use of ICT. Technologies and even frameworks and standards are pushed as panaceas and silver bullets.

Management Methodologies such as Prince2, PMBOK and ITIL/ISO20000 are employed without the necessary governance frameworks. There is still a focus on expenditure and efficiency, when ICT influences and effects most if not all an organisation's operations.

The capability, structure, security and competancies of the organisation and its stakeholders are impacted by ICT. This is a source of signficant threat to useful outcomes from ICT projects that is often overlooked. The impact of ICT on roles and responsibilities contributes to undermining and a lack of the necessary support and appreciation that complex ICT intitiatives require.

Standards Development

Standards Australia and the International Standards Organisation, provides extensive guidance on Standards Development, including Standardization Guidelines and Committee Leadership, The roles of the Chairperson and Project Manager

However, in practice, like other ICT initiatives, there is a need to engage the right skills and knowledge into the process at the right time. In the case of AS8015, there was a call for participation in the sub-committee, through the ACS magazine, to which the author of this paper responded in 2002. This was her first contact with the organisation. The sub-committee comprised a Chair and Project Manager/Secretary appointed by Standards Australia. Participation in the sub-committee deliberations was open, however membership of the Technical Committee is by formal nomination by Member Organisations.

The publication of AS8015-2005 was the result of collaboration between a committee Chair, a SA Project Manager and active support and participation of individuals to socialise and publicise the work over 3 years. Ramin Communications coordinated market research to position and scope the standard.

Standards Development is not always easy. See "Standards Uproar Leads to Overhaul of Working Group - The move earlier this year to temporarily suspend the IEEE 802.20 working group -- which was developing the latest standard for high-speed broadband Internet access -- was rare, but not unprecedented."

See Survey of IT Governance: Standards, Guides, Regulations, Laws and Frameworks