AS8015-2005 - Australian Standard for Corporate Governance of Information and Communication Technology (ICT)

A popular enthusiasm for new technology, has made the objective evaluation of Information and Communication Technology (ICT) difficult.

Audit reports into government projects, academic studies and ongoing media coverage ⁽¹⁾ demonstrated that the approach to ICT is far from satisfactory.

While many of these significant financial and organisational investments and commitments to ICT returned very little, the use of Information and Communication Technology has become intrinsic to business operations and vital to the well being of organisations.

Increasingly, customers and suppliers expect to do business over the Internet. As new business practices continue to be driven by developments in ICT, the risks to organisations need to be monitored and managed effectively.

It isn't easy. Useful applications, successful business models, laws and social norms sometimes only become apparent some time after a new technology emerges. New risks often emerge as ICT initiatives develop and business practices mature.

AS8015 - 2005 Australian Standard for Corporate Governance of ICT was drafted in the context of significant corporate failures in Australia, notably the one.tel failure. Broad scale Outsourcing had also demonstrated that vendors interests do not always align with those of a user organisation. It is a brief and concise, 12 page guide to effectively governing the use of ICT.

AS8015 defines:

• Corporate Governance as "The system by which entities are directed and controlled",
• A Director as "a member of the most senior governing body of an organisation",
• Entity as "a legally constituted organisation", and
• Corporate Governance of Information and Communication Technology (ICT) as "the system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization."

The standard provides a framework through which "Directors" and those to whom they turn to for advice or to whom they delegate responsibilities for managing the operations of the organisation, such as Senior managers, technical specialists, vendors and service providers, to better understand their obligations and work more effectively to maximise the return and minimise the risks to the organisation from ICT

AS8015 - Principles

1. Establish Clearly Understood Responsibilities for ICT
2. Plan ICT to best support the organisation
3. Acquire ICT validly
4. Ensure that ICT performs well, whenever required
5. Ensure ICT conforms with formal rules
6. Ensure ICT respects human factors

Other standards 8000 Corporate Governance series cover Good Governance Principles, Fraud and Corruption Control, Organisational Codes of Conduct, Corporate Social Responsibility and Whistle Blower protection programs.

The widely acknowledged AS4360 Risk Management standard was also revised in 2004. This along with the adoption of BS15000 (now ISO 20000) as AS8018 IT Service Management, provided the context for the drafting and subsequent publishing of AS8015 to provide guidance on the small "c", corporate governance of Information and Communication Technology. That is the Governance of the use of Information and Communication by organisations.

AS8015 was submitted for fast-track ISO adoption and is rumoured to be adopted as ISO/IEC 38500 at the end of May 2008

Marghanita da Cruz, represented the Australian Computer Society on Standards Australia's IT-030 ICT Governance and Management Committee which published AS8015. Marghanita co-ordinated the market research to scope and position AS8015 and later, presented a seminars around Australia, to socialise and validate the draft standard issued. In 2006, Marghanita wrote the chapter on AS8015 for Van Haren Press's Frameworks for IT Management, which was re-published as a pocket guide in 2007.

Preview and Purchase Frameworks for IT Management, 2006 (includes chapter on AS8015 by Marghanita da Cruz )

Further Reading

• ICT in Corporate Governance - the Australian Experience
  Malaysian Corporate Governance Conference, 15-16 May 2008
• No Duty of Care: the Governance of ICT
  ET GOVICT2008, Canberra, Australia 1 - 2 May 2008
• Introduction to AS8015
  IT Governance Sydney 2007
• Preview and Purchase AS 8015-2005
• Draft Australian Standard for the Corporate Governance of ICT, September 2004
• Taking ICT into the Board Room, November 2003
• Governance of ICT, August 2003
• Market Research into perceptions of the governance of ICT, 2002

(1) Pre 2006, Links to Audit Reports, Court Cases and Media Coverage available at www.acs.org.au/governance/#reading

www.ramin.com.au/itgovernance/as8015.html © Ramin Communications 2008. Last Update 12 May 2008