CITO juggling ICT on one foot, on a wall

Information & Communication Technology

Governance of ICT

Marghanita da Cruz
August 2003

Governance by definition should be of concern to all stakeholders. It is the manner or acts by which their interests are served. Stakeholders in publicly listed companies include direct and indirect shareholders such as retirees relying on superannuation, employees, suppliers, customers and regulators. In the case of the public sector - the list extends to citizens and tax payers and in the private and not for profit sectors members and owners. This is by no means a definitive list but it sets the flavour of conflicting priorities that should face boards of organisations.

There seems to be some debate as to what the best way is to reduce the pain of corporate collapse. The Australian Stock Exchange (ASX) and Standards Australia have published codes and principles for corporate governance. Core to these guides for good governance, is accountability for organisational performance and effective risk management. But in an analysis of recent corporate failures and the response to past failures, it has been suggested "What ought to be under close scrutiny is the loose regulatory framework in which commerce and industry proceeds and is accountable." (1)

There has also been a growing interest in ethical investment. Initially this was the domain of specialist funds but now many "traditional" fund managers are creating ethical portfolios - which analyse environmental and social credentials as well as the bottom line of organisations in which they invest.

As ICT has a significant effect on organisational performance and introduces significant financial and operational risks - it is core to good corporate governance. Various studies show that ICT promises are rarely fulfilled - with failure rates as high as 97% being quoted for particular types of projects. This figure is of course sensational. The issue is not how many projects or ideas succeed or fail - but the cost and benefits derived from the effort.

Information and Communication Technology is intrinsic to current business practices and continues to be a driver for change. With effective systems organisations can receive and process customer requests in a timely manner and be paid efficiently. The analysis of Information about the transactions can provide useful information to help organisations improve their business processes.

However, as with all new technologies the risks are not always well understood when they are introduced. Legislation and Social norms for their use only follow. In the case of the Internet, new privacy laws have introduced new compliance requirements and the noise from SPAM jeopardises efficient and reliable use of email. In the current environment of improved accountability, the necessary enthusiasm for new technology that, in the past, made its objective evaluation difficult and in the DOT.COM hey day apparently unnecessary will come under closer scrutiny.

Boards will require their ICT managers and advisors to provide better information about the economic value and operational risks from the use of ICT. The analysis will need to go beyond, whether a technology has worked elsewhere - to the viability of the technology in their organisation, the economic returns and social consequences. Better information and appreciation of the risks could ultimately achieve the elusive senior management and user buy-in long sought after by ICT professionals.

Many of the tools for good governance are familiar however, their use has been poor or overly optimistic.

Outsourcing was seen as an effective way to reduce the cost of ICT by buying services from external providers. However, in the optimism for cheaper improved ICT services, the obvious conflict of interest seemed to have been overlooked. The only interest a supplier could have in a business was one of providing profitable services. Ironically, it appears that the risks that were outsourced were the technical ones, rather than the more complex human or financial ones. ICT Management was transformed into Contract management - without access to ICT experience or understanding.

Participation on steering committees is often seen as a chore rather than an opportunity. It is a delegation of responsibility without accountability or reward. A part-time involvement in an activity with a high risk of failure, away from the real business of the organisation. To address the uncertainty and align ICT with business, progress reports from sponsors and managers may need to be supplemented by independent reports from steering committee members or analysis from outside advisors.

Even after ICT move into everyday business operations the risks are not over. It had been difficult enough for ICT projects to succeed in the sheltered environment of the organisation, getting supplier and customers online has proven even more fraught. On the Internet, the lifecycle is only just beginning when a system goes live. While the project team may be long gone and there is some relief that there is something to see for their efforts - issues of usability, security, capacity and functionality eventually emerge.

In developing a more effective governance framework for ICT we need to cater for this diversity of issues. A more effective approach to ICT would be to draw on product development rather than project management principles. This focusses on successfully bringing a product to market and requires attention to the distribution, support and use of the product as well as the technical aspects of the project. This approach becomes even more useful when it is applied to the use of the Internet.

In research, the challenge is overcoming technology that possibly will not work. In development, the challenge is avoiding products that may not be a success. (2)

In the use of ICT, the research can be simplified to finding products that do work elsewhere. However, because of the significant change in behaviour required for the success of ICT, the development is complex. Well defined gates are required, with options for abandonment that are seen as avoiding failure. In a recent report the NSW auditor general recommended that the business case be updated in the course of the project, to reflect changes in the benefits and costs.(3)

Perhaps there will be a positive fallout from the Tech-Wreck. There will be a greater scrutiny of ICT investment and better governance of activities. However, for this to happen there has to be much closer attention paid to assessing the complexities of implementing ICT. Sufficient information needs to be provided in an accessible manner to enable informed decisions to be made. Contracts will need to encourage scrutiny and review. It will be unacceptable for projects to continue on the basis of meeting contractual deadlines.

Work is proceeding on Australian Standards for the Governance of ICT.(4) These set out principles and a framework in which to better manage the risks associated with ICT.

Marghanita da Cruz is an independent consultant. Her experience, in implementing ICT, includes developing conceptual ideas for the use of ICT, defining projects, testing business cases and setting up project steering committees. She has also reviewed ICT activities, established fault resolution and user support processes, prepared management reports on how systems are being used and how they are performing as well as writing the odd piece of software, configuring Networks and multiuser systems. Marghanita has been active on the working group drafting the Governance Standard and chairs the ACS Governance Committee.


  1. Corporate Collapse - Accounting, Regulatory and Ethical Failure by Clarke, Dean & Oliver, Revised Edition Cambridge University Press.
  2. Calculated Risk:A Framework for Evaluating Product Development
  3. Review of Sydney Water's Customer Information and Billing System, NSW Audit Office:
  4. Standards Australia Committee IT-030-01
  5. Market Research into perceptions of the governance of ICT.

This paper was published in the August/September 2003 Issue of Information Age.