CITO juggling ICT on one foot, on a wall

Information & Communication Technology

Taking ICT into the Board Room

By Marghanita da Cruz
November 2003

In the past, a popular enthusiasm for new technology has made the objective evaluation of Information and Communications Technology (ICT) difficult and in the DOT.COM hey day apparently unnecessary. However, this no longer seems acceptable in the new environment of accountability.

The use of Information and Communication Technology has become intrinsic to business operations. Increasingly, customers and suppliers are expecting to do business over the Internet. While Investors are expecting accurate and timely reports. But not in the old way.

However, while the evolution of new business practices continues to be driven by developments in ICT, the risks associated with its introduction will not always be well understood. As with all new technologies, successful business models, legislation and social norms for their use only follow. New risks may become apparent only as the project develops or the business environment matures.

As ICT has become the business interface, there is a greater need to deliver reliable and effective systems in a timely manner. Where once a training program and user manuals may have been implemented to enable users to operate the system - customers will reject systems that are not intuitive to them. Delays in delivery of services over the Internet may see customers move to the competitor or choose to do without.

While email used well is seen as an invaluable tool, its inappropriate use could just as easily turn customers away. Direct marketing via email used prudently could be a cost effective communication tool or alternatively as SPAM. Customers may not be able to distinguish between legitimate and malicious illicit messages.

ICT has enabled the easy collection, storage and retrieval of information and this has lead to the introduction of new privacy laws, which hold directors responsible for breaches.

Recent experiments in Broadscale outsourcing of ICT have demonstrated there isn�t a panacea for dealing with the cost or complexity of ICT. Embarrassing or costly oversights impact clients more than their service providers.

With ICT having such a direct and immediate effect on the business, Boards are as accountable for it as they are for finances. ICT managers and other advisors will be expected to provide better information and timely analysis on operational and strategic risks arising from the use of ICT in particular organisations. The analysis will need to go beyond, whether a technology has worked elsewhere - to how it will impact the particular organisation and the associated risks of embarking (or not) on the project.

Australian Standards for the Governance of ICT

ACS members have been active in the drafting of a standard for the governance of ICT.

The standard for the Governance of ICT follows on from the recently published AS8000 series of Corporate Governance standards.

The objective of the Governance of ICT standard is to provide guidance to board members and their advisors on the principles and model for the control and direction of the use of ICT. It defines roles and responsibilities, a vocabulary and principles for good governance.

It is anticipated that a draft of this standard will be issued for public comment shortly.

Two further standards are also in development - Governance of ICT in Projects and Governance of ICT in Business Operations. The Projects standard is intended to provide members of steering committees with guidance on their roles and responsibilities. The second standard is aimed at executive management committees, to provide guidance on the the governance of ICT in ongoing business operations, in the establishment of new projects and in the phasing in of new systems on completion of projects.

ACS Governance of ICT Committee

An ACS Governance of ICT committee has been formed under the Information Systems Board. Information about the committee including membership and activities, such as coordinating an ACS response to the draft standard, is available at

This paper was published in "ACS NSW branch News, October/November 2003, Volume 39, Number 5"

Update:AS8015 Australian Standard for Corporate Governance of ICT was published in January 2005

More information at