Infonomics
- Specialising in IT Governance
Infonomics
- Specialising in IT Governance
Australian Standard
Standards Australia has completed development of a landmark Australian Standard for Corporate Governance of Information and Communication Technology. The standard was published on 31 January 2005, with a formal launch in Sydney on 28 February 2005.
Commenting on the launch of the standard, Infonomics principal Mark Toomey, who has been a member of the standard developing committee, said:
Australian Directors in the lead with IT Governance
Many formal standards focus on intricate detail that is best left to specialists. The Information and Communications Technology (ICT) field has standards such as AS8018 (ICT Service Management) that concentrate on detail of equipment, software, risk and management.
Standards Australia recognises that success with ICT is not merely a matter of technical detail. Research demonstrates that ICT success depends on how organisations go about controlling their ICT.
The recently finalised Australian Standard AS8015 deals with Corporate Governance of Information and Communication Technology. This educative standard is designed to help directors understand why and how they should take an active role in governing their organisation’s use of ICT. With its focus on supporting directors, AS8015 provides global leadership, as the first formal standard addressing top level governance of ICT. Its six powerful principles of ICT Governance apply across all forms of organisation, small, medium and large, public and private, for and not for profit.
AS8015 shows directors what to look for as they evaluate, direct and monitor the organisation’s activities. Real life experience shows that most IT failures have clear breaches of these common-sense principles. They warrant close consideration, and directors should insist that appropriate policies exist to guide compliance.
1 – “Establish clearly understood responsibilities for ICT”. AS8015 recommends ensuring that individuals and groups within the organization understand and accept their responsibilities for ICT. Significantly, business leaders in the organisation must understand that they are responsible for how ICT is used in the business.
2 – “Plan ICT to best support the organization”. AS8015 recommends that ICT plans should fit the current and ongoing needs of the organization and that the ICT plans should support the corporate plans. Ideally, IT strategy should be an integral part of the business strategy process.
3 – “Acquire ICT validly”. AS8015 recommends that ICT acquisitions be made for the right reasons in the right way; based on appropriate and ongoing analysis, with appropriate balance between costs, risks, long term and short term benefits. It is a good idea for ALL expenditure, even the recurrent type, to be explicitly linked to achievement of business objectives. The principle also seeks proper and appropriate practices in selection and engagement of suppliers, and for fundamental decisions such as outsourcing.
4 – “Ensure that ICT performs well, whenever required”. AS8015 recommends ensuring that ICT is fit for its purpose in supporting the organization, is kept responsive to changing business requirements, and provides support to the business at all times when required by the business. This should start with clear specification of the performance standards that are required – and not just for classical operational measures such as capacity and response time. Specifications should cover matters such as responsiveness in support for new business requirements, resilience against adverse conditions and reliable access to current and historical business information.
5 – “Ensure ICT conforms with formal rules”. AS8015 recommends ensuring that ICT conforms with all external regulations and all internal policies and practices. Note that this principle is not merely about technical rules such as software licensing. In many organisations, ICT is entwined with and fundamental to compliance with general legislation (eg privacy, trade practices) and industry specific legislation such as for financial institutions. Directors should seek assurance that all relevant formal rules are identified, and that appropriate conformance programs exist.
6 – “Ensure ICT use respects human factors”. AS8015 recommends ensuring that ICT meets the current and evolving needs of all the “people in the process”. The key word is “all”. The scope of human factors includes people who deliver and operate ICT as much as those who use it and depend on it. And, it includes the people who will be involved in the future as much as those involved in the present.
For further information about AS8015, see the Standards Australia web site at www.standards.org.au, or call Standards Australia on 1300 65 46 46.
To purchase the standard, go to the SAI Global website at www.standards.com.au.
Development of the Standard
Standards Australia commenced development of a new Australian Standard for Governance of Information and Communications Technology in 2002.
A public draft was circulated widely in April 2004. Over 260 comments were considered during development of the final version, which was approved in a ballot process in December 2004.
Development of the standard is overseen by Committee IT-030. The committee includes diverse representation from business, industry and academic circles.
Representing AICD
Since 9 July 2003, Infonomics Principal Mark Toomey has represented the Australian Institute of Company Directors on the working group. Mark has extensive experience in IT Governance, and has worked closely with Company Directors to provide insight and support in discharge of their responsibilities in this frequently difficult area. Mark's CV