4 August 2010
Standards New Zealand hosted a ‘Corporate governance of information technology’ workshop on 28 July 2010 in Wellington for public sector CEOs, senior managers, CIOs, and senior information technology (IT) professionals. Around 50 people attended the workshop to hear keynote speakers on the corporate governance of IT and wider governance issues including cloud computing, technology partner governance, and governance of digital forensic risk.
Opening the workshop, Debbie Chin, Chief Executive at Standards New Zealand, said ‘it’s important that IT projects in any organisation are governed at strategic board level and not just by the IT department. In the public sector, implementing IT projects impacts a wide group of stakeholders beyond those of the organisation. There are lots of gains to be made for the public sector from corporate IT governance.’
Keynote speakers and panel discussion
Myles Ward, Dr Brian Cusack, Mark Toomey, who all worked with the Chair, Alison Holt, to develop the international Standard for Corporate governance of IT ISO/IEC 38500, presented as follows:
- Myles Ward – Technology partner governance and how ISO is looking at Standards for governing across the field of outsourcing
- Dr Brian Cusack – Digital forensics and how ISO is developing guidelines to identify, collect, and preserve digital evidence to assure the board that digital forensics risks are being managed
- Mark Toomey – Case studies of where a lack of governance has caused problems, such as Queensland Health’s payroll and related issues. While Mark used Australian case studies, these issues are relevant to New Zealand organisations
- Alison Holt – An overview of the proposed CIO governance handbook and how Standards New Zealand develops Standards through building global networks. Alison introduced cloud computing governance work locally and internationally as she knew the people in the room could be interested in contributing to the work. ‘Standards New Zealand is scoping a New Zealand cloud computing Standard to enable New Zealand to be a good place to host cloud computing services,’ says Alison. ‘Key issues in cloud computing are sovereignty, privacy, and portability. New Zealand understands these requirements.’
The speakers were joined by David Johnstone, Lecturer in Information Systems, School of Information Management, Victoria University of Wellington, and set up a panel. The panel answered questions from the floor on risks, digital forensics, vendor management, and the development of the cloud computing Standard.
The workshop was well received by the attendees and we received great feedback. We’ll include in-depth interviews with the speakers covering corporate governance of IT and wider governance issues in future issues of Touchstone.
IT governance framework and principles
New Zealand and Australian committee members played a significant role in developing ISO/IEC 38500:2008 (now adopted as AS/NZS ISO/IEC 38500:2010). The Standard was produced by an international working group chaired by New Zealander Alison Holt, an acclaimed expert in IT governance.
Governing the use of IT, this Standard encompasses managing reputation risk, financial risk, and operational risk when deploying IT business systems. There are six principles in AS/NZS ISO/IEC 38500:2010 that provide a checklist for IT investment decisions:
- responsibility – know who is ultimately responsible and has the authority, capacity, knowledge, and capability to recognise and address issues
- strategy – understand current and future IT capabilities and how risk will be managed
- acquisition – thorough analysis to ensure IT acquisitions are made for valid reasons
- performance – testing and ensuring IT systems are fit for purpose
- conformance – ensuring compliance with regulatory frameworks
- human behaviour – training and preparing people for IT systems.
The Standard provides a framework to evaluate, direct, and monitor the use of IT in organisations. Using AS/NZS ISO/IEC 38500 will help those at the highest level of organisations – owners, board members, directors, partners, senior executives, or people in similar positions, to understand and fulfil their legal, regulatory, and ethical obligations for their organisations’ use of IT. Using the Standard will also help organisations of all sizes to save money associated with IT, by avoiding failures.
For photographs of the workshop, read the article in this month's Touchstone.
- 2010 Digital Forensics International Conference, 6 – 7 September 2010, Auckland.
Related Touchstone articles
- Standards for corporate governance of information technology, April 2010
- IT Governance – howzat?, December 2008
Stay in touch
Subscribe to Standards New Zealand's monthly e-magazine Touchstone for the very latest news on Standards.
The question is not what you gain from standardisation, it's what you lose without it.
Standards New Zealand
(04) 495 0918
About Standards New Zealand
Standards New Zealand is the operating arm of the Standards Council, and part of New Zealand's standards and conformance infrastructure. Standards New Zealand is an autonomous Crown entity responsible for managing the development and distribution of Standards across a range of sectors nationally.
Standards New Zealand is a self-funded, not-for-profit organisation, relying on revenue primarily from contracts with sponsors to develop Standards, and from sales of Standards publications. Our independence helps us facilitate a cross section of stakeholders' contributions to the development of Standards, and ensure that each Standard meets the needs of end users.