The Australian Standard for Corporate Governance of ICT was published in January 2005 and adopted as ISO38500 Corporate Governance of Information Technology in 2008.
The standard provides a vocabulary, principles and a model for effectively governing ICT in an organisation. The six principles and model provide a way to deal with the diverse sources of risk and uncertainty ICT introduces.
Energy Use and Materials use and E-Waste are financial and compliance imperatives, which need to be considered in the governance of ICT.
There are several Management Standards that provide assistance in implementing effective Governance of ICT.
In Understanding and Managing Risk Attitude*, Hilson and Murray-Webster elaborate on the role of Heuristics and Emotional Intelligence in risk assessment and management. They classify Individuals as Risk averse, risk neutral or risk tolerant and discuss how this influences individual and groups behavior towards Risk identification and management. To some, inclusion in the group is important. Risk Takers may unrealistically emphasize benefits and underplay or not look for threats. Achievement focussed individuals may seek lesser but less threatening outcomes. Individuals' attitudes to Risk and their role in the group, also affect the group's attitude to Risk.
Rice, O'connor, Pierantozzi have (3) identified four broad areas of ICT project uncertainty: Technical, Market, Organisational and Resource Uncertainty.
In undertaking ICT projects and in the ongoing use of ICT by an organisation, its Directors need to be mindful of their obligations. A prudent approach requires a thorough Risk analysis of the impact the project will have on the organisation, the Risks and uncertainty inherrent in the technology and the new business processes and relationships it will create. This approach needs to continue as the project progresses circumstances may change and new information may come to light. Directors need to monitor the project and ensure it adapts to its changing environment or if it appears unlikely to succeed then its termination should be timely.
The effectiveness of Technologies in operation also needs to be monitored and new technologies may need to be considered. Directors need to ensure their management are aware of their obligation to provide the necessary information in a timely manner, to support active monitoring and evaluation and are also able to respond to new directions in a timely and cost effective manner.
(1) Links to Audit Reports, Court Cases and Media Coverage available at www.acs.org.au/governance/#reading
(2) Corporate Collapse - Accounting, Regulatory and Ethical Failure - sheds light on corporate collapse from the 1960s to the 1990s and beyond including Bond, HIH and One.Tel.
(3) Implementing a plan to Counter Project Uncertainty - Rice Oconnor Pierantozzi - MIT Sloane Management Review Winter 2008