Information & Communication Technology

• Governance
  Introduction Australian Standard International Standard Duty of Care Energy Imperative Electronic and Electrical Waste ICT Dispute Mediation Service Delivery over the Internet Build or Buy? Legal and Social issues of E-Commerce
• eBooks
  21C Publishing Making an eBook Interoperability Publishing on Kindle Legal Deposit Use of Photographs Print on Demand Short Walk eBooks
• Linux
  Project Log Distros Video Editing Web Video eeePC Agora It just works
• Sustainability
  From E-Waste to E-Resource Imperatives Course E-Waste Recycling Packaging Energy Ratings Environment and ICT ICT Enablers
• About Us
  About Us Contact Us Marghanita da Cruz

Information & Communication Technology

• Governance
  Introduction Australian Standard International Standard Duty of Care Energy Imperative Electronic and Electrical Waste ICT Dispute Mediation Service Delivery over the Internet Build or Buy? Legal and Social issues of E-Commerce
• eBooks
  21C Publishing Making an eBook Interoperability Publishing on Kindle Legal Deposit Use of Photographs Print on Demand Short Walk eBooks
• Linux
  Project Log Distros Video Editing Web Video eeePC Agora It just works
• Sustainability
  From E-Waste to E-Resource Imperatives Course E-Waste Recycling Packaging Energy Ratings Environment and ICT ICT Enablers
• About Us
  About Us Contact Us Marghanita da Cruz

Leveraging ICT in Corporate Governance - the Australian Experience

Marghanita da Cruz, Principal Consultant, Ramin Communications

Forging Leadership & Sustainability in the Global Environment

Malaysian Corporate Governance Conference
Securities Commission, Kuala Lumpur 15/16 May 2008

Approach

• Why the Interest in Corporate Governance
• Regulation & Legislation
• Financial
• Information and Communications Technology Related
• Need for Governance of ICT within organisations
• Standards and Guides

Why the Interest in Corporate Governance

• Failure of Australian Listed Companies
• HIH (Insurer)
• Ansett (Airline)
• One.Tel (Mobile Telephony)
• Fall out from US (dotcom bubble, Enron)
• Compulsory Superannuation

Financial Regulation and Legislation

• Goods and Services Tax Business Activity Statement (2000)
• Sarbanes Oxley (US - 2002)
• CLERP 9 Corporate Reporting & Disclosure (2004)
• Company Reports to be provided on websites (2007)
• Australian Legal Information (www.austlii.edu.au)

ICT Compliance Requirements

• Commonwealth Criminal Code 1995 -Computer Offences
• Telecommunications 1997 (Interception 2006)
• Broadcasting Services 1992 (Amendments: Online Services 1999, Digital broadcasting & Datacasting 2000)
• Information Privacy 2000
• Copyright (Amendments in 2004 for US-Aus FTA)
• Do Not Call Register 2006
• SPAM 2003
• Disability Discrimination 1992 (Accessibility of Websites)
• Net Alert - content filtering

Privacy Act 1988 Personal Information Principles

• Manner and purpose of collection
• Solicitation from individual concerned and generally
• Storage and security
• Information relating to records kept by record-keeper
• Access to records
• Alteration of records
• Record-keeper to check accuracy etc before use
• Limits on Use and disclosure

ICT and Corporate Performance

• Not a Risk free Investment
  • Cisco, Microsoft, Google...
  • Worldcom and One.Tel
  • IT Project failures
• Pros and Cons
  • Fraud vs Efficient Business Operations
  • Information Access vs Leakage
  • Misuse of Organisations Resources

Internet Scams (fido.gov.au)

• Online auction & shopping scams
• Fake Domain name renewals
• Spam (junk mail) offers
• Modem jacking & Spyware
• Phishing & Card Skimming

Experience of Online Credit Card Fraud (aic.gov.au)

IT Pressures and Needs

• Open Source
• Internet/Web Based
• Integration of Business Systems across organisations
• Flexibility - Mobility - Globalisation of Employment
• Sourcing Models

Standards & Guidelines

Australian Corporate Governance Standards(2004)

• Good Governance Principles
• Fraud and Corruption Control
• Organisational Codes of Conduct
• Corporate Social Responsibility
• Whistle Blower protection programs
• Risk Management (AS3806/4360)
• Corporate Governance of ICT (AS8015-2005)

ASX Principles & Best Practice (2003, 2007)

AS8015 Principles

1. Establish Responsibilities
2. Plan ICT
3. Acquire ICT validly
4. Ensure that ICT performs
5. Ensure ICT conforms
6. Ensure ICT respects human factors

AS8015 Model

• Evaluate against Pressure & Needs
• Direct Policies & Plans
• Monitor Conformance and Performance

Other Standards & Better Practice Guidelines

• OECD Security Principles
• Record Keeping (ISO 15489)
• Information Security (ISO27001)
• Service Management (ISO20000)
• Interchange of Client Information (AS 4590)
• Environmental Impact (ISO14000,Energy Ratings)

OECD Security of Information Systems and Networks Principles

• Awareness
• Responsibility
• Response
• Ethics
• Democracy
• Risk Assessment
• Security design and implementation
• Security Management
• Reassessment

Summary & Discussion

• Regulations & Legislation require organisations to use ICT
• ICT introduces real threats so, Government and other Organisations need to be prudent in their use and investment in ICT
• Wide range of Standards & Guidance available
• ramin.com.au/itgovernance

References & Further Reading

• Survey of IT Governance Instruments, Standards, Guides, Regulations, Laws and Frameworks - ramin.com.au/itgovernance
• AS8015-2005 - Australian Standard for Corporate Governance of Information and Communication Technology (ICT) - ramin.com.au/itgovernance
• OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security - www.oecd.org
• Types of fraud relating to other purchases - www.aic.gov.au
• Do Not Call Register - www.donotcall.gov.au
• Spam & e-Security - www.acma.gov.au
• Protecting Australian Families Online - www.netalert.gov.au
• Information Privacy Principles under the Privacy Act 1988 - www.privacy.gov.au
• Digital switchover date confirmed (18 December 2007) - www.minister.dbcde.gov.au/
• The whole-of-government IT outsourcing initiative - www.aph.gov.au
• Unisys Australia Ltd v RACV Insurance Pty Ltd & Anor [2004] VSCA 81 (14 May 2004) - www.austlii.edu.au
• Australian Customs - more flak than facts? (14/02/2006) - www.infoage.idg.com.au
• Going cheap: One.Tel's last jewel (July 14, 2004) - www.smh.com.au
• MoneyTree Venture Capital Profile for United States - PricewaterhouseCoopers/Venture Economics/NVCA - vx.thomsonib.com
• ASIC reaches agreement with John Greaves in One.Tel proceedings (6 September 2004) - www.asic.gov.au
• Former FAI officer sentenced (1 December 2006) - www.asic.gov.au
• ASIC commences investigation into Ansett (14 September 2001) - www.asic.gov.au
• Key superannuation information - www.ato.gov.au
• Corporate Law Economic Reform Program (CLERP 9) - www.asic.gov.au
• Principles of Good Corporate Governance and Best Practice Recommendations - www.asx.com.au
• www.acs.org.au/governance
• Australian Ethical Charter - austethical.com.au

www.ramin.com.au/itgovernance/ICT-in-corporate-governance-the-australian-experience.shtml © Ramin Communications This page last updated 2 May 2016. Privacy Policy