Banging the gavel on corporate governance

The concept of governance is one of the flavors of the day but sadly, it lacks strict definition. There are literally dozens of definitions, depending on whose website you choose to read.

Enter AS8015. It's Australia's new standard on corporate governance of ICT (information and communications technology) and one that may become the International Standards Organization (ISO) standard, according to one of the standard's authors, Mark Toomey, an independent consultant who has spent many years in the IT industry. Toomey, who was speaking at a seminar in Wellington earlier this month, hosted by Borland, says New Zealand is also looking at adopting the standard.

One thing governance is not is management. They are different concepts, says Toomey, but the two things are still confused by many people.

AS8015 refers to the system by which the current and future use of ICT may be directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to ensure the objectives of the plans are met. It also includes the strategy and policies for using ICT within an organization.

Toomey says governance is about getting better results and value for money from investment in ICT. "Good governance can mean a 20 percent improvement in the bottom line when comparing similar companies, one of which has poor governance."

He is emphatic that business leaders are still not engaging with IT and that governance has an important role to play in fixing that.

"IT is mostly doing its internal job competently but improving supply does not fix demand. Business leaders are still not responsible, not setting directions, not planning and not implementing.

"Only six percent of Australian boards have a director competent to consider IT matters. The global figure is not much different. Boards don't have the confidence [to deal with IT] and don't put on the right people."

The problem is, he says, that IT projects continue to fail, and are getting worse at delivery. "Thirty percent of projects surveyed by KPMG didn't have any objectives. Only 10 percent were unequivocal successes.

"It's not just the projects that are a problem. Operational interruption is becoming a big problem.

"ICT is fundamental to business. Fifty percent of world capital investment goes into IT and that's forecast to rise to 60 percent by 2010. So, we're wasting something like 35 percent of the world's capital expenditure."

Until the formulation of the new Australian standard there was nothing anywhere to tackle the issue of governance, Toomey says.

He outlines six high-level principles:

• Establish clearly understood responsibilities for ICT

• Plan ICT to best support the organization

• Acquire ICT validly (have good reasons for making the investment and don't do it just because other organizations have)

• Ensure ICT performs well whenever required (evolutionary)

• Ensure ICT conforms to formal rules (you must know what applies to your organization)

• Ensure ICT use respects human factors.

Toomey says the board's role in strategic policy is consultation and approval. This role also includes awareness at the operating policy level. Directors also need to be aware that they are employees of the company and must adhere to usage policy. He notes that most organizations are bereft of strategic policies about ICT and that it is the board's role to develop these.

There are four fundamentals for continuously measuring corporate key performance indicators for ICT governance. They are:

• Business managers being responsible for ICT

• Projects delivering outcomes as per the business case

• Business systems operating at appropriate levels of performance and security.

• Adequate resources (people and equipment) considering business forecasts.

There should be a rolling review program of process performance and direction, and periodic external assessments to give an independent perspective.

AS8015 was made public in January last year. Toomey says some initial feedback complained that it didn't tell organizations how to deal with the fine detail, but the standard is not intended to do that. It is now being widely picked up, he says. The Queensland government is about to mandate it for all state government departments.

Not so custom-made

Late last year Australian Customs services all but ground to a halt when a new system to handle imports was brought into production. That has led to two parallel inquiries: by an independent consultant and by the Audit Office.

Mark Toomey uses this as an example of poor governance. "The project began in the 1990s with a budget of A$23 million (US$16.4 million). It is now A$230 million and climbing. When it went into production, it was the busiest month of the year and industry had said it was not ready and introduction of the new system would cause chaos. By the end of the week, Australian ports were choked and no imports were being cleared.

"Questions would have been raised by an astute board of directors, such as 'Do we have to change all the systems at once or should we be incremental?'"

It is obviously a sensitive issue with Customs, whose CIO, Murray Harrison, contacted Borland when it was understood that Toomey was going to use the case as an example in his presentation. "He hasn't worked directly for Customs," Harrison said.

Toomey is raising questions in advance of massive changes planned by the Australian Tax Office, which plans to change its whole system this year in the four days between Christmas and New Year. "If they can't do it in the four days, they will have to wait for the same window the following year. They should be able to do it incrementally."

Join the newsletter!

Error: Please check your email address.
Show Comments
[]