This presentation was given to the Australian Computer Society's Canberra conference on 23 September 2014. Its aim is to introduce the audience to the work done by Australians and Australian organisations in furthering the cause of standardisation in IT governance across the world.

Why do we need governance?

http://www.mckinsey.com/insights/business_technology/delivering_large-scale...

These findings—consistent across industries—emerged from research recently conducted on more than 5,400 IT projects2 by McKinsey and the BT Centre for Major Programme Management at the University of Oxford. After comparing budgets, schedules, and predicted performance benefits with the actual costs and results, we found that these IT projects, in total, had a cost overrun of $66 billion, more than the GDP of Luxembourg. We also found that the longer a project is scheduled to last, the more likely it is that it will run over time and budget, with every additional year spent on the project increasing cost overruns by 15 percent.

While focussed on projects, this chart, drawn from the same McKinsey research, shows the reasons why the projects that over ran their budgets did so. Governance and planning are clearly at fault.

AS 8015 was the Australian standard for the corporate governance of ICT. Work began in the early 2000s under the auspices of Standards Australia. It was published in 2005. It was an educative standard, targeted at the executives who ran organisations that used ICT rather than the managers who run IT.

ISO/IEC 38500:2008 was fast tracked as an international standard from AS 8015:2005. It is based very closely on 8015. It sets out six principles for good governance.

These are the principles of governance of IT from 38500.

This is the 38500 model for IT governance - Evaluate, Direct, Monitor

Developed by Raymond Young following 8015.

Boards and top managers personally have the most influence on whether a project succeeds of fails.

Expert advice has less impact on success than you might think. A business focus is required.

Important focus on IT enabled projects - recognising the need for business involvement - the constant refrain of this work.

Performance - Investments in IT contribute positively

Conformance - meet business obligations - security, privacy, accessibility, etc.

Building on the work in producing standards in this area, Australia has been involved fro a number of years in JTC1.

JTC1 is the joint committee of the ISO and IEC focussing on IT.

Following the initial work done on standardisation of governance, JTC1 created a separate working group on this subject. WG6 continued the work of standardisation in parallel with activities in other sub-committees of JTC1, principally SC7.

WG8 was established in late 2012 to combine the work being done in the governance of IT across JTC1. Australia provided the secretariat. Its task was to further standards in this area - principally the 38500 series and the 30120 series on IT audit and digital forensic risk management.

SC40 was established in November 2013 at the JTC1 Plenary in France. It reflected a resolution designed to link all the elements of governance and service management under one SC.

These are the matters that deal with the business use of ICT rather than the IT organisation's management of IT.

The secretariat is provided by Standards Australia and I am the chair for three years.

Develop standards, tools, frameworks, best practices and related documents for IT Service Management and IT Governance, including areas of IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance, but excluding subject matter covered under the scope and existing work programs of JTC 1/SC 27 and JTC 1/SC 38.

SC 40 has three working groups:

- Governance of IT (corporate governance 38500 series and operational governance 30120 and 30121) - UK convenor
- IT Service Management (20000 series) - Australian convenor
- IT enabled service management and business process outsourcing (30100 series) - Indian convenor

Australians are involved in a broad range of ICT standardisation activities shown here in orange - P and O memberships.

Standards Australia has a range of mirror committees supporting its work in JTC1.

Australia is well represented and highly respected for its work in international standardisation in ICT, particularly in governance and service management. I encourage you all to become involved in your areas of expertise.