In this issue of Touchstone we feature the corporate governance of information technology workshop that was recently hosted by Standards New Zealand. About 50 people attended this workshop that was aimed at chief executives, chief information officers, and senior information technology (IT) professionals.
We also feature a number of articles related to energy – from the development of a future international Standard on energy management, to defining quality management in the oil and gas industries, to two new Standards to improve the quality of marine fuels.
You’ll also find stories about:
Touchstone is published monthly and includes updates on New Zealand Standards in development, amendments, drafts, superseded, and withdrawn NZS and AS/NZS Standards, ISO, IEC, Australian, and British Standards. You can order overseas Standards from us so please support New Zealand by purchasing through your national Standards body!
We welcome your feedback and suggestions on improvements to ensure Touchstone is delivering on its promise. Please send feedback and suggestions to email@example.com.
Standards New Zealand workshop on corporate governance of IT
Standards New Zealand hosted a ‘Corporate governance of information technology’ workshop on 28 July 2010 in Wellington for public sector CEOs, senior managers, CIOs, and senior information technology (IT) professionals. Around 50 people attended the workshop to hear keynote speakers on the corporate governance of IT and wider governance issues including cloud computing, technology partner governance, and governance of digital forensic risk.
From left to right:
- David Johnstone, lecturer at Victoria University of Wellington
- Debbie Chin, Standards New Zealand Chief Executive
- Myles Ward, co-chair of the ISO international Working Group for IS Governance Frameworks and Systems
- Alison Holt, internationally acclaimed expert in corporate governance of IT, chair of the committee that developed the international corporate governance of IT Standard, New Zealand Head of Delegation for the ISO/IEC Software and System Engineering committee, and co-chair of the ISO International Working Group for IS Governance Frameworks and Systems
- Mark Toomey, internationally recognised as a leading expert in top level governance of IT
- Dr Brian Cusack, leader of AUT University Digital Forensic Research Laboratories and chair of the SC7 ISO study group that inquired into corporate digital forensic risk
Opening the workshop, Debbie Chin, Chief Executive at Standards New Zealand, said ‘it’s important that IT projects in any organisation are governed at strategic board level and not just by the IT department. In the public sector, implementing IT projects impacts a wide group of stakeholders beyond those of the organisation. There are lots of gains to be made for the public sector from corporate IT governance.’
Keynote speakers and panel discussion
Myles Ward, Dr Brian Cusack, Mark Toomey, who all worked with the Chair, Alison Holt, to develop the international Standard for Corporate governance of IT ISO/IEC 38500, presented as follows:
- Myles Ward – Technology partner governance and how ISO is looking at Standards for governing across the field of outsourcing
- Dr Brian Cusack – Digital forensics and how ISO is developing guidelines to identify, collect, and preserve digital evidence to assure the board that digital forensics risks are being managed
- Mark Toomey – Case studies of where a lack of governance has caused problems, such as Queensland Health’s payroll and related issues. While Mark used Australian case studies, these issues are relevant to New Zealand organisations
- Alison Holt – An overview of the proposed CIO governance handbook and how Standards New Zealand develops Standards through building global networks. Alison introduced cloud computing governance work locally and internationally as she knew the people in the room could be interested in contributing to the work. ‘Standards New Zealand is scoping a New Zealand cloud computing Standard to enable New Zealand to be a good place to host cloud computing services,’ says Alison. ‘Key issues in cloud computing are sovereignty, privacy, and portability. New Zealand understands these requirements.’
The speakers were joined by David Johnstone, Lecturer in Information Systems, School of Information Management, Victoria University of Wellington, and set up a panel. The panel answered questions from the floor on risks, digital forensics, vendor management, and the development of the cloud computing Standard.
The workshop was well received by the attendees and we received great feedback. We’ll include in-depth interviews with the speakers covering corporate governance of IT and wider governance issues in future issues of Touchstone.
IT governance framework and principles
New Zealand and Australian committee members played a significant role in developing ISO/IEC 38500:2008 (now adopted as AS/NZS ISO/IEC 38500:2010). The Standard was produced by an international working group chaired by New Zealander Alison Holt, an acclaimed expert in IT governance.
Governing the use of IT, this Standard encompasses managing reputation risk, financial risk, and operational risk when deploying IT business systems. There are six principles in AS/NZS ISO/IEC 38500:2010 that provide a checklist for IT investment decisions:
- responsibility – know who is ultimately responsible and has the authority, capacity, knowledge, and capability to recognise and address issues
- strategy – understand current and future IT capabilities and how risk will be managed
- acquisition – thorough analysis to ensure IT acquisitions are made for valid reasons
- performance – testing and ensuring IT systems are fit for purpose
- conformance – ensuring compliance with regulatory frameworks
- human behaviour – training and preparing people for IT systems.
The Standard provides a framework to evaluate, direct, and monitor the use of IT in organisations. Using AS/NZS ISO/IEC 38500 will help those at the highest level of organisations – owners, board members, directors, partners, senior executives, or people in similar positions, to understand and fulfil their legal, regulatory, and ethical obligations for their organisations’ use of IT. Using the Standard will also help organisations of all sizes to save money associated with IT, by avoiding failures.
→ Buy AS/NZS ISO/IEC 38500:2010 Corporate governance of information technology
Related Touchstone articles
The workshop panel, Brian, Mark, David, Myles, and Alison.