"Corporate Governance of Information and Communication Technology is the System by which the Current and Future Use of ICT is Directed and Controlled."
This formal definition was developed for the Australian Standard for Corporate Governance of Information and Communication Technology, AS8015, and carried over unchanged to ISO/IEC 38500.
It provides clarity in the face
of numerous industry and vendor-created definitions, many of which focus on
subsets of the overall systems of control.
ISO/IEC 38500 is designed to
help organisations reduce risk and improve success with IT investments and
IT enabled business operations. It does this by guiding
leaders of organisations including senior executives and board directors in
oversight of IT use.
ISO/IEC encourages adoption of
behaviours throughout the organisation, to ensure that IT use is efficient,
effective and acceptable, in pursuit of the organisation’s objectives, with
appropriate levels of risk and reward.
Good governance of IT, from the
top, has direct benefits to corporate performance overall, as well as
reducing the risk of IT failures for that current and future business
operations. Researchers such as Peter Weill at MIT’s
Sloan Management School have demonstrated that, in addition to direct cost
savings, good governance of IT drives higher return on investment in IT and,
most importantly, higher return on assets for the organisation overall.
An effective system for Governance of IT should be designed around three fundamental processes, overseen by and operating under the delegated authority of the organisation's governing body.
These processes should
Evaluate the potential use
of IT,
Direct its use in current
and future business and
Monitor the performance and
conformance of IT as a business tool.
The
Governance System should ensure that decisions regarding the use and
delivery of ICT to the organisation are rational and appropriate.
ISO/IEC 38500 provides guidance for decision making in the form of
six Principles of Good ICT
Governance:
Responsibility;
Strategy;
Acquisition;
Performance;
Conformance;
Human
Behaviour.
Infonomics recommends that organisational behaviour in planning and using IT
should be guided by clear
top level policies that correspond to the
six
principles and embed the organisation’s attitudes in the decision-making
processes