INTRODUCTION

IT governance has become a much-discussed topic among IT professionals. It is not well understood by senior managers, company directors, board members and chairmen, however, which is a pity, because IT governance is a key topic for exactly these people.

In IT Governance: Guidelines for Directors, I wrote:

In today’s corporate governance environment, where the value and importance of intellectual assets are significant, boards must be seen to extend the core governance principles – setting strategic aims, providing strategic leadership, overseeing and monitoring the performance of executive management and reporting to shareholders on their stewardship of the organisation – to the organisation’s intellectual capital, information and IT. A culture of opaqueness is out of line with today’s expectation of pro-activity and governance transparency. Boards that treat IT as merely a functional or operational issue simply don’t ‘get it’; directors who are not pro-active in understanding the strategic importance of, and operational risks in, intellectual capital, information and communications technology, are – at best – a drag on the effectiveness of their boards. As younger companies, controlled and managed by people who have grown up with IT and its possibilities, transform the business landscape, so those boards that fail to respond can expect their businesses to be destroyed – and whether the destruction is piece by piece or wholesale is, in the long run, irrelevant.

ISO/IEC 38500 – the international standard for the corporate governance of information and communication technology – puts boards around the world in a position from which they can take effective action to apply core governance principles to their information and communication technology.