First mover seminar on new IT governance standard ISO 38500 (IEC 29382)
ISO/IEC 38500
Dear Colleague,
End of May the International Organization for Standardization (ISO) will publish a new standard for IT Governance: ISO/IEC 38500.May 26th. The seminar will be held in Schiphol Airport NH Hotel, Amsterdam, for easy access from all over Europe.
We have two important contributors to the standard in the programme: Alison Holt (Chair of the ISO working group/ New Zealand) and Mark Toomey (prime member of the ISO working group / Australia). Prof. Chris Verhoef (Free University / Amsterdam) will point out how larger organizations should deal with these new governance rules.
This is a unique opportunity for everyone engaging in IT Governance in a professional manner, to see how the new ISO standard is constructed and how it works in practice. It offers a unique opportunity to understand future directions if you still need to get started with IT Governance. We encourage attendees to come in teams from their organization (Business and IT!).
Places are limited, so register fast.
The standard has been announced as ISO/IEC 29382, and will officially be titled ISO/IEC 38500. The standard was based on the Australian standard AS8015. Also look at:
Inform-IT and bITa Center took the initiative to organize an exclusive first mover seminar on Monday,
Also look at: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=45429
Venue: NH-Hotel Aimsterdam Airport, The Netherlands
Date: 26 of May 2008
More information: Info@bita-center.com or +31 23 534 6966
PROGRAMME
12:00 Lunch and registration
13:00 Welcome (Jan van Bon, chair)
13:10 Opening session by prof. Chris Verhoef, setting the scene for IT Governance and how to apply standards
13:45 Key note session by Alison Holt, committee chair, explaining history, background and nature of the governance project
14:45 Break & networking
15:15 Practice session "Working with the new standard" by Mark Toomey, a "how to" session
16:15 Wrap up by Alison Holt
16:25 Discussion, conclusions (with Mark Toomey, Alison Holt, prof. Chris Verhoef)
17:15 Closing words (Jan van Bon, chair)
17:20 Drinks and snacks, networking
Mark Toomey, Managing Director, Infonomics Pty Ltd.
Mark Toomey is a principal member of the Standards Australia team which created AS8015 – the world’s first standard for Corporate Governance of Information Technology. He played a significant role in the transition of AS8015 to the new ISO/IEC standard for Corporate Governance of Information Technology and continues this work through participation in an ISO/IEC Study Group planning for further development of ISO standards in Governance of IT. He is author of “The Director’s IT Compass” and several papers on IT Governance and IT failures, and regularly speaks to diverse audiences on corporate governance of IT. Mark is Managing Director of Infonomics Pty Ltd. His company specializes in helping corporate leaders understand and improve their organization’s IT Governance. Mark commenced his IT consulting career in 1977, and has focused on governance of IT since 2000.
ALISON HOLT | Director and Co-Founder
internationally acclaimed expert in IT Governance and Sustainability Management, Alison Holt is Director and Co-Founder of Concrete Campus. Alison is New Zealand Head of Delegation for the ISO/IEC Software and System Engineering committee, JTC1 SC7. In this role she holds the New Zealand vote for new software and system engineering standards in a one-country-one-vote system, and she represents the views and opinions of New Zealand subject-matter-experts. Leveraging her vast international network of academics and business luminaries, Alison acts as information broker between the academic and the corporate worlds, translating research into a business context driving organisational value and reducing risk.
Prof. Chris Verhoef
Prof.dr. Chris Verhoef works at the Free University Amsterdam, Department of Information Management and Software Engineering, and is a frequent author in leading (IT) management publications and magazines.
Quantifying the Effects of IT-Governance Rules
Via quantitative analyses of large IT-portfolio databases, we detected unique data patterns pointing to certain IT-governance rules and styles, plus their sometimes nonintuitive and negative side-effects. These patterns relate to the five fundamental parameters for IT-governance: data, control, time, cost and functionality. For these in total seven types of patterns, it is possible to take corrective measures to reduce unwanted side-effects, and/or amplify the intended purpose of the underlying IT-governance rules. In this talk we focus on time-to-market and we show that it someimes cost more than it delivers
Some downloads and further information:
Chapter on AS8015 Frameworks pocket guide 2007
Infonomics Discussion Paper - Australian Pharmaceutical Industries Extract.pdf
Infonomics Discussion Paper - Customs Imports Module Extract.pdf
RMIT Research Report V7 A5 080131 Extract.pdf
http://en.wikipedia.org/wiki/AS8015
http://www.ramin.com.au/itgovernance/as8015.html
...
It’s very interesting that so many of the definitions focus on the implementation of strategy – which is generally done through projects. Very few seem to recognise, let alone give equal weight to sustaining the continuing operations of the business which in so many cases are dependent on IT.
....
The AS/ISO definition says that Corporate Governance of IT is a system. And it explicitly refers to both the current (ie operational) and future (ie strategic) use of IT. Now those of us who have come from an architecture background know that a system involves integration of four primary elements – people, process, structure and technology. Often we see IT Governance related tools and frameworks (eg Cobit provides a process framework for many tasks in IT Governance, but it does not prescribe structure, deliver instantly aligned people, or automate the system) that tie into some of these elements, but one does not get a system in any organisation until one does the work to integrate the parts.
For me, one of the most powerful aspects of the AS/ISO standard is that recognition that governance is a system. The governance system spans from the top of the organisaiton (the governing body) and extends deeply into its management structure. And the system comprises many subsystems – some of whcih are often referred to as being “governance”.
A mark of any good system is that it strikes the right balance of rigour and flexibility, complexity and simplicity. When one thinks of governance of IT as a system, one is perhaps reminded to maintain that balance, and to ensure that the system embraces all who need to play their part.
Mark Toomey
======================
I also agree with your assessment of CoBIT. I've found similar gaps, which is why I've tried to align it with ITIL and CMM initiatives for a more complete picture. It worked well, but it's quite a bit of work to keep everything in sync early on in the implementation. Having a single consolidated standard will go a long way to helping with that issue. "People, Process, Structure and Technology" is definitely the right approach. I can't wait to see the standard to see how that focus is supported.
John Benfield
============================
...
As those who have been reading my posts are aware, I believe that the plethora of diverse definitions is a problem, and I see the very broad, encompassing definition of IT Governance in the new ISO/IEC 38500 standard as being a key to solving that problem.
In 2006, Gartner said: “… many definitions of IT Governance confuse IT governance definition with implementation”. This is very true. What’s interesting is that Gartner said this in the context of Peter Weill’s definition, which Gartner, IBM and others had adopted. Gartner effectively was saying that defining IT Governance in term of decision rights was too narrow. The new definition proposed by Gartner says that IT Governance is: “The processes which ensure the effective and efficient use of IT in enabling an organisation to achieve its goals”.
Personally, I think that Gartner was trying to move toward the AS8015 (now ISO/IEC 38500 definition, without having to actually acknowledge that work. Had they used the word “system, instead of “processes”, they might have scored right on target. But process is only one element of a system – a system involves people, structure and technology as well as process.
It will take time, but there will be tremendous value in the world settling on a single definition of IT Governance, and the one contained in the new standard is, I suggest, the most encompassing, yet benign option available. It benefits from inherited legitimacy – it is clearly derived from the widely accepted definition of corporate governance. It embraces all of the sub-concepts that have been proposed as aspects of IT Governance. Yet, it gives every organisation the freedom to decide exactly how to design and implement its corporate governance of IT, while making it abundantly clear that designing and implementing such a system is essential for the majority of organisations.
There seems to be a new question emerging from this:
I wonder what you think?
Kind regards
Mark Toomey