INTE2412- Application of the Standard to Improve IT Governance
Table of contents
The objective of this business report is to evaluate the applicability of the governance standard of AS ISO/IEC 38500:2016 to Western Australian Auditor General (WA) as a IT governance tool, namely to study whether the application of this standard can significantly improve project ICT success and governance outcomes of the WA government and how useful and feasible this standard is in IT governance. In order to achieve this objective, this business report will be devided into the following main four sections. The first section will present a summary of WA’s current status of IT governance. Then, in the second part, the level of WA’s current application of the standard, namely to what degree the standard is reasonably used or respected in WA, will be analyzed by using the measuring device of the six principles of responsibility, strategy, acquisition, performance, conformance and human behaviour. The third part is going to identify how the six principles of the standard can be applied to improve the current status of WA’s IT governance. And the last part is to evaluate the usefulness and feasibility of applying this governance standard as an IT governance tool.
Based on the second part of the Western Australian Auditor General’s Report, the current IT governance status of WA can be summarized as follows. Generally speaking, the WA’s current computer controls fail to provide effective support in the six control and governance categories of information security, business continuity, management of IT risks, change control and physical security to ensure the confidentiality, integrity, and availability of information systems (Office of the Auditor General, 2019). There were 547 issues in the current computer controls of WA’s 47 in 2018 government entities, an increase in issue number compared to 2017(OAG, 2019).
Moreover, management of information security, business continuity and IT risksbecome the three governance issues with the greatest weakness (OAG, 2019). Only 47% of entities met the benchmark of managing information security effectively, 50% of entities met the benchmark of having adequate business continuity, and 69% entities in IT risks management (OAG, 2019). In addition, the majority of the issues were rated as moderate, reflecting that actions should be taken as soon as possible to address the issues (OAG, 2019). Therefore, it can be seen that the current IT governance status of Western Australia is not effective and the IT governance outcomes are not satisfactory.
As mentioned in Section 2, there is a need for WA to adpot enhanced IT governance. And the six basic principles in the standard of ISO/IEC 38500 is exactly aimed at promoting effective and feasible IT application and governance by all organizations (Moeller, 2013). Then, to what degree does WA respect and apply these principles at a reasonable level? From the AG’s report, it can be seen that these principles are not reasonably followed in WA.