by Gerald Trites, FCA, CA*CISA/IT
The publication of ISO 38500 in 2008, an International Standard on Corporate Governance of IT (Information Technology) will fill a void that has existed for many years. In most organizations, IT has grown from an isolated glass house unit to a spread-out function, distributed like the networks that began to form the central point of their function. At first, IT managers were isolated from the Board and top management and therefore from the area of corporate governance, which in fact scarcely existed in the early days of IT implementation. In more recent years, however, IT has moved into the C-Suite and has even begun to penetrate the activities of Boards of Directors. Nevertheless, there has been a lot of uncertainty as to how this should be carried out.
ISO 38500 provides a means whereby companies can implement governance over IT, mobilize the Board's oversight of this very important strategic element of their organization and do it in accordance with International Standards.
The standard is framed according to six principles for good corporate governance of IT:
- Human behaviour.