Ask any chief executive officer (CEO), company director or board member what they consider to be the riskiest area for their organisation and they’re likely to unanimously say its IT enabled investments. This is almost certainly what the Queensland Government would say after it was forced to pay significant costs to IBM Australia, the technology creator of its new health payroll system, earlier this year, despite IBM’s failure to deliver the service in 2010. So disastrous was the project that in 2013, Premier Campbell Newman called it “the worst failure of public administration in this nation.” The failure of the system meant almost 78,000 Queensland Health staff were underpaid, overpaid or not paid, and left taxpayers a bill of $1.2 billion to fix the problem. This is far from an isolated event.
Speaking in 2011, Victoria’s Ombudsman said that every major IT project the state had attempted over the previous years was almost 100 per cent over budget, late and essentially failed to meet expectations. On the other side of the globe, the US Department of Defence found that 11 major IT projects were collectively US$6 billion over budget and 31 years behind schedule. While these are all government examples, private companies are by no means immune to such blowouts and disasters.
Lack of standards
In today’s IT-enabled and digitally enhanced world – where organisations are forced to be agile and responsive – IT investment has become increasingly critical.
Despite the overwhelming importance of sound IT investment, Jan Begg FAICD, managing director of Azulin, says that over the past 30 years there has been almost no improvement in the area. Begg’s work at Azulin – which provides consulting, governance and system architecture services to government, commercial and not-for-profit clients – has taught her that often the failure of IT enabled investments has nothing to do with faulty IT departments or the world moving too quickly. Simply put, it is a consequence of a lack of IT governance standards.
“What normally happens is that a board or a CEO approves a capital budget investment to implement a new IT initiative like a payment terminal, a new website or hiring an external organisation to deliver payroll services for their business. They approve the investment because they think it will improve operations, increase customer satisfaction or increase market share, and the project begins. Yet the board, CEO or the senior management don’t know how to track the actual benefits, meaning they don’t know whether the intended value is actually delivered.”
The role of TS 8019
Enter TS 8019, a top-down guidance document released by Standards Australia to help board directors and management create a framework for the governance of IT enabled investments. The framework can be applied whether the relevant investment has been delivered in-house or by an external provider.
“A large number of organisations have difficulty showing that IT enabled investments actually deliver the intended value. While these companies have comprehensive project management methodologies and tools for benefits realisation, what is missing is advice on the role of the board. How do directors know the questions to ask and what is the most effective way for a board to provide oversight of digital investments?” asks Begg, who was part of the Joint Standards Australia and Standards New Zealand Committee that formulated TS 8019.
“Furthermore, improving the understanding and tracking of what organisations get back from their IT investments has proven to be a key factor in increasing return on investment. This in turn makes Australian organisations more competitive and more able to implement their strategy and keep their promises to shareholders, stakeholders, staff and the broader community.”
Begg argues that effective IT corporate governance is vital in this age of innovation, especially as investors make greater demands on boards to explain how they manage digital risks. On top of investor demands, there is also a growing trend towards developing better corporate practices, processes and standards.
The G20/OECD Principles of Corporate Governance stipulate that a board’s decisions and actions must be made on a fully informed basis, that the board is to provide leadership for management, and that it must report to shareholders on its stewardship. This can only be achieved if a board has instilled strong governance around its vital assets and infrastructure, including IT.
Since 1922, Standards Australia has been Australia’s national standards body with a strong reputation as a consensus-based, independent facilitator of internationally aligned standards. More recently, the organisation has taken a lead in developing corporate best practice and driving innovation in IT governance. TS 8019 is an example of one such consensus-based outcome and builds on the organisation’s ongoing brief to develop and adopt standards to promote the culture of corporate accountability.
“Company directors benefit greatly from instilling business principles that support standards engagement to ensure a measure of compliance and performance,” says Standard Australia’s CEO Dr Bronwyn Evans GAICD. “Prominent standards such as those for risk management, quality management and ICT governance have all made their way to boardrooms across the nation and have provided immeasurable value to companies.”
Evans says company directors that engage with Standards Australia benefit from the global standards development and harmonisation activities that have been created to support regulation, innovation, economic efficiency and business excellence.
“For instance, in July, Standards Australia and the Australian Treasury completed an APEC project for the free flow of data across borders. The project’s core mission was to identify the key standards and regulatory challenges to data flows and to deliver recommendations for the more efficient transfer of information across the Asia Pacific region. This type of innovative project should resonate with directors seeking to have their companies break into the Asian and American markets.”
Assistance expanding into new markets is just one of the benefits of working with Standards Australia. Creating efficiencies, transparency and competitiveness are others, as is being able to navigate the ever-changing future. “We are able to road map, take that big ‘horizon view’ perspective and look at where a sector is going,” says Evans. “Standards overcome barriers to trade by developing a common set of rules for acting and transacting, and companies that are part of the disruptor community are more frequently engaging with us as they see standards as an enabler for socialising and standardising their technologies.”
Disruptors, including companies such as Uber, Airbnb and Facebook, have made technology their main game, not a sideline activity. It has meant that IT enabled investment decisions are no longer solely the responsibility of the IT department, but also the board and management’s.
John Sheridan, Australian Government chief technology officer and procurement coordinator, and chair of a number of Standards Australia committees, acknowledges the transfer in responsibility but warns, “The consumerisation of IT brings an increasing and welcome ability for individuals to use IT, but it increases the potential for those uses to slip out of governance.”
But according to Evans, the challenge can be managed. She suggests that just as in any other area of an organisation, such as accounting, it needs a framework. “Standards provide businesses with the opportunity to operate with confidence and allow consumers to buy with a level of certainty. Company directors who see standards as fundamental to innovation, economic efficiency and business excellence are the ones that obtain the greatest benefit from engagement with Standards Australia.”