AUCKLAND (01/24/2011) - Two New Zealanders head the International Standards Organisation's working group for IT governance standards -- an endeavour that many say is crucially important for the progress of IT, as it becomes embedded ever more deeply in the functioning of any organisation.
The foundation standard, ISO 38500, is now published, but work continues in enhancing it to cope with IT developments such as cloud computing and the increasing use of outsourcing.
Ward, who is the group manager of IT operations and services at Inland Revenue Department (IRD), says the standard -- only 12 pages long -- establishes "a common language and a common understanding" between the technical IT experts and the businesspeople who decide how IT should be implemented in the organisation.
Ward's co-chair on the ISO 38500 working party is Alison Holt, founder of governance and strategy company Longitude 174.
ISO 38500 provides guiding principles for directors of organisations and people assisting directors, on the effective, efficient and acceptable use of IT in the organisations. The standard's framework has six main headings: Responsibility, strategy, acquisition, performance, conformance and human behaviour.
Ward has been occupying various positions in IRD's IT for the past four years. Prior to that, he was head of business management at Westpac.
In his present position, he is responsible for the smooth running of IRD's technology in support of its key objectives -- gathering $50 billion worth of tax revenue and discharging its social funding objectives. Ward reports directly to the deputy commissioner of information design and systems Tim Occleshaw.
Ward says it is "a humbling experience" to be co-chair of an international working group. "The reason I say that is because you have access and are leading through, some world-class experts in IT governance and that may be in terms of academia or IT professionals."
The recognition of New Zealand should not be reduced to the cliché of the country "punching above its weight", he says. Rather, "I think we're punching at the right weight. I think we're very much an untapped nation as world leaders in our thinking. The talents we bring to the table are the ability to get things done; to work very collegially with a lot of different nations, roll up our sleeves and get the outcomes. I think the key strength we have is the ability to call on all these experts to be able to contribute in the right way."
Peter Macaulay, principal of end-user practice at IT analyst IDC, applauds the evolution of ISO 38500 and New Zealand's role in it. There is a "governance gap" on the IT side of many organisations, he says. With few exceptions such as the ASB bank, Kiwibank and Air New Zealand, local businesses "need to do a much better job" of IT governance. The three biggest areas where there is a need for improvement in enterprise IT are governance, strategy and innovation. "Sorting out the governance gap will fix the other two," Macaulay says.
As decisions on IT move from technical specialists out into the hands of line-of-business management, so good governance becomes more crucial, he says.
Macaulay believes there is a lack of research here about how well IT governance is working and whether it is improving over industry as a whole. However, Ward thinks local business is starting to "do the right things" or at least "the right questions are being asked.
"It is about ensuring that we get a standard way of doing business. That is the value of the standard, it introduces a consistent way and a consistent application of governing IT."
Asked how ISO or the working group will persuade businesses to adopt the principles in ISO 3850, Ward says much of the consultation with people at the coalface of businesses goes on early in the process of evolving the standard. When considering what to tackle with the standard and any updates to it, "we would look at different companies within New Zealand and see that there is a buy-in there," so there would be at least "a representative sample" of organisations aware of the standard and able to help it match their perceived needs, he says.
Though the essential standard is finished and has been handed back to ISO, the working party continues to plan revisions and additions. Because of the lead time involved in developing the standard, compared with the fast advance of technology, the standards working party has to think about three years ahead of the state of the technology, Ward says.
With the right expert input this need not be as difficult as it sounds. "The technologies will be very difficult to predict, but this is about the application and the governance of the technology."
Current focuses for the first revision of the standard are the cloud, audit and digital forensics (awareness of electronic crime and standards of evidence collection).
"We're also looking at vendor governance," he says. As outsourcing grows, an aspect of governance is "being very clear how we integrate vendors within our environment and how we govern them", particularly when they operate under different laws and regulations.
One of the most widespread problems of IT governance here is that the CIO's reporting line to the board and top-level managers is too indirect, Macaulay says.
At the IRD, Ward's position sits alongside managers of enterprise architecture, strategy design and implementation, and IDS strategy and business engagement. "We are the four group managers who report to Tim Occleshaw, who reports through to the Commissioner of Inland Revenue. They are very senior roles within the organisation and very influential in terms of enabling the business and also driving through a lot of opportunity for Inland Revenue," he says.
Opportunities for innovation at IRD in the service of the public and the government lie foremost with the 'e-channel', Ward says -- online communication, offering taxpayers a more direct and efficient way of doing business with the department. "Business is being done a little differently now; our citizens want to electronically transact with us and we need to do things differently, moving from paper to the electronic age."
IT helps "streamline what we do, demonstrate value for money and make sure we can continually deliver what the public wants," but always within the tight fiscal constraints of the time. "That demands that I have the foresight and thinking to know that I'm evolving our IT shop to be able to support those technologies in the future. To make sure we are evolving ourselves to work directly with the business."
It's also important, Ward says, "to be sure that we're aligning our costs and drivers; that we understand the total cost of ownership and the cost of doing business. I'm not saying that we don't know that now; [but] it's becoming more prevalent."
Part of the "fiscal prudence" and eye on costs that Ward keeps emphasising is a move away from individually tailored systems into commercial off-the-shelf software products where possible.
"You don't have to develop; you configure. It goes to business rules. So the speed to market and adjusting to change becomes a lot easier."
In areas like online portals, there is no need for Inland Revenue to develop anything different from any other online business, he says. Likewise, some of the most visible innovations to the individual taxpayer, in the phone interface, are supplied off-the-shelf by IRD's telecomms provider TelstraClear. "They provide our VoIP and call-centre routing; virtual hold, speech [recognition]; things you'd find in any IT shop."
There are about 450 in-house staff in Ward's business unit, but IR depends to a large extent on outsourcing -- "TelstraClear for telecomms. HP for our mainframe and Unisys, who support our middle-tier environment. Then software vendors -- Oracle, IBM SAP, who provide critical software to enable us to carry out our functions.
"About 50 percent of our budget is outsourcing," he says; "it is a significant part of how we do business."
In common with many other New Zealand businesses, virtualisation is an increasing element of the IT environment at Inland Revenue.
While the ISO working party considers governance of the cloud, is Inland Revenue moving in that direction?
The cloud is now part of everyone's digital life, Ward believes, if it's only a question of downloading an application onto a mobile phone. "Within the public sector there's a roadmap to get to a cloud computing environment. It's important [as a preparatory step] that you consolidate, rationalise and virtualise. It's not a matter of jumping into the cloud; it's making sure you're evolving your base infrastructure to be able to adapt to a cloud environment. "There are certain fundamental steps that you'd look [to] to move an organisation into a cloud environment. There are also various laws and regulations that we need to abide by -- the Public Finance; the Privacy Act. There are purchasing guidelines about what we can do offshore and onshore. So there are [constraints] we must operate in order to even consider moving into that cloud. Within private industry it's definitely there now. In terms of government it's an area we need to be clear about if we wish to evolve to it.
"The Department of Internal Affairs has good plans around the best way to evolve our technologies through cross-government platforms; but cloud computing offers some very exciting opportunities; it's very, very important that we manage those opportunities," he says.
Sign up for MIS Asia eNewsletters.