Professional Documents
Culture Documents
IT Governance Regulation
An Australian Perspective
By Wayne Jones, CISA
Description
Governs the protection and storage of
privacy and transborder flow of
personal data. Establishes a set of
Information Privacy Principles (IPP)5
and National Privacy Principles (NPP).6
Ensures that business regulation is
consistent with promoting a strong
and vibrant economy. Two key
principles underpinning the CLERP
initiative are the development of a
consistent regulatory and legislative
framework and improved international
harmonisation.
Endnotes
www.standards.com.au/catalogue/script/Details.asp?
DocN=AS964071607297
2
www.shareholder.com/visitors/dynamicdoc/document.cfm?
documentid=364&companyid=ASX
3
www.imsc.gov.au/
4
www.privacy.gov.au/act/privacyact/index.html
5
www.privacy.gov.au/publications/ipps.html
6
www.privacy.gov.au/publications/npps01.html
7
www.asic.gov.au/asic/asic_polprac.nsf/byheadline/CLERP
+9?openDocument
1
IT Governance Regulation
A Latin American Perspective
By Leonidas Anzola, CISA
To understand the level of maturity of IT governance
regulation in Latin America, one needs to look at the way in
which new tendencies, methodologies and practices are adopted
and implemented in this region. Most organizations in Latin
America are exposed to trends that influence them to adopt new
practices; these could be summarized in the following manner:
Administrative policies of first-world companies, enforced
within their regional multinational offices
International stock market regulations in which Latin American
entities participate
The existence of far-sighted individuals who promote new
tendencies learned at conferences or during training abroad
In all of these cases there is a common factorthe adoption
and implementation of newer practices usually fall behind
leading regions by at least six months. Normally, the
implementation of regulatory policies is even further behind.
Another situation that affects the way practices are adopted
and implemented is the fact that many business managers and
members of the boards of directors of these entities are not
comfortable around technology yet. Therefore, technological
decisions and tendencies are still generally the domain and
responsibility of the technical staff. There is the need to
understand that technology is just setting a foothold in these
economies in which human labor is still cheaper to acquire than
technological solutions. All these circumstances affect the
implementation of IT governance regulation.
As some Latin American companies begin to comply with
best practices and regulations due to the mentioned influences, it
will create a bandwagon effect that will carry over to other
regional entities and government. As corporate governance, the
US Sarbanes-Oxley Act and the need to provide IT value to the
business issues arise, more Latin American organizations will
begin to pay attention, thus making IT governance and IT
governance regulation topics to examine.
Even after all these obstacles, some initial steps in IT
governance regulation are being taken in known, progressively
established countries in this region. Of course, this progress
varies depending on the country, making Argentina, Uruguay,
Paraguay and Costa Rica some of the most advanced in IT
governance regulation. Examples of such activity are: the
superintendent of banks of the Central Bank of Paraguay issued
a resolution making it mandatory for all banks and other
financial institutions in the country to adopt COBIT; the Uruguay
Central Bank adopted COBIT for the whole Uruguayan financial
market; and the Honorary Tribunal of Mendoza, Argentina,
adopted COBIT as the control framework for all entities that
provide accounts in the province of Mendoza. It is expected that
other countries, such as Mexico, Chile, Colombia and Panama,
will follow through accordingly in the implementation of IT
governance regulation, policies and practices. In summary, it can
be said that the level of maturity of IT governance regulation in
the Latin American region is in its initial stage, but it promises
to move forward rapidly.
IT Governance Regulation
An Asian Perspective
By John Ho Chi
The term governance is well known in many parts of Asia,
as evidenced by the codes on corporate governance practices
that have been released in recent years by various countries in
the region. Some countries perform periodic reviews and update
their codes to ensure that they are aligned with leading practices.
While these codes assist organizations in the adoption of
corporate governance, there is little mention of IT governance.
Accordingly, the awareness of IT governance is not widespread
in the Asia region.
The awareness and use of COBIT is increasing in Asia.
For example, in the Union Bank of the Philippines, the CEO and
chairman has given his full commitment and support for COBIT
implementation, as have the Bank Negara Malaysia (Malaysias
central bank) and a number of large companies in the region.
The implementation of IT governance (where COBIT may be
used as a tool to achieve this) will need to take into account
cultural differences in Asia, according to Abdul Hamid,
international vice president of ISACA and ITGI.
He also said that among the domains in IT governance, risk
management appears to be top on the list of current priorities in
Asia, given the recognition that information security is
important. This is followed by resource management, where IT
outsourcing is the most topical issue. In the domain of value
delivery, most governments in Asia (e.g., India, Japan, Korea,
Singapore and Malaysia) are increasingly focused on
e-government initiatives in their respective countries.
This appears consistent with recent media coverage of the
topic and also the increase in the number of conferences and
workshops focusing on IT governance. An upcoming CIO
conference in March 2005, organized by the Institute of System
Science, National University of Singapore, features the theme
IT GovernancePractices, Opportunities and Challenges. The
keynote address will be delivered by Alex Siow, vice president
strategic relations, Starhub Ltd. The conference also features
Abdul Hamid.
DBS Bank, Singapores leading bank, with customers in
various countries in Asia, was featured as a case study by Peter
Weill and Jeanne R. Ross in their Harvard Business School
publication on IT governance. The case study cited that DBSs
IT investments are guided by a set of principles that include
governance, data and system ownership, and architecture.
Information Systems Control Journal, formerly the IS Audit & Control Journal, is published by the Information Systems Audit and Control Association, Inc.. Membership in the association, a voluntary
organization of persons interested in information systems (IS) auditing, control and security, entitles one to receive an annual subscription to the Information Systems Control Journal.
Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of the Information Systems Audit
and Control Association and/or the IT Governance Institute and their committees, and from opinions endorsed by authors' employers, or the editors of this Journal. Information Systems Control Journal
does not attest to the originality of authors' content.
Copyright 2004 by Information Systems Audit and Control Association Inc., formerly the EDP Auditors Association. All rights reserved. ISCATM Information Systems Control AssociationTM
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the
association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles
owned by the Information Systems Audit and Control Association Inc., for a flat fee of US $2.50 per article plus 25 per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume,
and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the
association or the copyright owner is expressly prohibited.
www.isaca.org