In this study we evaluate ISO/IEC 38500:2008, the Corporate Governance of Information Technology standard, as a design artefact in the context of development and deployment of a large IT system in a public/private-sector context. The findings show that ISO/IEC 38500:2008 has merit as an analytical framework, providing a good basis upon which to objectively evaluate the corporate governance of IT. Further, the study identified specific areas where the standard could be enhanced to take better account of the IT governance requirements of inter-organisational IT systems in public/private-sector contexts. For example, the standard does not adequately address possible agency effects in inter-organisational contexts, the kinds of relational mechanisms that might be needed, or ways to govern the negotiation of diverse and sometimes conflicting stakeholder world views. We conclude by proposing an IT governance model illustrating the need for balance between principle-based and procedure-based approaches for different levels of IT governance.
Campbell, John; Wilkin, Carla L.; and Moore, Stephen, "Investigation of the Comprehensiveness of the ISO/IEC 38500:2008 Standard in an Inter-organisational Public/Private-sector Context" (2011). ACIS 2011 Proceedings. 94.