Enterprise executives have converged on Sydney to talk security and the future of IT governance.

The Computer Audit, Control and Security Conference (CACS) 2008 conference will bring together IT professionals from BDO Kendals, Brisbane City Council and the Commonwealth Bank to discuss the role of IT as a business enabler and the latest developments in IT security.

Howard Nicholson, vice president of professional services organisation and conference sponsor ISACA – formerly the Information Systems Audit and Control Association – said CIOs must understand IT governance to be successful.

“If IT is not contributing value to the business, it is destroying it. If your security leaks like a sieve, you'll lose customers and reputation,” Nicholson said.

“IT governance has only been formally recognised over the last three years. Professionals the field have managed governance across all industries that need to align IT with business strategies.

“You're in trouble if you can't sum up your business objectives in a sentence. Even though senior directors are more tech savvy now, they sometimes don't understand the real business objectives and therefore don't know the role of IT.”

Nicholson, a former audit manager for Centrelink and IT staffer for 23 years, said outsourcing is the biggest challenge to hit IT governance because it can be difficult to see where business data resides or who has access to it.

“Do you know where your data is? Senior executives often think they have a handle on IT but the outsourcers also outsource, so we need to make sure those accountable know the risks,” Nicholson said.

He said IT governance will be a critical part of the CIO role within five years will require a handle on IT governance in order to base decisions on business needs and the inherent risk of each project.

Knowing how to plan projects or when to can them is an invaluable skill in IT governance, Nicholson said, because it can improve or seriously damage business operations. He said some of the best examples of good governance is shown by managers who save potentially hundreds of millions by re-evaluating ailing projects, “even if stopping it costs of $20 or $30 million”.

Australia is set to lead the world in IT governance, Nicholson said, because locally produced standards and industry practice are simpler and better planned than international developments. He said Australian practices, such as the AUS4360 security standard which is vieing for ISO 3100 accreditation, have fewer mistakes and are built with better insight.

ISACA has created an IT governance certification program dubbed “Certified in the Governance of Enterprise IT” (CGEIT), that recruits professionals with eight years' experience in the field as mentors for CEOs, CIOs, and IT managers looking to understand how IT can better serve business operations. Nicholson said student and mentors, who include business executives, IT managers and consultants, should understand both IT and the business but need only an “extremely broad understanding of IT”.