Awareness of IT Control Frameworks in an Australian State Government: A Qualitative Case Study

IT control frameworks set out best practices for IT actions, processes and monitoring within organisations, and are believed to lead to more effective IT governance. It is difficult to assess the adoption, awareness and perception of the value of the frameworks in the Australian public sector, due to the limited academic literature available. The exploratory research reported in this paper evaluated the awareness and understanding of IT control frameworks in three public sector agencies within an Australian state government, adopting a flexible definition of IT control frameworks. Comparison was made between the level of awareness and the outcomes of recent internal and external IT audits for the agencies, where available. Qualitative data were gathered from internal documentation and nine interviews, seeking IT and business-oriented perspectives. No use of formalised IT control frameworks was found, although informal approaches were noted. Awareness and understanding of IT control frameworks in the agencies appeared limited. The agencies investigated will lack motivation to derive value from utilising IT control frameworks without increased awareness of their purpose. Further research is warranted in this area, including the investigation of effective mechanisms for raising awareness of the potential of the frameworks.