Governance · Managment · Security · Procurement

Expert advice and assistance on information and digital technology challenges for organisations large and small

itControl has over 35 years of experience with the management, direction and control of information and digital technologies.

We offer cost effective advice and management support to help you minimize risk and maximize value in dealing with all aspects of information and digital technologies.

We focus on strategy and empowerment within your organization to achieve your objectives.

We are fiercely independent and our advice to you is unbiased

Our Services

Governance & Management

Governance and Management Word Cloud

Governance and Management are similar but different. Governance is about ensuring the right things are done whilst Management is about doing things right.

itControl has been a leader in the field of governance of information technology for many years and is able to assist in guiding your organization in this area.


  • is the system of direction and control of an organization
  • is the system by which the accountability of the organization to its stakeholders is delivered
  • is about the whole organization
  • is delivered by strategies and policies


  • involves being accountable within the constraints of governance for the running of the organization
  • includes the requirement for adherence to the strategies and policies determined through governance and holding employees accountable for their actions

Governance is typically the function of a governing body such as a board. In smaller organizations governance and management are often delivered by a small number of individuals. In many cases governance and management are done by the same person or persons.

The governance of information technologies includes all aspects of digital enablement. Most board members have deep and wide understanding of relevant financial, legal, management and commercial issues. Board members and owners do not need a detailed knowledge of information technologies but they do need a sound understanding of the implications of these technologies for their organization. This understanding must be sufficient to make judgements, to make planning decisions and formulate appropriate policy.

Managers are responsible and accountable for the implementation of policies set by the governing body. At times even highly knowledgeable and competent IT managers have difficulty in clearly communicating an understanding of their responsibilities to boards.

A lack of understanding or lack of communication of the governance and management implications of information technologies can lead to excessive expenditure, lack of performance and considerable risk.

itControl has over 40 years of experience in IT, including management, and over 20 years of experience in governance including participating in and leading the development of the ISO/IEC standards for the governance of IT.

A unique combination of knowledge and understanding of the governance and management of information technologies enables itControl to assist boards, business owners and managers in achieving an appropriate understanding.

itControl helps boards and owners discharge their governance responsibilities and accountabilities with confidence while helping managers define their approaches to managing IT.

Security & Privacy

Privacy and Security Word Cloud

There is an increasing requirement for all Organisations, regardless of size, to address security and privacy issues when undertaking digital and related development.

The principal drivers of this requirement are:

  • Organizations now have nearly all their information resources stored on computer systems both in the cloud and on directly controlled systems.
  • Increased legal pressure around privacy and information has transformed the risks associated with these stored information resources.

Cyber security is fundamental to both privacy and security and it is important to choose the right business partner to help you address this these risks.

itControl has been a significant supplier of cyber security services for over 30 years and has now refocused its strategic direction to only providing advice in this field.

This unbiased advice avoids the inherent conflicts of interest which others may have as providers of services while also being vendors of hardware and software.

And by focusing on the definition and evaluation of risks, we provide sensible policy advice to help ensure the best possible outcomes for our clients.


Procurement Word Cloud

Successful businesses understand the importance of technical expertise and the application of cost benefit analysis when investing in information and digital technologies.

Maximising this investment return requires a business to consider all phases of the procurement process including:

  • Defining the problem or issue
  • Determining the available options
  • Identifying suitable technology suppliers
  • Developing an implementation roadmap
  • Preparation of RFQs, evaluation of proposals and price negotiation
  • Installation and implementation

itControl can help you with all or selected phases of the procurement process starting with the fundamental decision – do we need it and why?

Because itControl is no longer a sales organisation we can give you an unbiased view on the decisions needed and the viability of the alternatives such as; retiring, retaining, updating or replacing systems.

This allows us to help maximise the return on your investment and ensure the actual purchase outcome is fully defined and that this outcome is consistent with the intended outcome.

John Graham, Director

John Graham has immense understanding of IT based on over 40 years of wide ranging and deep experience in management, development and advice in many areas of IT.

This experience ranges from development and management of large systems in an education environment, development and management of a significant system integration business and high level assistance in the management and development of client systems.

He has been active in providing guidance and applying current thinking in design of IT infrastructure, specification and procurement in IT as well as privacy, cyber security and governance of IT to a wide range of organizations.

He is a Fellow of the ACS, a Life Member of the Australian College of Educators and an ACS Certified Professional.

He has been involved in both national and international standardisation as one of the key authors of the original Australian standard on the governance of IT and became deeply involved in the internationalisation of this standard as ISO/IEC 38500.

He was Chair of the ISO/IEC JTC1 Study Group on Governance of IT and the Convener of the international working group JTC1 WG6 Corporate Governance of IT from 2008 to 2012.

He is the current Project Editor for ISO/IEC 38500:2015 and the ACS Representative on the Standards Australia JTC 1 Strategic Advisory committee.

He is a member of the ACS Cyber Security Committee and has been appointed to the AUDA General and Technical Advisory Committees.

Business Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday   9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm
Saturday Closed
Sunday Closed
Privacy Policy