The release of a voluntary Australian Standard AS8015-2005 “Corporate Governance of Information and Communication Technology” by Standards Australia (2005) has emphazised the importance of ITG for Australian organizations. Further, there are a number of international standards which are relevant to ITG. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) released ISO/IEC 27001 and 27002 on information security in 2005 (ISO/IEC, 2005a; ISO/IEC 2005b). These standards aim to provide clear guidelines of best practice on information security management across 12 key sections and replace prior standards on this issue. Standard ISO/IEC 12207 on the software life cycle processes, which was amended in December 2004, is also relevant to ITG of organizations. This standard establishes processes and activities applicable to the acquisition and configuration of software services (ISO/IEC, 2004a). The international standard on Software Process Improvement and Capability Determination (SPICE) ISO/IEC 15504 assists organizations to assess their overall capabilities for delivering software (ISO/IEC, 2004b).