Max Shanahan

Our birthday Standards Heroes have been nominated by their peers to represent all our contributors - individuals we consider to be the real heroes of standards, in Australia and internationally. We thank those who contribute their knowledge and expertise, service, and time to Standards Australia for the benefit of the Australian community.  

Max Shanahan has dedicated 55 years of his professional career to IT. This included 10 years as a programmer/analyst in Australia and the UK, 15 years with the Australian National Audit Office (ANAO), and 5 years with a Chartered Accounting firm before setting up Max Shanahan & Associates in 1999 -2021.    

How did you become involved in standards development? 

I first became involved in 2002 when Standards Australia established a committee for IT Management and Governance (IT030) chaired by Ed Lewis. This workgroup developed AS/NZ 8015, a principle-based standard on the Governance of IT, which formed the basis of ISO/IEC 38500. As a member of that committee, I became the lead editor for AS/NZ 8016, the Governance of IT-enabled projects.  

At the international level, I participated in the development of the ISO/IEC 38500 family of standards, and I was the editor for ISO/IEC 38502 Governance of IT — Framework and model. I also represented ISACA, a professional association of Information Technology, Governance, Security and Assurance professionals, both National and Internationally.    

My focus since then has broadened in line with the development of digital technology. Governance is crucial in the strategic and effective use of new technology. Governance has a significant role in establishing guidance on the trustworthiness of digital technology, and I am the convenor of an Australian Workgroup involved with that issue.    

What role have standards played in your career?   

Standards have always had a significant role in information technology, with the need for agreed technical standards to support interoperability and provide guidance on best practice.  

I was lucky that I received a sound grounding in system development practice as a programmer/analyst within the Commonwealth Public Service in the 60s and in project management in the UK in the early 70s. However, my advocacy for good practice, particularly in project management, grew from involvement in project failures on my return to Australia. I sought to find ways to improve outcomes.  

My engagement with standards escalated when I became an IT auditor in the 80s with the Australian National Audit Office (ANAO). The ANAO, particularly in those early days of IT audit, provided excellent training and opportunities to see how the application of standards worked (or didn't work) in practice. As a senior executive, I was a strong advocate for project management, risk management and security standards.

Involvement with standards in Australia and internationally has enhanced my understanding of the governance implications of new and evolving technology. This served me well as a governance and assurance consultant and in my role as an independent member of audit committees.

What is a project you’ve been particularly proud to have helped deliver? 

I am proud of my overall contributions to governance and management and the development of the ISO/IEC 38500 family of standards. Standards development is a team-driven process requiring patience and cooperation to obtain consensus. The Australian mirror committee is well-regarded internationally and works well as a team. I have been able to contribute through them, as well as a project editor, to develop valuable guidance.    

However, I am also proud of my contributions to the assurance community. I have been active in the Information Systems Audit and Control Association (ISACA) over the last forty years, participating in their certification processes and the development of their COBIT framework. I was nominated to ISACA's hall of fame in 2020.  

Outside of standards development, what have been some highlights of your career? 

I have had 55 years of involvement in IT. This included 10 years as a programmer/analyst in Australia and the UK, 15 years with the Australian National Audit Office (ANAO), and 5 years with a Chartered Accounting firm before setting up Max Shanahan & Associates in 1999 -2021

My time at the ANAO was a significant element of my career. As a member of the Senior Executive with responsibility for IT Audit and the provision of IT Services, I contributed to the ANAO's long-term strategy for the audit of technology. I also commenced my involvement in the IT audit profession at that time. I initiated the Canberra Chapter of the EDP Auditors Association (now ISACA). I represented the Oceania region on the EDPAA Board.  

As an independent consultant, I focussed on IT governance, risk management and assurance in Commonwealth, Northern Territory and NSW Local governance agencies. I developed a course on project governance which I ran in Australia, Canada and Scandinavia. I became a Quality Assessor for the IIA.  I have been involved in Australian Federal and Local government Audit and Risk committees over the last 10 years.  

What do you think the future of standardisation looks like? 

I think we have the fundamental principles of governance correct. We need to do more to establish liaisons and joint working groups across domains to ensure that governance issues are addressed when new technology issues are considered. SC40 has had some success in this already with respect to AI.

We are in an environment of rapid change driven by innovations in digital technology.     Organisations have to respond quickly to changes in their environment, and the IT profession and standard setters are responding to that need with Agile methodologies. The standard setting process also has to react quickly to such new developments while adapting and strengthening the core standards that provide protections. This may require different ways of working, perhaps with more emphasis on white papers to provide advice quickly.

Is there anything you’d like to say or mention about Standards Australia’s centenary year? 

Australia has participated in IT-related standards for a long time. Standards Australia's role in developing IT standards is well respected internationally.  The standards for governance and management of digital technology will be significant going forward as a key element of the Nation's Digital Strategy.  

It is time to celebrate Standards Australia, its volunteers and staff.