Only 12 Percent Of Companies Have Adequate IT Governance, Research Indicates

Share Article

Only 12 percent of businesses take technology seriously enough to operate full board-level oversight of their IT resources, according to new research from IT Governance Limited. IT governance frameworks, such as ITIL, CoBIT and ISO27001, also appear to be used in less than 50 percent of organisations.

Only 12 percent of businesses take technology seriously enough to operate full board-level oversight of their IT resources, according to new research from IT Governance Limited. Despite increasing compliance pressures under Sarbanes-Oxley, the UK Combined Code, HIPAA and other regulatory regimes, boards still appear to be lagging badly in implementing appropriate IT governance measures. IT governance frameworks, such as ITIL, CoBIT and ISO27001, also appear to be used in less than 50 percent of organisations.

IT Governance Limited is the one-stop-shop for books, tools, training and consultancy on Governance, Risk and Compliance. Last month, it polled opinions of almost 100 technology and compliance professionals on a range of IT governance issues.

Despite the critical importance of technology to most organisations, only 12 percent said that IT governance was important in their organisations and that board-level IT oversight committees existed. While a further 16.5 percent reported that progress was being made towards achieving this, more than 50 percent indicated that this was far from the case.

Respondents were similarly sceptical about the grasp that board members have of technology's importance. Less than 7 percent said that board members understood the risks posed to business operations by information and IT systems. In contrast, 49 percent said this was not the case, with over 22 percent stating this emphatically.

Over 57 percent said that directors and officers failed to understand the age and health of the current IT portfolio and the business implications of deferring maintenance. Meanwhile, less than 37 percent said that IT governance frameworks were integrated with their company's enterprise risk management regime, with less than 7 percent saying that this was achieved fully.

Asked if their companies used standard IT governance frameworks, such as ITIL, CoBIT, ISO17799 or PMBOK, 9 percent said yes, and 19 percent said that good progress was being made towards this. However, over 21 percent said such frameworks were used only occasionally, and fully 30 percent indicated that they were not used at all.

Commenting on the findings, Alan Calder, chief executive of IT Governance, said: "These findings are a startling insight into the excessively relaxed attitudes that many boards have towards their governance obligations. It seems that almost every day we read a new story about lost customer data or expensively failed IT investments. However, it would seem that many board directors simply tune this out mentally and think it is a problem for somebody else. This could not be further from the truth, as the costly fines meted out by regulators to an increasing number of businesses demonstrate. We need to see more boards recognising that there is no dividing line between IT and the rest of the business, and that they consequently need to exercise the same governance as they would over finance or marketing."

IT Governance Ltd is a leading authority on data security and IT governance for business and the public sector. It is the world's most comprehensive publisher and distributor of books, tools, information and advice for Governance, Risk Management and Compliance. IT Governance is 'non-geek': it approaches IT issues from a non-technology background and talks to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at http://www.itgovernance.co.uk.

Alan Calder is an international authority on information security management. He led the world's first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, 'IT Governance: A Manager's Guide to Data Security and BS7799/ISO17799'. The 3rd edition of this book is the basis for the UK Open University's postgraduate course on Information Security. He is a consultant to companies including Cisco. He regularly blogs on IT security issues at http://alancalder.blogspot.com/.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

MARC CORNELIUS
Visit website

Media