IT Governance Still Poor Step-Child

While more than 91% of executives recognize IT is vital to the success of their businesses, more than two-thirds of CEOs are not comfortable answering questions about governance and control over their IT processes.

This finding comes despite the fact that Sarbanes-Oxley (SOX) in the U.S., and increased scrutiny worldwide, is focusing attention not only on enterprise finances, but on the IT processes that underlie the financial systems of any corporation.

These findings come from the as yet to be released IT Governance Global Status Report from the IT Governance Institute (ITGI), conducted by PricewaterhouseCoopers (PwC) for the Information Systems Audit & Control Association (ISACA). ITIG is the research arm of the not-for-profit ISACA.

The report, which is due out in July, also found that although 76% of business leaders are aware they have IT problems that could be resolved by implementing an IT governance framework, a ‘staggering’ 42% are not considering implementing any such program.

“The IT Governance Global Status Report provides tremendous insight into the state of IT governance and the gaps that must be closed if executives are to confidently certify their financial results,” said Marios Damianides, a partner with Ernst & Young, and international president of ITGI. “While executives and board members clearly understand the importance of IT to their business, they must also recognize the vital importance of a well controlled IT environment.”

Because the survey covered the globe (some 335 CEOs and CIOs in 21 countries spanning all continents were interviewed for the report) the numbers are somewhat skewed towards the high-side due to Asian companies not doing business in the U.S. or Europe, said Gary Hardy, a consultant with South African-based IT Winners and ITIG’s technical coordinator.

Hardy also points out that IT governance is still a fairly new area and, therefore, many companies are still in the early stages of exploring its implementation.

“The general feeling is, whilst on the one hand, one would have thought everyone should be doing it because it seems obvious to us that it’s needed,” said Hardy. “I think the reality is, it’s still something that’s being adopted.”

The report also found a clear, positive relationship between the effectiveness of IT governance measures and the frequency with which IT is discussed at the board level.

Companies that say IT is always on the board agenda reported:

  • better measurement of IT performance;
  • better management of IT resources;
  • better risk management;
  • better delivery of business value through IT; and
  • better alignment of IT with the company strategy.
  • The report also found that:

  • More than 93% of business management recognizes that IT is important for delivering the organization’s strategy.
  • There is a worldwide consensus about the importance of IT for delivering the overall strategy of the organization. This is observed across most industries (IT/telecom, financial services, manufacturing and public sector — average 93 percent). The retail sector considers it somewhat less important for the delivery of their overall strategy.
  • Somewhat paradoxically, general management perceives the importance of IT for the delivery of the overall strategy slightly higher than does IT management.
  • The top three CIO concerns are operational effectiveness, compliance and better alignment (ROI) with business strategy.
  • In late 2003, commissioned PwC to conduct a research survey to gain a better understanding of the IT governance global marketplace and the opportunities it might contain for the ITGI.