IT governance for business benefits

The most recent research report from the IT Policy Compliance Group finds a strong link between the state of IT governance and an organisation's ability to grow its business.

  • E-Mail
By  Sathya Mithra Ashok Published  June 16, 2008

The most recent research report from the IT Policy Compliance Group finds a strong link between the state of IT governance and an organisation's ability to grow its business.

A recent benchmark research - entitled ‘IT Governance, Risk and Compliance (IT GRC) - Improving business results and mitigating financial risk' - reveals that enhancing competencies, practices and capabilities governing the use and disposition of IT resources can improve business results and reduce financial loss for enterprises.

The research was conducted by the IT Policy Compliance Group, which is dedicated to promoting the development of research and information that will help organisations to meet their policy and regulatory compliance goals.

The research report, which incorporates responses from more than 2,600 global organisations, measures the impact that improvements to data protection, regulatory compliance and IT service level resiliency have had on business results, including customer satisfaction and retention, revenue and profits.

"IT GRC is about managing the business of IT, including its top-line and bottom-line contributions," said Jeff Ogden, director of consulting in MENA for Symantec's global services.

The latest research conducted by the IT Policy Compliance Group provides a factual basis to assess the maturity of current practices, the business outcomes related to existing practices, and the ability to reliably identify the practices and capabilities that are delivering the most value," he added

The raw scores from the report clearly show that firms with better IT GRC results are enjoying much better performance when it comes to satisfying customers, retaining customers, and growing revenues and profits, than all other organisations.

Based on the evidence, from least mature to most mature, the top organisational figures who make the most difference to improving IT GRC maturity include senior management, managers and directors in IT, legal counsel and the audit committee.

In addition to this research report, the IT Policy Compliance Group has leveraged the primary benchmark data collected during the past two years to create a GRC Capability Maturity Model which can be used by organisations to assess maturity levels and the specific practices, competencies and capabilities associated with each maturity level.

Topics researched by the IT Policy Compliance Group benchmarks are part of an ongoing research calendar established by input from supporting members, advisory members, general members of the group, as well as from findings compiled through ongoing research.

The most recent benchmarks included in this report were conducted between December 2007 and March 2008 with 558 separate, qualifying organisations.

The majority of organisations (90%) participating in the benchmarks are located in North America and the remaining 10% of the participants come from countries located in Africa, Asia Pacific, Europe, Middle East and South America.

Key recommendations

• Use a balanced scorecard to improve the delivery of value from IT

• Staff the governance committee with senior business, financial, legal, IT, regulatory and audit committee members

• Drive improvements to business outcomes with a measurable, continuous quality improvement programme throughout IT

• Insist on monthly measurement and reporting to drive improvements

• Increase and automate technology controls to mitigate and avoid financial risk, brand damage and business disruptions

• Improve the skills and automate activities within IT assurance, audit and risk management

• Segment and limit access to sensitive data, where possible, to reduce exposure and costs

• Manage change management and prevention of unauthorised change to avoid higher financial risks and cost inefficiencies

• Continuously measure the effectiveness of controls to maintain an appropriate balance between reward and risk

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code