Breaking News Bar
updated: 11/21/2017 1:44 PM

Survey finds execs see importance of IT governance, but few do it

hello
Success - Article sent! close
  • Frank Schettini

    Frank Schettini

  • While many companies are making gains in bring IT oversight to the executive level, there is still a gap between that awareness and integration of IT governance in business strategies, according to a recent survey from Rolling Meadows-based IT association ISACA.

    While many companies are making gains in bring IT oversight to the executive level, there is still a gap between that awareness and integration of IT governance in business strategies, according to a recent survey from Rolling Meadows-based IT association ISACA.

 
 

If there is an upside to the increase of global cybercrime, it's that businesses have become more aware of the need of moving IT's importance from a room in the basement to a seat in the boardroom.

However, according to a recent study from Rolling Meadows-based IT association ISACA, a "governance gap" remains between the company leaders recognizing that need and the actual integration into its overall structure.

The survey, believed to be the first of its kind in the industry, asked executives from businesses in 87 countries last summer to gauge the level of IT governance. A total of 732 people from a broad range of industries responded to the survey.

Given the rise in cybercrime and the integration of technology into the workplace, nine out of 10 senior leaders agreed better governance of IT leads to better economic outcomes and more business agility, while two-thirds of the organizations have increased spending on risk management in the past year.

However, the survey also found more than two-thirds believe their company's top leaders need to prioritize strengthening connections between IT and business goals, while barely more than half agree that their boards and executive teams are doing all they can to safeguard the organization's digital assets.

"Technology is something that is an enterprisewide mandate," said Frank Schettini, chief innovation officer at ISACA, noting that technology is integrated throughout a company's operation. "It has to factor into their processes."

Schettini stresses the need to make IT an integral part of a company's system of rules, practices and processes is important not only to increase its cybersecurity needs, but also to assure its technology can help the company meet its strategic goals.

While the survey participants recognize that, putting it into practice is still lacking, Schettini said.

"Executives get it from a messaging perspective, but they haven't built the processes around it," he said. "So you'll see in boardrooms that technology is the focus of the IT group, instead of how does the whole organization leverage technology."

Having a governance framework in place -- like a series of checks and balances -- is important to a company adopting IT into its overall strategy, he said. Yet the survey found one in five companies don't use a governance framework model.

"And the 80 percent that do most likely do not use across the entire enterprise, but only across certain areas," he added.

"Your threats, your challenges, your opportunities all come from the technology domain," Shcettini said. "You have to be more cyber aware, as well as tech aware, going forward. To do that, it's important to have a strong governance framework in place."

Schettini also said awareness needs to be at the board level as well, and added ISACA recommends board members and C-level executives be more tech savvy in order to better understand the challenges and opportunities in the realm.

"We see some board members who get fascinated with the technology, and that's cool. But in the role of the board, they need to be looking out for the overall governance of the enterprise itself," he said.

Fortunately, Schettini said more companies are recognizing the potential risks involved with not being tech and cyber savvy, which will further the cause of bringing IT governance to the forefront.

"I hope in another year, when we do this survey that we see an increase in the amount of governance adoption," he said. "I do hope and do predict in five years we're not going to be talking about cybersecurity, because it's going to be implemented in everything we do."