IT governance efforts no longer a priority

An IT Governance Institute survey of C-level executives indicates that security and compliance issues have moved to the bottom of the pile, as far as IT is concerned.

The study is the result of about 700 interviews with CEOs and CIOs in 22 countries. According to their responses, staffing and ROI issues rank at the top, while IT transparency issues and outsourcing concerns are in the middle of the pack.

According to the accompanying report published by the institute, these results may be a surprising, but could “reflect the results of the recent significant efforts put into IT security projects and compliance programmes (e.g. Sarbanes-Oxley in the U.S.).”

In other words, enterprises have already expended money and effort in creating IT solutions and may be satisfied that they are addressing security and compliance concerns. Another explanation may be the group that was targeted by the survey, said Michael Cangemi, editor-in-chief of IS Control Journal and a past president of the Information Systems and Control Association.

“Those guys are more worried about the business, they’re more worried about return on investment. That’s why staffing comes up (as a top priority): they probably can’t find the people,” he said. “That’s what most business leaders are concerned about; making money.”

But governance and compliance issues should be top of mind within any organization, said Barry Saunders, an audit associate in the Auditor General’s office in Winnipeg and chair of the Winnipeg chapter of ISACA.

“Governance is something that needs to come from the top. Somebody on the board needs to say, ‘This is the way it has to be done,’ and it has to filter all the way down to the janitor, basically,” he said.

He added that, ideally, governance should come from a specialist on the board of directors and be filtered through the CEO and down through the organization. “The board has to be the one that drives it,” he said.

The lack of knowledgeable board members was what led to the corporate meltdowns and accounting scandals of recent years, he said.

Saunders added that he wasn’t surprised security is low on the list of C-level concerns because, paradoxically, it has become such a buzzword in recent years. The main issue isn’t deploying security solutions, he said, but the need to keep staff vigilant.

“Most people are more accepting of security. They’re no longer writing their passwords and putting them on their terminals,” said Saunders. “Part of that’s an educational process. It has to part of any security program. You can have all the best controls in the world, but if people aren’t following them, the more trouble you’re going to get into.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs