- Published: 01 February 2011
- Written by NStinchcombe
A major survey from ISACA, a not-for-profit IT governance and security association, confirms the central role that governance plays in information security within large organisations and stresses the fact that 95% of IT professionals within major organisations consider governance to be important.
The study conducted by the IT Governance Institute (ITGI), ISACA’s research affiliate is titled the “Global Status Report on the Governance of Enterprise IT (GEIT) 2011.” It says that two thirds of respondent enterprises have some GEIT activities in place, with the most common being the use of IT policies and standards, followed by the employment of defined and managed IT processes.
According to Rolf von Roessing, CISA, CISM, CGEIT, international vice president of ISACA, the report highlights that the main driver for activities related to GEIT is ensuring that IT functionality aligns with business needs.
"It also shows that the most commonly experienced outcomes are improvements in the management of IT-related risk, as well as communications and relationships between business and IT," said von Roessing. "Obviously, these issues are important to ISACA’s global membership, which now tops the 95,000 mark, as governance and regulatory compliance are at the heart of the modern information security curriculum."
Von Roessing explained that, with regulatory compliance now high on the agenda of most corporate boardrooms especially in Europe, where best practice compliance is now a statutory requirement in many areas of business, the report makes some interesting, valid points.
t's clear, he says, that the right governance enablers can help ensure that the implementation of IT plans within major organisations is as smooth as possible.
"As the report says, it is now a fact of business life that specific events, activities or even crises will arise that require some GEIT objectives to take precedence over others. It is equally important that managers should take a balanced and holistic view of the five GEIT focus areas - strategic alignment, risk management, value delivery, resource management and performance," said von Roessing.
And, when you dip further into the report, he added, you begin to realise the importance of IT in the management process, as 70 per cent of respondents to the ISACA survey indicated that the head of IT in their organisation is also a member of the senior management team.
"More than anything, the results of our survey confirm the significance of IT in many enterprises. However, there is still a lot of work to be done, as researchers have found that it is still common in smaller enterprises for the head of IT not to be on the senior management team," said von Roessing.
"It is also worth noting that other frequently stated reasons for IT not being on the senior management team are that IT is a support function (32 per cent), and that IT is adequately represented by another member of the senior executive team (32 per cent again),” he added.
"Our in-depth report is a timely indicator that, whilst great strides have been made in helping industry to understand the central role that IT has in a business, IT professionals and security professionals in particular should not rest on their laurels."
Full results of the study are available as a free download from www.isaca.org/ITGI-Global-Survey-Results.
With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Follow ISACA on Twitter: http://twitter.com/ISACANews