Research indicates that IT governance is poor

New research indicates that although IT departments are under increasing compliance pressure, providing effective IT governance is difficult because of the divide between IT and the rest of the business.

Nearly 100 technology and compliance professionals were questioned on a variety of IT governance issues by IT Governance Limited, a consultancy delivering advice on governance, risk and compliance.

While 88 per cent of respondents said that their organisation had no board-level oversight committee, only 16.5 per cent said progress was being made to achieving this. This is a worrying trend.

The risks arising with many IT investments mean that board-level IT participation is needed, but because the board is unlikely to be kept up to speed on IT issues, an oversight committee should be used to aid communication between IT and the board of directors. “An IT committee is needed in the same way an audit committee is needed in an organisation,” said an IT Governance spokesman.

The reason for organisations lacking such committees could be because of the little understanding board members have of technology’s importance.

More than 93 per cent of those surveyed said board members did not understand the organisation’s IT risk management focus and 57 per cent said the members did not understand the condition of the businesses IT portfolio.

When it came to questions on frameworks surrounding IT governance, only 9 per cent of respondents said their departments were using standards such as ITIL, CoBIT, ISO17799 or PMBOK and most respondents said the frameworks were not integrated with the company’s enterprise risk management regime.

Alan Calder, IT Governance chief executive, said too many boards had a much too relaxed attitude to governance obligations. “It seems that almost every day we read a new story about lost customer data or expensively failed IT investments. However, it would seem that many board directors simply tune this out mentally and think it is a problem for somebody else.”

Calder said businesses should realise they have a problem when they are fined by the regulators. “We need to see more boards recognising that there is no dividing line between IT and the rest of the business, and that they constantly need to exercise the same governance as they would over finance and marketing.”

Software vendor Borland’s managing director, Steve Gedney, responded to the survey’s results with little surprise. “Anyone keeping half an eye on the IT Industry will be aware of the high number of IT projects that fail to achieve their goals and objectives. Whilst there are a number of reasons for this high failure rate, one of the key factors is the lack of communication and alignment between IT and the business it serves.”

“A greater understanding of the value of IT at boardroom level would go some way to achieving IT governance measures,” Gedney added.