Illinois: Despite the tough economy, one in three IT professionals in India believes that companies should take bigger risks with business projects related to information technology (IT). According to a survey of 463 IT professionals in India, their companies should take on riskier projects that often have a higher return on investment. Conducted by ISACA, a global association of 86,000 IT governance, security and assurance professionals, the survey found that more than one-third (34.4 percent) of respondents believe that their own organizations are too risk-averse and may be missing out on opportunities to increase value. 
While more than 85 percent of respondents think their organization effectively integrates IT risk into overall risk management, more than 30 percent say that business lines are not willing to fully engage in risk management. This lack of engagement was reported to be the top hurdle to effectively addressing IT-related business risk, but budget limits (29.6 percent) and uncertainty of how to tailor best practices to the environment (18.1 percent) are also problematic, according to the IT professionals surveyed.Encouragingly, compliance with governmental regulations is not the top driver for organizations' risk management activities. Instead, ensuring that current functionality is aligned with business needs (41.1 percent) was named the primary reason for risk management programs, with compliance following at a distant second (19.5 percent). Interestingly, fewer than 10 percent of respondents said managing costs was a primary driver."These statistics indicate that organizations are realizing that IT risk management is critical to the business, and that it must be incorporated with overall business risk management for the organization to be most successful," said Robert Stroud, CGEIT, International Vice President of ISACA. "They are no longer engaging in effective risk management for the sake of compliance, but are doing so because it benefits the enterprise."Communication continues to be a vital component. The most important action an organization can take to improve risk management, according to 35.4 percent of respondents, is to increase awareness among employees. Organizations should Improve coordination between IT risk management and overall enterprise risk management (31.5 percent). Also, increase the use of best practices (21.7 percent). Companies should provide executive management with a "single view of risk" as opposed to risk silos (11.4 percent). "One critical way to get everyone on board with risk management is to use a common framework, such as Risk IT," said Urs Fischer, CISA, CIA, CPA (Swiss), Chair of ISACA's Risk IT Task Fhey do not need to reinvent the wheel."
While more than 85 percent of respondents think their organization effectively integrates IT risk into overall risk management, more than 30 percent say that business lines are not willing to fully engage in risk management. This lack of engagement was reported to be the top hurdle to effectively addressing IT-related business risk, but budget limits (29.6 percent) and uncertainty of how to tailor best practices to the environment (18.1 percent) are also problematic, according to the IT professionals surveyed.Encouragingly, compliance with governmental regulations is not the top driver for organizations' risk management activities. Instead, ensuring that current functionality is aligned with business needs (41.1 percent) was named the primary reason for risk management programs, with compliance following at a distant second (19.5 percent). Interestingly, fewer than 10 percent of respondents said managing costs was a primary driver."These statistics indicate that organizations are realizing that IT risk management is critical to the business, and that it must be incorporated with overall business risk management for the organization to be most successful," said Robert Stroud, CGEIT, International Vice President of ISACA. "They are no longer engaging in effective risk management for the sake of compliance, but are doing so because it benefits the enterprise."Communication continues to be a vital component. The most important action an organization can take to improve risk management, according to 35.4 percent of respondents, is to increase awareness among employees. Organizations should Improve coordination between IT risk management and overall enterprise risk management (31.5 percent). Also, increase the use of best practices (21.7 percent). Companies should provide executive management with a "single view of risk" as opposed to risk silos (11.4 percent). "One critical way to get everyone on board with risk management is to use a common framework, such as Risk IT," said Urs Fischer, CISA, CIA, CPA (Swiss), Chair of ISACA's Risk IT Task Fhey do not need to reinvent the wheel."
No comments:
Post a Comment