to business procedures and applications that directly impact customer retention, sales,revenues, profits, and expenses.
Although valid, this view as the sole way to measure the value of IT is under siege as more organizations experience increasing loss or theft of customer data and endure the fallout from these events, including customer defections, revenue losses, declines in public capitalization, increases in expenses, and short-term profit declines. Not limited to managing and protecting customer data, IT is being challenged to maintain nearly 100 percent uptime to avoid business disruptions while cost-effectively responding to numerous legal requests, statutes, and regulatory audits.
In today’s global economy, the livelihood of the organization is linked to how well the IT function manages the availability, integrity, and confidence of the information and IT systems used to operate core business procedures. Whether it is protecting information or meeting legal and regulatory requirements, the challenge confronting IT managers in an increasingly interconnected world means managing business opportunity and risk simultaneously.
The most recent research conducted by the IT Policy Compliance Group shows that improvements to data protection and compliance are paying big dividends among firms with the most mature governance, risk management, and compliance management practices.
These include:
• Consistently higher revenues than all
other firms
• Much higher profits than all others
• Better customer retention rates
• Dramatically lower financial risks and losses
from the loss or theft of customer data
• Significantly reduced financial impact
from business disruptions caused by
IT disruptions
• Much lower spending on regulatory audit
Unfortunately, only slightly more than one in ten firms are enjoying the extraordinary business benefits associated with these most mature practices.
In contrast, about seven in ten organizations are experiencing business results that are half of what the leading firms deliver while also posting financial losses that are much higher. Moreover, most of these firms are overspending on regulatory compliance due to high use of manual procedures and less mature practices.
The worst performers, about two in ten organizations, are experiencing much lower
business results than all other firms, much higher financial losses, and much more
difficulty with regulatory and legal mandates.
What is striking from the research is the organizations with best business results are the same firms with the most mature practices. The converse is also true: the organizations with the worst business results are the same firms with the least mature practices. Defining IT GRC broadly as (1) the management of value delivered to the organization by IT; (2) the management of risk associated with the use and disposition of IT resources; and (3) the management of compliance with corporate policies, legal statutes, and regulatory audits, this annual report shines a spotlight on the competencies, capabilities, and practices that are most responsible for influencing and impacting business rewards and risks.
IT GRC, business results, and GRC capability maturity Simply put, the more mature the practices for managing reward and risk, the better the business results of the organization and the lower the financial risks. Conversely, the less mature the IT practices, the worse the business results and financial losses
(see Figure 1).
Firms with the most mature IT GRC practices experience, on average, 8.5 percent more
revenue than those operating in the middle of the normative range. Compared to the
least mature, the most mature firms are experiencing revenues that are 17 percent
higher. Similar disparity in results for expenses in IT, profits for the firm, customer
satisfaction, and customer retention show that the maturity of IT GRC practices for
managing reward and risk has a direct impact on the organization.
Figure 1. Operating results and IT GRC maturity
Source: IT Policy Compliance Group, 2008
To know more click here 2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk.
Other Symantec Resources, Webcasts & White Papers
No comments:
Post a Comment