2008 Annual Report: It Governance, Risk And Compliance - Improving Business Results

102 25
Although valid, this view as the sole way to measure the value of IT is under siege as more organizations experience increasing loss or theft of customer data and endure the fallout from these events, including customer defections, revenue losses, declines in public capitalization, increases in expenses, and short-term profit declines. Not limited to managing and protecting customer data, IT is being challenged to maintain nearly 100 percent uptime to avoid business disruptions while cost-effectively responding to numerous legal requests, statutes, and regulatory audits.
In todays global economy, the livelihood of the organization is linked to how well the IT function manages the availability, integrity, and confidence of the information and IT systems used to operate core business procedures. Whether it is protecting information or meeting legal and regulatory requirements, the challenge confronting IT managers in an increasingly interconnected world means managing business opportunity and risk simultaneously.
The most recent research conducted by the IT Policy Compliance Group shows that Improvements to data protection and compliance are paying big dividends among firms with the most mature governance, risk management, and compliance management practices. These include:
Consistently higher revenues than all other firms
Much higher profits than all others
Better customer retention rates
Dramatically lower financial risks and losses from the loss or theft of customer data
Significantly reduced financial impact from business disruptions caused by IT disruptions
Much lower spending on regulatory audit
Unfortunately, only slightly more than one in ten firms are enjoying the extraordinary business benefits associated with these most mature practices.
In contrast, about seven in ten organizations are experiencing business results that are half of what the leading firms deliver while also posting financial losses that are much higher. Moreover, most of these firms are overspending on regulatory compliance due to high use of manual procedures and less mature practices.
The worst performers, about two in ten organizations, are experiencing much lower business results than all other firms, much higher financial losses, and much more difficulty with regulatory and legal mandates.

Business results among firms with the most mature practices
17 percent higher revenues
14 percent higher profits
18 percent higher customer satisfaction rates
17 percent higher customer retention levels
96 percent lower financial losses from the loss or theft of customer data
50 times less likely to lose or have customer data stolen
50 percent less spent on regulatory compliance annually

What is striking from the research is the organizations with best business results are the same firms with the most mature practices. The converse is also true: the organizations with the worst business results are the same firms with the least mature practices. Defining IT GRC broadly as (1) the management of value delivered to the organization by IT; (2) the management of risk associated with the use and disposition of IT resources; and (3) the management of compliance with corporate policies, legal statutes, and regulatory Audits, this annual report shines a spotlight on the competencies, capabilities, and practices that are most responsible for influencing and impacting business rewards and risks.

IT GRC, business results, and GRC capability maturity
Simply put, the more mature the practices for managing reward and risk, the better the business results of the organization and the lower the financial risks. Conversely, the less mature the IT practices, the worse the business results and financial losses

Firms with the most mature IT GRC practices experience, on average, 8.5 percent more revenue than those operating in the middle of the normative range. Compared to the least mature, the most mature firms are experiencing revenues that are 17 percent higher. Similar disparity in results for expenses in IT, profits for the firm, customer satisfaction, and customer retention show that the maturity of IT GRC practices for managing reward and risk has a direct impact on the organization.

To know more click here

Leave A Reply

Your email address will not be published.