As written, this seems to imply that investing more in IT GRC leads to better business results! While those of us in the IT industry might take heart in this proof of how critical we are, reality is that companies that don't take IT GRC seriously in this day and age probably have some management and governance issues in general...such companies tend not to perform well. In other words, the quality of the company's overall business management dictates the quality of IT GRC....not the other way 'round.
Latest management headlines from Network World:
IBM, South Carolina work to boost enrollment in IT classes
Compuware updates IT project portfolio management tool
Staff to stay at work over Christmas period claims report
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
IT GRC: it's about the practices
The core question being raised is whether better managed firms are the one's having greater success: the answer is yes and no. The research shows that firms with better practices, including those implemented by senior managers and in IT operations, are the one's with higher profits, better customer retention, higher revenue, much lower customer data theft and loss, nearly 100% uptime from IT operations, and lower spending on regulatory audit.
However, the research also shows that more profitable firms, more highly regluated industries, and firm size do not influence or dictate outcomes.
Better managed firms, without the practices implmented in IT operations are not posting the best results. The converse is also true: firms with the appropriate practices in IT operations but without the management practices are not posting the best results.
It's a little like steering a ship: if the engine room does not know where the bridge wants to go, it will get somewhere but not the intended destination. It is the practices being implemented - from senior managers through IT operations - for protecting customer data, managing risk and compliance that are responible for the differences in outcomes.
Please take at look at the research results at www.itpolicycompliance.com for more.
My best,
Jim
Post new comment