IT Governance, Risk and Compliance Management in the Real World
Enterprise Management Associates, May 2008, Pages: 61
In recent months, IT GRC has emerged as a unifying theme aligning the management of IT, IT risk and regulatory compliance with the priorities of the business. But what does IT GRC mean in a practical sense, to the IT organization charged with its success? In a survey of more than 200 professionals in both IT and non-IT fields complemented by focus interviews with real world practitioners, this study identifies the processes, practices and technologies most highly valued by high performers in IT GRC management. This report highlights the vital role played by maturity in the core disciplines of IT Service Management, and describes how the 'perfect storm' of people, process and technology unifies IT GRC as an effort that pays off in making IT a more strategic contributor to the business.
In recent months, the theme of IT governance, risk and compliance (IT GRC) management has arisen as the point of convergence where the governance of the organization intersects with the governance of IT, where the control of risk in, of, and by IT serves to control risk to the business, and where regulatory compliance directly affects IT.
Already in this short time, IT GRC has become a loaded term, high on expectations but far too often short on specifics. What exactly does IT GRC mean to enterprises pursuing the broad mandates implied? How do businesses reckon success with these initiatives, and what are the qualities that make for success in IT GRC management?
In this study, survey of 224 IT as well as non-IT professionals to answer these questions. While organizations of all sizes were represented, a full one-third (34%) of all respondents were very large enterprises of 20,000 employees or more were, with one-fourth (25%) reporting annual IT budgets in excess of $100 million. Although most respondents (89%) were based in North America, nearly half (46%) had a presence in Europe, the Middle East and Africa, while 40% were represented in the Asia-Pacific region, and 30% in the Americas.
|< Prev||Next >|