- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.
Every year, the Society for Information Management conducts a survey to determine the top issues of CIOs from every major industry and from all sizes of companies. In 2006, a new concern popped up on the top 10 list: IT governance.
The timing of this issue making the list is not surprising; it closely follows the forced compliance with the Sarbanes-Oxley Act, as well as other regulations such as HIPAA (Compare Network Auditing and Compliance products).
“SOX” was enacted in 2002 in response to the numerous corporate and accounting scandals of the day. SOX spurred an increased focus on corporate governance, risk and compliance (GRC) with laws and regulations concerned with business oversight. GRC encompasses the people, processes and technology that organizations invest in to comply with regulations and manage risk as part of running the company effectively and ethically.
To put it another way, GRC connects the dots between the regulations and mandates that touch almost every organization today.
Information technology governance, risk and compliance, or IT GRC, is the offspring of GRC. IT GRC augments and complements GRC by addressing the unique role that IT plays in organizations today. IT GRC helps to ensure that IT supports the needs of an organization while also mitigating the risks associated with IT. This is crucial, given that the livelihood of the organization is intricately linked to how well the IT function manages the availability, integrity, and confidence of the information and systems used to operate core business procedures.
In an effort to correlate business results to the level of implementation of IT GRC within organizations, the IT Policy Compliance Group performed a study of more than 2,600 companies and published the findings in its 2008 annual research report titled “IT Governance, Risk and Compliance – Improving business results and mitigating financial risk.”
The most important finding cited in this report is that “organizations with best business results are the same firms with the most mature [IT GRC] practices and the organizations with the worst business results are the same firms with the least mature [IT GRC] practices.” The key takeaway from the report is this: “The way to improve business results and reduce financial risk, loss and expense is to increase or enhance the competencies, practices and capabilities governing the use and disposition of IT resources.” In other words, you’d better practice good IT GRC if you want to have a successful company.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout’s nGenius & Sniffer users.
www.netscout.com
Metzler on CIO Priorities
The top five CIO priorities based on a survey of NetScout users revealing CIOs' top priorities and what they think they should be. Also includes interviews with CIOs of large organizations.
Read the Report
Metzler on Application Delivery
How to eliminate the stovepiped or siloed nature of application delivery from both an organization and a technological perspective.
Read the Brief
Metzler on Network Troubleshooting
Overview of network troubleshooting that provides an assessment of where we are, and where we need to be relative to the complexities of today's IT challenges.
Read the Brief
Comments (2)
IT GRC: it's about the practicesBy Anonymous on June 2, 2008, 11:12 amThe core question being raised is whether better managed firms are the one's having greater success: the answer is yes and no. The research shows that firms with...
Reply | Read entire comment
Cause and Effect?By Anonymous on May 28, 2008, 10:58 amAs written, this seems to imply that investing more in IT GRC leads to better business results! While those of us in the IT industry might take heart in this proof...
Reply | Read entire comment
View all comments