Provide feedback on this document
Visit the Governance of Enterprise IT Knowledge Center community
Insufficient IT staff availability, service delivery issues and difficulty proving the value of information technology continue to concern executives at organisations around the world, according to a new report by the IT Governance Institute (ITGI).
ITGI recently commissioned a global survey of 749 CEO-/CIO-level executives in 23 countries to determine executives' IT governance priorities and the IT-related problems their organisations have faced. According to IT Governance Global Status Report—2008, which is available as a complimentary download at www.itgi.org, 58 percent of respondents noted an insufficient number of staff, compared to 35 percent in 2005. Also, 48 percent said that IT service delivery problems remain the second most common problem, and 38 percent point to problems relating to staff with inadequate skills. Thirty percent of respondents also reported problems anticipating the return on investment (ROI) for IT expenditures.
The study is a follow-up to ITGI's 2003 and 2005 surveys and tracks IT governance trends over the past four years. The following is the executive summary from the 2008 publication. Readers are encouraged to visit www.itgi.org to download the full document.
In 2007, PricewaterhouseCoopers (PwC) was commissioned by the IT Governance Institute (ITGI) to conduct the third global survey on IT governance, resulting in this IT Governance Global Status Report—2008.
The IT governance survey was conducted from July 2007 to October 2007 and focuses on specific topics such as IT risks and value delivery.
The purpose of the research was to reach members of the Csuite to determine their sense of priority and actions taken relative to IT governance, as well as their need for tools and services to help ensure effective IT governance.
This high-level objective was translated into the following more detailed objectives:
- Survey and analyse the degree to which the concept of IT governance is recognised, established and accepted within boardrooms and especially by chief information officers (CIOs).
- Determine what level of IT governance expertise exists and which frameworks are known and are (or will be) adopted.
- Measure the extent to which ITGI's own framework, Control Objectives for Information and related Technology (COBIT), is selected and how it is perceived.
Researchers contacted CIOs and chief executive officers (CEOs). The total number of interviews conducted was 749, of which 652 were from a random sample of organisations; 71 were known as COBIT users and 26 were experienced COBIT users.
The interviews were conducted worldwide (in 23 countries), and all continents/regions were represented.
Because this report is the third consecutive undertaking of this IT governance research project, the project team was able to use historical data from the 2004 and 2006 research reports (based on 2003 and 2005 surveys) to discover trends in a number of areas.
How to Read The Report
The report contains six chapters:
- Chapter 1 explains the methodology used to conduct the survey.
- Chapter 2 highlights the survey results in 13 key messages.
- Chapter 3 focuses on the detailed survey results supporting the 13 key messages.
- Chapter 4 presents trends and issues in IT risk management.
- Chapter 5 identifies trends and issues in IT value management.
- Chapter 6 contains the results of the funnel analysis.
- The appendix includes the questionnaire and further information on the compound problem index.
- There is a table of figures at the end of the report.
Key Findings of the Survey
The 13 key messages that have been identified during the analysis of the survey reflect important findings from the results of the survey:
- Although championship for IT governance within the enterprise comes from the C-level, in daily practice IT governance is still very much a CIO/IT director issue. The few non-IT people in the sample have a much more positive view of IT than do the IT professionals themselves.
- The importance of IT continues to increase.
- Self-assessment regarding IT governance has increased and is quite positive.
- Communication between IT and users is improving, but slowly.
- There is still substantial room for improvement in alignment between IT governance and corporate governance—as well as for IT strategy and business strategy.
- IT-related problems persist. While security/compliance is an issue, people are the most critical problem.
- Good IT governance practices are known and applied, but not universally.
- Organisations know who can help them implement IT governance, but appreciation for the available expertise and delivery capability is only average.
- Action is being taken or plans are underway to implement IT governance activities. A large increase is evident when compared to the 2006 report.
- Organisations use the well-known frameworks and solutions.
- COBIT awareness has exceeded 50 percent, and adoption and use remain around 30 percent.
- Twenty-five to 35 percent of respondents apply COBIT to the letter or are very strict.
- Fifty percent of respondents indicate that COBIT is ‘one of the reference sources'.
- In general, there is high appreciation of COBIT, as has been seen in prior reports.
- More than half of the respondents apply or plan to apply Val IT principles, but are not familiar with the Val IT brand itself.
- Major obstacles to adoption and use of Val IT principles include uncertainty regarding the return on investment (ROI) and lack of knowledge/expertise.
Dirk Steuperaert, CISA
is an independent IT governance consultant through his new firm IT-In-Balance. Until March 2008, he was a director within PricewaterhouseCoopers Belgium, where he was responsible for IT governance advisory services. The bi-yearly IT governance survey is commissioned to PricewaterhouseCoopers by ITGI, and Steuperaert is the project leader for the survey. He is also a member of the COBIT Steering Committee, assisting in the further development of COBIT.
Information Systems Control Journal, formerly the IS Audit & Control Journal, is published by the ISACA. Membership in the association, a voluntary organization of persons interested in information systems (IS) auditing, control and security, entitles one to receive an annual subscription to the Information Systems Control Journal.
Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of the Information Systems Audit and Control Association and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors' employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by the Information Systems Audit and Control Association Inc., for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.