A third of organisations do not have a CIO on the executive team

(15/06/2009)

A research survey of CEOs from more than 250 companies by IT Governance Institute (ITGI) revealed that although three-quarters of them agreed that IT investments added value to the enterprise, more than half of them think that there are barriers that prevent a full return from IT investments.

The most significant barriers that prevent full return from investment in IT were identified as: implementing applications (37 percent), the culture of the enterprise (20 percent) and lack of skill base (16 percent). Whilst executive management (board) are accountable for IT governance in 71 percent of responding enterprises, the study found that more than a third of the organisations do not have a CIO on the executive team.

To examine IT value in greater depth, ITGI gathered a group of senior IT thought leaders from business, consulting and academia in London for an in-depth discussion of how to unlock value from IT investments and the role of the CIO. ITGI has now published the IT Governance Roundtable.

Participants in the roundtable discussion were:
• Paul Williams, Chair of the ISACA Strategic Advisory Group and IT Governance Adviser to Protiviti, UK
• Ali Hamza, PricewaterhouseCoopers and associate professor at Henley Business School, UK
• Dr. Sharm Manwani, FBCS, Associate Professor of IT, Henley Business School, UK
• Prof. M.J. (Jim) Norton, CITP, FBCS, FIET, FIoD, FRSA, Institute of Directors, UK
• John Thorp, CMC, I.S.P., The Thorp Network Inc., Canada
• Chris Tiernan, CITP, FBCS, FIMIS, Grosvenor Consultancy Services LLP, UK

The roundtable discussion examined topics such as the role of the CIO, measuring success, change programmes, alignment between business and IT strategy, and how to make it happen and up your game.

According to Williams of the ISACA Strategic Advisory Group, “Without a robust business case, everything will be built on a somewhat shaky foundation. One of the things that rarely is factored into a business case is risk. It’s always about accentuating the upside without necessarily considering the potential downside. I advise organisations to apply the same sort of investment principles to business change projects as they apply to a standard investment portfolio, which is all about risk and reward. The higher the risk that you’re taking in any particular initiative, the higher the return you’re expecting.”

Williams went on to say, “Alignment is an interesting issue. The results of the ITGI CEO survey show that more than 25 percent of respondents indicate that organisations don’t establish and maintain alignment between business and IT strategy.”

John Thorp, who serves as chair of the Val IT Steering Committee for ITGI, said, “I did a lot of work regarding IT strategy, a term I don’t like. I found that I had to come up with a term - strategy translation - to take what someone says about strategy and turn it into something that someone else can relate to and evaluate against. It’s very difficult to do portfolio management and alignment with business objectives when there aren’t any clearly stated business objectives. And I think that’s a huge problem.”

The roundtable participants also discussed a particularly troubling statistic from the ITGI CEO survey - 43 percent of respondents’ organizations do not measure the value of IT investments.

“What will it take to get people off the fence and do this?” Thorp asked. “When I started to talk about business governance of IT 12 years ago, I think people looked at me as if I were from another planet. Now people discuss it, but they’re not doing anything yet. They’re at the point of talking about it, but they don’t really know what to do about it or they’re not willing to do something about it.”

Related topics:  Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources