IT Risk Management Maturing in 2010
John Kelly 270004J7VQ email@example.com | | 0 Comments | 158 Visits
OpenPages recently conducted a survey of IT risk and compliance executives from a variety of industries including financial services, energy, government and health care. The survey revealed that most organizations are managing the basics of IT risk practices effectively (in particular, IT security and IT regulatory compliance), yet still have considerable work to do in converging their IT risk initiative with their overall enterprise GRC initiatives. In fact, respondents claim that the majority (73%) of IT risk management solutions in practice today are either spreadsheets or point solutions with limited to no coordination within the overall GRC initiative.
George Westerman, Research Scientist – Center for Information Systems Research, MIT Sloan School of Management finds that “incorporating risk into all IT conversations, and linking IT risk to enterprise risk, leads to better management decisions, not just fewer incidents.”
Fortunately, investments in IT Risk management are expected rise in 2010 and convergence with GRC is expected to follow. When asked about IT risk management budgets for the coming year, more than 95% of respondents stated that they expect budgets will increase or stay the same in 2010. In a separate survey conducted at the OpenPages European Network (OPEN) Summit this fall, 93% of respondents stated that within 2-3 years, they are likely to converge or coordinate IT Risk and Compliance Management activities with GRC. This is good news, but as George Westerman concludes: “…until companies can drive internal focus around IT risk management in the context of overall GRC initiatives, they will continue to grapple with the fragmented, approach that is prevalent today.”