​The IT Governance Gap

Corporate leaders say IT governance is beneficial, but their actions don't reflect it.

Comments Views

​Executives see benefits from IT governance, but many aren't doing enough about it, according to ISACA's Better Tech Governance Is Better for Business report. Ninety-two percent of executives surveyed report IT governance has led to better outcomes, and 89 percent say it makes the business more agile. Yet, 69 percent say organizations need a stronger alignment of IT and business goals. ISACA surveyed 732 members, in 87 countries, who are board members, senior executives, managers, and professionals.

"The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organization's digital assets," ISACA CEO Matt Loeb says.

The top IT governance challenges respondents foresee in the next 12 months are cybersecurity policies and defenses (44 percent), risk management priorities (36 percent), and alignment between IT objectives and overall business objectives (35 percent). It's not surprising that cybersecurity ranked so highly, the report notes. "Boardroom worries over increased internal and external threats are so great (61 percent) that almost half (48 percent) of leadership teams have prioritized investments in cyber defense improvements over other programs, including digital transformation and cloud," it states.

Despite their concern, only 55 percent of respondents say the board and senior executives are doing all they can to protect digital assets and data records. Just 29 percent report their organization continuously assesses IT risk.

The good news is leadership teams are increasing spending on cybersecurity through security consultants (27 percent), network perimeter defense upgrades (25 percent), and cyber insurance (17 percent). However, most organizations aren't planning to spend more on cybersecurity and privacy-related training for employees and board members in the next 12 months.

Although respondents say boards and executives are taking greater interest in IT governance, the content of their meetings doesn't reflect that interest. Twenty-one percent of respondents say their board and senior management discuss IT risk topics such as cybersecurity and disaster recovery at every meeting, while 39 percent say they discuss them at some meetings. About one-third only discuss IT risk topics as needed.

Going forward, respondents say senior leaders must demonstrate that their organization has effective IT governance by:

  • Ensuring alignment between IT and stakeholder needs (58 percent).
  • Monitoring and measuring results toward goals (39 percent).
  • Providing strong chairman, CEO, or executive guidance (33 percent).
  • Having strong engagement by business units and employees (30 percent).

"There is much work to do in information and technology governance," Loeb acknowledges. "Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organizations to effectively and securely innovate through technology."

Tim McCollum
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Tim McCollumTim McCollum<p>​​​​Tim McCollum is <em>Internal Auditor</em> magazine's associate managing editor.​​</p>https://iaonline.theiia.org/authors/Pages/Tim-McCollum.aspx


Comment on this article

comments powered by Disqus
  • Galvanize-September-2020-Premium-1
  • Auditboard-September-2020-Premium-3