Australian organizations are showing extreme diversity when it comes to IT governance, with less than 50 percent of non-government enterprises currently using a consistent method for assessing IT risk.
Meta has recently warned that consistent assessment of technology risk is a fundamental element of IT governance, yet a large number of Australian organizations continue to turn their back on it.
The only verticals taking governance seriously are financial services and the federal government, according to Meta securities and risk analyst Michael Warrilow.
"In these organizations, IT governance is being taken care of up the ladder, with roles being established like Chief Risk Officer and Chief Compliance Officer," Warrilow said.
Typically, companies set up an IT steering committee to tackle the issue, but Warrilow said to truly yield results governance needs to become a set of pragmatic tools that are part of best management practices.
While steering committees help prioritize funding, Warrilow said executive sponsorship is critical when it comes to assessing risk.
"Ultimately the business should be in charge of risk decisions. If IT makes these sorts of decisions they’re more likely to get it wrong because no-one knows the business like the business," he said.
This also means ensuring business executives are equipped with real time information to measure the company's position and performance. Greg Stevens, managing director of a data intelligence and integration provider Golden Mean, said there are signs that companies are starting to invest in a range of systems and processes to meet new compliance regulations and mitigate risk.
However executives are complaining that using these sorts of systems is difficult and time consuming.
"I think the biggest issue is that companies have systems that supply all sorts of information, however the challenge for executives is trying to get a grasp of the business in real time fashion from so many disparate systems," Stevens said, adding that his company has released the Australian CEO corporate governance dashboard.
The dashboard is designed to draw upon various systems and processes in a company to provide executive teams with real-time access to all relevant business performance information.
This product aims to leverage business intelligence, ERP, CRM, financials and other reporting applications.
"Effectively what we’re doing is building systems across the enterprise at the integration layer," Stevens said.
"A lot of information is difficult to get in real time, so we’re looking at building information portals so managers can get relevant information as soon as they need it in order to make appropriate decisions."
Prominent companies that have elevated responsibility for IT governance to their board of directors include Novell and FedEx. This allows for high-level oversight of technology investments.
Novell established its board-level IT oversight committee in January. Richard Nolan, an outside director who chairs the committee, said he expects other companies to take similar steps as executives start to examine the legal risks that IT investments pose under the financial reporting requirements of the Sarbanes-Oxley Act.
Over the past few years, many large companies have created IT steering committees to help prioritize funding for high-cost projects. Most of those committees are made up of business unit leaders and department heads, and they don't include board-level participation beyond senior executives such as CEOs and chief financial officers.
Board-level IT governance and oversight committees are just beginning to emerge, said Tom Pohlmann, an analyst at Forrester Research. "There are many cases where the CIO presents to the board of directors once or twice a year," Pohlmann said. "But overall, this is not a trend that I'm observing."
Steve Bandrowczak, CIO at DHL International said he isn't sure whether IT governance at the board level will be widely adopted. DHL itself has yet to move in that direction, he said.
"Most company board meetings have little time to cover IT strategy," Bandrowczak said.
(With Thomas Hoffman)