Regulatory compliance tops issues facing IT managers
- 05 August, 2008 18:38
Regulatory compliance will be the top business and technology issue facing IT managers and executives worldwide in the next 12 to 18 months, with a major emphasis on protecting personally identifiable information (PII) and transaction monitoring.
The findings come from a survey of over 3,100 members of ISACA - a non-profit IT industry association serving over 86,000 information governance, control, security and audit professionals in over 95 countries.
ISACA identified 21 current business issues impacted by technology that face IT managers and executives, and asked respondents to rank them according to priority. According to respondents, the top seven issues IT execs and managers will face over the next year and a half are, in order:
1. Regulatory compliance, specifically protecting PII and implementing transaction monitoring,
2. Enterprise-based management and IT governance,
3. Information security management,
4. Disaster recovery/business continuity,
5. IT value management,
6. Challenges of managing IT risks,
7. Compliance with financial reporting.
ISACA Assurance Committee member and vice president of IT audit at Viacom, Anthony Noble, said keeping on top of legislative and regulatory requirements is a critical responsibility made more difficult because compliance efforts are still operating in "project" mode and have not yet been embedded into business processes.
"IT projects still lack alignment with business objectives at many organizations, and as a result, they are unable to realize business benefits," he said.
According to the survey, IT must design and maintain systems to comply with these legislative and regulatory requirements.
ISACA said enterprises continue to make increasingly large-scale investments in IT and IT-enabled change, making it even more challenging to ensure compliance with the growing number of international regulations across all industries. According to the survey, this effort is made less difficult when technology is viewed as an integral part of the business.
Chair of ISACA's Assurance Committee and senior finance director at Dow Chemical, Greg Grocholski, said the cost of losing or compromising the integrity of PII is leading to a renewed focus on information security.
"The survey shows that 81 percent of the 1,600 respondents who named information security management as a number 3 concern said that security risks are not fully known or are only partially assessed using technology." Respondents indicated that successful IT governance requires the alignment of IT operations with the goals and objectives of the business, and IT value management must bridge the gap between what the business has asked for and what IT has delivered.
The survey found that organizations are "finally realizing" that information security management must have more to do with managing people and processes rather than implementing technology.
ISACA's study also found many enterprises are still not adequately prepared for disasters: 80 percent of the 1,500 members who made business continuity management the number 4 issue said that their business managers and owners are not fully aware of their responsibilities to maintain the ability to perform critical business functions in the event of a disaster.
It found that organizations implementing business continuity management programs to improve IT resilience in the event of a disaster are still the exception rather than the rule, and remains an "elusive goal for most organizations".
The study also indicated four other areas just outside the top seven, including continuous process improvement and business agility, vulnerability management, collaborative/extended enterprises, and modernization and consolidation of IT infrastructure.
The results of the survey can be viewed in full here.