IT governance: More needs to be done

Awareness of IT governance has increased but senior management commitment is still lacking in most organizations, reveals a new global study.

perspective Despite the narrowing gap between IT and business, there is still much to be done to get more organizations to adopt good IT governance practices.

In a new global study by the IT Governance Institute (ITGI), more than 84 percent of respondents in India deemed IT very important for overall strategy delivery compared with the global average of 57 percent.

The study assessed the IT governance priorities and actions of senior executives. A total of 695 interviews with CEO/CIO-level executives in 22 countries were conducted, of which 38 percent of respondents were from the Asia-Pacific region.

India reported more encouraging results than the rest of the world in other categories as well. More than 90 percent of respondents from India said that communication between IT and the board about IT matters is a formalized, regular process, compared with the worldwide average of 54 percent.

Additionally, only 11 percent of respondents in India reported a disconnect between IT and the business strategy, compared with the global average of 29 percent.

However, other countries in the Asia-Pacific region reported very different results. For example, only 26 percent of respondents from Japan reported that IT is discussed regularly (or more often) by the board, compared to 63 percent of respondents worldwide.

CEOs and business executives are still hesitant to discuss IT governance. This finding is troubling because boards and CEOs are ultimately responsible for oversight over all major assets--including IT.

Positive signs
Globally, the results of the study, published in the IT Governance Global Status Report 2006, show several improvements from ITGI's initial study in 2003. For example, IT is on the boards' agendas more frequently, and more respondents believe that IT is very important to the delivery of the corporate strategy. Both statistics saw a 5 percent increase.

The 2006 report also revealed that only 9 percent of the organizations surveyed are not considering implementing any kind of IT governance, down from 17 percent in 2003. Additionally, the number of organizations reporting no IT problems jumped from 7 percent in 2003 to 21 percent in 2005.

However, there is still much work to be done to strengthen IT governance efforts worldwide. For instance, while 56 percent of the organizations surveyed said that their IT departments understood and supported the business users' needs, 44 percent felt more improvements were needed in this area.

The study also found that CEOs are responsible for governance over IT in only 24 percent of the organizations surveyed. As in 2003, CEOs and business executives are still hesitant to discuss IT governance. This finding is troubling because boards and CEOs are ultimately responsible for oversight over all major assets--including IT. Instead, the study found that CIOs are responsible for IT governance in 33 percent of organizations, and nobody is responsible in 6 percent of organizations.

Overall, a large majority of respondents--74 percent--believes their organization gets quite a lot or a lot of value from IT, which is excellent.

However, more attention must be paid to IT value management because, when treated strategically, IT has the power to transform all enterprises, including the 26 percent of responding organizations that remain unconvinced. IT can add value to products and services, assist in competitive positioning, contain costs, improve efficiency and increase managerial effectiveness.

ITGI plans to repeat the survey periodically to track trends and uncover new findings on IT governance. A complimentary PDF download of the 2003 report is available from the IT Governance Institue Web site. The 2006 report will be available as a free download in late February.

Everett Johnson, CPA, is the international president of the IT Governance Institute and a partner (retired) at Deloitte & Touche.