Indian Businesses Not Willing To Fully Engage In Risk Mgmt: Survey

According to a recent ISACA survey of 463 IT professionals in India, nearly one-third say that business lines are not willing to fully engage in risk management, presenting a big hurdle to effectively handling IT and business risk. To help IT and business professionals work together to successfully govern IT and implement effective risk management, ISACA hosted the Asia-Pacific Computer Audit, Control and Security (CACS) Conference in Mumbai, India, on February 22-23, 2010.

The theme of the conference was ‘IT and business-related challenges from business, managerial and operational perspectives’. Robert Stroud, International Vice President of ISACA and Vice President of IT Service Management and Governance for CA, alerted attendees about five IT governance traps. “It is critical for an organisation to have a shared definition of IT governance and for top management to provide full support,” Stroud said.

Stroud also shared the five domains of IT governance: Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management. According to Stroud, the goal of every business is to ‘pick up speed’—that is, to grow and increase profit. If the five key domains are not balanced, it is likely that the organisation will eventually experience losses, reduce its competitive edge, be non-compliant and increase risk. Stroud stated that balancing these five IT governance domains will help encourage innovation and make the road ahead smoother for business growth.

Avinash Kadam, Chairman of Asia-Pacific CACS Task Force, said, “Organisations are rapidly realising that implementing IT governance and risk management programs is critical to an enterprise’s success, and they are eager to adopt good practices and are seeking guidance to help them do so.”