Study says mature IT practices mean more successful businesses

The annual report studied more than 2,600 organisations worldwide, and measured how changes in data protection, regulatory compliance and IT service level resiliency affected financial success and customer satisfaction.

It found that companies with better IT practices experience 17 percent higher revenues, 14 percent higher profits, 18 percent higher customer satisfaction, and 96 percent lower financial losses than companies with less developed IT policies.

“These findings reinforce that information security and privacy are critical business issues that are most effectively and efficiently addressed with well managed IT compliance programs,” said Rocco Grillo, managing director within Protiviti’s IT security practice.

“The study’s results support empirically what we are seeing in the marketplace, notably, that protecting sensitive data is becoming the biggest priority in IT compliance."

The study said much of these companies’ financial success could be attributed to installing strong leadership networks in IT, legal counsel, and audit committees.

“Fundamentally, IT GRC is concerned with two objectives: delivering value to the business and mitigating business risks from IT,” said Everett Johnson, CPA, immediate past president of ISACA and the IT Governance Institute.

“Successful organisations accomplish these goals by aligning the business and IT strategy, and embedding accountability for effective IT into the organisation, beginning with top leadership."

From the findings, the report recommended other practices to help improve IT GRC, including monthly progress reports to study the balance between risk and reward, automating technology controls to avoid financial risk, limiting access to sensitive data, and controlling change management.

Above all else, the study stressed that organisations with the most successful strategies were working from the top-down and focusing on risk-based approaches in their IT GRC to ensure financial security.

“Organisations considered ‘best in class’ typically strive to get things right the first time, and properly investing upfront in proper internal controls can certainly help protect data, reduce financial risk, and increase profitability,” said IIA director of Standards and Guidance, Heriot Prentice.