Compliance

Lack of IT Governance Complicates Compliance with Costly Consequences
By David Almquist and Lane F. Cooper
BizTechReports.Com

Nearly a third of IT and business managers indicated that the board of directors and senior executives do not properly support IT governance, risk management and compliance initiatives, according to a survey conducted by Enterprise Management Associates (EMA),

"IT GRC has become a very loaded term, with incredibly high expectations. Yet, it is still loosely defined, let alone well understood. This limits the ability of senior management to support IT GRC initiatives, resulting in greater exposure to risk and – worst of all – hampering the ability of IT to deliver tangible business value," said Scott Crawford, EMA research director.

One exposure is the reliance on manual processes. “In fact we find that the number one compliance tool today - worldwide - is a spreadsheet,” says Marne Gordan, Corporate Security Strategy Group at IBM. “

Automation would save substantial time and trouble, reducing duplicated efforts and providing more reliable test results along with more proof to give senior managers and auditors that controls are functioning effectively. “Third-party auditors can’t accept a spreadsheet as proof,” said Gordan