The best way to improve business results and reduce financial risk, loss and expense is to increase or enhance the competencies, practices and capabilities governing the use and disposition of IT resources, according a primary benchmark research conducted by the IT Policy Compliance Group.
The report titled “IT Governance, Risk and Compliance -- Improving business results and mitigating financial risk” incorporates responses from some 2,600 global organizations, measures the impact that improvements to data protection, regulatory compliance and IT service level resiliency have had on business results, including: customer satisfaction, customer retention, revenue, expenses and profits.
According to the IT Policy Compliance Group, the scores from the report shows that firms with better IT GRC results are enjoying much better performance when it comes to satisfying customers, retaining customers, and growing revenues and profits, than all other organizations.
Based on the evidence, from least mature to most mature, the top organizational functions that make the most difference to improving IT GRC maturity include senior management, managers and directors in IT, legal counsel and the audit committee.
“These findings reinforce that information security and privacy are critical business issues that are most effectively and efficiently addressed with well managed IT compliance programs,” said Rocco Grillo, managing director within Protiviti’s IT security practice.
“The study’s results support empirically what we are seeing in the marketplace, notably, that protecting sensitive data is becoming the biggest priority in IT compliance. This no doubt is a result of costly data breaches and post-breach remediation requirements, as well as PCI and other regulatory compliance requirements." |
