By Aberdeen Group
The rise in importance of IT governance, risk management and compliance ("IT GRC") reflects the increasing recognition that the strategic value of IT lies not in the mere technology itself (which is generally accessible to everyone), but in how it is applied and managed most effectively. The point is not to be good at the process of compliance, or governance, or risk management for its own sake - the point is to harness IT more effectively in support of achieving business objectives and managing financial, strategic, and operational risks.
Five Compelling Facts from the Research, Providing Actionable Benefits for Readers:
1. Best-in-Class companies estimated that business-critical decisions are able to be made 10% faster, based on improved management visibility into current risks.
2. Best-in-Class companies eliminated redundant risk management activities and processes, with an overall reduction of 8.5%.
3. Best-in-Class companies estimated a 9% improvement in their ability to provide clear, timely communication of risks and compliance status to shareholders and board of directors.
4. Best-in-Class companies increased their flexibility to adjust to new or updated regulatory requirements by an estimated 11.5%.
5. Best-in-Class companies improved the efficiency of their compliance tracking and reporting processes by 12%.
Analyst Quote ¹ "IT GRC is rising in importance with the increasing recognition that the strategic value of IT lies not in the mere technology itself, which is generally accessible to everyone, but in how it is applied and managed most effectively," said Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group. "Best-in-Class performance at IT GRC initiatives translates directly to leveraging IT more effectively in support of achieving business objectives and managing financial, strategic, and operational risks."
Research Quote ² Best-in-Class organizations are more than twice as likely as all others to provide their business owners with accurate visibility into the current state of risk, compliance, and progress against established strategic milestones…as well as to translate risk data into actionable recommendations. This is where the real "governance" activities take place.
Fast Facts/Sales Quote ³ The companies with top performance were up to eight-times more likely to model the interconnections and dependencies between IT risks, understand how they impact budgets and corporate objectives, and conduct “what-if” analysis regarding the costs and benefits of mitigation. The use of these newly emerging capabilities is highly correlated with the achievement of Best-in-Class results.