Australian organisations are seriously under-investing in IT governance particularly at a time when they are highly dependent on technology systems across all operations. This was a key finding of a research paper – Perceptions and practices of the corporate governance of information technology, conducted by Monash University and Deakin University, in conjunction with CIO Australia. The survey was completed with 143 senior executives – predominantly CIOs, IT directors and operations managers – working at large corporates and small and medium businesses. Nearly one-fifth (19 per cent) of respondents said the proportion of annual turnover devoted to corporate governance of information technology (CGIT) was zero. Only 7 per cent indicated it was 10 per cent or higher. A further 17 per cent indicated they did not know how much their organisation spent on CGIT. This was interesting given that the respondents were mainly IT executives and senior managers, said Paul Couchman, the report’s co-author and head of the school of management and marketing at Deakin University. “We assume that this investment – expressed as a proportion of turnover – is an indicator of resource commitment, reflecting the perceived importance of this aspect of governance,” Couchman said. “This finding could suggest that most Australian organisations are seriously under-investing in this critical area. This is all the more concerning given the increasing dependence that organisations have on IT systems, and warrants further scrutiny.” Couchman cited Mark Toomey’s 2009 book, Waltzing with the Elephant, which argued that IT is the elephant in the room, particularly the boardroom. “Many boards of directors and executives have not so far acted to ensure their organisations were able to derive full benefit from their IT investments, and he saw this as a failure of governance. “Our findings on the resource commitment of organisations to CGIT indicates that the problem persists today in Australia,” Couchman said. Meanwhile, more than half (59 per cent) of the respondents had implemented the ITIL management framework. 53 per cent had implemented Prince2, 20 per cent had implemented COBIT, 15 per cent CMMI, and 15 per cent RiskIT. Only 29 per cent of respondents had a written, stand-alone policy on CGIT, and 22 per cent has a written policy as a component of a corporate governance policy. 12 per cent had a written policy under development, and 38 per cent did not have one or didn’t know if one existed. More than half of the respondents said the CIO was primarily responsible for updating and implementing CGIT policies (55 per cent and 52 per cent respectively), which was to be expected. Further, the two top benefits experienced by organisations with a written policy on CGIT were the alignment of IT with business needs (61 per cent had largely or extensively achieved that), and clarity of responsibility among staff (59 per cent). Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia Follow Byron Connolly on Twitter:@ByronConnolly Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe