Companies not investing in IT governance

Australian organisations are seriously under-investing in IT governance particularly at a time when they are highly dependent on technology systems across all operations.

This was a key finding of a research paper – Perceptions and practices of the corporate governance of information technology, conducted by Monash University and Deakin University, in conjunction with CIO Australia.

The survey was completed with 143 senior executives – predominantly CIOs, IT directors and operations managers – working at large corporates and small and medium businesses.

Nearly one-fifth (19 per cent) of respondents said the proportion of annual turnover devoted to corporate governance of information technology (CGIT) was zero. Only 7 per cent indicated it was 10 per cent or higher. A further 17 per cent indicated they did not know how much their organisation spent on CGIT.

This was interesting given that the respondents were mainly IT executives and senior managers, said Paul Couchman, the report’s co-author and head of the school of management and marketing at Deakin University.

“We assume that this investment – expressed as a proportion of turnover – is an indicator of resource commitment, reflecting the perceived importance of this aspect of governance,” Couchman said.

“This finding could suggest that most Australian organisations are seriously under-investing in this critical area. This is all the more concerning given the increasing dependence that organisations have on IT systems, and warrants further scrutiny.”

Couchman cited Mark Toomey’s 2009 book, Waltzing with the Elephant, which argued that IT is the elephant in the room, particularly the boardroom.

“Many boards of directors and executives have not so far acted to ensure their organisations were able to derive full benefit from their IT investments, and he saw this as a failure of governance.

“Our findings on the resource commitment of organisations to CGIT indicates that the problem persists today in Australia,” Couchman said.

Meanwhile, more than half (59 per cent) of the respondents had implemented the ITIL management framework. 53 per cent had implemented Prince2, 20 per cent had implemented COBIT, 15 per cent CMMI, and 15 per cent RiskIT.

Only 29 per cent of respondents had a written, stand-alone policy on CGIT, and 22 per cent has a written policy as a component of a corporate governance policy. 12 per cent had a written policy under development, and 38 per cent did not have one or didn’t know if one existed.

More than half of the respondents said the CIO was primarily responsible for updating and implementing CGIT policies (55 per cent and 52 per cent respectively), which was to be expected.

Further, the two top benefits experienced by organisations with a written policy on CGIT were the alignment of IT with business needs (61 per cent had largely or extensively achieved that), and clarity of responsibility among staff (59 per cent).

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter:@ByronConnolly