New ISACA Survey Shows Strong Business Case for Implementing IT Governance Frameworks

Rolling Meadows, IL, USA (25 June 2009)—

Enterprises that effectively govern their information technology achieve their IT and business goals more frequently, according to a new study of 538 organizations worldwide. Commissioned by ISACA and conducted by the IT Alignment and Governance Research Institute, the study examined the business outcomes of implementing the COBIT and Val IT frameworks.

Results of the study are published in Building the Business Case for COBIT and Val IT: Executive Briefing, available as a free download at www.isaca.org/downloads.

“The study revealed a strong relationship between the implementation of COBIT and Val IT processes and the achievement of IT goals—and a strong relationship between the achievement of IT goals and the achievement of business goals,” said Wim Van Grembergen, co-author of the report and professor at the University of Antwerp and the University of Antwerp Management School. “As a result, a strong business case exists that shows the benefits enterprises achieve when using COBIT and Val IT.”

The survey also identified which COBIT and Val IT processes are most frequently—and fully—implemented.

“The results show that enterprises are still focusing more on operational issues—implementation, delivery and support—than on the equally important planning and monitoring issues, indicating that there is room for improvement,” said Steven De Haes, also a co-author of the report and professor at the University of Antwerp and University of Antwerp Management School.

According to respondents, most of the top five most fully implemented COBIT processes at organizations around the world are in the Deliver and Support (DS) domain, with one each in the Acquire and Implement (AI) and the Monitor and Evaluate (ME) domains:
1. Manage the physical environment. (DS12)
2. Manage service desk and incidents. (DS8)
3. Acquire and maintain technology infrastructure. (AI3)
4. Ensure systems security. (DS5)
5. Ensure compliance with external requirements. (ME3)

While many similar findings existed among regions, some key differences were identified. European organizations, for instance, reported a fuller implementation status than most North American and Asian enterprises, particularly for P09 Assess and manage IT risks. This finding is likely due to the impact of regulatory requirements such as Basel II. North America reported the highest implementation score for ME2 Monitor and evaluate internal control—likely due to the Sarbanes-Oxley Act. Asia outperformed other regions for AI1 Identify automated solutions, which is most likely explained by the presence of many outsourced service providers that develop systems.

A complimentary download of COBIT, a globally accepted set of tools that ensures IT is working as effectively as possible to minimize IT-related risks and maximize controls, is available at www.isaca.org/cobit. Val IT, a comprehensive collection of proven management practices and techniques for investment in business change and innovation, is available as a free download at www.isaca.org/valit.

About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.

ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org