Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Regulatory compliance tops issues facing IT managers

Regulatory compliance, protection of sensitive info and governance paramount for IT managers and execs over next 18 months.

Regulatory compliance will be the top business and technology issue facing IT managers and executives worldwide in the next 12 to 18 months, with a major emphasis on protecting personally identifiable information (PII) and transaction monitoring.

The findings come from a survey of over 3,100 members of ISACA - a non-profit IT industry association serving over 86,000 information governance, control, security and audit professionals in over 95 countries.

ISACA identified 21 current business issues impacted by technology that face IT managers and executives, and asked respondents to rank them according to priority. According to respondents, the top seven issues IT execs and managers will face over the next year and a half are, in order:

  1. Regulatory compliance, specifically protecting PII and implementing transaction monitoring,
  2. Enterprise-based management and IT governance,
  3. Information security management,
  4. Disaster recovery/business continuity,
  5. IT value management,
  6. Challenges of managing IT risks,
  7. Compliance with financial reporting.

ISACA Assurance Committee member and vice president of IT audit at Viacom, Anthony Noble, said keeping on top of legislative and regulatory requirements is a critical responsibility made more difficult because compliance efforts are still operating in "project" mode and have not yet been embedded into business processes.

"IT projects still lack alignment with business objectives at many organisations, and as a result, they are unable to realise business benefits," he said.

According to the survey, IT must design and maintain systems to comply with these legislative and regulatory requirements.

ISACA said enterprises continue to make increasingly large-scale investments in IT and IT-enabled change, making it even more challenging to ensure compliance with the growing number of international regulations across all industries. According to the survey, this effort is made less difficult when technology is viewed as an integral part of the business.

Chair of ISACA's Assurance Committee and senior finance director at Dow Chemical, Greg Grocholski, said the cost of losing or compromising the integrity of PII is leading to a renewed focus on information security.

"The survey shows that 81 percent of the 1,600 respondents who named information security management as a number 3 concern said that security risks are not fully known or are only partially assessed using technology." Respondents indicated that successful IT governance requires the alignment of IT operations with the goals and objectives of the business, and IT value management must bridge the gap between what the business has asked for and what IT has delivered.

The survey found that organisations are "finally realising" that information security management must have more to do with managing people and processes rather than implementing technology.

ISACA's study also found many enterprises are still not adequately prepared for disasters: 80 percent of the 1,500 members who made business continuity management the number 4 issue said that their business managers and owners are not fully aware of their responsibilities to maintain the ability to perform critical business functions in the event of a disaster.

It found that organisations implementing business continuity management programs to improve IT resilience in the event of a disaster are still the exception rather than the rule, and remains an "elusive goal for most organisations".

The study also indicated four other areas just outside the top seven, including continuous process improvement and business agility, vulnerability management, collaborative/extended enterprises, and modernisation and consolidation of IT infrastructure.

The results of the survey can be viewed in full here.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Dow Chemical, Resilience
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Spear Phishing Attacks - Why they are successful and how to stop them
    There's been a rapid shift from broad, scattershot attacks to advanced target attacks that have had serious consequences for victim organisations. The increased use of spear phishing is directly related to the fact that it works, as traditional security defences simply do not stop these types of attacks. This paper provides a detailed look at how spear phishing is used within advanced attacks and the key capabilities organisations need in order to effectively combat these emerging and evolving threats.
    Learn more »
  • 10 Essential Steps to Web Security
    This short guide outlines 10 simple steps to best practice in web security. Follow them all to step up your organisation’s information security and stay ahead of your competitors. But remember that the target never stands still. Focus on the principles behind the steps – policy, vigilance, simplification, automation and transparency – to keep your information security bang up to date.
    Learn more »
  • SOA Adoption for Dummies
    This book describes our approach to SOA adoption, which we call SOA rocket science. SOA adoption, like a real-world rocket, experiences a danger zone between blast-off and the weightlessness of orbit. When fully realized, SOA can transform your business. But until firmly established, your SOA dreams can plummet back to earth.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.