The IT Policy Compliance Group just released its annual report on the state of affairs of what it refers to as IT governance, risk, and compliance (IT GRC).
The goal of the group is to promote the development of research and information to assist IT and finance professionals meet their organizations' policy and regulatory compliance goals. They do this by providing information for organizations to improve compliance results by providing reports based on primary research.
If you take the time to check out their site, they have other items of interest to anyone charged with the ever growing responsibility of protecting systems from those who have the intent to compromise them.
The recently released report suggests that measuring the value delivered by IT has been traditionally associated with applications that have an impact on customer service, sales, expenses and profit. Unfortunately — as more organizations have their data compromised — the result of not protecting information can be a loss of revenue, added expenses (legal costs), and a loss of consumer trust. This is especially true if the compromise becomes a matter of public record.
Included in the report are an analysis of recent losses incurred by a large retailer ($530 million) and a large financial services firm ($100 million). The analysis takes into account the loss of revenue due to business disruption and loss of consumer trust in addition to the harder costs, such as legal expenses. Other analyses includes losses suffered by an automotive manufacturer and a rental and leasing company.
IT departments are constantly being challenged to be up and running 100 percent of the time to maximize efficiency. While doing this, they need to protect their data and adhere to legal and regulatory requirements at the same time.
The challenge is to manage business opportunity and risk at the same time. The 2008 report shows that the firms with the most mature practices in compliance and risk management are doing better and spending less to achieve their goals. This translates into more revenue, profit, and customer retention.