SYDNEY--(BUSINESS WIRE)--A recent white paper issued by the Australian chapters of global IT association ISACA highlights the potential for security breaches and major technology disasters at leading Australian organisations, with 60% of IT professionals stating they do not believe all IT-related risks are being effectively managed. Furthermore, 64% of IT professionals believe the risk culture at their organisation is only moderately effective or not effective at all.
“We are deeply concerned by the lack of importance being placed on managing IT risks. From these results, it is clear that Australian organisations aren’t adequately prepared”
The white paper, titled IT Risk Management: Drivers, Challenges and Enablers for Australian Organisations, outlines results from an ISACA Australia-led survey of 111 Australian business and IT professionals and subsequent structured interviews conducted at the end of 2012. The study was designed to better understand the IT risk management drivers and challenges faced by Australian organisations.
“We are deeply concerned by the lack of importance being placed on managing IT risks. From these results, it is clear that Australian organisations aren’t adequately prepared,” said Paras Shah, founder and principal consultant at Vital Interacts, and principal author of the white paper. Shah, who is also a member of ISACA’s Framework Committee, will present findings from the white paper at the upcoming Oceania CACS2013 conference, It’s a Jungle Out There… Navigating Security, Audit and Governance, this September.
Key findings from the IT Risk Management white paper show:
- 71% of respondents think Australian business teams lack awareness that IT risk management is important to attain business process goals and targets.
- 89% believe that IT risk management activities are generally perceived by business stakeholders as a compliance burden, whether external or internal.
- 23% identified a “major IT-related failure event” as one of the main drivers for their organisation to manage IT risks.
- 26% indicated their IT risk management programs focused too much on IT security risks, rather than considering all IT-related risks.
Details of ISACA frameworks, including COBIT 5 (which incorporates ISACA’s previous Risk IT and Val IT frameworks), and the need for such process models, were also examined in the white paper, in relation to the findings. COBIT helps organisations govern and manage their information and technology to drive enterprise value.
The majority of survey participants came from the sectors of banking and finance services (35%), energy and utilities (11%), government and defence (11%) and manufacturing and industrials (8%) in organisations located across Australia, and included senior IT and risk management professionals.
This white paper was co-written by David Roche, ISACA Sydney Chapter president, and Anthony Rodrigues, ISACA Melbourne Chapter director.
Commenting on the findings, Rodrigues said, “Organisations must relate IT risks to business goals and keep the business engaged to create support and executive involvement. The importance of managing risk cannot be under-estimated and organisations must take responsibility for managing their risks.”
Roche added, “Organisations with a weak risk culture are exposed to inappropriate decisions in strategy, programs and operations. On the other hand, organisations with a mature risk culture have the ability to protect and enable the achievement of their objectives. We urge Australian IT professionals to review and update their IT risk management frameworks to ensure they are sufficiently protected.”
ISACA, an association of 110,000 IT professionals, will hold its Oceania CACS2013 conference at the Adelaide Convention Centre from 23-27 September 2013 and feature respected industry experts from Australia, New Zealand and around the world. For information on Oceania CACS2013 or ISACA, visit http://www.oceaniacacs2013.org/ or www.isaca.org.
IT Risk Management: Drivers, Challenges and Enablers for Australian Organisations can be downloaded freely at www.isaca.org.au.