In New Delhi: One in three IT professionals in India believe that companies should take bigger risks with IT business projects. According to a recent ISACA survey, 34.4% of IT professionals in the country believe that their organisations are too risk-averse and may be missing out on opportunities to increase value.
The global association of IT governance, security and assurance professionals that has over 5,000 members in India had conducted a survey of 463 IT professionals in India. While more than 85% of respondents indicated that their organisation were effectively integrating IT risk into overall risk management, 30% said that business lines were not willing to fully engage in risk management.
The survey also reveals that while lack of engagement was the top hurdle in effectively addressing IT-related business risk, budget limits (29.6%) and uncertainty of how to tailor best practices to the environment (18.1%) were the other key factors.
Interestingly, compliance with government regulation did not emerge as the top driver for organisations risk management activities. Instead, 41.1% respondents said that aligning current functionalities with business needs is the primary reason for risk management programs.
Compliance followed at a distant second, with only 19.5% IT professionals indicating enterprise preference for it. Besides, only 10% of respondents said managing costs was a primary driver.
However, communication continues to be a vital component of the enterprise IT spends, with 35.4% respondents suggesting that the most important action an organisation can take to strengthen enterprise security is to increase awareness among its employees.
Talking about the survey Robert Stroud, international vice president of ISACA said that the statistics indicate that organisations are realising that IT risk management is critical to the business, and that it must be incorporated with overall business risk management for the enterprises to be most successful.
They are no longer engaging in effective risk management for the sake of compliance, but are doing so because it benefits the enterprise, he added.
Add new comment