IT Governance Institute 2006 Status Report

Following on from the last post below, here is the proof. The IT Governance Institute is gearing up to release its 2006 Global Status Report, which was supposed to be available for free downloading from late February – presumably out any day now. It gave a sneak preview to ZDNet Asia, which revealed some striking variations in boardroom awareness of IT issues. Unsurprisingly, India scores highly – it has been interesting to note that many of the recently announced ISO 27001 certifications have been from Indian businesses – but Japan is weird: only 26 percent of respondents from there reported that IT is discussed regularly (or more often) by the board, compared to 63 percent of respondents worldwide – but Japan has the highest number of successful ISO 27001 certifications in the world, and ISO 27001 certification requires some strategic board input.

Generally, the ITGI is encouraged by progress since its last global survey in 2003. However, there remains a lot to do before most directors should sleep too easily at night:

‘The study also found that CEOs are responsible for governance over IT in only 24 percent of the organizations surveyed. As in 2003, CEOs and business executives are still hesitant to discuss IT governance. Shareholders should worry about this, because boards and CEOs are ultimately responsible for IT risk management and oversight over all major assets–including IT. Instead, the study found that CIOs are responsible for IT governance in 33 percent of organizations, and nobody is responsible in 6 percent of organizations.’