New research from the IT Policy Compliance Group reveals our instincts were right all along: Doing the right thing is better for business. According to a press release published at CNNMoney.com, the findings illustrate that
the way to improve business results and reduce financial risk, loss and expense is to increase or enhance the competencies, practices and capabilities governing the use and disposition of IT resources.
Of the more than 2,600 organizations participating in the research, those who had the best IT governance, risk and compliance plans in place also did better at keeping customers, making them happy and at growing revenue. Similarly, those who did not have mature IT GRC practices also did not do well when it came to satisfying customers or making profit.
So what causes the correlation? IT Policy Compliance Group managing director Jim Hurley told me on Thursday he wasn't sure. But the report does point out what the organizations at the top of the curve are doing differently. They're continually monitoring everything. This means more automation, more management involvement, more reporting, more evaluation, more adjusting to correct small problems.
More specifically, the report recommends, among other things, that companies:
- Use a measurable, continuous quality improvement program throughout IT.
- Require monthly measurement and reporting.
- Increase and automate technology controls to mitigate and avoid financial risk, brand damage and business disruptions.
- Improve skills within IT assurance, audit and risk management.
As for what companies at the bottom can do to improve their situations, one of the first would appear to be getting upper management buy-in to a continuous quality improvement process.