ISACA survey shows strengthening case for IT governance

The study, conducted among 538 organisations worldwide, examined the business outcomes of implementing the COBIT and Val IT frameworks, and revealed a strong positive relationship for both. Says Wim Van Grembergen, co-author of the report and professor at the University of Antwerp and the University of Antwerp Management School: "As a result, a strong business case exists that shows the benefits enterprises achieve when using COBIT and Val IT." ISACA's survey also identifies which COBIT and Val IT processes are most frequently and fully implemented – noting that the majority of the top five most fully implemented COBIT processes are in the 'deliver and support (DS) domain, with one each in the 'acquire and implement' (AI) and the 'monitor and evaluate' (ME) domains. "The results show that enterprises are still focusing more on operational issues – implementation, delivery and support – than on the equally important planning and monitoring issues, indicating that there is room for improvement," comments Steven De Haes, co-author of the report and professor at the University of Antwerp and University of Antwerp Management School. Incidentally, European organisations report a fuller implementation status than most North American and Asian enterprises, particularly for P09 'Assess and manage IT risks'. Van Grembergen suggests that this finding is probably due to the impact of regulatory requirements such as Basel II. He also believes that the US' high score for implementing ME2 'Monitor and evaluate internal control' is likely to be due to the Sarbanes-Oxley Act.