Topics researched by the IT Policy Compliance Group (IT PCG) benchmarks are part of an ongoing research calendar established by input from supporting members, advisory members, and general members of the Group, as well as from findings compiled from ongoing research .
This annual report includes research findings that date back one quarter, two quarters, one year, and even two years ago . The aggregation of findings across multiple research studies has only been conducted where all the findings for specific tracking questions are identical, or where the analysis of variance shows the findings within and across all of the benchmarks are within the population means and standard deviations .
The most recent benchmarks included in this report were conducted between December 2007 and March 2008 with 558 separate, qualifying organizations . The consistent findings related to tracking questions from earlier benchmarks conducted between June 2007 and March 2008 with up to 2,608 separate firms have been included, but only where errors do not skew results of findings .
The majority of the organizations (90 percent) participating in the benchmarks are located in North America and the remaining ten percent of the participants for the research findings come from countries located in Africa, Asia Pacific, Europe, the Middle East and South America .
Although the majority of participants hail from North America, many members of the Group from outside this geography have, through separate communications, indicated that the results cited apply equally well within their organizations that happen to be located in other industrialized and rapidly industrializing geographies from around the world . As a result, the Group believes the findings related to the maturity of IT GRC practices and business outcomes that are cited in this report are applicable to most organizations and areas of the world where IT services are embedded as part of common business procedures .
In addition to specific tracking questions common to each benchmark, the benchmarks are also designed to uncover the relationship between business results, the actions that organizations have taken in response to business pressures, and the capabilities these organizations have to respond to business pressures . Industries represented Almost every industry has participated in the benchmark, including accounting services, advertising, aerospace, agriculture, apparel, architecture, automotive, banking, chemicals, computer equipment and peripherals, computer software and services, construction, consumer durable goods, consumer electronics, consumer packaged goods, distribution, education, engineering services, financial services, general business and repair services, government (public administration), government (defense and intelligence), health, medical and dental services, insurance, law enforcement, legal services, management
services, scientific and consulting services, manufacturing, medical devices, metals and metal products, mining, oil and gas, paper, timber and lumber, pharmaceuticals, public relations, publishing, media and entertainment, real estate, rental and leasing services, retail trade, telecommunications equipment, telecommunication services, transportation and warehousing, travel, accommodation and hospitality services, utilities, and wholesale trade . Manufacturing accounts for roughly twelve percent of participating organizations . All other industries account for less than ten percent of the benchmark participants .
Improving business results and mitigating financial risk
Revenue of participating organizations Thirty-three percent of the organizations participating in the benchmark have annual revenues, assets under management, or budgets that are less than $50 million . Another 31 percent have annual revenues, assets under management, or budgets that are between $50 million and $999 million . The remaining 36 percent have annual revenues, assets under management, or budgets that are $1 billion or more .
Number of people employed by participating organizations
Thirty percent of the participating organizations employ less than 250 people . Twenty- nine percent employ between 250 and 2,499 people . The remaining 41 percent employ 2,500 or more people . Job titles of participants Twenty-eight percent of the participants in the benchmark are senior managers (CEO,CFO, CIO, and so on), 13 percent are vice presidents, 34 percent are managers or directors, 24 percent are staff, and 1 percent work as internal consultants .
Roles of participants
Thirty-two percent of the participants work in IT, another 27 percent work in finance and internal controls, 15 percent work in legal and compliance, 5 percent work in sales and marketing, 5 percent work in product design and development, and the remaining 16 percent of the participants work in a wide range of job functions, including customer service, anufacturing, procurement, and logistics .
About IT Policy Compliance Group
The IT Policy Compliance Group is dedicated to promoting the development of research and information that will help organizations meet their policy and regulatory compliance goals . The IT Policy Compliance Group focuses on assisting member organizations to improve business, governance, risk management, and compliance results based on fact-based benchmarks .
The IT Policy Compliance Group Web site at www .itpolicycompliance .com features content by leading experts in the world of compliance and published reports containing primary research . Research benchmarks and interactive assessment tools sponsored by the Group deliver fact-based insight and recommendations about what is working and why, and what can be done to improve results .
The Group's research is designed to help legal, financial, internal controls, and professionals to:
• Benchmark results and efforts against peers and best-in-class performers
• Identify key drivers, challenges, and responses to improve results
• Determine the applicability and use of specific capabilities to improve results
• Identify best practices for IT governance, risk, and compliance
The Group relies upon its supporting members, advisory members, associate members,
and significant benchmark findings to drive its research and editorial calendar .
To know more details go through below link
Benchmarking IT Risk & Compliance
Compliance Webcast and Video
IT Governance, Risk and Compliance: What the best performing firms do in IT to deliver better business results and lower risk
2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk
Tuesday, July 29, 2008
Thursday, July 24, 2008
Benchmarking IT Risk & Compliance
Join Jennie Grimes, Senior Director, Symantec Enterprise Marketing and Jim Hurley, Managing Director, IT Policy Compliance Group; Symantec Senior Research Mgr as they explore IT Risk and Compliance critical issues. Two areas of focus for this on-demand webcast are presented beginning with the results of Symantec's IT Risk Management Report. The second portion covers research conducted by the IT Policy Compliance Group, a joint research initiative between Symantec, ISACA, CSI and others. At this free webcast you will learn about:
- Persistent myths about IT Risk and suggestions on ways to dispel each
- How organizations keep IT services flexible, adaptive, and aligned to organizational goals in constantly changing business climates
- The intimate relationship between compliance and risk
- How you can take key actions to reduce the financial impact of data loss
- Best practices extracted from industry research and survey respondents
Subscribe to:
Posts (Atom)