About 20% of most organisations` IT budgets are wasted, in that they do not create value for a company, the IT Governance 2005 conference heard today.
Delivering his keynote address, Gerhard Knecht, director of security practices at Unisys, said this was not in line with IT governance principles, which formed part of companies` corporate governance strategy.
Corporate governance, he stated, called for the creation of value for an organisation`s shareholders.
In terms of the components of IT governance, Knecht said IT decisions should be strategically aligned with business planning, coupled with the management of IT risks, IT resource management and performance measurement of IT.
Effective IT governance was a top-down approach, he said, with the board and executives setting clear policies, goals and objectives. However, this was not always the case, as the board often did not have a clear understanding of IT issues and processes.
A bottom-up approach should be adopted to fill this void, he added.
Knecht argued that, in order to achieve good IT governance, the board must perform risk management and compliance, ensuring strong internal controls with robust risk management and compliance processes.
"A good security compliance programme enhances operational efficiency, through reduced downtime and repair costs, as well as reduced business risks," he said.
"IT governance fails when there is not enough involvement from company people who have knowledge of processes and systems - they must be more involved."
Share