Indian employees want their companies to take more risks

Date:   Friday , March 05, 2010

Despite the tough economy, one in three IT professionals in India believe that companies should take bigger risks with business projects related to IT. According to a survey of 463 IT professionals in India, their companies should take on riskier projects that often have a higher return on investment.

Conducted by ISACA, a global association of 86,000 IT governance, security and assurance professionals, the survey found that more than one-third (34.4 percent) of respondents believe that their own organizations are too risk-averse and may be missing out on opportunities to increase value. While more than 85 percent of respondents think their organization effectively integrates IT risk into overall risk management, more than 30 percent say that business lines are not willing to fully engage in risk management. This lack of engagement was reported to be the top hurdle to effectively addressing IT-related business risk, but budget limits (29.6 percent) and uncertainty of how to tailor best practices to the environment (18.1 percent) are also problematic, according to the IT professionals surveyed.

Encouragingly, compliance with governmental regulations is not the top driver for organizations' risk management activities. Instead, ensuring that current functionality is aligned with business needs (41.1 percent) was named the primary reason for risk management programs, with compliance following at a distant second (19.5 percent). Interestingly, fewer than 10 percent of respondents said that managing costs was a primary driver.

“These statistics indicate that organizations are no longer engaging in effective risk management for the sake of compliance, but are doing so because it benefits the enterprise,” says Robert Stroud, CGEIT, International Vice President of ISACA.Communication continues to be a vital component. Also, organizations should improve coordination between IT risk management and overall enterprise risk management (31.5 percent), and should provide executive management with a "single view of risk" as opposed to risk silos (11.4 percent).