ISACA Survey Results
ISACA Survey Addresses BC/DR Issues
ISACA, the Information Security and Audit Association, recently published the results of its 2008 Top Business/Technology Issues Survey. ISACA conducted the survey to validate and prioritize the findings of ISACA’s Business/Technology Issues Task Force, which conducts surveys and produces survey reports.
The task force identified 21 current business issues facing IT managers and executives. The list consisted of global issues that the task force felt were already affecting ISACA members and constituents, or would be in the next 12 to 18 months. The survey participants were then asked to rank the 21 business issues.
The top seven were:
1. Regulatory compliance
2. Enterprise-based IT management and IT governance
3. Information security management
4. Disaster recovery/business continuity
5. IT value management
6. Challenges of managing IT risks
7. Compliance and financial reporting standards
The study broke down the top business issues by respondent group—audit/assurance management, security management and IT management—ranking them for each. The Top Business/Technology Issues Survey had worldwide participation, with respondents from 95 countries representing all five ISACA regions. The survey generated 3,173 responses, representing a 6.9 percent response rate.
Among the findings were that business continuity management (BCM) proactively improves enterprise resilience against operational disruptions and provides the capability to react adequately. Notwithstanding the benefits, BCM remains an elusive goal for most enterprises. Within the topics of disaster recovery and business continuity, the key area that respondents felt will be the most important over the next 12 to 18 months is management’s lack of awareness of their responsibility to be able to maintain critical functions in the event of a disaster. This leads to BCM not being a business-owned and business-driven process. Other areas that were highlighted include the lack of a formal BCM policy within the enterprise and BCM being treated as a “one-time” initiative that requires no maintenance.
A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance, by David Kaye and Julia Graham is an important resource to address these issues.
