According to the report companies fear the collapse of their IT systems more than terrorism, natural disasters, financial risk or regulatory constraints, yet the majority do not manage IT risk effectively.
The problem seems to be that IT systems (read ERP and other integrated apps) are getting more complex, and complexity increases the risk of IT failure. However, managers still view IT risk in terms of security.
Other findings include:
- Poor project management is the most common source of IT project failure – a particular concern in Europe.
- Scope creep is a problem – which would be avoided by better project management.
- Senior business management does not understand IT issues adequately.
- IT risk will increase in the next three years.
Isn’t this an area where the GRC (governance, risk, compliance) people should be looking?