Survey reveals poor IT governance

26 May 2005

Only 11pc of Irish organisations of between 101 and 5,000 employees have proper IT compliance practices and procedures in place, a survey published by iQuate, an Irish IT compliance and asset management software firm.

The remaining 89pc do not have sufficient IT compliance/IT governance policies to properly manage risks and costs in their IT operations. This rate indicates the lack of understanding from organisations on the implications of non-compliance, said Jason Keogh, founder of iQuate.

Conducted in conjunction with the Business Software Alliance (BSA), the survey revealed that some 95pc of the respondents initially stated they felt their companies had sufficient controls in place. But, when asked specific questions on risks relating to software licences, media copyright infringement, corporate governance legislation and cost management, remarkably the results changed to show a massive U-turn in that 85pc of respondents felt they did not have sufficient policies in place.

Keogh commented: “In our experience whilst auditing company IT networks, we always find companies have over-licensed some applications, while under-licensing others.

“Putting in place proper procedures supported by automated solutions can ensure risks of prosecution by under-licensing are removed and unnecessary costs related to over-licensing are not incurred.

“It is an added bonus that when IT governance procedures are put into place correctly, they increase productivity, decrease risks and reduce business cost. Organisations have to remember prevention is not only better than the risk, but it also leads to cost savings,” Keogh added.

In further research, out of the last 10 IT health checks that iQuate has performed on organisations it was found that where acceptable usage policies in relation to web/email usage exist not all areas were sufficiently covered. All of the networks had MP3 files on more than 20pc of machines, with an average of 200 MP3 music files on each of these machines. The average number of MP3 files in a 100 employee organisation was 7,500.

The survey found that movie/DVD rip files were discovered on six of the networks. It was also proved that MP3 downloads were taking place on work PCs during working hours in three companies that had website filtering in place and strong firewall rule sets. In seven out of 10 cases, the worst offenders were among the IT support staff themselves, as they had the ability to circumvent the security measures put in place for the majority of staff.

Keogh said proper IT governance procedures lead to high levels of cost savings in IT management. It is essential, he continued, companies realise that by adhering to IT governance practices they not only safeguard their business against legal and regulatory risk, they can also save money in the process.

Julian McMenamin, chairman of BSA Ireland, said: “The findings of this study emphasise our recent IDC findings that confirm Ireland continues to have an unacceptably high piracy rate of 38pc. We must continue to strive for good corporate governance in Irish business.”

By John Kennedy