ISACA Finds Regulatory Compliance Is Top Concern in 2011

Over the next 12 to 18 months, businesses are going to a face a wide variety of new or tightened regulations that will impact enterprise IT (Basel, Frank-Dodd, PII, Do Not Track, Solvency II and HITECH Meaningful Use, to name a few).

So, I wasn't surprised to see that regulatory compliance emerged as the number one concern in a major new ISACA member survey of more than 2,400 IT, security, and audit and assurance managers from 126 countries worldwide.

Taken altogether, the data from ISACA's Top Business/Technology Issues Survey identified seven top concerns affecting IT. Here they are, listed in order of importance:


Regulatory compliance. Within this topic, the top-ranked technology concern was segregation of duties and privileged access monitoring, cited by more than half (53 percent) of survey respondents.



Enterprise-based IT management and governance. Managing IT project risk was first on the list of concerns within this area, rated as most important by 45 percent.


Information security management. One of the top concerns expressed by ISACA members was the lack of senior management involvement in setting direction for information security. This worry which was ranked as important or very important by a total of 80 percent of responses.



Disaster recovery/business continuity.




Challenges of managing IT risks.


Vulnerability management.



Continuous process improvement and business agility.


The survey also revealed an additional four areas that just missed the top seven this year. According to ISACA, these concerns will continue to rise in importance in future member surveys: cloud computing, mobile device management, virtualization and business intelligence.

As I see it, these results indicate the pressing need for integration and collaboration not only across the enterprise, but throughout the supplier network, as well. Automating procurement and integrating it with other business functions is becoming increasingly critical, and building robust, collaborative relationships with suppliers can mitigate regulatory compliance risk, while enhancing value and lowering costs.

"This year's survey shows more clearly than ever that information technology cannot be managed in a vacuum. From the growing number of government regulations to consumer privacy concerns to hacktivist attacks, enterprise IT assets are being challenged in ways that go far beyond the server room," said Tony Noble, CISA, a member of ISACA's Guidance and Practices Committee and vice president of IT audit at Viacom Inc. "The study also reveals a marked perception that the business side of the organization believes IT is managed in a silo, which indicates an opportunity for better aligning business with IT to unlock greater value."