In 2003 on the heels of the Dotcom bubble, Nicholas Carr argues persuasively in his seminal article, IT Doesn’t Matter that strategic advantage from the use of IT is becoming increasingly fleeting and short-lived, that IT is becoming commoditized, and that risks left by the use of IT are more important than the advantages delivered.
His recommendations include:
• Spend less on IT
• Follow, don’t lead
• Focus on vulnerabilities, not opportunities
Advice on spend is a bit simplistic
In the latest IT PCG research report, How the Masters of IT Deliver More Value and Less Risk, the dictate to “spend less on IT” is found to be a bit simplistic – if not self-serving.
The best performers actually spend more on IT to drive value and manage risk
Research from 2006 through 2010 shows those organizations with higher revenue, profit and customer retention actually spend more on IT and information security to drive value and manage business risks related to the use of IT.
Where spend on IT delivers more value and less risk
The best performing organizations are using IT Balanced Scorecards, IT Strategy Maps, IT Portfolio Management and COBIT to drive value from the use of IT. Preserving value and managing risk is accomplished by the same organizations with the use of ISO-based information security practices, COBIT-defined controls and procedures, CIS defined benchmarks, IT GRC systems and applications, security incident and event management systems, and information security controls.
Highly automated, these organizations are reporting on value and risk daily, weekly and bi-monthly. The findings from the ongoing research show organizations taking these actions post much higher revenue, much higher profits, much less loss or theft of customer data, much less business downtime from IT accidents or disruptions, fewer vulnerabilities and far fewer problems with regulatory audit.
Do not follow the laggards: Instead follow-the-leaders
The only differentiation found in the research is among those spending less money for these initiatives, management tools and technology systems. Among these organizations, revenue, profits, customer retention are either average or worst-of-breed. These same organizations post the highest business risks from IT-related downtime, lost or stolen customer data, vulnerabilities impacting IT systems, and problems found from audit. The advice provided by Carr in 2003 to follow the leaders is sage advice.
References:
How the Masters of IT Deliver More Value and Less Risk
Related research
What Color Is Your Information Risk – Today?
Why Automating Vulnerability Management Pays
Automation, Practice and Policy in Information Security for Better Outcomes
Assessments@ITPolicyCompliance
Want to simply find out how your organization compares with your industry, your peers or best performing organizations? Try the two-minute Assessments@ITPolicyCompliance
ITPCG blog 