Add to collection(s) Add to saved
  1. Business
  2. Management

Today’s Enterprise - Cyberthreats Lurk Amid Major Transformation

advertisement 
Today’s Enterprise - Cyberthreats
Lurk Amid Major Transformation
Assessing the Results of Protiviti’s 2015 IT Priorities Survey
INTRODUCTION
“T he
very technologies that empower us to do great good can also be used to
undermine us and inflict great harm .
national security .
… [ the ]
...
cyber threats are a challenge to our
problem of how we secure this digital world is only
going to increase .”
U.S. President Barack Obama1
Amid major technology transformation and change, danger seemingly lurks everywhere for today’s
enterprises. Crafty, cunning and dangerous cyber predators worldwide are threatening to blow the
lid off organizational cybersecurity defenses. Defending against these predators is consuming large
amounts of IT hours and resources at a time when a majority of organizations are undergoing a
major IT transformation (see page 5).
Outwitting the wolves at your organization’s “cyber door” and managing changes in the enterprise
with confidence requires IT departments to deploy an impressive and innovative array of information
security approaches, processes, tools, skills/personnel, and collaborations – all of which we find at the
top of IT’s packed priority list, according to the results of Protiviti’s 2015 IT Priorities Survey.
Not surprisingly, the priority placed on security and privacy capabilities has intensified in our
survey this year – often dramatically. To illustrate, in last year’s study the highest-ranked area in this
category (“Developing and maintaining security and privacy standards”) had a priority index of 6.4
(on a 10-point scale). This year, a full dozen of the security and privacy capabilities we assessed are
ranked 6.7 or higher. As we detail in our report, the results for CIOs and IT executives are even
more pronounced.
These trends are, in fact, evident throughout this year’s results, which show that IT leaders and
professionals are contending with a vast number of increasing and competing priorities, including
but not limited to cybersecurity. This also mirrors key findings from our recent Executive Perspectives on Top Risks for 2015 study, in which board members and C-suite executives identified cybersecurity as one of the top risks their organizations must address in 2015.2
Our key findings in this year’s IT Priorities Survey include:
1. Security concerns are paramount – No surprise here: Addressing and strengthening cybersecurity represents a critical priority among all respondents, CIOs and companies of all sizes.
2. Major IT changes and upgrades continue – Well over half of all organizations are undergoing a major IT transformation that will last a year or longer, intensifying demands on IT
departments to manage these changes successfully while addressing other critical business needs
(e.g., cybersecurity).
3. The search for balance is underway – As important as cybersecurity and privacy issues have
become, they represent just one of many rising priorities, such as virtualization and enterprise
1
2
Comments made at the White House Summit on Cybersecurity and Consumer Protection, February 13, 2015.
Executive Perspectives on Top Risks for 2015: Key Issues Being Discussed in the Boardroom and C-Suite, North Carolina
State University’s ERM Initiative and Protiviti, www.protiviti.com/toprisks.
2015 IT Priorities Survey • protiviti.com/ITpriorities
1
architecture, on the IT department’s bursting agenda. IT executives and professionals have a
vast number of pressing duties on their plates this year, with priorities increasing across the
board in volume and significance. To address and manage these challenges successfully, they
must develop and strengthen the expertise and business savvy necessary to strike the right balance
between activities that enhance business value and those that protect organizational value.
4. IT seeks to manage all assets better: data, hardware, software and more – IT departments
are adapting and improving how they manage a broader and more diverse collection of companyowned and third-party assets (including data) as their companies seek to harness more and more
business value from them.
5. Collaboration is key – Organizations undergoing and managing major changes are focused on
leveraging technology to enable greater collaboration across the enterprise. This not only facilitates more opportunities for real-time partnering, but also reduces time-to-value significantly.
Top 10 IT Priorities for 2015 (including ties)*
Rank
IT Area
2015 Priority 2014 Priority
Index
Index
“Significant Priority”
Percentage (6-10)
1
Virtualization
7.3
6.5
2
Virus/malware advanced threat
detection/eradication
7.1
NA
Data breach and privacy laws
(various U.S. states)
7.0
6.2
Enterprise architecture
7.0
NA
Incident response success
(containment, recovery)
7.0
6.3
83%
Monitoring security events
7.0
6.4
84%
Data architecture
6.9
6.4
81%
Data governance
6.9
6.3
81%
Incident response policy and
preparedness
6.9
6.3
82%
Incident response reaction time
6.9
6.3
83%
IT project management
6.9
6.5
82%
Patch management
6.9
NA
NA
83%
Vulnerability scanning
6.9
NA
NA
82%
3
(tie)
7
(tie)
* Based on a 10-point scale. See Methodology section for details.
2
YOY Trend
2015 IT Priorities Survey • protiviti.com/ITpriorities
86%
NA
83%
83%
NA
81%
METHODOLOGY
More than 1,000 respondents (n = 1,073), including CIOs, IT vice presidents and IT directors,
participated in our study, which was conducted within the prior 90 days. We are grateful for the
time invested in our study by these individuals.
Participants answered more than 100 questions in 10 categories:
• Managing Security and Privacy
• Technical Knowledge
• Defining IT Governance and Strategy
• Managing IT Assets
• Management and Use of Data Assets
• Ensuring Continuity
• Managing Application Development
• Deploying and Maintaining Solutions
• Managing IT Infrastructure
• Organizational Capabilities
For each of these categories, respondents were asked to rate, on a scale of 1 to 10, the level of
priority for them and their organizations to improve in different issues and capabilities. A “10”
rating indicates the issue is a high priority while a “1” indicates the issue is a low priority.
We have classified each issue and capability with an index of 6.0 or higher as a “Significant Priority”
for IT functions. Those with an index of 4.5 through 5.9 are classified as a “Moderate Priority,” and
those with an index of 4.4 or lower are classified as a “Low Priority.” (Of note, none of the more
than 100 IT issues and capabilities addressed in our 2015 survey is rated to be “Low Priority.”)
Our survey also includes a special section, “IT Transformation,” in which we assess how IT organizations are managing changes and addressing budget and resource challenges.
2015 IT Priorities Survey • protiviti.com/ITpriorities
3
IT TRANSFORMATION
Key Findings
• For the second consecutive year, a majority of organizations report they are
undergoing a “major IT transformation,” though there was a slight year-over-year
decrease in the results.
• Most organizations expect the IT transformation to last a year or longer, and the
magnitude of disruption caused by these changes is viewed to be very significant (of
note, multiple studies continue to show that many IT projects experience costly delays,
exceed established budgets and/or fail to fulfill the original business requirements).
• IT transformations are intended to achieve multiple objectives, the most common
of which are cost/simplification, new functionality, service assurance and
regulatory/compliance.
Key Facts
Percentage of organizations undergoing a
major IT transformation
Level of disruption (scale of 1 to 10)
organizations are experiencing as a
result of a major IT transformation
60
6.4
54
Percentage of organizations in which
the duration of the IT transformation
is expected to be a year or longer
What are the objectives of your organization’s IT transformation?*
Cost/simplification
64%
New functionality (mobile, new products, etc.)
55%
Service assurance
47%
Regulatory/compliance
46%
Adoption of emerging technology
43%
Time to market/agility
34%
* Multiple responses permitted
2015 IT Priorities Survey • protiviti.com/ITpriorities
5
MANAGING SECURITY AND PRIVACY
Key Findings
• The top security and privacy priorities – including virus/malware advanced threat
detection/eradication, monitoring security events, and incident response success
(containment, recovery) – rank among the highest priorities in the entire survey.
• IT functions plan to invest significant time, staff, technology and budget on numerous
specific security and privacy priorities in 2015.
Overall Results, Managing Security and Privacy
Managing Security and Privacy
6
2015 Priority 2014 Priority
Index
Index
Virus/malware advanced threat detection/eradication
7.1
NA
Incident response success (containment, recovery)
7.0
6.3
Monitoring security events
7.0
6.4
Incident response policy and preparedness
6.9
6.3
Incident response reaction time
6.9
6.3
YOY
Trend
NA
Patch management
6.9
NA
NA
Vulnerability scanning
6.9
NA
NA
Developing and maintaining security and privacy standards
6.8
6.4
Managing user identities and access
6.8
6.3
End-user security awareness and training
6.7
NA
Implementing security/privacy solutions and strategies
6.7
6.3
Managing technical infrastructure configuration
6.7
6.2
Penetration testing (internal/external)
6.7
NA
Managing application users
6.5
6.2
Managing IT users
6.5
6.2
Managing third-party vendors
6.5
6.0
U.S. Health Insurance Portability and Accountability Act (HIPAA)
6.5
5.8
Managing and classifying enterprise data
6.4
6.2
Managing contractors
6.4
6.0
Clarity about third-party compliance readiness (partners, vendors)
6.3
6.0
U.S. Gramm-Leach Bliley Act (GLBA)
6.2
5.8
California Security Breach Information Act (CS SB 1386)
6.0
5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
NA
NA
Commentary
Documented occurrences of corporate and governmental data breaches grow larger, more prevalent,
more damaging and more complex in nature. Boards and C-suite executives are more focused than
ever on security issues.3 And enterprises are adopting a more comprehensive view of their information
security. Thus, IT is doubling down on its efforts to strengthen information security and privacy.
Note that each of the 22 areas included in this section of the survey are ranked at the “Significant
Priority” level. Virus/malware advanced threat detection/eradication, which we added to the survey
this year, received the second-highest index ranking among all of the 100-plus priorities evaluated
in this year’s study, and monitoring security events and incident response success (containment,
recovery) are among the top six priorities in our survey. We view the responses as indicative of
organizations focusing on leveraging technology and automation to improve their ability to identify
risks in real-time – and to respond accordingly.
Additionally, of those areas included in last year’s survey, every one of them ranks higher this year
compared to last year’s results. In other words, information security and privacy, a longstanding IT
priority, is becoming even more important.
That said, this challenge is no longer viewed strictly as an “IT issue” at leading companies, but rather
as a critical business issue. Executive management teams and boards of directors are working closely
with IT executives to more effectively manage and monitor what qualifies as a strategic risk.4
Key Questions to Consider
• Has an information security model – such as the NIST Cybersecurity Framework, ISO
27001/27002 or Critical Security Controls for Effective Cyber Defense – been adopted? Has the
organization done a gap assessment against one of these models?
• Has the company performed an information security risk assessment to understand its technical exposures?
• Does the organization have the tools and processes to effectively prevent, detect and contain
targeted malware after a user clicks on a link in a phishing email?
• Does the organization have the right tools and staffing levels to address the security needs of the
organization effectively?
• Does the organization’s IT strategy include an incident response plan that is evaluated regularly
to ensure it addresses new and emerging types of security and privacy risks and breaches?
• Is an effective incident response team in place and equipped to reduce the occurrence, proliferation and impact of security breaches?
• Who in the IT organization is responsible for keeping executive management and the board
updated regarding the company’s information security and privacy risks?
• Do key stakeholders (IT, C-suite executives, board members) support the development of an
information security strategy appropriate to the organization’s scale, culture, regulatory obligations and business objectives?
Ibid.
Protiviti’s Board Perspectives: Risk Oversight, Issue 44, “Managing Cybersecurity Risk,” www.protiviti.com/en-US/
Pages/Board-Perspectives-Risk-Oversight-Issue-44.aspx.
3
4
2015 IT Priorities Survey • protiviti.com/ITpriorities
7
• Does the current incident response plan include procedures that identify specific actions to
be taken in response to specific types of security incidents? How often are these procedures
exercised (think “fire drill”), and who is responsible for doing so (and taking corrective actions,
if necessary)?
• What steps are in place to test and improve incident response speed as well as the quality of the
overall incident response capability?
• Have thresholds been identified that indicate when and how executive management and, in some
cases, the board, should participate in incident response efforts when appropriate?
• Is there agreement on what metrics are communicated to the board and executive management
to keep them sufficiently aware of the organization’s information security status?
• Is the organization clear on the value/importance of its information assets – especially those
that could be considered its “crown jewels”? Does the company have a formal data classification program to help manage both the effectiveness and efficiency of the overall data security
and privacy capability? How is this program communicated and taught throughout the
entire organization?
• Is security-event monitoring support being performed in-house, through a managed security
services provider (MSSP) or both? How is the effectiveness of this monitoring evaluated?
• Are third-party vendors and trading partners addressed in the organization’s security/privacy
strategy?
• How is vendor compliance with security and privacy policies and standards monitored (including
incident response preparedness)?
• How are internal (“insider”) security threats monitored, managed and communicated?
• What additional technologies are planned for managing security risk?
Key Facts
To whom or where does the CIO and IT organization report?*
CEO
CFO
Board of Directors
* Percentages shown
8
2015 IT Priorities Survey • protiviti.com/ITpriorities
21
42
8
22
7
COO
Other
Focus on CIOs/IT Executives and Large Companies
Managing Security and Privacy – Results for CIOs/IT Executives and Large Company Respondents
Managing Security and Privacy
Virus/malware advanced threat
detection/eradication
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
NA
NA
Patch management
NA
NA
Vulnerability scanning
NA
NA
NA
NA
NA
NA
Incident response success
(containment, recovery)
Monitoring security events
Incident response policy and
preparedness
Incident response reaction time
Developing and maintaining security
and privacy standards
Managing user identities and access
End-user security awareness and
training
Implementing security/privacy solutions
and strategies
Managing technical infrastructure
configuration
Penetration testing (internal/external)
Managing application users
Managing IT users
Managing third-party vendors
U.S. Health Insurance Portability and
Accountability Act (HIPAA)
Managing and classifying enterprise data
Managing contractors
Clarity about third-party compliance
readiness (partners, vendors)
U.S. Gramm-Leach Bliley Act (GLBA)
California Security Breach Information
Act (CS SB 1386)
Significant Priority
Index of 6.0 or higher
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
9
TECHNICAL KNOWLEDGE
Key Findings
• Virtualization, data breach and privacy laws, and enterprise architecture (a new
addition to this year’s study) not only are the top priorities in this category, but also
represent three of the highest-ranked priorities in the entire survey.
• Cybersecurity guidance, including NIST, is prevalent in the Technical Knowledge
priority list.
• Data governance and data architecture (another new area in the survey) also rank as
significant priorities.
• As is the case throughout this year’s survey, many technical capabilities rank higher as
priorities this year compared to last year’s results.
Overall Results, Technical Knowledge
Technical Knowledge
10
2015 Priority 2014 Priority
Index
Index
Virtualization
7.3
6.5
Data breach and privacy laws (various U.S. states)
7.0
6.2
Enterprise architecture
7.0
NA
Data architecture
6.9
6.4
Data governance
6.9
6.3
IT project management
6.9
6.5
Cloud computing
6.7
6.3
Cloud storage of data
6.7
6.1
IT program management
6.7
6.3
NIST (cybersecurity)
6.7
6.1
Big data
6.5
6.0
Business process automation
6.5
NA
ERP systems
6.5
6.2
YOY
Trend
NA
NA
ITIL
6.4
NA
NA
Agile methodologies
6.3
NA
NA
Data discovery/e-discovery
6.3
NA
NA
Mobile development
6.3
NA
NA
PCI DSS
6.3
5.8
Smart device integration
6.3
6.1
Mobile commerce security
6.2
6.1
Open Web Application Security Project (OWASP)
6.2
NA
2015 IT Priorities Survey • protiviti.com/ITpriorities
NA
Technical Knowledge
2015 Priority 2014 Priority
Index
Index
PMP
6.2
6.1
BYOD policies/programs
6.1
6.1
CISSP/CISM
6.1
5.9
ISO/IEC 27001 and 27002
6.1
6.2
Mobile commerce integration
6.1
6.0
Mobile commerce policy
6.0
5.9
Social media policy
6.0
5.8
Social media security
5.9
6.0
COBIT
5.8
5.9
Social media integration
5.8
5.9
ISO 31000
5.7
6.0
CISA
5.6
5.8
European Union Data Directive
5.6
5.9
HITRUST CSF
5.6
5.6
CGEIT
5.5
5.7
YOY
Trend
Commentary
Given the prevalence of IT transformation and the resulting challenges for organizations, it is not
surprising to find numerous multidimensional knowledge areas ranking as key priorities in this
category, as IT functions strive to both enhance and protect business value. These twin objectives
are evident at the top of the Technical Knowledge priority rankings, where equal weight is given
to addressing data breach and privacy laws (protecting value) and improving enterprise architecture
(enhancing value).
Interestingly, the highest-ranked priority in the entire survey, virtualization (7.3), is not tied
directly to security. Rather, virtualization serves the dual purpose of enhancing and protecting value
by helping IT functions boost efficiency and productivity, reduce power usage and operating costs,
and strengthen security and disaster recovery capabilities.
While virtualization ranks highly as a priority this year, it certainly is not the only priority in this
category. In fact, compared to our 2014 results, there are higher priority index scores throughout
the category. Last year, two areas (virtualization and IT project management) each had a priority
index of 6.5, while other Technical Knowledge areas scored 6.3 or lower. This year, 10 areas scored
6.7 or higher, with three scoring 7.0 or higher.
Relating back to the earlier discussion regarding security and privacy challenges, cybersecurity issues,
including data breach and privacy laws (various U.S. states) and the NIST Cybersecurity Framework,
also rank among the most important of all issues that IT functions are confronting in this category.
2015 IT Priorities Survey • protiviti.com/ITpriorities
11
Key Questions to Consider
• How can the IT department strengthen its current approach to virtualization (server, network,
desktop) through new collaborations, investments and skills?
• Is the IT department’s knowledge and expertise concerning virtualization, enterprise architecture
and cloud computing sufficient? If not, how can this knowledge be enhanced or supplemented?
• Is the IT department maintaining current knowledge of changing data breach, information security and information privacy laws, rules, directives, standards and guidance?
• Has IT evaluated the organization’s cybersecurity program against the NIST Cybersecurity
Framework?
• Is data security sufficiently addressed in current data governance, data architecture, IT project
management and IT program management activities?
• Does IT maintain formal mobile commerce and social media policies that lay out the security
requirements for those who engage in mobile commerce and/or social media activities?
• Does IT maintain a “bring your own device” (BYOD) policy that serves as the foundation for a
current, secure and business-value-enabling BYOD program?
• What applications are running in a cloud environment? What data is processed there and how is
it protected and monitored?
• Are staff members strengthening their knowledge and expertise through formal training (e.g.,
professional certifications) and informal approaches (e.g., stretch assignments, rotational work, etc.)?
Focus on CIOs/IT Executives and Large Companies
Technical Knowledge – Results for CIOs/IT Executives and Large Company Respondents
Technical Knowledge
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Virtualization
Data breach and privacy laws (various
U.S. states)
Enterprise architecture
NA
NA
NA
NA
NA
NA
Data architecture
Data governance
IT project management
Cloud computing
Cloud storage of data
IT program management
NIST (cybersecurity)
Big data
Business process automation
ERP systems
ITIL
12
2015 IT Priorities Survey • protiviti.com/ITpriorities
Technical Knowledge
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Agile methodologies
NA
NA
Data discovery/e-discovery
NA
NA
Mobile development
NA
NA
NA
NA
PCI DSS
Smart device integration
Mobile commerce security
Open Web Application Security Project
(OWASP)
PMP
BYOD policies/programs
CISSP/CISM
ISO/IEC 27001 and 27002
Mobile commerce integration
Mobile commerce policy
Social media policy
Social media security
COBIT
Social media integration
ISO 31000
CISA
European Union Data Directive
HITRUST CSF
CGEIT
Significant Priority
Index of 6.0 or higher
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
13
DEFINING IT GOVERNANCE AND STRATEGY
Key Findings
• Top priorities include monitoring IT costs and benefits, monitoring and achieving legal/
regulatory compliance, and integration/alignment of IT planning and business strategy.
• IT functions are focused on achieving highly effective IT governance and strategy, which
is designed to manage and run the IT function in a way that enhances and protects
organizational value.
• While all of the areas again have “Significant Priority” rankings (similar to the 2014
results), the priority index numbers for 13 of the 16 areas measured last year increased
on a year-over-year basis.
Overall Results, Defining IT Governance and Strategy
Defining IT Governance and Strategy
2015 Priority 2014 Priority
Index
Index
Monitoring IT costs and benefits
6.8
6.5
Integration/alignment of IT planning and business strategy
6.7
6.5
Monitoring and achieving legal/regulatory compliance
6.7
6.4
IT risk analysis and reporting
6.6
6.4
Managing project quality
6.6
6.4
Developing and maintaining operations management policies and standards
6.5
6.3
Key performance indicators (KPIs)
6.5
6.5
Developing and maintaining end-user support policies and standards
6.4
6.3
Maintaining IT controls design and operating effectiveness
6.4
6.3
Reporting IT activities and performance
6.4
6.3
Defining IT roles and responsibilities
6.3
6.2
Defining metrics and measurements for monitoring IT performance
6.3
6.3
Managing and monitoring policy exceptions
6.3
6.3
Negotiating, managing and monitoring customer service-level agreements
6.3
6.2
Negotiating, managing and monitoring information quality
6.3
6.2
Portfolio management – Long-term and short-term planning
6.3
6.4
Defining organizational placement of the IT function
6.1
6.2
YOY
Trend
Commentary
Why is strong IT governance and strategy so critical? Consider that almost all companies today –
regardless of industry, location or size – are technology organizations. They cannot function without technology, and the innovative use of technology almost always represents a critical differentiator
and success factor for the company.
14
2015 IT Priorities Survey • protiviti.com/ITpriorities
More broadly, technology is transforming most industries and driving a wave of innovation and
creativity. The pace of change is increasing, and technology is breaking down barriers between
industries and transforming business models. In addition, “shadow IT” and the need to harness it
while fostering innovation and creativity represents another critical consideration. As many organizations are learning, there is both risk and reward in this space.
These are among the many reasons underscoring the critical importance of IT governance and
strategy. From monitoring IT costs and benefits to aligning IT planning and business strategy, we
see that numerous IT governance areas rank among the many demanding priorities CIOs and IT
professionals are addressing today. As further context, note that last year the highest index ranking
in this category was 6.5 (integration/alignment of IT planning and business strategy, key performance indicators (KPIs), and monitoring IT costs and benefits). This year, there are five items with
ratings of 6.6 or higher.
What other factors are driving changes in the enterprise and the increasing need for strong IT
governance processes?
• Cloud/XaaS is presenting new opportunities and operating models that businesses are exploring – at
the same time, they must manage key changes and risks that these operating models are introducing.
• Cybersecurity (as we noted earlier in our report) represents a major area of focus in terms of IT
governance and strategy.
• Despite the increasing need for strong IT governance to help manage the changing enterprise
and address increasing risks, IT budgets remain under pressure, requiring the IT organization to
do more with the same level of resources.
Ultimately, CIOs and IT leaders recognize that failure to define and execute on IT strategy to
support the organization’s objectives will, for many, lead to failure of the business strategy.
Key Questions to Consider
• Do we have the right leadership and skills to engage effectively with other leaders in the business
so that we can help manage changes underway throughout the enterprise?
• How is IT leadership communicating the importance of IT’s mission to enhance and protect
value throughout the department’s ranks and, more importantly, across the enterprise? What
types of collaboration between IT executives and other business leaders can help IT more effectively execute its enhance-and-protect mission?
• Is the technology organization able to influence business strategy? And is technology and its use
a key driver when defining business strategy?
• Are we able to articulate business risk issues in the context of technology?
• Do we have a clear view of the cyber risks that we face? And when it comes to cybersecurity, do
we know what our risk appetite is?
• What processes ensure that IT risk analysis and reporting insights and outputs are fed into strategic planning (within the IT department and at an overall business level)? How can IT risks be
most effectively represented in an enterprise’s operational risks?
• What is our exposure to third-party risk? Which third parties present the highest risk to the
enterprise?
• Are we spending enough on technology innovation as opposed to security, operations, etc.?
• What disruptive technologies/innovations exist (e.g., “shadow IT”) that could destabilize our
business strategy? What opportunities are presented by these disruptive technologies?
2015 IT Priorities Survey • protiviti.com/ITpriorities
15
• Is the drive to measure, manage and monitor IT costs and benefits – and IT performance –
consistent throughout every level of the IT department? How can this objective be executed
more consistently? How can this be used to change behaviors?
• Are there ways that IT and finance can partner to strengthen IT’s focus on monitoring costs and
benefits? How do we communicate cost/value to the business? And how can IT costs be represented in a manner that is meaningful and actionable for business partners?
Focus on CIOs/IT Executives and Large Companies
Defining IT Governance and Strategy – Results for CIOs/IT Executives and Large Company Respondents
Defining IT Governance
and Strategy
CIOs/IT
Executives
Monitoring IT costs and benefits
Integration/alignment of IT
planning and business strategy
Monitoring and achieving legal/
regulatory compliance
IT risk analysis and reporting
Managing project quality
Developing and maintaining
operations management policies
and standards
Key performance indicators (KPIs)
Developing and maintaining
end-user support policies and
standards
Maintaining IT controls design
and operating effectiveness
Reporting IT activities and
performance
Defining IT roles and
responsibilities
Defining metrics and
measurements for monitoring IT
performance
Managing and monitoring policy
exceptions
Negotiating, managing and
monitoring customer servicelevel agreements
Negotiating, managing and
monitoring information quality
Portfolio management – Longterm and short-term planning
Defining organizational
placement of the IT function
Significant Priority
Index of 6.0 or higher
16
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
MANAGING IT ASSETS
Key Findings
• Managing software licensing and compliance, deploying software, and managing
hardware maintenance agreements represent the top priorities.
• The findings in this category reflect a desire to manage IT asset risks while optimizing
the value of current assets.
• Several priorities point to a need to improve vendor risk management.
Overall Results, Managing IT Assets
Managing IT Assets
2015 Priority 2014 Priority
Index
Index
Managing software licensing and compliance
6.4
6.1
Software deployment
6.3
6.2
Managing hardware maintenance agreements
6.2
5.9
Hardware deployment
6.1
6.1
Managing audit process (SAS 70, SSAE 16, others)
6.1
5.9
Monitoring and reviewing contracts/billings
6.1
5.9
Monitoring IT assets
6.1
5.9
Negotiating and establishing agreements
6.1
5.9
Accounting for IT asset management
6.0
5.9
Managing contract analysis and renewal
6.0
5.9
Managing IT asset retirement – employee/contractor termination
6.0
5.8
Monitoring external service-level agreements
6.0
5.9
Determining outsourcing strategy and approach
5.9
5.9
Managing IT asset retirement – IT asset refresh
5.9
5.9
YOY
Trend
2015 IT Priorities Survey • protiviti.com/ITpriorities
17
Commentary
Based on this year’s findings, IT professionals have a clear plan for improving their function’s IT
asset management capability:
1. Manage risks
2. Maximize value
3. Adapt
Both maximizing value and adapting are necessary thanks to the ongoing adoption of new devices
(e.g., smartphones and tablets). Additionally, a coming wave of “Internet of Things” technology
and connectivity promises to create even more (and, in many cases, highly unique) IT assets for
organizations, along with new questions about how they use data and whether this violates their
ethical standards or harms their reputation. These changes already are introducing new devices
(and even more data) and are requiring modifications to current IT asset management approaches
and processes.
It also is clear that like other IT areas and capabilities addressed in our study, IT asset management
is growing in importance and priority. Whereas three areas in this category had “Significant Priority” rankings in our 2014 survey, 12 are ranked 6.0 or higher in this year’s findings.
Key Questions to Consider
• Are current asset management policies, processes, technologies and structures (skills, roles, etc.)
keeping pace with the organization’s changing portfolio of IT assets?
• Is the IT function monitoring organizational interest in new and emerging IT assets to ensure
they can be managed effectively under current policies?
• Does the current policy governing IT asset retirement following the termination of an employee
or contractor sufficiently mitigate information security and privacy risks?
• How are software licensing agreements monitored, and are current change-management mechanisms regarding these licenses working effectively and efficiently?
• Are all third-party agreements governed and managed in accordance with applicable auditing
standards, such as SSAE 16?
• Who is responsible for network planning and engineering, as well as ensuring any network
build-out is rightsized?
• Who is responsible for creating, maintaining and monitoring controls and other risk management considerations related to the deployment, maintenance and retirement of software and
hardware assets?
18
2015 IT Priorities Survey • protiviti.com/ITpriorities
Focus on CIOs/IT Executives and Large Companies
Managing IT Assets – Results for CIOs/IT Executives and Large Company Respondents
CIOs/IT
Executives
Managing IT Assets
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Managing software licensing
and compliance
Software deployment
Managing hardware
maintenance agreements
Hardware deployment
Managing audit process (SAS
70, SSAE 16, others)
Monitoring and reviewing
contracts/billings
Monitoring IT assets
Negotiating and establishing
agreements
Accounting for IT asset
management
Managing contract analysis and
renewal
Managing IT asset retirement
– employee/contractor
termination
Monitoring external service-level
agreements
Determining outsourcing
strategy and approach
Managing IT asset retirement –
IT asset refresh
Significant Priority
Index of 6.0 or higher
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
19
MANAGEMENT AND USE OF DATA ASSETS
Key Findings
• Business intelligence and reporting tools, data analytics platforms and support, shortand long-term enterprise information management strategy, and data and information
governance programs represent the top priorities.
Overall Results, Management and Use of Data Assets
Management and Use of Data Assets
2015 Priority 2014 Priority
Index
Index
Business intelligence and reporting tools
6.5
6.1
Data analytics platforms and support
6.4
6.1
Data and information governance program
6.3
6.1
Short- and long-term enterprise information management strategy
6.3
6.1
Data lifecycle management
6.2
6.1
Master data management
6.2
6.1
Big data initiatives
6.1
5.9
End-user adoption of data tools
6.1
5.9
YOY
Trend
Commentary
As more companies implement cloud computing technology, the protection and use of data – and
organizational data assets, in particular – become more important and valuable to businesses.
The priorities identified herein point to a heightened need for IT functions to protect and optimize
data assets.
Two priorities identified in this year’s survey – short- and long-term enterprise information
management strategies, and data and information governance programs – suggest that IT organizations are intent on integrating the management and use of data assets into their strategies and
oversight capabilities.
The emphasis on master data management and data lifecycle management shows that IT organizations also are keen to protect the rapidly increasing value of organizational data.
Not surprisingly, business intelligence and reporting tools as well as data analytics platforms and
support are at the very top of the IT function’s data asset management priority list. These activities,
the reach of which now extends to every function in the enterprise, are intended to derive value
from the organization’s data assets.
20
2015 IT Priorities Survey • protiviti.com/ITpriorities
Key Questions to Consider
• Is a formal data and information governance program in place? If so, who is responsible for overseeing the program as data analytics tools are leveraged increasingly throughout the company?
• Beyond IT, what other functional leaders should be involved in shaping and monitoring data and
information governance?
• How can IT and internal audit collaborate more effectively to ensure the data and information
governance program is an effective risk management mechanism?
• How is the data and information governance program marketed to internal stakeholders? How is
it applied with regard to vendors, including offshore resources?
• What are the most important data risks related to third-party relationships, and how are these
risks managed?
• What current mechanisms ensure the data and information governance program remains
relevant and sufficient in light of the organization’s rapidly changing use of data and data analysis
tools? What additional mechanisms should be considered?
• How is the IT function’s short- and long-term enterprise information planning integrated into
IT planning and the overall business strategy?
• How can data assets be managed in a more secure manner as well as in a way that generates more
business value?
• How is master data management quality/security governed and monitored?
Focus on CIOs/IT Executives and Large Companies
Management and Use of Data Assets – Results for CIOs/IT Executives and Large Company Respondents
Management and
Use of Data Assets
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Business intelligence and
reporting tools
Data analytics platforms and
support
Data and information
governance program
Short- and long-term enterprise
information management
strategy
Data lifecycle management
Master data management
Big data initiatives
End-user adoption of data tools
Significant Priority
Index of 6.0 or higher
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
21
ENSURING CONTINUITY
Key Findings
• Top priorities include business continuity management and disaster recovery program
testing, and ensuring business alignment.
• Every BCM area has increased year-over-year in priority at a time when concerns related
to cybersecurity and cyberattacks continue to rise.
Overall Results, Ensuring Continuity
Ensuring Continuity
2015 Priority 2014 Priority
Index
Index
Business continuity management and disaster recovery program testing
6.5
6.2
Ensuring business alignment
6.5
6.2
Designing and maintaining business continuity strategies
6.4
6.1
Developing and maintaining IT disaster recovery plans
6.4
6.2
Developing and maintaining risk assessment/business impact analysis
6.4
6.0
Ensuring executive management support and sponsorship
6.4
6.1
Developing and maintaining business resumption plans
6.2
6.0
Developing and maintaining crisis management plans
6.2
6.0
YOY
Trend
Commentary
In recent years, IT functions that focused on strengthening their companies’ business continuity management (BCM) and disaster recovery (DR) capabilities typically worked to adapt their
programs to address more integrated global supply chains, more frequent weather-related disasters,
and an increasingly mobile and remote workforce. More recently, IT functions have witnessed
firsthand the speed, scale and impact of an equally challenging business continuity threat: cyberattacks. Well-known cybersecurity intrusions over the past year have resulted in the loss of intellectual
property and business intelligence. These events provide painful reminders of the risks companies
confront as they become more and more data-driven.5
Given the central enabling role that technology systems, applications and data provide for most
companies, IT functions must ensure that a BCM/DR capability remains robust and ready at both
a strategic and tactical level. Testing also has become more complicated as organizations deal with
an increasing number of third-party vendors. Considering the priorities indicated in our findings
(e.g., ensuring business alignment), they seem well-aware of these needs and their importance.
Although the business realm’s growing reliance on data and information systems exposes companies to new challenges, technology breakthroughs and developments (e.g., cloud computing) also
provide valuable new BCM defenses and capabilities.
5
22
Executive Perspectives on Top Risks for 2015: Key Issues Being Discussed in the Boardroom and C-Suite, North Carolina
State University’s ERM Initiative and Protiviti, www.protiviti.com/toprisks.
2015 IT Priorities Survey • protiviti.com/ITpriorities
Key Questions to Consider
• Which IT leaders are responsible for 1) developing and maintaining IT disaster recovery plans,
and 2) playing a key role in the company’s overall BCM/DR program?
• Are business interruptions and crises that would stem from potential data breaches reflected
in the current BCM program? Do current BCM/DR plans contain specific incident response
approaches and escalation protocols?
• From an IT perspective, are current levels of BCM rigor, funding and attention sufficient?
• What, if any, new investments in technology, process improvement or skills would benefit your
organization’s BCM efforts?
• What monitoring mechanisms are in place to ensure the BCM program keeps pace with changes
to IT infrastructure, applications, external relationships and data?
• How are IT-related BCM and disaster recovery capabilities, activities and updates shared with
executive management and the board of directors, and how is their feedback incorporated into
the BCM planning process?
• How frequently are BCM plans tested? Are concrete improvement plans enacted in response to
the learnings from these exercises?
Focus on CIOs/IT Executives and Large Companies
Ensuring Continuity – Results for CIOs/IT Executives and Large Company Respondents
CIOs/IT
Executives
Ensuring Continuity
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Business continuity
management and disaster
recovery program testing
Ensuring business alignment
Designing and maintaining
business continuity strategies
Developing and maintaining IT
disaster recovery plans
Developing and maintaining risk
assessment/business impact
analysis
Ensuring executive management
support and sponsorship
Developing and maintaining
business resumption plans
Developing and maintaining
crisis management plans
Significant Priority
Index of 6.0 or higher
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
23
MANAGING APPLICATION DEVELOPMENT
Key Findings
• Similar to prior years’ results, risk management represents the top application
development priority.
• Other key areas of focus include project monitoring and control, collaboration
platforms (such as SharePoint) and ERP application security.
Overall Results, Managing Application Development
Managing Application Development
24
2015 Priority 2014 Priority
Index
Index
Risk management
6.4
6.1
Project monitoring and control
6.3
6.0
Collaboration platforms (for example, SharePoint)
6.2
6.0
ERP application security
6.2
6.0
Configuration management
6.1
5.9
ERP system “bolt-on” applications (BI, CRM, etc.)
6.1
5.9
Mobile application development
6.1
6.0
Requirements management
6.1
6.0
ERP system implementation
6.0
5.9
Organizational performance management
6.0
5.9
Organizational process performance
6.0
5.8
Organizational training
6.0
5.8
Secure development/code review
6.0
NA
Software selection
6.0
5.9
Decision analysis and resolution
5.9
5.9
Rapid application development framework
5.9
5.7
Scrum development methodology
5.9
5.7
Service-oriented architecture (SOA)
5.9
NA
ERP system selection
5.8
5.8
Object-oriented programming
5.8
5.8
Open application programming interface (API)
5.8
NA
Causal analysis and resolution
5.7
5.6
Spreadsheet risk
5.6
5.7
Spiral iterative framework
5.5
5.7
2015 IT Priorities Survey • protiviti.com/ITpriorities
YOY
Trend
NA
NA
NA
Commentary
Managing application development requires large amounts of work as well as numerous and
complex considerations. There are risks to be managed, project management expertise to be
applied, controls to enact, intense collaborations to be conducted, methodologies to be mastered,
requirements and configurations to be managed, and much more.
In many ways, application development is both an essential and representative IT activity – the
findings in this category signify trends evident throughout our report, from managing risk to effective project management and collaboration.
The results also show that, similar to most other categories, there are a greater number of application development priorities this year compared to 2014. Last year’s respondents scored six areas to
be of “Significant Priority” (those with a priority index score of 6.0 or higher); this year’s respondents ranked more than twice that number as “Significant Priority” areas.
Key Questions to Consider
• Does the IT function possess the resources necessary to manage application development in a
secure manner?
• What are the top current application development risks, and how are these risks addressed?
• What are notable emerging application development risks, and to what extent do (or would)
current risk management practices address these emerging issues?
• To what extent are vendor-related application development risks monitored and managed?
• Is the current level of ERP security sufficient?
• Are current and planned ERP system changes – most notably, the integration of bolt-on applications (BI, HRIS, CRM, marketing automation, etc.) – performed in a way that mitigates ERP
security risks?
• Are collaboration platforms being utilized sufficiently to strengthen applications development?
• Does the IT function possess the resources and expertise necessary to apply the right level of
project monitoring and control to application development activities?
2015 IT Priorities Survey • protiviti.com/ITpriorities
25
Focus on CIOs/IT Executives and Large Companies
Managing Application Development – Results for CIOs/IT Executives and Large Company Respondents
Managing Application
Development
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Risk management
Project monitoring and control
Collaboration platforms (for
example, SharePoint)
ERP application security
Configuration management
ERP system “bolt-on”
applications (BI, CRM, etc.)
Mobile application development
Requirements management
ERP system implementation
Organizational performance
management
Organizational process
performance
Organizational training
Secure development/code
review
NA
NA
NA
NA
NA
NA
Software selection
Decision analysis and resolution
Rapid application development
framework
Scrum development
methodology
Service-oriented architecture
(SOA)
ERP system selection
Object-oriented programming
Open application programming
interface (API)
Causal analysis and resolution
Spreadsheet risk
Spiral iterative framework
Significant Priority
Index of 6.0 or higher
26
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
DEPLOYING AND MAINTAINING SOLUTIONS
Key Findings
• Managing changes in applications developed in-house represents a top priority, along
with integrating applications.
• Other priorities include developing applications and managing changes in thirdparty applications.
Overall Results, Deploying and Maintaining Solutions
Deploying and Maintaining Solutions
2015 Priority 2014 Priority
Index
Index
Managing changes – applications developed in-house
6.4
6.1
Integrating applications
6.3
6.1
Developing applications
6.2
6.0
Managing changes – third-party applications
6.2
6.1
Managing and testing security in SDLC
6.1
NA
Acquiring applications
5.9
5.9
YOY
Trend
NA
Commentary
IT organizations continue to wrestle with coordination across the business as they deploy solutions
and updates. This is particularly the case for homegrown applications.
Key Questions to Consider
• Who is responsible for overseeing and managing changes to in-house applications? And who is
responsible for overseeing and managing changes to third-party applications?
• How is the change process monitored and audited, and how can this process be improved?
• How can security be managed and tested more effectively throughout the system development lifecycle?
2015 IT Priorities Survey • protiviti.com/ITpriorities
27
Focus on CIOs/IT Executives and Large Companies
Deploying and Maintaining Solutions – Results for CIOs/IT Executives and Large Company Respondents
Deploying and Maintaining
Solutions
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
Managing changes –
applications developed in-house
Integrating applications
Developing applications
Managing changes – third-party
applications
Managing and testing security
in SDLC
NA
NA
Acquiring applications
Significant Priority
Index of 6.0 or higher
Moderate Priority
Index of 4.5 to 5.9
Key Facts
Percentage of organizations that utilize
offshore resources to support/augment
the IT function
54
64
28
2015 IT Priorities Survey • protiviti.com/ITpriorities
Percentage of organizations that have
a chief information security officer (or
equivalent position)
MANAGING IT INFRASTRUCTURE
Key Findings
• There are notable year-over-year increases in priority index scores for IT infrastructure,
with IT infrastructure change management leading the way.
• IT organizations also are focusing on the management and administration of backup
and recovery systems, network performance planning, and change management in
operating systems and databases.
Overall Results, Managing IT Infrastructure
Managing IT Infrastructure
2015 Priority 2014 Priority
Index
Index
IT infrastructure change management
6.6
6.1
Managing and administering backup and recovery
6.6
6.3
Network performance planning
6.5
6.1
Operating system change management
6.5
6.1
Database change management
6.4
6.1
YOY
Trend
Managing and maintaining real-time operations
6.4
NA
NA
Managing capacity
6.4
NA
NA
Storage management and planning
6.4
6.2
Platform performance planning
6.3
6.0
Managing and maintaining hybrid operations (on-site, ASP, cloud, etc.)
6.2
NA
NA
Managing application service providers
6.2
NA
NA
Managing data center environmental controls
6.2
6.0
Managing and maintaining batch processing
6.1
6.1
Commentary
The emphasis that IT functions place on most elements of managing IT infrastructure is clearly
increasing. The highest priority index ranking that survey respondents identified in this area last
year was 6.3; this year, respondents ranked eight different areas of managing IT infrastructure at
6.4 or higher. Quite simply, as is the case throughout this year’s survey findings, respondents have
longer to-do lists packed with more pressing priorities.
The overarching digital transformation has upped the need for IT functions to store, manage and
protect their data-driven company’s lifeblood. As newer and better data management and data protection tools and approaches emerge, IT functions must conduct a much greater amount of change
management work – to IT infrastructure, operating systems, databases (all top priorities) and more.
Planning, protecting and managing change represent core activities IT functions are employing
to improve their management of IT infrastructure. These activities also extend to vendors, such
as application service providers. The IT function’s data, particularly in the cloud, becomes more
2015 IT Priorities Survey • protiviti.com/ITpriorities
29
complicated. Increasingly, the mandate for these infrastructure improvements originates with
executive management and the board of directors, who recognize that one of their organization’s
top sources of business value must be managed carefully.
Key Questions to Consider
• How are senior executives and the board of directors kept abreast of changing IT infrastructure
risks and needs?
• How can current change management strategies and processes related to infrastructure, operating systems and databases be improved?
• To what extent do current storage management capabilities support and align with the ways in
which the organization classifies, manages and protects data?
• How do daily storage management processes, decisions and investments align with business
continuity management plans?
• How does the IT function plan to meet changing – and growing – business demands as those
demands affect network performance?
Focus on CIOs/IT Executives and Large Companies
Managing IT Infrastructure – Results for CIOs/IT Executives and Large Company Respondents
Managing IT Infrastructure
CIOs/IT
Executives
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
IT infrastructure change
management
Managing and administering
backup and recovery
Network performance planning
Operating system change
management
Database change management
Managing and maintaining realtime operations
NA
NA
Managing capacity
NA
NA
Managing and maintaining
hybrid operations (on-site, ASP,
cloud, etc.)
NA
NA
Managing application service
providers
NA
NA
Storage management and
planning
Platform performance planning
Managing data center
environmental controls
Managing and maintaining
batch processing
Significant Priority
Index of 6.0 or higher
30
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
ORGANIZATIONAL CAPABILITIES
Key Findings
• Working effectively with C-level/senior executives, leadership (within your
organization), working effectively with business-unit executives, and recruiting IT talent
are the top priorities.
• Strategic collaborations – both inside and outside the organization – are a key area of
focus for IT professionals.
Overall Results, Organizational Capabilities
Organizational Capabilities
2015 Priority 2014 Priority
Index
Index
Working effectively with C-level/senior executives
6.3
6.0
Leadership (within your organization)
6.2
6.0
Recruiting IT talent
6.2
6.0
Working effectively with business-unit executives
6.2
6.0
Leadership (in outside organizations, groups, etc.)
6.0
5.8
Working effectively with regulators
6.0
5.9
Coaching/mentoring
5.9
5.9
Leveraging outside expertise
5.9
5.8
Working effectively with outside parties
5.9
5.9
Business process disciplines (Lean, Six Sigma, etc.)
5.7
5.8
Negotiation
5.7
5.8
Developing outside contacts/networking
5.6
5.8
Dealing with confrontation
5.5
5.8
YOY
Trend
Commentary
As detailed in prior sections of our report, the number and importance of competing priorities
simmering throughout the IT organization are reaching a fever pitch. It is positive to see that in
this environment, IT professionals are looking to sharpen their personal skills to help them expand
their expertise, deepen their relationships throughout the business, and recruit more help that
offers a more diverse set of capabilities.
Not surprisingly, the top priorities identified by respondents in this category have a decidedly
strategic bent: working effectively with C-level/senior executives, leadership (within your organization), working effectively with business-unit executives, and recruiting IT talent. As the data
within IT systems becomes more pivotal to strategic planning and execution, IT professionals are
seeking to solidify relationships with senior executives and business-unit executives to help shape
and safeguard these plans.
2015 IT Priorities Survey • protiviti.com/ITpriorities
31
The next tier of top priorities, which includes working effectively with regulators and leadership
(in outside organizations, groups, etc.), also demonstrates the IT function’s strategic intentions.
Together, these priorities reflect how IT functions, and IT professionals themselves, are transforming – quickly and intensely – to highly collaborative enhancers and protectors of business value.
Key Questions to Consider
• What opportunities exist for future IT leaders to collaborate with the senior executive team as
well as business-unit and other functional leaders throughout the organization?
• What leadership development does the IT function offer to rising executives?
• What types of training and assignments can help IT professionals become more effective collaborators and business partners?
• How is IT leadership working with human resources executives to ensure that current and future
IT talent needs are addressed?
• Are there opportunities for IT leaders to learn from other functional heads (e.g., legal, compliance, finance) and board members about working effectively with regulators?
• Are outside leadership activities encouraged and/or rewarded?
Focus on CIOs/IT Executives and Large Companies
Organizational Capabilities – Results for CIOs/IT Executives and Large Company Respondents
Organizational Capabilities
CIOs/IT
Executives
Working effectively with C-level/
senior executives
Leadership (within your
organization)
Recruiting IT talent
Working effectively with
business-unit executives
Leadership (in outside
organizations, groups, etc.)
Working effectively with
regulators
Coaching/mentoring
Leveraging outside expertise
Working effectively with outside
parties
Business process disciplines
(Lean, Six Sigma, etc.)
Negotiation
Developing outside contacts/
networking
Dealing with confrontation
Significant Priority
Index of 6.0 or higher
32
Moderate Priority
Index of 4.5 to 5.9
2015 IT Priorities Survey • protiviti.com/ITpriorities
YOY Trend
(Priority Level)
Large Company
Respondents
YOY Trend
(Priority Level)
SURVEY DEMOGRAPHICS
All demographic information was provided voluntarily and not all participants provided data for
every demographic question.
Position
Chief Information Officer
7%
Chief Information Security Officer
3%
Chief Technology Officer
3%
Chief Security Officer
2%
Chief Financial Officer
2%
IT VP/Director
27%
IT Manager
48%
Other
8%
Industry
Financial Services
14%
Manufacturing
13%
Government/Education/Not-for-profit
10%
Technology
10%
Professional Services
7%
Healthcare Provider
6%
Insurance
6%
Retail
4%
Services
3%
Telecommunications
3%
Consumer Products
2%
Energy
2%
Healthcare Payer
2%
Hospitality
2%
Life Sciences/Biotechnology
2%
Media
2%
Real Estate
2%
Communications
1%
Distribution
1%
Utilities
1%
Other
7%
2015 IT Priorities Survey • protiviti.com/ITpriorities
33
Size of Organization (by Gross Annual Revenue)
$20 billion+
10%
$10 billion - $19.99 billion
9%
$5 billion - $9.99 billion
10%
$1 billion - $4.99 billion
23%
$500 million - $999.99 million
18%
$100 million - $499.99 million
15%
Less than $100 million
15%
Type of Organization
Public
36%
Private
49%
Government
5%
Not-for-profit
8%
Other
2%
Organization Headquarters
34
North America
97%
Asia-Pacific
1%
Europe
1%
South America
1%
2015 IT Priorities Survey • protiviti.com/ITpriorities
ABOUT PROTIVITI
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in
finance, technology, operations, governance, risk and internal audit, and has served more than 40
percent of FORTUNE 1000® and FORTUNE Global 500® companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over
20 countries. The firm also works with smaller, growing companies, including those looking to go
public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half
is a member of the S&P 500 index.
About Our IT Consulting Services
In today’s rapidly evolving technological environment, a trusted adviser – one who not only
provides relevant insights, but delivers a combination of strategic vision, proven expertise and practical experience – can enhance the value of your business with technology.
Our global IT Consulting practice has helped CIOs and IT leaders at more than 1,200 companies
worldwide design and implement advanced solutions in IT governance, security, data management, applications and compliance. By partnering with us, you ensure that your IT organization
performs with the same focus and excellence with which you manage day-to-day business operations. We will work with you to address IT security and privacy issues and deploy advanced and
customized application and data management structures that not only solve problems, but add
value to your business.
2015 IT Priorities Survey • protiviti.com/ITpriorities
35
PROTIVITI GLOBAL IT CONSULTING PRACTICE
Tom Andreesen
thomas.andreesen@protiviti.com
Sidney Lim
sidney.lim@protiviti.com
Grant Barker
grant.barker@protiviti.com.au
Mark Lippman
mark.lippman@protiviti.com
Steve Cabello – Leader, Portfolio &
Program Management
steve.cabello@protiviti.com
Chris Louden
chris.louden@protiviti.com
Samir Datt
samir.datt@protiviti.com
David Dawson
david.dawson@protiviti.com
Nikhil Donde
nikhil.donde@protivitiglobal.in
Hernan Gabrieli
hernan.gabrieli@protiviti.it
Scott Gracyalny – Leader,
Custom-developed Software
scott.gracyalny@protiviti.com
Chris Grant
chris.grant@protiviti.com.au
Trey MacDonald
trey.macdonald@protiviti.com
Masato Maki
masato.maki@protiviti.jp
Ronan O’Shea
ronan.oshea@protiviti.com
Ed Page
ed.page@protiviti.com
Michael Pang
michael.pang@protiviti.com
Michael Porier
michael.porier@protiviti.com
Rocco Grillo – Leader, Incident
Response & Forensics
rocco.grillo@protiviti.com
Aric Quinones
aric.quinones@protiviti.com
John Harrison
john.harrison@protiviti.com
Carol Raimo – Leader, ERP Solutions
carol.raimo@protiviti.com
Greg Hedges
gregory.hedges@protiviti.com
Kalyan Raman
kalyan.raman@protivitiglobal.me
Rob Hustick
rob.hustick@protiviti.com
Siamak Razmazma
siamak.razmazma@protiviti.com
Sudarsan Jayaraman
sudarsan.jayaraman@protivitiglobal.me
Andrew Retrum
andrew.retrum@protiviti.com
Senthil Kumar
senthil.kumar@protivitiglobal.me
Ryan Rubin – Leader, Identity &
Access Management
ryan.rubin@protiviti.co.uk
Scott Laliberte – Leader, Vulnerability
& Penetration Testing
scott.laliberte@protiviti.com
36
Tom Luick
tom.luick@protiviti.com
Jeff Sanchez – Leader, Data Security
& Privacy
jeffrey.sanchez@protiviti.com
2015 IT Priorities Survey • protiviti.com/ITpriorities
Michael Schultz – Leader, Strategy &
Architecture
michael.schultz@protiviti.com
Cal Slemp – Leader, Security Program,
Strategy & Policy
cal.slemp@protiviti.com
Mike Steadman
mike.steadman@protiviti.com
Andrew Struthers-Kennedy
andrew.struthers-kennedy@protiviti.com
David Taylor
david.taylor@protiviti.com
Tomomichi Tomiie
tomomichi.tomiie@protiviti.jp
Kurt Underwood – Global Leader,
IT Consulting
kurt.underwood@protiviti.com
Michael Walter – Leader, Security
Operations Centers
michael.walter@protiviti.com
Jeff Weber – Leader, IT Operations
Improvement
jeffrey.weber@protiviti.com
Scott Williams
scott.williams@protiviti.com
Scott Wisniewski – Leader, Risk
Technologies
scott.wisniewski@protiviti.com
Jonathan Wyatt – Leader, Technology
Strategy and Operations
jonathan.wyatt@protiviti.co.uk
EUROPE/MIDDLE EAST/AFRICA
THE AMERICAS
UNITED STATES
Alexandria
Atlanta
Baltimore
Boston
Charlotte
Chicago
Cincinnati
Cleveland
Dallas
Denver
Fort Lauderdale
Houston
Kansas City
Los Angeles
Milwaukee
Minneapolis
New York
Orlando
Philadelphia
Phoenix
Pittsburgh
Portland
Richmond
Sacramento
Salt Lake City
San Francisco
San Jose
Seattle
Stamford
St. Louis
Tampa
Washington, D.C.
Winchester
Woodbridge
ARGENTINA*
Buenos Aires
CHILE*
Santiago
PERU*
Lima
BRAZIL*
Rio de Janeiro
São Paulo
MEXICO*
Mexico City
VENEZUELA*
Caracas
FRANCE
Paris
GERMANY
Frankfurt
Munich
ITALY
Milan
Rome
Turin
THE NETHERLANDS
Amsterdam
UNITED KINGDOM
London
BAHRAIN*
Manama
QATAR*
Doha
KUWAIT*
Kuwait City
UNITED ARAB EMIRATES*
Abu Dhabi
Dubai
OMAN*
Muscat
SOUTH AFRICA*
Johannesburg
CANADA
Kitchener-Waterloo
Toronto
ASIA-PACIFIC
AUSTRALIA
Brisbane
Canberra
Melbourne
Perth
Sydney
CHINA
Beijing
Hong Kong
Shanghai
Shenzhen
INDIA*
Bangalore
Mumbai
New Delhi
JAPAN
Osaka
Tokyo
SINGAPORE
Singapore
* Protiviti Member Firm
© 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet. PRO-0315-101075
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions
on financial statements or offer attestation services.
Related documents
Protiviti assists client in acquiring a professional sports team and
Protiviti assists client in acquiring a professional sports team and
Protiviti helps client recover US$350 million
Protiviti helps client recover US$350 million
protiviti audit command language (acl) training
protiviti audit command language (acl) training
The IIA Proposes Revisions and New Standards to its International
The IIA Proposes Revisions and New Standards to its International
Embedding Sound Risk Management Practices into an
Embedding Sound Risk Management Practices into an
member Medicaid/Medicare health plan
member Medicaid/Medicare health plan
Government-Contractor-Improve-Financial-Processes
Government-Contractor-Improve-Financial-Processes
Value Through Scenario Analysis
Value Through Scenario Analysis
Download
advertisement