Network World tries to drive home the point that you should mature your IT governance if you want to be successful in business:
The most important finding cited in this report is that “organizations with best business results are the same firms with the most mature [IT GRC] practices and the organizations with the worst business results are the same firms with the least mature [IT GRC] practices.” The key takeaway from the report is this: “The way to improve business results and reduce financial risk, loss and expense is to increase or enhance the competencies, practices and capabilities governing the use and disposition of IT resources.” In other words, you’d better practice good IT GRC if you want to have a successful company.
I am biased so it is easy for me to agree, but the devil’s advocate in me says that this could be a misleading measurement. Perhaps successful companies practice good IT GRC. It would be most interesting to examine this relationship over time.
For example, I used to think Dell quality control and ethics were top notch. The components they used, the engineering and execution of their systems, and the support they offered were unparalleled for value in the early to mid 1990s. Then they became wildly successful, and by 2000 the wheels seemed to come off their wagon. Today I just read that they have been found guilty of fraud by the New York court. My guess would be that their IT governance, just like their other processes, were stellar in the big run-up to mega-success. Then management went awry and now they are still wildly successful, but if their governance of IT is anything like their current customer support or their engineering…see what I mean?