Download - Protiviti's 2013 IT Priorities Survey
-
1 2013 IT Priorities Survey
FPO
2013 IT Priorities SurveyMobile Commerce, Social Media, Data Management and Business Continuity Dominate the Agendas of IT Departments
-
1 2013 IT Priorities Survey
Introduction
A cursory glance at nearly any information technology (IT) article, survey or report confirms that enterprises have plunged into the era of big data. Immersed in bits and bytes in todays modern IT environment, companies of all sizes express a growing hunger for the experience, processes and tools necessary to harvest this data into actionable information that drives decision-making and helps carve out competitive advantage.
Satisfying this hunger falls, of course, to the IT function. Yet a more rigorous inspection of IT reveals a function awash in much more than data. The functions responsibilities, priorities and to-do lists continue to expand more broadly and more deeply every year (it almost appears as if ITs growing workload is governed by Moores Law). Compare the results of Protivitis inaugural IT survey from 2011 with the 2013 survey results, and it becomes apparent that the number of areas CIOs and IT professionals have ranked as priorities this year has increased significantly.
Protivitis 2013 IT Priorities Survey is designed to help IT professionals classify areas in need of attention so that they can better execute the functions strategic mandate. The surveys findings and our accompanying analysis should help CIOs and their teams as they assess their own priori-ties and key areas of focus for 2013.
To that end, the survey results reveal trends and areas of priority that IT functions are currently addressing and planning for in response to what is happening in the market. These issues include:
Mobile commerce Numerous facets of mobile commerce management have emerged as major IT function focal points, including mobile commerce security, mobile commerce policy and mobile commerce integration. IT organizations are proactively looking to put into place more control and regimen around the management of mobile commerce and related new technologies.
The management and classification of data Data classification and management has become an overarching priority for IT functions as organizational information systems con-tinue to generate more and more big data that must be managed in accordance with risk management, regulatory compliance management and performance management require-ments. The more the IT function understands what comprises sensitive (i.e., valuable and/or high-risk) data, the more effective and cost-efficient the organizations data management capabilities will become.
Social media IT departments are investing significant time and resources to support the integration of social media and the governance of these technologies and related activities, which include social media programs for employees, customers and other external stakeholders.
Business continuity In the wake of several catastrophic natural disasters, IT functions are more mindful than ever of the need to plan for and respond to potential business disruptions and outages resulting from hacking, and to evaluate the location of their backup facilities.
Risk management ISO 31000 defines risk as the effect of uncertainty on objectives. Given the uncertainty radiating from IT issues such as mobile devices, social media, cloud computing and new compliance requirements, among many others, its no surprise that ISO 31000, as well as risk management in general, marks an area of IT function concern.
-
2 2013 IT Priorities Survey
IT infrastructure planning Planning activities specifically platform performance plan-ning, storage management and planning, and network performance planning represent key priorities for CIOs and their teams. These objectives point to an effort to make the IT func-tion more agile in response to the accelerating pace of change.
IT asset management Given the proliferation of smartphones, tablets and similar devices as well as the new applications and organizational data contained on these devices, IT func-tions have entered a brave new, highly mobile and increasingly risky world of asset manage-ment.
Nearly 200 respondents, including CIOs, chief technology officers, chief security officers, and IT vice presidents and directors, participated in the study. Respondents answered more than 100 questions in three general categories: Technical Knowledge, IT Process Capabilities and Organi-zational Capabilities. (The IT Process Capabilities category contains several subcategories.) The IT executives and professionals who participated in our survey represent virtually all industry sectors, including consumer products, distribution, energy, financial services, healthcare, hos-pitality, manufacturing, retail, technology and utilities. More than half of the participants work in publicly traded companies; the other respondents work in private, government and nonprofit organizations. (Please note that, upon request, Protiviti can provide customized reports based on the results of respondents from specific groups industry, company size, etc.)
We would like to express our gratitude to all of the IT executives and professionals who par-ticipated in our survey. We look forward to sharing these results and the trends they reveal, and observing over the next year what new priorities may emerge that will change the landscape yet again for CIOs and their IT organizations.
Protiviti February 2013
-
3 2013 IT Priorities Survey
Technical Knowledge
Key Findings 2013
Aspects of social media and mobile commerce represent major challenges and top priorities for many IT executives and professionals.
Risk management (and ISO 31000, in particular) as well as specific compliance requirements, such as the European Union Data Directive, also rank as key priorities for IT departments.
CIOs and their staffs intend to strengthen cybersecurity capabilities, in particular, given the growing threat of breaches as well as the quickly increasing number of state and federal information security compliance requirements.
Overall Results, Technical Knowledge
Need to Improve Rank
Areas Evaluated by RespondentsCompetency(5-pt. scale)
1 Social media security 2.9
2 Mobile commerce security 2.8
3 Mobile commerce policy 2.8
4 Mobile commerce integration 2.8
5 Social media integration 2.9
Respondents were asked to assess, on a scale of one to five, their competency in 21 areas of tech-nical knowledge in IT, with one being the lowest level of competency and five being the highest. For each area, they were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the areas of technical knowledge under consideration, see page 4.) Figure 1 depicts a com-parison of Need to Improve versus Competency ratings in a Technical Knowledge landscape.
IT functions are scrambling to deliver information, products and services via a growing number of platforms and devices in a secure, compliant, effective and cost-efficient manner to employees, customers, clients and other stakeholders. IT executives and professionals are juggling an impos-ing number of priorities, including integration, policy and security activities related to mobile commerce, social media and the smart devices more and more professionals use.
While this push creates significant work, these demands hardly exist in isolation and must be addressed along with numerous other, slightly less pressing (for the moment) priorities, such as ISO 31000, various state data breach and privacy laws in the United States, the European Union Data Directive, and national cybersecurity directives, including guidance coming from the National Institute of Standards and Technologys (NISTs) Computer Security Division (CSD).There is significant pressure on organizations in the healthcare and financial services industries, in particular, to perform more risk management.
-
4 2013 IT Priorities Survey
Additionally, cloud computing and virtualization enabling technologies that can greatly enhance ITs value to the business yet also pose risks that must be managed remain areas IT functions are targeting for improvement (as respondents to our 2011 survey also noted). Virtualizations promise of delivering more consistent service as well as improvements to data security and privacy, business continuity management capabilities and overall business agility (i.e., the ability to quickly and securely scale operations up or down) remain alluring. As such, IT executives and professionals appear intent on strengthening their virtualization capabilities.
Figure 1: Technical Knowledge Perceptual Map
NEED TO IMPROVELOWER HIGHER
DEG
REE
OF
TEC
HN
OLO
GY
US
ELO
WER
HIG
HER
2
4
5 1
3
7
89
15
10
11
14
12
1317
19
2120
18
16
6
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1 Social media security 12 European Union Data Directive
2 Mobile commerce security 13 ISO/IEC 27001/2
3 Mobile commerce policy 14 CISA
4 Mobile commerce integration 15 COBIT
5 Social media integration 16 Virtualization
6 ISO 31000 17 CISSP
7 Smart device integration 18 HITRUST CSF
8 Social media policy 19 PCI-DSS
9 Cloud computing 20 FISMA
10Data breach and privacy laws (various U.S. states)
21 GSEC
11 NIST (cybersecurity)
-
5 2013 IT Priorities Survey
Key Questions to Consider:
Can mobile commerce solutions be integrated effectively, efficiently and securely with your overall IT infrastructure and existing management tools?
Does your IT function maintain and update clear mobile commerce and social media policies that clearly convey the acceptable use and security requirements of these capabilities to employees who engage in mobile commerce and/or social media activities? How are these policies monitored and audited?
Is the overall state of your companys social media security sufficient? How can social media capabilities be integrated more extensively into appropriate business processes to deliver value?
How can smartphones, tablets and similar devices be integrated into the normal flow of business in a more effective and secure manner?
How robust are your information security measures? Are these measures applied differently depending on the sensitivity or importance of the data being processed and stored?
Is your organization in compliance with all relevant industry standards for security and privacy as well as applicable laws and regulations?
Does your organization have efficient systems and processes for monitoring the quality of com-pliance as well as processes for monitoring ongoing regulatory issues and anticipating new rules and regulations?
Two-Year Comparison Overall Results, Technical Knowledge*
2013 2011
Social media security Virtualization
Mobile commerce security Social media integration
Mobile commerce policy Cloud computing
Mobile commerce integration Social media security
Social media integration Mobile commerce security
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Mobile commerce issues policies, security, integration have emerged clearly as top priorities. Interestingly, challenges related to areas such as virtualization and cloud comput-ing appear to have receded somewhat, perhaps suggesting a higher level of confidence within IT departments in managing these areas and the relationships with vendors potentially pro-viding these capabilities. However, virtualization, cloud computing and related technologies remain significant areas of focus, especially in understanding how they can be leveraged.
-
6 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES1
IT executives appear to place greater emphasis on cybersecurity. By rating NISTs cybersecurity developments among their top priorities, CIOs and other IT executives express a desire to ensure that their functions keep abreast of leading cybersecurity practices, guidance and requirements.
IT Executive Results, Technical Knowledge
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Mobile commerce security 3.0
2 Mobile commerce integration 2.9
3 (tie)NIST (cybersecurity) 2.8
Mobile commerce policy 3.1
5 ISO 31000 2.4
Two-Year Comparison IT Executive Results, Technical Knowledge*
2013 2011
Mobile commerce security Social media integration
Mobile commerce integration Social media security
NIST (cybersecurity) Data breach and privacy laws (various U.S. states)
Mobile commerce policy Agile development
ISO 31000 COBIT
Cloud computing
* Certain competencies and skill areas in this category were not included in both years of the survey.
1 Includes responses from survey respondents with the following titles: chief information officer, chief information security officer, chief technology officer, chief privacy officer, chief security officer, IT vice president/director and IT audit vice president/director.
Notable Trend
Mobile commerce issues also have risen to the top of the priority list for IT executives, whereas in 2011 they did not crack the top five.
-
7 2013 IT Priorities Survey
IT Process Capabilities: Managing Security and Privacy
Key Findings 2013
Managing and classifying big data remains a major challenge for IT departments.
IT functions are looking to improve several other security and privacy areas, including monitoring security events, incident response, and managing user identities and access, as well as compliance requirements and the management of third-party vendors.
Overall Results, Managing Security and Privacy
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1Managing and classifying
enterprise data3.2
2 Incident response 3.3
3 Monitoring security events 3.2
4 Managing third-party vendors 3.4
5 (tie)
Managing user identities and access 3.4
Implementing security/privacy solutions and strategies
3.3
Respondents were asked to assess, on a scale of one to five, their competency in 13 areas of process capabilities relating to managing security and privacy, with one being the lowest level of competency and five being the highest. They were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the areas of managing security and privacy under consideration, see page 9.) Figure 2 depicts a comparison of Need to Improve versus Competency ratings in a Managing Security and Privacy landscape.
There are two elements of managing data security and privacy. First, the data should be classified. Second, the data should be protected according to its classification. The most sensitive data in the organization warrants the strongest protection. Less sensitive data requires less protection (and therefore requires fewer resources to manage). Survey respondents identified this area, managing and classifying enterprise data, as their top priority in this category.
They are wise for doing so; after all, companies in virtually every industry have invested large sums of money in an effort to get to know their customers and their customers activities in order to personalize service to them. This knowledge requires companies to capture a wealth of data on a daily basis, and some of this big data is considered personally identifiable information. Organizations must understand how to classify, manage and secure that data, not only for the sake of their cus-tomers and clients, but also to remain in compliance with numerous privacy laws and regulations.
-
8 2013 IT Priorities Survey
Concerns over data classification and management also are driven by current and emerging laws and regulations. At least 46 of the 50 states in the United States currently have data privacy laws. In addition, many industries, including healthcare and financial services, have their own data privacy regulations. This explains why survey respondents also identified specific compliance requirements, such as the Gramm-Leach-Bliley Act (GLBA), California Security Breach Information Act and Health Insurance Portability and Accountability Act (HIPAA), as top priorities. Although each data security/privacy regulation features unique aspects and requirements, one of the consistent provisions that can be found in most, if not all, of them is that any person or organization hold-ing private data and information is accountable if that information is breached.
Incident response and security event management also are key areas of concern for IT executives and professionals. These challenges go hand-in-hand with data classification and management clearly, the management and protection of data, confidential and otherwise, is critical for companies today, and IT functions are at the forefront of ensuring proper security.
One more priority area, managing third-party vendors, bears mentioning. The importance as well as the complexity of this capability continues to increase as a) companies outsource and offshore more IT capabilities and functions; b) the nature of outsourcing relationships evolves (e.g., the use of hybrid models that blend aspects of shared services and traditional outsourcing); and c) new financial reporting, risk management (including business continuity management) and regulatory compliance requirements create additional relationship management needs and challenges.
-
9 2013 IT Priorities Survey
Figure 2: Managing Security and Privacy Perceptual Map
NEED TO IMPROVELOWER HIGHER
LEVE
L O
F C
OM
PETE
NC
YLO
WER
HIG
HER
2
4
5
13
7
8
9
10
11
12
13
6
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1 Managing and classifying enterprise data 8Managing technical infrastructure configuration
2 Incident response 9 Managing contractors
3 Monitoring security events 10California Security Breach Information Act (SB 1386)
4 Managing third-party vendors 11 Managing application users
5 Managing user identities and access 12U.S. Health Insurance Portability and Accountability Act (HIPAA)
6Implementing security/privacy solutions and strategies
13 Managing IT users
7 U.S. Gramm-Leach-Bliley Act (GLBA)
-
10 2013 IT Priorities Survey
Key Questions to Consider
What is your IT functions and your management teams understanding (e.g., excellent, good or limited) of what comprises sensitive organizational data and information?
Is there a formal effort under way to define and classify the data the organization generates as part of its day-to-day operations? Is the organization clear about what information is sensitive or requires special attention especially data that is regulated by privacy laws?
Has specific responsibility or stewardship been assigned for the organizations most sensitive data types?
Is the management of data conducted over its full lifecycle, from acquisition through retention (identifying the duration of retention) through disposal/destruction?
Does your organization have a written information security policy (WISP) in place? Is it being implemented/executed?
To what extent does the IT function, as well as the risk management and compliance areas of the business, monitor and anticipate regulatory changes related to information security and privacy?
Are third-party vendors and contractors managed via a process that ensures they are in compli-ance with the organizations policies related to data security and privacy, as well as remaining in current compliance with all relevant laws and regulations?
How are new vendors evaluated regarding their risk profile with required security standards?
Two-Year Comparison Overall Results, Managing Security and Privacy*
2013 2011
Managing and classifying enterprise data Managing and classifying enterprise data
Incident response California Security Breach Information Act (SB 1386)
Monitoring security events U.S. Gramm-Leach-Bliley Act (GLBA)
Managing third-party vendors Managing user identities and access
Managing user identities and access Managing third-party vendors
Implementing security/privacy solutions and strategies Incident response
Monitoring security events
Implementing security/privacy solutions and strategies
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trends
In the two years of this study, managing and classifying enterprise data has stood out as a top priority for IT organizations.
Specific laws identified among the top priorities in the previous study rank lower in the 2013 results a possible indicator of less uncertainty regarding these requirements.
-
11 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES
The responses for this category generally mirror those from the overall group with one exception: IT executives rank specific compliance requirements, including the GLBA and the California Security Breach Information Act, as more important Need to Improve areas compared to all survey respondents.
IT Executive Results, Managing Security and Privacy
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1Managing and classifying
enterprise data3.4
2 Incident response 3.7
3 U.S. Gramm-Leach-Bliley Act (GLBA) 2.8
4 Monitoring security events 3.6
5California Security Breach Information
Act (SB 1386)2.5
Two-Year Comparison IT Executive Results, Managing Security and Privacy*
2013 2011
Managing and classifying enterprise data Managing and classifying enterprise data
Incident response Managing user identities and access
U.S. Gramm-Leach-Bliley Act (GLBA) Managing third-party vendors
Monitoring security events Implementing security/privacy solutions and strategies
California Security Breach Information Act (SB 1386) Incident response
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trends
For IT executives, managing and classifying enterprise data is a consistent top priority.
Interestingly, unlike the overall findings, specific privacy-related laws and regulations have increased as priorities for 2013 compared to the 2011 results.
-
12 2013 IT Priorities Survey
IT Process Capabilities: Defining IT Strategy and Organization
Key Findings 2013
The IT functions top priorities in this category reflect a commitment to enhancing the clarity and precision with which IT performance is measured, monitored and reported to the business.
IT professionals want to strengthen the customer service they provide to their internal customers (as laid out in service-level agreements).
The integration and alignment of IT planning with business strategy remains an ongoing priority.
IT Process Capabilities, Defining IT Strategy and Organization
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1Defining metrics and measurements
for monitoring IT performance3.1
2Reporting IT activities and
performance3.2
3Negotiating, managing and
monitoring information quality3.2
4Negotiating, managing and
monitoring customer service-level agreements (SLAs)
3.2
5Developing and maintaining
enterprise information architecture3.1
Respondents were asked to assess, on a scale of one to five, their competency in 16 areas of process capabilities relating to defining IT strategy and organization, with one being the lowest level of competency and five being the highest. For each area, they were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the areas of IT strategy and organization under consideration, see page 13). Figure 3 depicts a comparison of Need to Improve versus Competency ratings in a Defining IT Strategy and Organization landscape.
It wasnt long ago that many IT functions funneled significant effort to aligning IT planning with overall business strategy. Today, that alignment appears to have matured, and survey respondents indicate that they are applying more attention, resources and time and much more precision to executing the IT plan while managing performance in a highly transparent way.
The top priority areas in this survey category defining metrics and measurements for monitoring IT performance; reporting IT activities and performance; negotiating, managing and monitoring customer SLAs, among others reflect less of an emphasis on designing and place much more importance on measuring, analyzing, and reporting ITs actual performance.
-
13 2013 IT Priorities Survey
Do these results indicate that IT strategy generally has achieved a more evolved and sophisticated state? Possibly. The findings suggest it is more certain that IT is demonstrating a commitment to transparency and a measurement mindset to help it convey its value to the business more clearly and on a more real-time basis.
Figure 3: Defining IT Strategy and Organization Perceptual Map
NEED TO IMPROVELOWER HIGHER
LEVE
L O
F C
OM
PETE
NC
YLO
WER
HIG
HER
24
5
1
3
7
8
9
15 10
1114
12
13
16
6
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1Defining metrics and measurements for monitoring IT performance
9 IT risk analysis and reporting
2 Reporting IT activities and performance 10 Long-term and short-term planning
3Negotiating, managing and monitoring information quality
11Developing and maintaining end-user support policies and standards
4Negotiating, managing and monitoring customer SLAs
12 Defining IT roles and responsibilities
5Developing and maintaining enterprise information architecture
13Defining organizational placement of the IT function
6Integration/alignment of IT planning and business strategy
14Developing and maintaining operations management policies and standards
7 Monitoring IT costs and benefits 15Monitoring and achieving legal/regulatory compliance
8 Managing and monitoring policy exceptions 16Developing and maintaining security and privacy standards
-
14 2013 IT Priorities Survey
Key Questions to Consider
Is your IT department collaborating effectively with the business to manage shifting priorities in an agile manner?
To what extent are CIOs and the IT leadership team collaborating with the business to proac-tively identify potential business opportunities and threats that require IT support?
Are the expectations of C-suite and business-unit executives with regard to IT consistent with how technology is funded and managed?
Does IT have visibility into strategic events planned in the near or long term, such as mergers or acquisitions, initial public offerings, divestitures or business expansions?
What metrics are used to measure the quality of work being performed by IT?
How effective and timely are the quantifiable metrics and/or key performance indicators IT shares with the business regarding ITs ongoing performance?
Is there a process in place to monitor the effectiveness of IT performance measurement/manage-ment activities?
How are customer SLAs monitored, managed and continuously improved?
Two-Year Comparison Overall Results, Defining IT Strategy and Organization*
2013 2011
Defining metrics and measurements for monitoring IT performance
Communication of strategy and governance
Reporting IT activities and performanceDefining metrics and measurements for monitoring
IT performance
Negotiating, managing and monitoring information quality Monitoring and achieving legal/regulatory compliance
Negotiating, managing and monitoring customer SLAsDeveloping and maintaining enterprise
information architecture
Developing and maintaining enterprise information architecture
Performing and maintaining the IT risk assessment
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trends
While defining metrics and measurements for monitoring IT performance has ranked as a top priority area in both studies, there are more performance management-related areas that rank as priorities in the 2013 findings.
Of note, legal and regulatory compliance, which was among the top priorities for IT functions in 2011, falls near the bottom of the 2013 priority list in this category.
-
15 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES
The results from IT executives generally mirror the studys overall response in this category.
IT Executive Results, Defining IT Strategy and Organization
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1Reporting IT activities and
performance3.5
2Defining metrics and measurements
for monitoring IT performance3.4
3Negotiating, managing and
monitoring information quality3.5
4Negotiating, managing and monitoring customer SLAs
3.6
5 (tie)
Developing and maintaining enterprise information architecture
3.4
Managing and monitoring policy exceptions
3.5
Two-Year Comparison IT Executive Results, Defining IT Strategy and Organization*
2013 2011
Reporting IT activities and performanceDefining metrics and measurements for monitoring
IT performance
Defining metrics and measurements for monitoring IT performance
Communication of strategy and governance
Negotiating, managing and monitoring information quality Performing and maintaining the IT risk assessment
Negotiating, managing and monitoring customer SLAsDeveloping and maintaining enterprise
information architecture
Developing and maintaining enterprise information architecture
Negotiating, managing and monitoring customer SLAs
Managing and monitoring policy exceptions Negotiating, managing and monitoring information quality
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Areas related to performance management topped by reporting IT activities and perfor-mance have risen as key priorities for IT executives since the last survey.
-
16 2013 IT Priorities Survey
IT Process Capabilities: Managing IT Infrastructure
Key Finding 2013
Planning related to platform and network performance, along with storage management and planning, stand out as top concerns.
Overall Results, Managing IT Infrastructure
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Platform performance planning 2.8
2 Storage management and planning 2.8
3 Network performance planning 2.8
4Managing and maintaining job
processing3.2
5 IT infrastructure change management 3.3
Respondents were asked to assess, on a scale of one to five, their competency in nine areas of process capabilities relating to managing IT infrastructure, with one being the lowest level of competency and five being the highest. They were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the areas of managing IT infrastructure under consideration, see page 17.) Figure 4 depicts a comparison of Need to Improve versus Competency ratings in a Managing IT Infrastructure landscape.
Data management qualifies as an overarching need among most companies as they collect, store and transmit vast and rapidly growing amounts of data. Executive teams and boards of directors want assurance that sensitive information not only is secure, but also is stored in a cost-efficient and effective manner, thus maximizing the organizations investment in the data and storage capabili-ties. In addition, these capabilities must be compliant with e-discovery and records management requirements. In response, IT executives and professionals indicate their functions are addressing a number of issues associated with platform performance and storage management, including what information can be collected and maintained, how the information should be stored, how and where information can be transmitted, and what required actions should be initiated in the event of a security breach and/or a break in continuity.
It is noteworthy that each of the three top priorities respondents identified involve planning activities. These rankings suggest IT functions are striving to become more agile. While it remains absolutely necessary today to achieve effective platform performance, storage management and network performance, this achievement alone is not sufficient. IT functions also appear intent on strength-ening these planning capabilities so that they are flexible and agile enough to support rapidly changing business needs in the future.
-
17 2013 IT Priorities Survey
Figure 4: Managing IT Infrastructure Perceptual Map
NEED TO IMPROVELOWER HIGHER
LEVE
L O
F C
OM
PETE
NC
YLO
WER
HIG
HER
2
4
5
1
3
7
89
6
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1 Platform performance planning 6 Database change management
2 Storage management and planning 7Managing and administering backup and recovery
3 Network performance planning 8 Operating system change management
4 Managing and maintaining job processing 9 Managing data center environmental controls
5 IT infrastructure change management
-
18 2013 IT Priorities Survey
Key Questions to Consider:
How is your IT function working to ensure that platform performance, storage management and network performance capabilities are agile enough to support quickly and effectively sudden business shifts in response to new threats and new opportunities?
To what extent does this work extend to vendors responsible for handling and storing corporate data?
Do current storage management capabilities support and align with the ways in which the IT function classifies, manages and protects organizational data?
Has your organization conducted a risk assessment that identifies the nature of information col-lected, where it is stored, and how and where it is transmitted?
Has your company established data protection policies that are monitored and enforced throughout the organization?
How is the IT department addressing the businesss expectations of increasingly faster and increasingly reliable network performance?
Two-Year Comparison Overall Results, Managing IT Infrastructure*
2013 2011
Platform performance planning Storage management and planning
Storage management and planning Network performance planning
Network performance planning Database change management
Managing and maintaining job processing Platform performance planning
IT infrastructure change management IT infrastructure change management
Operating system change management
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Results are relatively consistent between the two surveys, though managing and maintain-ing job processing rose to the top five list of priorities in this years study.
-
19 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES
The results from IT executives generally mirror the studys overall response in this category, with one exception: CIOs and other senior IT leaders rank database change management as a slightly higher improvement need compared to all respondents.
IT Executive Results, Managing IT Infrastructure
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Platform performance planning 3.3
2 Storage management and planning 3.4
3 Network performance planning 3.4
4 Database change management 3.7
5Managing and maintaining job
processing3.8
Two-Year Comparison IT Executive Results, Managing IT Infrastructure*
2013 2011
Platform performance planning IT infrastructure change management
Storage management and planning Database change management
Network performance planning Managing and administering backup and recovery
Database change management Network performance planning
Managing and maintaining job processing Managing and maintaining job processing
Managing data center environmental controls
Operating system change management
Storage management and planning
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Platform performance planning is elevated to the top of the priority list for IT executives in 2013 (this area ranked ninth in the previous survey), while IT infrastructure change management dropped out of the top five priorities.
-
20 2013 IT Priorities Survey
IT Process Capabilities: Managing IT Assets
Key Findings 2013
Monitoring and accounting for IT assets has grown more complex due to smart-device proliferation, bring your own device policies, growing workforce mobility and the IT functions reliance on external partners.
Survey respondents ranked monitoring IT assets, accounting for IT assets and monitoring external SLAs as their top priorities.
Overall Results, Managing IT Assets
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Monitoring IT assets 3.1
2 Accounting for IT asset management 3.1
3 Monitoring external SLAs 3.2
4Monitoring and reviewing contracts/
billings3.3
5Managing hardware maintenance
agreements3.1
Respondents were asked to assess, on a scale of one to five, their competency in 14 areas of process capabilities relating to managing IT assets, with one being the lowest level of competency and five being the highest. They were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the areas of managing IT assets under consideration, see page 21.) Figure 5 depicts a comparison of Need to Improve versus Competency ratings in a Managing IT Assets landscape.
The findings suggest IT functions are searching for ways to address a brave new world of asset management. No longer tethered to desks or on-site servers, more and smaller IT assets zip around the world in the briefcases, backpacks and pockets of increasingly mobile employees. The days of assigning bulky desktops are long gone; today, employees access organizational data and applications through tablets, smartphones, netbooks and other mobile devices. Moreover, employ-ees are accessing enterprise networks through their own devices thanks to a growing number of organizations with bring your own device (BYOD) policies.
Given the growing complexity of IT asset management, it is understandable to see monitoring IT assets, accounting for IT asset management and managing IT asset retirement (as a result of employees leaving the company and/or the companys adoption of next-generation devices) as top priorities in the results.
-
21 2013 IT Priorities Survey
IT professionals and IT executives, in particular, also indicated they want to improve asset manage-ment activities dependent on external relationships, as noted in higher-ranked Need to Improve areas such as monitoring external SLAs, monitoring and reviewing contracts/billings, and manag-ing software licensing and compliance.
Given the growing reliance on cloud computing and external vendor support as well as the prolif-eration of smart devices among an increasingly mobile workforce, it is clear that the challenge of achieving effective IT asset management is intensifying.
Figure 5: Managing IT Assets Perceptual Map
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1 Monitoring IT assets 8 Managing software licensing and compliance
2 Accounting for IT asset management 9 Managing contract analysis and renewal
3 Monitoring external SLAs 10Determining outsourcing strategy and approach
4 Monitoring and reviewing contracts/billings 11Managing audit process (SAS 70, SSAE 16, others)
5 Managing hardware maintenance agreements 12 Software deployment
6Managing IT asset retirement employee/contractor termination
13 Negotiating and establishing agreements
7Managing IT asset retirement IT asset refresh
14 Hardware deployment
NEED TO IMPROVELOWER HIGHER
LEVE
L O
F C
OM
PETE
NC
YLO
WER
HIG
HER
2
4
5 1
3
7
8
9
10
11
14
12
13
6
-
22 2013 IT Priorities Survey
Key Questions to Consider
What processes does the IT organization have in place to monitor IT assets in a risk-savvy manner?
What is the IT functions role in accounting for IT asset management and how can it collaborate with the finance and accounting function to strengthen the accuracy and efficiency of this activity?
Are there defined standards for entering into an SLA, and is there an audit process in place to monitor external parties operating under an SLA?
How effective is the IT function in monitoring external SLAs, contracts, and billing and soft-ware licenses?
What are the greatest risks to IT asset management in your organization, and how are these risks managed?
Does the companys and the IT functions outsourcing strategy align with and support IT asset management needs?
Two-Year Comparison Overall Results, Managing IT Assets*
2013 2011
Monitoring IT assets Monitoring external SLAs
Accounting for IT asset management Determining outsourcing strategy and approach
Monitoring external SLAs Accounting for IT asset management
Monitoring and reviewing contracts/billingsManaging IT asset retirement employee/
contractor termination
Managing hardware maintenance agreements Managing IT asset retirement IT asset refresh
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Monitoring IT assets ranks as the top priority this year, compared to sixth (not shown) in 2011 not a surprise considering the proliferation of new devices (smartphones, tablets, etc.) being used today by company employees.
-
23 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES
CIOs and other IT executives rank the importance of improving two externally focused areas determining outsourcing strategy and approach, and managing software licensing and compliance higher than the overall survey group. This suggests IT executives are a) interested in ensuring that an outsourcing strategy limits IT asset management risks as much as possible, and b) concerned about the magnitude of risk related to software licensing issues.
IT Executive Results, Managing IT Assets
Need to Improve Rank Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Monitoring IT assets 3.5
2Monitoring and reviewing contracts/
billings3.7
3 Accounting for IT asset management 3.4
4 (tie)
Monitoring external SLAs 3.5
Determining outsourcing strategy and approach
3.6
Managing software licensing and compliance
3.6
Two-Year Comparison IT Executive Results, Managing IT Assets*
2013 2011
Monitoring IT assets Monitoring external SLAs
Monitoring and reviewing contracts/billings Accounting for IT asset management
Accounting for IT asset management Determining outsourcing strategy and approach
Monitoring external SLAsManaging IT asset retirement
employee/contractor termination
Determining outsourcing strategy and approach Negotiating and establishing agreements
Managing software licensing and compliance
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Similar to the overall results, monitoring IT assets has jumped to the top of the priority list for IT executives.
-
24 2013 IT Priorities Survey
IT Process Capabilities: Ensuring Continuity
Key Finding 2013
Three top-of-mind priorities in this category are developing and maintaining business resumption plans, developing and maintaining IT disaster and recovery plans, and developing and maintaining crisis management plans.
Overall Results, Ensuring Continuity
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1Developing and maintaining business
resumption plans3.1
2 (tie)
Developing and maintaining IT disaster and recovery plans
3.2
Developing and maintaining crisis management plans
3.2
4Developing and maintaining risk
assessment/business impact analysis3.4
5 (tie)
Ensuring executive management support and sponsorship
3.4
Ensuring business alignment 3.4
Respondents were asked to assess, on a scale of one to five, their competency in seven areas of process capabilities relating to ensuring continuity, with one being the lowest level of competency and five being the highest. They were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the areas of ensuring continuity under consideration, see page 25.) Figure 6 depicts a comparison of Need to Improve versus Competency ratings in an Ensuring Continuity landscape.
In recent months, as Hurricane Sandy and numerous high-profile information security breaches have demonstrated, business continuity in the face of expanding disruption threats has become a growing executive and board-level concern. The growing use of social media and mobile commerce, along with increased privacy legislation, are driving these concerns, as well. Additionally, organizations are revisiting the location of backup facilities and potentially placing them in different geographies where natural disaster risk is lessened. It is clear that the growing reliance on technology systems and applications requires IT to play a central role in corporate business continuity management (BCM) and disaster recovery efforts.2
2 For more information, read Protivitis Guide to Business Continuity Management, available at www.protiviti.com.
-
25 2013 IT Priorities Survey
The top priorities identified by respondents developing and maintaining business resumption plans, developing and maintaining IT disaster and recovery plans, and developing and maintain-ing crisis management plans suggest more companies and their IT functions are integrating IT disaster recovery capabilities with crisis management activities and business resumption plans to strengthen the organizations overall BCM capability.
Figure 6: Ensuring Continuity Perceptual Map
NEED TO IMPROVELOWER HIGHER
LEVE
L O
F C
OM
PETE
NC
YLO
WER
HIG
HER
2
4
5
1
3
7
6
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1Developing and maintaining business resumption plans
5Ensuring executive management support and sponsorship
2Developing and maintaining IT disaster and recovery plans
6 Ensuring business alignment
3Developing and maintaining crisis management plans
7Designing and maintaining business continuity strategies
4Developing and maintaining risk assessment/business impact analysis
-
26 2013 IT Priorities Survey
Key Questions to Consider:
Has your company developed a crisis management and communications plan or strategy? Are there processes in place to update and audit these plans regularly?
To what degree are BCM and disaster recovery capabilities and activities supported at the execu-tive management and board level?
Does your company have a formal overarching BCM strategy and continuity plan in place (and do these contain IT considerations among the key priorities)?
Has your company undertaken a pandemic risk management assessment?
How frequently does your organization test the plans that are in place? How are the results of these tests reviewed, analyzed and acted upon?
How often is the information reviewed in all BCM-related plans and what is the process used to maintain, review and update them?
Two-Year Comparison Overall Results, Ensuring Continuity*
2013 2011
Developing and maintaining business resumption plansDeveloping and maintaining risk assessment/
business impact analysis
Developing and maintaining IT disaster and recovery plans Developing and maintaining crisis management plans
Developing and maintaining crisis management plans Designing and maintaining business continuity strategies
Developing and maintaining risk assessment/ business impact analysis
Ensuring business alignment
Ensuring executive management support and sponsorship Developing and maintaining business resumption plans
Ensuring business alignment
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Year-over-year results are relatively consistent, though business resumption plans moved to the top of the priority list in the 2013 results.
-
27 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES
IT executives identified the same top three Need to Improve areas within the Ensuring Continu-ity category that all survey respondents selected. Of note, half of the IT executive-level respondents cited the top two areas (developing and maintaining business resumption plans, and developing and maintaining IT disaster and recovery plans) as areas for improvement.
IT Executive Results, Ensuring Continuity
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1Developing and maintaining business
resumption plans3.3
2Developing and maintaining IT
disaster and recovery plans3.5
3Developing and maintaining crisis
management plans3.5
4Ensuring executive management
support and sponsorship3.7
5(tie)
Ensuring business alignment 3.7
Designing and maintaining business continuity strategies
3.6
Developing and maintaining risk assessment/business impact analysis
3.6
Two-Year Comparison IT Executive Results, Ensuring Continuity*
2013 2011
Developing and maintaining business resumption plans Developing and maintaining crisis management plans
Developing and maintaining IT disaster and recovery plans Ensuring business alignment
Developing and maintaining crisis management plans Designing and maintaining business continuity strategies
Ensuring executive management support and sponsorship Developing and maintaining business resumption plans
Ensuring business alignmentDeveloping and maintaining risk assessment/business
impact analysis
Designing and maintaining business continuity strategies
Developing and maintaining risk assessment/ business impact analysis
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Year-over-year results are relatively consistent, but developing and maintaining business resumption plans moved to the top of the priority list for IT executives in the 2013 results.
-
28 2013 IT Priorities Survey
Organizational Capabilities
Key Finding 2013
Six Sigma, dealing with confrontation, coaching/mentoring, leadership (in outside organizations) and negotiation are top priorities for IT executives and professionals as they look to enhance performance and operational efficiencies as well as collaboration with other organizational functions.
Overall Results, Organizational Capabilities
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Six Sigma 2.7
2 Dealing with confrontation 3.4
3 (tie)
Coaching/mentoring 3.6
Leadership (in outside organizations, groups, etc.)
3.4
5 Negotiation 3.4
Respondents were asked to assess, on a scale of one to five, their competency in 12 areas of organi-zational capabilities, with one being the lowest level of competency and five being the highest. They were then asked to indicate whether they believe their level of knowledge is adequate or requires improvement, taking into account the circumstances of their organization and industry. (For the organizational capabilities under consideration, see page 29.) Figure 7 depicts a comparison of Need to Improve versus Competency ratings in an Organizational Capabilities landscape.
The IT challenges identified throughout this survey indicate that workloads of IT executives and professionals have become crowded with improvement priorities. These priorities are less a matter of or (Should we focus on improving social media security or mobile commerce integration?) than they are a matter of and (How can we improve social media security and mobile commerce integration and smart device integration and data classification and BCM and ?). To address their expanding responsibilities and improvement efforts, IT professionals and executives are applying a combination of process-improvement methodology and interpersonal skills.
The relatively low competency rating for Six Sigma (the highest ranking Need to Improve area) compared to other areas in this survey category indicates that IT leaders and professionals also see ample room for improvement with regard to making IT functions and processes more efficient and productive, particularly as IT organizations continue to deal with slimmed-down staff levels after the financial challenges of the past few years.
-
29 2013 IT Priorities Survey
Also, survey respondents point to dealing with confrontation, coaching/mentoring, leadership (in outside organizations) and negotiation as top Need to Improve areas that can help them partner more effectively with other parties inside and outside the IT department.
The need for greater efficiency and productivity both within IT and the larger business (where IT plays a key enabling role) is unlikely to subside any time soon. IT professionals appear to recognize that improvements in interpersonal skills, such as leadership and negotiation, will help them address cultural issues that require attention while managing change.
Figure 7: Organizational Capabilities Perceptual Map
NEED TO IMPROVELOWER HIGHER
LEVE
L O
F C
OM
PETE
NC
YLO
WER
HIG
HER
245
1
3
7
8
91011
126
Number Areas Evaluated by Respondents Number Areas Evaluated by Respondents
1 Six Sigma 7 Developing outside contacts/networking
2 Dealing with confrontation 8 Leveraging outside expertise
3 Coaching/mentoring 9Working effectively with C-level/senior executives
4Leadership (in outside organizations, groups, etc.)
10Working effectively with business-unit executives
5 Negotiation 11 Working effectively with outside parties
6 Leadership (within your organization) 12 Working effectively with regulators
-
30 2013 IT Priorities Survey
Key Questions to Consider:
Can a better understanding and improvement in capability around Six Sigma concepts help the IT function add more value and improve its effectiveness?
How are efficiency gains being tracked and reported?
Are there formal training and development processes in place to help IT professionals improve their ability to deal with confrontation and enhance negotiation skills and related attributes?
What sort of leadership training and development opportunities are available to rising IT professionals?
What is the quality of the coaching/mentoring offerings to which IT managers have access?
To what extent are IT professionals encouraged and supported in efforts to demonstrate leader-ship in external industry and business groups?
Two-Year Comparison Overall Results, Organizational Capabilities*
2013 2011
Six Sigma Six Sigma
Dealing with confrontation Dealing with confrontation
Coaching/mentoring Working effectively with C-level executives
Leadership (in outside organizations, groups, etc.) Developing rapport with senior executives
Negotiation Leadership (within your organization)
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Several new entries in the top priorities for 2013 suggest a stronger focus on coaching and mentoring other employees, as well as demonstrating leadership outside the company in professional groups.
-
31 2013 IT Priorities Survey
RESPONSES FROM IT EXECUTIVES
While IT executives also identify Six Sigma as the top Need to Improve organizational capability, they differ from overall survey respondents in two respects. First, IT executives view leading inter-nally as well as leadership in outside organizations as higher improvement priorities than the overall survey group. Second, IT executives rank developing outside contacts/networking higher compared to the overall response. All respondents, however, place nearly identical importance on improving the coaching/mentoring opportunities available to IT professionals, suggesting that executives and professionals throughout the IT functional hierarchy see value in this type of development approach.
IT Executive Results, Organizational Capabilities
Need to Improve Rank
Areas Evaluated by RespondentsCompetency (5-pt. scale)
1 Six Sigma 3.0
2Leadership (in outside organizations,
groups, etc.)3.5
3 Leadership (within your organization) 3.8
4 Negotiation 3.8
5 (tie)
Coaching/mentoring 3.8
Developing outside contacts/networking
3.7
Two-Year Comparison IT Executive Results, Organizational Capabilities*
2013 2011
Six Sigma Change management
Leadership (in outside organizations, groups, etc.) Coaching/mentoring
Leadership (within your organization) Developing outside contacts/networking
Negotiation Developing rapport with senior executives
Coaching/mentoring Developing rapport with business-unit executives
Developing outside contacts/networking
* Certain competencies and skill areas in this category were not included in both years of the survey.
Notable Trend
Six Sigma, which ranked sixth on the list of priorities in the 2011 results, jumped to the top of the list in the 2013 study, suggesting IT leaders are focusing sharply on gaining greater efficiencies and productivity in their operations.
-
32 2013 IT Priorities Survey
Survey Demographics
Close to 200 IT executives and professionals participated in the survey, which was conducted online in the third and fourth quarters of 2012. All demographic information was provided voluntarily and not all participants provided data for every demographic question.
Position
Chief Information Officer 4%
IT VP/Director 15%
IT Manager 21%
Chief Financial Officer 2%
Chief Security Officer 1%
Chief Information Security Officer 3%
Chief Privacy Officer 1%
Chief Technology Officer 2%
IT Audit VP/Director 7%
IT Audit Manager 28%
Other 16%
Industry
Financial Services 18%
Manufacturing 12%
Healthcare 11%
Insurance 7%
Government/Education/Not-for-profit 5%
Consumer Products 4%
Energy 4%
Retail 4%
Technology 4%
Telecommunications 4%
Utilities 4%
Distribution 3%
Hospitality 3%
Media 3%
Professional Services 3%
Communications 2%
Life Sciences/Biotechnology 2%
Services 2%
Real Estate 1%
Other 4%
-
33 2013 IT Priorities Survey
Size of Organization (by Gross Annual Revenue)
$20 billion+ 16%
$10 billion - $19.99 billion 11%
$5 billion - $9.99 billion 18%
$1 billion - $4.99 billion 26%
$500 million - $999.99 million 10%
$100 million - $499.99 million 11%
Less than $100 million 8%
Type of Organization
Public 57%
Private 29%
Government 2%
Not-for-profit 10%
Other 2%
Organization Headquarters
North America 78%
Asia-Pacific 8%
Europe 7%
Middle East 6%
Other 1%
-
34 2013 IT Priorities Survey
About Protiviti
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000 and Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.
About Our IT Consulting Services
Technological advances and disruptions continue at a breakneck pace. Economic challenges, changing expectations, and a host of other factors translate to varying business conditions and ever-shifting and conflicting priorities saving costs, improving agility, managing risk, providing faster service. In this environment, you need a trusted adviser one with not only relevant insights, but also a combination of strategic vision, proven expertise and practical experience to help implement needed improvements.
Protivitis IT Consulting practice helps executives align investments in IT with the strategic priorities of the business. Our professionals partner with CIOs and business leaders to strategize, plan, design and implement enterprise business technology solutions that optimize the value of IT investments while mitigating key risks.
-
35 2013 IT Priorities Survey
Kurt Underwood Global Leader IT Consulting +1.503.889.7771 [email protected]
Protiviti IT Consulting Practice
Managing the Business of IT
Solution Segments Service Offerings Contact
Strategy and Alignment We maximize the value of IT by helping you develop an IT strategic plan that is fully aligned with the strategic goals of the business.
IT Strategic Planning IT Architecture Design and
Implementation Enterprise Data Architecture Social Media Strategy
Michael [email protected]
IT Operations Improvement We help you improve and implement processes and systems to resolve causes of failure, drive higher performance, achieve consistency and compliance, and increase business resilience.
Asset Lifecycle Management Business Continuity Manage-
ment and Disaster Recovery IT Service and Change
Management Data Quality Management IT Process Assessment
and Design
Michael [email protected]
IT Governance and Risk Management We help companies define the requirements of their IT organizations, determine the associated delivery cost, and understand the alignment of these requirements with business needs. We help you design an IT department that will be able to measure its performance continuously and demonstrate its effectiveness to the wider organization.
IT Governance IT Risk Management IT Compliance IT Benchmarking IT Due Diligence Data Governance/Structures Spreadsheet Risk
Management
Jonathan [email protected]
IT Portfolio and Program Management We help you ensure your portfolio of IT projects, applications and infrastructure is providing cost-effective benefits to the organization, and we enable your organization to successfully and efficiently execute complex programs and projects while mitigating your risks.
IT Program and Project Management Office
Application Portfolio Optimization
-
36 2013 IT Priorities Survey
Managing IT Security and Privacy
Solution Segments Service Offerings Contact
Security Program and Strategy Management We assist you in defining security policies that align with your business goals and making them operational with a robust architecture, relevant deployment procedures and meaningful controls. Further, we make the program sustainable through creative, high-impact awareness and training solutions.
Security Policy and Program Security Strategy
and Architecture Incident Response Awareness and Training Social Media Design and
Implementation Security Operations Cen-
ter and Implementation Services
Cal Slemp+1.203.905.2926 [email protected]
Identity and Access Management We have extensive experience in a broad variety of identity environments, from highly trusted and proofed systems to those allowing unsubstantiated credentials. We help you define a strategy, establish policies, certify environments (and tools), federate partners, select products, and deploy the system.
Access Management Policy and Standards
IAM Design and Implementation
Cal Slemp+1.203.905.2926 [email protected]
Data Security and Privacy Management We provide a full spectrum of assessment, transformation and management services to help organizations identify and address privacy exposures before they become problems. We help companies identify the information they need to treat as private. We create the processes and metrics needed to meet both business and regulatory requirements.
Data Governance Data Classification Data Security Encryption and Storage
Strategy and Implementation Privacy Management and
Implementation PCI Planning, Readiness
and Compliance HITRUST Planning,
Readiness and Compliance Other Security and Privacy
compliance Vendor Management/
Due Diligence
Cal Slemp+1.203.905.2926 [email protected]
Vulnerability and Penetration Testing We use the latest tools and techniques to simulate the various approaches that might be used for unauthorized access to your enterprise. Our objective is to help you proactively protect your people and your information assets by leveraging our knowledge of constantly changing exploits.
Infrastructure Assessment Application Assessment Network Assessment Database Assessment
Cal Slemp+1.203.905.2926 [email protected]
-
37 2013 IT Priorities Survey
Managing Applications and Data
Solution Segments Service Offerings Contact
ERP Solutions We assist you with selecting ERP and GRC applications, improving application security and the control environment, and managing the risks associated with complex software implementations. Our relationships with Oracle, SAP and other solution providers give us additional perspective on the nuances of these technologies. We help you avoid costs associated with project delays, mitigate the risks of costly re-implementations, and reduce the total cost of ongoing compliance activities.
Application Security and Segregation of Duties
Application/Configurable Controls Design and Enhancement
ERP Project Management ERP Selection GRC Implementation Implementation Risk
Management Design and Implementation
Support SAP Assessments
(proprietary tools for detailed and efficient controls, integrity and security reviews for SAP ERP systems)
Carol [email protected]
eDiscovery and Records Management We help organizations institute a systematic and disciplined approach to evaluate and improve their e-discovery capabilities. We provide a full spectrum of services for both event-driven and process-driven environments around the world.
eDiscovery Computer Forensics Records and Information
Management
Frank [email protected]
Risk Technologies Our Risk Technology Solutions team is dedicated to the design, development, delivery and support of our GRC software solution, the Protiviti Governance Portal, as well as various risk, controls and security assessment tools. We integrate extensive real-world experience with leading-edge technology, giving you comprehensive, efficient and sustainable solutions.
Protiviti Governance Portal Assessment Tools
Scott [email protected]
-
38 2013 IT Priorities Survey
Solution Segments Service Offerings Contact
Software Services We help our clients limit project risk while maximizing the value of software development and implementation, whether for specific stages in the process or the end-to-end solution.
Custom Software Development
QA Testing Strategic Assessment and
Advisory Services Sharepoint Business
Consulting and On-Call Support
Scott [email protected]
Business Intelligence We help improve strategic decision-making and operational and financial reporting through the use of available and new data resources. We blend business acumen with IT skills to deliver uniquely efficient solutions across an organizations functional areas and initiatives. We help our clients to establish the strategic and operational information needed to make informed decisions and determine the KPIs that drive business outcomes. We help business units focus on the analysis and integrity of information rather than the mechanical steps needed to produce various reports.
Data Warehouse Enterprise Reporting
Infrastructure Master Data Management Functional Data Marts
Matt [email protected]
-
39 2013 IT Priorities Survey
Other Thought Leadership From Protiviti
Visit www.protiviti.com to obtain copies of these and other thought leadership materials from Protiviti.
The Global Privacy and Information Security Landscape: Frequently Asked Questions
Spreadsheet Risk Management: Frequently Asked Questions
HIPAA Security - Prepare Now or Wait and See?
Key Questions Regarding Integrated GRC
Powerful Insights (Protivitis podcast series)
Social Media Use in Companies Managing the Risks Effectively
The Importance of Strong IT Governance During a Financial Crisis
Understanding SAP Security Architecture and Redesign
Regulatory Intelligence: Leveraging Technology to Maintain Compliance Efficiently and Effectively
Controls Intelligence: An Examination of How Robust Controls Analytics Can Improve Business Processes and Streamline Compliance
IT Points of View:
Social Media and Internet Policy and Procedure Failure Whats Next?
Managing Privileged Access to Systems and Data
Implementing GRC Software
IT Strategic Alignment Benchmarking
Making the Business Case for Automated Controls
Managing Spreadsheet Risk
Skyrocketing Costs and the Impact of E-Discovery
Social Networking and the New Human Security Perimeter
Taking the Initiative The Role of IT Governance
Virtualization Maximizing Benefits While Maintaining Control
Embedding Sound Risk Management Practices into an Organization
IT Change Effective Portfolio Management During Times of Cost Reduction
Managing Risk as Part of ERP Implementations
Payment Card Industry Data Security Standard (PCI DSS)
Application Portfolio Management: Rapid Analysis for Cost-Saving Opportunities
2012 IT Audit Benchmarking Survey
-
ASIA-PACIFIC
AUSTRALIA
BrisbaneCanberraMelbournePerthSydney
CHINA
BeijingHong KongShanghaiShenzhen
INDIA
BangaloreMumbaiNew Delhi
INDONESIA
Jakarta**
JAPAN
Osaka Tokyo
SINGAPORE
Singapore
SOUTH KOREA
Seoul
* Protiviti Member Firm ** Protiviti Alliance Member
THE AMERICAS
UNITED STATES
AlexandriaAtlantaBaltimoreBostonCharlotteChicagoCincinnatiClevelandDallasDenverFort LauderdaleHouston
Kansas City Los Angeles Milwaukee Minneapolis New York Orlando Philadelphia Phoenix Pittsburgh Portland Richmond Sacramento
Salt Lake City San Francisco San Jose Seattle Stamford St. Louis Tampa Washington, D.C. Woodbridge
ARGENTINA
Buenos Aires*
BRAZIL
Rio de Janeiro* So Paulo*
CANADA
Kitchener-WaterlooToronto
CHILE
Santiago*
MEXICO
Mexico City* Monterrey*
PERU
Lima*
VENEZUELA
Caracas*
2013 Protiviti Inc. An Equal Opportunity Employer. PRO-0213-101044Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
EUROPE
FRANCE
Paris
GERMANY
Frankfurt Munich
ITALY
Milan Rome Turin
THE NETHERLANDS
Amsterdam
UNITED KINGDOM
London
MIDDLE EAST
BAHRAIN
Manama*
KUWAIT
Kuwait City*
OMAN
Muscat*
UNITED ARAB EMIRATES
Abu Dhabi* Dubai*