it leaders in the strategic hot seat, 2013 it priorities ... › atlanta › chapter... ·...
TRANSCRIPT
IT Leaders in the Strategic Hot Seat,
2013 IT Priorities Survey Results
2 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Today’s Presenter
Trey MacDonald is a Director in Protiviti’s Information Technology Consulting
group. He has 20 years of experience in the Information Technology, Financial
Services, Health Care, Risk Management and Insurance, and Energy/Utilities
industries. During this time he has focused in the areas of IT Strategy
development, Enterprise Infrastructure management, IT Security, Information
Lifecycle Management, Software & Database Architecture design and
development. Trey has helped design, develop and implement optimized IT
strategies, Enterprise Architectures, Software and data management environments
for multiple clients in key industries.
3 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Introduction About the Survey
• Protiviti’s IT Priorities Survey identifies the top priorities
and key areas of focus for today’s IT functions
• The IT executives and professionals who participated in
the survey include chief information officers, chief
technology officers, chief security officers, IT vice
presidents and directors, representing virtually all
industry sectors
• Protiviti conducted the survey online in the third and
fourth quarter of 2012
• The survey assessed more than 100 areas, divided
across the following categories:
– Technical Knowledge
– IT Process Capabilities (contains several sub
categories)
– Organizational Capabilities
• Respondents were asked to rate their competency in
these areas, as well as indicate whether that
competency level was adequate or needs improvement
4 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Overview Topics of Focus
Technical Knowledge
IT Process Capabilities
Organizations Capabilities
Technical Knowledge
6 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Technical Knowledge Key Findings
Aspects of social media and mobile commerce represent major challenges
and top priorities for many IT executives and professionals
Risk Management as well as specific compliance requirements, such as the
European Union Data Directive rank as key priorities for IT departments
CIOs and their staff intend to strengthen cyber security capabilities, in
particular, given the growing threat of breaches and the state and federal
information security compliance requirements
7 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Technical Knowledge Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Social media security 2.9
2 Mobile commerce security 2.8
3 Mobile commerce policy 2.8
4 Mobile commerce integration 2.8
5 Social media integration 2.9
8 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Technical Knowledge Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect differences
between knowledge areas.
1 Social media security 2.9
2 Mobile commerce security 2.8
3 Mobile commerce policy 2.8
4 Mobile commerce integration 2.8
5 Social media integration 2.9
9 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Technical Knowledge Two-Year Comparison – Overall Results*
2013 2011
Social media security Virtualization
Mobile commerce security Social media integration
Mobile commerce policy Cloud computing
Mobile commerce integration Social media security
Social media integration Mobile commerce security
*Certain competencies and skill areas in this category were not included in both years of the survey.
10 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Technical Knowledge Key Questions to Consider and Commentary
• Can mobile commerce solutions be integrated effectively,
efficiently and securely with your overall IT infrastructure
and existing management tools?
• Do your IT functions maintain and update clear mobile
commerce and social media policies? How are these
policies monitored and audited?
• Is the overall state of your company’s social media security
sufficient?
• How can social media capabilities be integrated more
extensively into appropriate business process to deliver
value?
• How can smart phones, tablets and similar devices be
integrated into the normal flow of business in a more
effective and secure manner?
IT Process Capabilities
(Managing Security and Privacy)
12 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing Security and Privacy Key Findings
Managing and classifying big data remains a major challenge for IT
departments
Monitoring security events, incident response, managing user identities
and access, as well as compliance requirements, and the management of
third-party vendors are priority areas
13 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing Security and Privacy Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Managing and classifying enterprise data 3.2
2 Incident response 3.3
3 Monitoring security events 3.2
4 Managing third-party vendors 3.4
5 (tie) Managing user identities and access 3.4
Implementing security/privacy solutions and strategies 3.3
14 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing Security and Privacy Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect
differences between knowledge areas.
1 Managing and classifying
enterprise data
2 Incident response
3 Monitoring security events
4 Managing third-party vendors
5 (tie) Managing user identities and
access 3.4
15 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing Security and Privacy Two-Year Comparison – Overall Results*
2013 2011
Managing and classifying enterprise data Managing and classifying enterprise data
Incident response California Security Breach Information Act (SB 1386)
Monitoring security events U.S. Gramm-Leach-Bliley Act (GLBA)
Managing third-party vendors Managing user identities and access
Managing user identities and access Managing third-party vendors
Implementing security/privacy solutions and
strategies Incident response
Monitoring security events
Implementing security/privacy solutions and
strategies
*Certain competencies and skill areas in this category were not included in both years of the survey
16 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing Security and Privacy Key Questions to Consider and Commentary
• What is your IT function’s and your management team’s
understanding (e.g., “excellent”, “good” or “limited”) of what
comprises “sensitive” organizational data and information?
• Is there a formal effort under way to define and classify the
data the organization generates as part of its day-to-day
operations?
• Is the organization clear about what information is sensitive
or requires special attention – especially data that is
regulated by privacy law?
• Has specific responsibility or stewardship been assigned for
the organization’s most sensitive data types?
• Does your organization have a written information security
policy (WISP) in place? Is it being implemented/executed?
IT Process Capabilities
(Defining IT Strategy and Organization)
18 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Defining IT Strategy and Organization Key Findings
Top priorities include improving on how IT performance is measured,
monitored and reported to the business
IT professionals want to strengthen the customer service they provide to
their internal customers
The integration and alignment of IT planning with business strategy
remains an ongoing priority
19 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Defining IT Strategy and Organization Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Defining metrics and measurements for monitoring IT
performance 3.1
2 Reporting IT activities and performance 3.2
3 Negotiating, managing and monitoring information quality 3.2
4 Negotiating, managing and monitoring customer service-
level agreements (SLAs) 3.2
5 Developing and maintaining enterprise information
architecture 3.1
20 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Defining IT Strategy and Organization Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect
differences between knowledge areas.
1 Defining metrics and measurements for
monitoring IT performance 3.1
2 Reporting IT activities and performance 3.2
3 Negotiating, managing and monitoring
information quality 3.2
4 Negotiating, managing and monitoring
customer service- level agreements (SLAs) 3.2
5 Developing and maintaining enterprise
information architecture 3.1
21 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Defining IT Strategy and Organization Two-Year Comparison – Overall Results*
2013 2011
Defining metrics and measurements for monitoring
IT performance Communication of strategy and governance
Reporting IT activities and performance Defining metrics and measurements for monitoring
IT performance
Negotiating, managing and monitoring information
quality
Monitoring and achieving legal/regulatory
compliance
Negotiating, managing and monitoring customer
SLAs
Developing and maintaining enterprise information
architecture
Developing and maintaining enterprise information
architecture Performing and maintaining the IT risk assessment
*Certain competencies and skill areas in this category were not included in both years of the survey
22 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Defining IT Strategy and Organization Key Questions to Consider and Commentary
• Is your IT department collaborating effectively with the
business to manage shifting priorities in an agile manner?
• To what extent are CIOs and the IT leadership team
collaborating with the business to proactively identify
potential business opportunities and threats that require IT
support?
• How effective and timely are the quantifiable metrics and/or
key performance indicators IT shares with the business
regarding IT’s ongoing performance?
• Is there a process in place to monitor the effectiveness of IT
performance measurement/management activities?
IT Process Capabilities
(Managing IT Infrastructure)
24 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Infrastructure Key Findings
Planning related to platform and network performance, along with storage
management and planning, stand out as top concerns
Data management qualifies as an overarching need among most
companies, with the rapidly growing amounts of data
Executives and board of directors want assurance that sensitive
information is secure and is stored in an cost-efficient and effective manner
25 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Infrastructure Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Platform performance planning 2.8
2 Storage management and planning 2.8
3 Network performance planning 2.8
4 Managing and maintaining job processing 3.2
5 IT infrastructure change management 3.3
26 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Infrastructure Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect
differences between knowledge areas.
1 Platform performance planning 2.8
2 Storage mgt & planning 2.8
3 Network performance planning 2.8
27 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Infrastructure Two-Year Comparison – Overall Results*
2013 2011
Platform performance planning Storage management and planning
Storage management and planning Network performance planning
Network performance planning Database change management
Managing and maintaining job processing Platform performance planning
IT infrastructure change management IT infrastructure change management
Operating system change management
*Certain competencies and skill areas in this category were not included in both years of the survey
28 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Infrastructure Key Questions to Consider and Commentary
• How is your IT function working to ensure that platform
performance, storage management and network
performance capabilities are agile enough to support
sudden business shifts in response to new threats and new
opportunities?
• To what extent does this work extend to vendors
responsible for handling and storing corporate data?
• Has your company established data protection policies that
are monitored and enforced throughout the organization?
• How is the IT department addressing the business’
expectations of increasing faster – and increasingly reliable
– network performance?
IT Process Capabilities
(Managing IT Assets)
30 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Assets Key Findings
Monitoring IT assets, accounting for IT assets and monitoring external
SLAs are among the top priorities
Monitoring and accounting for IT assets has grown more complex due to
smart-device proliferation, “bring your own device” policies, growing
workforce mobility and the IT function's reliance on external partners
31 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Assets Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Monitoring IT assets 3.1
2 Accounting for IT asset management 3.1
3 Monitoring external SLAs 3.2
4 Monitoring and reviewing contracts/billings 3.3
5 Managing hardware maintenance agreements 3.1
32 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Assets Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect
differences between knowledge areas.
1 Monitoring IT assets 3.1
2 Accounting for IT asset mgt 3.1
3 Monitoring external SLAs 3.2
33 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Assets Two-Year Comparison – Overall Results*
2013 2011
Monitoring IT assets Monitoring external SLAs
Accounting for IT asset management Determining outsourcing strategy and approach
Monitoring external SLAs Accounting for IT asset management
Monitoring and reviewing contracts/billings Managing IT asset retirement – employee/contractor
termination
Managing hardware maintenance agreements Managing IT asset retirement – IT asset refresh
*Certain competencies and skill areas in this category were not included in both years of the survey
34 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Managing IT Assets Key Questions to Consider and Commentary
• What process does the IT organization have in place to
monitor IT assets in a risk-savvy manner?
• What is the IT function’s role in accounting for IT asset
management and how can it collaborate with the finance
and accounting function to strengthen the accuracy and
efficiency of this activity?
• How effective is the IT function in monitoring external SLAs,
contracts, and billing and software licenses?
• What are the greatest risks to IT asset management in your
organization, and how are these risks managed?
IT Process Capabilities
(Ensuring Continuity)
36 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Ensuring Continuity Key Findings
Three top-of mind priorities in this category are developing and maintaining
business resumption plans, IT disaster and recovery plans, and crisis
management plans
Integrating the three capabilities listed above is another key priority to
strengthen the organization’s overall BCM capability
37 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Ensuring Continuity Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Developing and maintaining business resumption plans 3.1
2 (tie)
Developing and maintaining IT disaster and recovery
plans 3.2
Developing and maintaining crisis management plans 3.2
4 Developing and maintaining risk assessment/business
impact analysis 3.4
5 (tie)
Ensuring executive management support and
sponsorship 3.4
Ensuring business alignment 3.4
38 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Ensuring Continuity Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect
differences between knowledge areas.
1 Developing and maintaining
business resumption plans 3.1
2 (tie) Developing and maintaining
IT disaster and recovery plans 3.2
Developing and maintaining crisis
management plans 3.2
39 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Ensuring Continuity Two-Year Comparison – Overall Results*
2013 2011
Developing and maintaining business resumption
plans
Developing and maintaining risk
assessment/business impact analysis
Developing and maintaining IT disaster and recovery
plans
Developing and maintaining crisis management
plans
Developing and maintaining crisis management
plans
Designing and maintaining business continuity
strategies
Developing and maintaining risk
assessment/business impact analysis Ensuring business alignment
Ensuring executive management support and
sponsorship
Developing and maintaining business resumption
plans
Ensuring business alignment
*Certain competencies and skill areas in this category were not included in both years of the survey
40 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
IT Process Capabilities: Ensuring Continuity Key Questions to Consider and Commentary
• Has your company developed a crisis management and
communications plan or strategy?
• Are there processes in place to update and audit these
plans regularly?
• To what degree are BCM and disaster recovery capabilities
and activities supported at the executive management and
board level?
• Does your company have a formal overarching BCM
strategy and continuity plan in place (and do these contain
IT considerations among the key prioritities)?
• How frequently does your organization test the plans that
are in place? How are the results of these tests reviewed,
analyzed and acted upon?
Organizational Capabilities
42 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Organizational Capabilities Key Findings
Six Sigma, dealing with confrontation, coaching/mentoring, leadership (in
outside organizations and negotiation are top priorities for IT executives
IT professionals recognized that improvements in interpersonal skills, such
as leadership and negotiation will help them address cultural issues
43 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Organizational Capabilities Top Areas – Overall Results
“Need to Improve”
Rank Areas Evaluated by Respondents
Competency
(5-pt scale)
1 Six Sigma 2.7
2 Dealing with confrontation 3.4
3 (tie)
Coaching/mentoring 3.6
Leadership (in outside organizations, groups, etc.) 3.4
5 Negotiation 3.4
44 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Organizational Capabilities Scatter Diagram
Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect
differences between knowledge areas.
1 Six Sigma 2.7
2 Dealing with confrontation 3.4
3 (tie) Coaching/mentoring 3.6
Leadership (in outside
organizations, groups, etc.) 3.4 5 Negotiation 3.4
45 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Organizational Capabilities Two-Year Comparison – Overall Results*
2013 2011
Six Sigma Six Sigma
Dealing with confrontation Dealing with confrontation
Coaching/mentoring Working effectively with C-level executives
Leadership (in outside organizations, groups, etc.) Developing rapport with senior executives
Negotiation Leadership (within your organization)
*Certain competencies and skill areas in this category were not included in both years of the survey
46 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Organizational Capabilities Key Questions to Consider and Commentary
• Can a better understanding and improvement in capability
around Six Sigma concepts help the IT function add more
value and improve its effectiveness?
• How are efficiency gains being tracked and reported?
• Are there formal training and development processes in
place to help IT professionals improve their ability to deal
with confrontation and enhance negotiation skills and
related attributes?
• To what extent are IT professionals encouraged and
supported in efforts to demonstrate leadership in external
industry and business groups?
47 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
More Resources…
• Interactive Tool - Benchmark your priorities against your peer at:
http://prosurvey.protiviti.com
• Download the Full Survey Report
• Download Infographic
• Watch Video on the Findings
www.protiviti.com/itpriorities
48 © 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.