it leaders in the strategic hot seat, 2013 it priorities ... › atlanta › chapter... ·...

IT Leaders in the Strategic Hot Seat,

2013 IT Priorities Survey Results

2 © 2013 Protiviti Inc.

CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Today’s Presenter

[email protected]

Trey MacDonald is a Director in Protiviti’s Information Technology Consulting

group. He has 20 years of experience in the Information Technology, Financial

Services, Health Care, Risk Management and Insurance, and Energy/Utilities

industries. During this time he has focused in the areas of IT Strategy

development, Enterprise Infrastructure management, IT Security, Information

Lifecycle Management, Software & Database Architecture design and

development. Trey has helped design, develop and implement optimized IT

strategies, Enterprise Architectures, Software and data management environments

for multiple clients in key industries.



Introduction About the Survey

• Protiviti’s IT Priorities Survey identifies the top priorities

and key areas of focus for today’s IT functions

• The IT executives and professionals who participated in

the survey include chief information officers, chief

technology officers, chief security officers, IT vice

presidents and directors, representing virtually all

industry sectors

• Protiviti conducted the survey online in the third and

fourth quarter of 2012

• The survey assessed more than 100 areas, divided

across the following categories:

– Technical Knowledge

– IT Process Capabilities (contains several sub

categories)

– Organizational Capabilities

• Respondents were asked to rate their competency in

these areas, as well as indicate whether that

competency level was adequate or needs improvement



Overview Topics of Focus

Technical Knowledge

IT Process Capabilities

Organizations Capabilities

Technical Knowledge



Technical Knowledge Key Findings

Aspects of social media and mobile commerce represent major challenges

and top priorities for many IT executives and professionals

Risk Management as well as specific compliance requirements, such as the

European Union Data Directive rank as key priorities for IT departments

CIOs and their staff intend to strengthen cyber security capabilities, in

particular, given the growing threat of breaches and the state and federal

information security compliance requirements



Technical Knowledge Top Areas – Overall Results

“Need to Improve”

Rank Areas Evaluated by Respondents

Competency

(5-pt scale)

1 Social media security 2.9

2 Mobile commerce security 2.8

3 Mobile commerce policy 2.8

4 Mobile commerce integration 2.8

5 Social media integration 2.9



Technical Knowledge Scatter Diagram

Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect differences

between knowledge areas.

1 Social media security 2.9

2 Mobile commerce security 2.8

3 Mobile commerce policy 2.8

4 Mobile commerce integration 2.8

5 Social media integration 2.9



Technical Knowledge Two-Year Comparison – Overall Results*

2013 2011

Social media security Virtualization

Mobile commerce security Social media integration

Mobile commerce policy Cloud computing

Mobile commerce integration Social media security

Social media integration Mobile commerce security

*Certain competencies and skill areas in this category were not included in both years of the survey.



Technical Knowledge Key Questions to Consider and Commentary

• Can mobile commerce solutions be integrated effectively,

efficiently and securely with your overall IT infrastructure

and existing management tools?

• Do your IT functions maintain and update clear mobile

commerce and social media policies? How are these

policies monitored and audited?

• Is the overall state of your company’s social media security

sufficient?

• How can social media capabilities be integrated more

extensively into appropriate business process to deliver

value?

• How can smart phones, tablets and similar devices be

integrated into the normal flow of business in a more

effective and secure manner?


(Managing Security and Privacy)



IT Process Capabilities: Managing Security and Privacy Key Findings

Managing and classifying big data remains a major challenge for IT

departments

Monitoring security events, incident response, managing user identities

and access, as well as compliance requirements, and the management of

third-party vendors are priority areas



IT Process Capabilities: Managing Security and Privacy Top Areas – Overall Results



Competency

(5-pt scale)

1 Managing and classifying enterprise data 3.2

2 Incident response 3.3

3 Monitoring security events 3.2

4 Managing third-party vendors 3.4

5 (tie) Managing user identities and access 3.4

Implementing security/privacy solutions and strategies 3.3



IT Process Capabilities: Managing Security and Privacy Scatter Diagram

Note: The scatter diagram is a perceptual map that does not reflect actual scores – it has been scaled to reflect

differences between knowledge areas.

1 Managing and classifying

enterprise data

2 Incident response

3 Monitoring security events

4 Managing third-party vendors

5 (tie) Managing user identities and

access 3.4



IT Process Capabilities: Managing Security and Privacy Two-Year Comparison – Overall Results*

2013 2011

Managing and classifying enterprise data Managing and classifying enterprise data

Incident response California Security Breach Information Act (SB 1386)

Monitoring security events U.S. Gramm-Leach-Bliley Act (GLBA)

Managing third-party vendors Managing user identities and access

Managing user identities and access Managing third-party vendors

Implementing security/privacy solutions and

strategies Incident response

Monitoring security events

Implementing security/privacy solutions and

strategies

*Certain competencies and skill areas in this category were not included in both years of the survey



IT Process Capabilities: Managing Security and Privacy Key Questions to Consider and Commentary

• What is your IT function’s and your management team’s

understanding (e.g., “excellent”, “good” or “limited”) of what

comprises “sensitive” organizational data and information?

• Is there a formal effort under way to define and classify the

data the organization generates as part of its day-to-day

operations?

• Is the organization clear about what information is sensitive

or requires special attention – especially data that is

regulated by privacy law?

• Has specific responsibility or stewardship been assigned for

the organization’s most sensitive data types?

• Does your organization have a written information security

policy (WISP) in place? Is it being implemented/executed?


(Defining IT Strategy and Organization)



IT Process Capabilities: Defining IT Strategy and Organization Key Findings

Top priorities include improving on how IT performance is measured,

monitored and reported to the business

IT professionals want to strengthen the customer service they provide to

their internal customers

The integration and alignment of IT planning with business strategy

remains an ongoing priority



IT Process Capabilities: Defining IT Strategy and Organization Top Areas – Overall Results



Competency

(5-pt scale)

1 Defining metrics and measurements for monitoring IT

performance 3.1

2 Reporting IT activities and performance 3.2

3 Negotiating, managing and monitoring information quality 3.2

4 Negotiating, managing and monitoring customer service-

level agreements (SLAs) 3.2

5 Developing and maintaining enterprise information

architecture 3.1



IT Process Capabilities: Defining IT Strategy and Organization Scatter Diagram



1 Defining metrics and measurements for

monitoring IT performance 3.1

2 Reporting IT activities and performance 3.2

3 Negotiating, managing and monitoring

information quality 3.2

4 Negotiating, managing and monitoring

customer service- level agreements (SLAs) 3.2

5 Developing and maintaining enterprise

information architecture 3.1



IT Process Capabilities: Defining IT Strategy and Organization Two-Year Comparison – Overall Results*

2013 2011

Defining metrics and measurements for monitoring

IT performance Communication of strategy and governance

Reporting IT activities and performance Defining metrics and measurements for monitoring

IT performance

Negotiating, managing and monitoring information

quality

Monitoring and achieving legal/regulatory

compliance

Negotiating, managing and monitoring customer

SLAs

Developing and maintaining enterprise information

architecture

Developing and maintaining enterprise information

architecture Performing and maintaining the IT risk assessment




IT Process Capabilities: Defining IT Strategy and Organization Key Questions to Consider and Commentary

• Is your IT department collaborating effectively with the

business to manage shifting priorities in an agile manner?

• To what extent are CIOs and the IT leadership team

collaborating with the business to proactively identify

potential business opportunities and threats that require IT

support?

• How effective and timely are the quantifiable metrics and/or

key performance indicators IT shares with the business

regarding IT’s ongoing performance?

• Is there a process in place to monitor the effectiveness of IT

performance measurement/management activities?


(Managing IT Infrastructure)



IT Process Capabilities: Managing IT Infrastructure Key Findings

Planning related to platform and network performance, along with storage

management and planning, stand out as top concerns

Data management qualifies as an overarching need among most

companies, with the rapidly growing amounts of data

Executives and board of directors want assurance that sensitive

information is secure and is stored in an cost-efficient and effective manner



IT Process Capabilities: Managing IT Infrastructure Top Areas – Overall Results



Competency

(5-pt scale)

1 Platform performance planning 2.8

2 Storage management and planning 2.8

3 Network performance planning 2.8

4 Managing and maintaining job processing 3.2

5 IT infrastructure change management 3.3



IT Process Capabilities: Managing IT Infrastructure Scatter Diagram



1 Platform performance planning 2.8

2 Storage mgt & planning 2.8

3 Network performance planning 2.8



IT Process Capabilities: Managing IT Infrastructure Two-Year Comparison – Overall Results*

2013 2011

Platform performance planning Storage management and planning

Storage management and planning Network performance planning

Network performance planning Database change management

Managing and maintaining job processing Platform performance planning

IT infrastructure change management IT infrastructure change management

Operating system change management




IT Process Capabilities: Managing IT Infrastructure Key Questions to Consider and Commentary

• How is your IT function working to ensure that platform

performance, storage management and network

performance capabilities are agile enough to support

sudden business shifts in response to new threats and new

opportunities?

• To what extent does this work extend to vendors

responsible for handling and storing corporate data?

• Has your company established data protection policies that

are monitored and enforced throughout the organization?

• How is the IT department addressing the business’

expectations of increasing faster – and increasingly reliable

– network performance?


(Managing IT Assets)



IT Process Capabilities: Managing IT Assets Key Findings

Monitoring IT assets, accounting for IT assets and monitoring external

SLAs are among the top priorities

Monitoring and accounting for IT assets has grown more complex due to

smart-device proliferation, “bring your own device” policies, growing

workforce mobility and the IT function's reliance on external partners



IT Process Capabilities: Managing IT Assets Top Areas – Overall Results



Competency

(5-pt scale)

1 Monitoring IT assets 3.1

2 Accounting for IT asset management 3.1

3 Monitoring external SLAs 3.2

4 Monitoring and reviewing contracts/billings 3.3

5 Managing hardware maintenance agreements 3.1



IT Process Capabilities: Managing IT Assets Scatter Diagram



1 Monitoring IT assets 3.1

2 Accounting for IT asset mgt 3.1

3 Monitoring external SLAs 3.2



IT Process Capabilities: Managing IT Assets Two-Year Comparison – Overall Results*

2013 2011

Monitoring IT assets Monitoring external SLAs

Accounting for IT asset management Determining outsourcing strategy and approach

Monitoring external SLAs Accounting for IT asset management

Monitoring and reviewing contracts/billings Managing IT asset retirement – employee/contractor

termination

Managing hardware maintenance agreements Managing IT asset retirement – IT asset refresh




IT Process Capabilities: Managing IT Assets Key Questions to Consider and Commentary

• What process does the IT organization have in place to

monitor IT assets in a risk-savvy manner?

• What is the IT function’s role in accounting for IT asset

management and how can it collaborate with the finance

and accounting function to strengthen the accuracy and

efficiency of this activity?

• How effective is the IT function in monitoring external SLAs,

contracts, and billing and software licenses?

• What are the greatest risks to IT asset management in your

organization, and how are these risks managed?


(Ensuring Continuity)



IT Process Capabilities: Ensuring Continuity Key Findings

Three top-of mind priorities in this category are developing and maintaining

business resumption plans, IT disaster and recovery plans, and crisis

management plans

Integrating the three capabilities listed above is another key priority to

strengthen the organization’s overall BCM capability



IT Process Capabilities: Ensuring Continuity Top Areas – Overall Results



Competency

(5-pt scale)

1 Developing and maintaining business resumption plans 3.1

2 (tie)

Developing and maintaining IT disaster and recovery

plans 3.2

Developing and maintaining crisis management plans 3.2

4 Developing and maintaining risk assessment/business

impact analysis 3.4

5 (tie)

Ensuring executive management support and

sponsorship 3.4

Ensuring business alignment 3.4



IT Process Capabilities: Ensuring Continuity Scatter Diagram



1 Developing and maintaining

business resumption plans 3.1

2 (tie) Developing and maintaining

IT disaster and recovery plans 3.2

Developing and maintaining crisis

management plans 3.2



IT Process Capabilities: Ensuring Continuity Two-Year Comparison – Overall Results*

2013 2011

Developing and maintaining business resumption

plans

Developing and maintaining risk

assessment/business impact analysis

Developing and maintaining IT disaster and recovery

plans

Developing and maintaining crisis management

plans

Developing and maintaining crisis management

plans

Designing and maintaining business continuity

strategies

Developing and maintaining risk

assessment/business impact analysis Ensuring business alignment

Ensuring executive management support and

sponsorship

Developing and maintaining business resumption

plans

Ensuring business alignment




IT Process Capabilities: Ensuring Continuity Key Questions to Consider and Commentary

• Has your company developed a crisis management and

communications plan or strategy?

• Are there processes in place to update and audit these

plans regularly?

• To what degree are BCM and disaster recovery capabilities

and activities supported at the executive management and

board level?

• Does your company have a formal overarching BCM

strategy and continuity plan in place (and do these contain

IT considerations among the key prioritities)?

• How frequently does your organization test the plans that

are in place? How are the results of these tests reviewed,

analyzed and acted upon?

Organizational Capabilities



Organizational Capabilities Key Findings

Six Sigma, dealing with confrontation, coaching/mentoring, leadership (in

outside organizations and negotiation are top priorities for IT executives

IT professionals recognized that improvements in interpersonal skills, such

as leadership and negotiation will help them address cultural issues



Organizational Capabilities Top Areas – Overall Results



Competency

(5-pt scale)

1 Six Sigma 2.7

2 Dealing with confrontation 3.4

3 (tie)

Coaching/mentoring 3.6

Leadership (in outside organizations, groups, etc.) 3.4

5 Negotiation 3.4



Organizational Capabilities Scatter Diagram



1 Six Sigma 2.7

2 Dealing with confrontation 3.4

3 (tie) Coaching/mentoring 3.6

Leadership (in outside

organizations, groups, etc.) 3.4 5 Negotiation 3.4



Organizational Capabilities Two-Year Comparison – Overall Results*

2013 2011

Six Sigma Six Sigma

Dealing with confrontation Dealing with confrontation

Coaching/mentoring Working effectively with C-level executives

Leadership (in outside organizations, groups, etc.) Developing rapport with senior executives

Negotiation Leadership (within your organization)




Organizational Capabilities Key Questions to Consider and Commentary

• Can a better understanding and improvement in capability

around Six Sigma concepts help the IT function add more

value and improve its effectiveness?

• How are efficiency gains being tracked and reported?

• Are there formal training and development processes in

place to help IT professionals improve their ability to deal

with confrontation and enhance negotiation skills and

related attributes?

• To what extent are IT professionals encouraged and

supported in efforts to demonstrate leadership in external

industry and business groups?



More Resources…

• Interactive Tool - Benchmark your priorities against your peer at:

http://prosurvey.protiviti.com

• Download the Full Survey Report

• Download Infographic

• Watch Video on the Findings

www.protiviti.com/itpriorities

it leaders in the strategic hot seat, 2013 it priorities ... › atlanta › chapter... ·...

Documents