ROLLING MEADOWS, IL–(Marketwire – May 19, 2010) – Nearly one-third of organizations in Latin America will use cloud computing in 2010, according to the ISACA IT Risk/Reward Barometer survey conducted by ISACA, a nonprofit association of 86,000 IT professionals. Similar surveys conducted by ISACA found that North America and Europe are adopting cloud computing more slowly, with 25 percent of North American organizations and 18 percent of European organizations using it in 2010.
While 41 percent of the 433 Latin American IT professionals surveyed believe that the risks of cloud computing outweigh the benefits, 18 percent believe the opposite and 42 percent believe the benefits and risks are appropriately balanced.
“The cloud represents a major paradigm shift in how computing resources will be utilized, so it’s not surprising that IT professionals have concerns about risk vs. reward trade-offs,” said Robert Stroud, CGEIT, international vice president of ISACA and vice president of IT service management and governance at CA Inc. “However, risk and value are two sides of the same coin. If cloud computing is treated as a major governance initiative involving a broad set of stakeholders, it has the potential to yield benefits that can equal or outweigh the risks.”
Topics studied in the ISACA IT Risk/Reward Barometer, Latin America, will also be discussed at ISACA’s upcoming International Conference, 6-9 June 2010 in Cancun, Mexico.
The ISACA Risk/Reward Barometer also examined the drivers for IT-related risk management. While IT professionals in Europe and North America said that complying with regulatory requirements is their organizations’ top driver, their Latin American counterparts reported that ensuring that functionality is aligned with business needs is the key motivator (33 percent).
“It is encouraging to see that Latin American enterprises view performance improvement rather than compliance as a primary reason for implementing effective risk management,” said José Angel Peña Ibarra, CGEIT, international vice president of ISACA and a partner at Alintec in Mexico.
According to Brian Barnier, member of the team that developed ISACA’s new Risk IT: Based on COBIT framework and principal at ValueBridge Advisors, “From the C-suite or board perspective — just like in personal investing or sports — the main driver should be balancing risk vs. return to drive profitable growth.”
The greatest hurdle when addressing IT-related risk management in all three regions is budget limits (41 percent in Latin America), followed by business lines that are not willing to fully engage in risk management (19 percent).
The most important actions to improve IT risk management according to Latin American respondents are to increase the use of best practices (32 percent), increase risk awareness among employees (28 percent), and improve coordination between IT and overall enterprise risk management (24 percent).
The ISACA IT Risk/Reward Barometer also revealed the three riskiest IT-related employee behaviors:
- Employees do not protect confidential work data appropriately.
- Employees don’t fully understand IT policies.
- Employees use peer-to-peer filesharing with a work device.
“It is critical to foster security awareness and educate employees about good risk management practices,” said Peña. “Without proper training, employees are often, unintentionally, the weakest link in the security chain.”
ISACA’s upcoming International Conference in Cancun brings together global leaders in IT audit, security, risk and governance to discuss the latest challenges and solutions for critical industry issues, including risk management, cloud computing and fraud. For details, visit www.isaca.org/international.
About the ISACA IT Risk/Reward Barometer, Latin America
The ISACA IT Risk/Reward Barometer is based on online polling in April 2010 of 433 ISACA members located in Latin America. The study gauges attitudes and behaviors surrounding risks and rewards associated with information technology projects. To see the full results, visit www.isaca.org/news.
With 86,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA administers the globally respected CISA, CISM, CGEIT and CRISC certifications and publishes the COBIT framework.