Treasury Today Country Profiles in association with Citi

Why IT departments get a bad name

A global study that surveyed more than a thousand IT professionals in the EMEA region has found that over the past 12 months more than one in five enterprises has experienced a security breach and one in ten has suffered a breach of its privacy. The report also found that nearly half of those surveyed (45%) said their enterprises had either delayed or even missed an opportunity to reduce costs as a result of an IT-related problem. Again, 50% of respondents said that a shortage of IT personnel had had a detrimental effect on their business.

The study, which was conducted by a global non-profit professional association, ISACA, also found that 42% of organisations believed customer satisfaction had been reduced in the last 12 months due to an IT-related problem or incident. Additionally, 42% had incurred unexpected expenses and 18% believed their reputation had been harmed because of problems associated with information technology. Ten per cent even had a competitor beat them to market due to IT complications. Thirty five per cent had faced inadequate disaster recovery or business continuity measures, and 17% suffered a serious IT operations incident.

When asked about the issue most likely to impact their enterprise’s security in the next year, top answers were data leakage (17%), cyber-attacks (15%), inadvertent employee mistakes (17%), incidents related to “bring your own device” (BYOD) (13%) and cloud computing (11%). Fifteen per cent said all of these issues were top concerns, and 9% said that none of the issues were a concern.

“Today, it is critical for enterprise leaders to recognise information management and IT as a business issue. The survey shows that more than a third of respondents still report a disconnect between the information and business strategies,” says Dr Derek Oliver, CEO of Ravenswood Consultants Ltd. and co-chair of ISACA’s COBIT 5 Task Force. “Using a business framework for IT governance, such as COBIT 5, will help clarify the roles of the business and information, and provide a common language and set of goals to get everyone on the same page.”

Which is why it is important that the treasury is on top of its game when it comes to auditing its processes and systems. An audit can identify both security failings and opportunities for improving the treasury’s automated systems and processes. Moreover, treasury auditing plays an important part in the overall control structure and can often present the department with an opportunity to update its policies and procedures. In addition treasury performance, an audit allows the treasury to benchmark its procedures, protocols and strategies against relevant benchmarks.

“In a high risk area like treasury, it is important to go above and beyond the minimum requirements. The key thing is to make sure that all the risks are appropriately addressed. It is not necessarily a good thing to get a clean audit report if all the risks have not been addressed. There should be a big focus on fostering healthy relationships with internal audit as they are able to provide valuable feedback on your processes,” says Johan van der Westhuizen, Risk Manager at AkzoNobel.