Liken invites key IT, finance and compliance stakeholders to participate in survey.
Weybridge UK, 9.12.2008: Liken Group (
www.liken.co.uk), a leading technology efficiency and IT Audit consultancy is asking IT, finance and compliance executives to participate in a survey on whether ISO 19770 is still an appropriate IT compliance standard in the current economic climate. In particular, the survey will seek to derive whether ISO 19770’s standing has been affected by industry perceptions, market trends, economic turmoil or comparisons to more recent standards such as ISO/IEC 38500. Anyone wishing to participate can do so at
http://www.liken.co.uk/survey.phpBehind the survey lies initial research by Liken, within it own client base of senior IT asset managers, compliance officers and financial directors, which suggests that ISO 19770 could be falling victim to market drivers that had not been anticipated when it was launched. The initial results gathered, coupled with an apparent lack of prior industry research on this aspect of IT management, led Liken to question whether the standard was what the market needed or had expected.
Liken decided, that with seemingly few, if any, publicised success stories of companies having fully achieved ISO 19770 accreditation, that it was important to assess how the standard was viewed. Initial results, from their internal research, indicated that, whilst many felt ISO 19770 embodied sound compliance goals, some held the view that it was just too onerous, particularly in the current economic climate. Initial polling also suggested that the focus of management, in general, has moved more to the effective usage of existing IT investment to meet altered business goals focussed on surviving a recession. Certainly, those contacted signalled an increasing pressure on management to justify its decisions and demonstrate efficiency.
Others felt that the standard might also represent an unbridgeable gap between vendor’s interests behind ISO 19770 and the interests of those organisations who were expected to comply with it.
There also seemed to be a favourable disposition towards ISO/IEC 38500, which many felt was more realistic and attainable. ISO/IEC 38500 is a far more recent standard with the objective of providing a framework of principles for directors to use when evaluating, directing and monitoring the use of IT within their organizations.
This more recent standard recognizes that IT spend is usually significant but that returns on IT investment are often not fully realized. Those polled by Liken felt that ISO/IEC 38500 offered a more holistic ‘whole business context’ for IT rather than particular aspects such as technical or financial. In effect, it was felt that IT could be designed more with ISO/IEC 38500 to ‘meet ongoing business requirements’ and therefore deliver quantifiable value.
In the eyes of some, the recent launch by the BSA of their “SAM Advantage” programme, designed to facilitate achieving ISO 19770, seems to have opened the debate further. James Rowlands CEO of Liken Group questioned if it addressed underlying issues, commenting;
“It is hard to tell what impact the SAM Advantage programme might have given the strength of feeling we have encountered from those who were struggling with ISO 19770. To understand this better, we needed to understand whether these initial opinions, voiced by our client base, are just general expressions of frustration and perhaps anti-vendor sentiment or whether, in fact, they are justified. Potentially, though, one can see their point.
“One cannot detract in any way as to the importance of IT compliance. However, two years after ISO 19770’s publication, it is to some extent curious why there are still no publicised cases of businesses having achieved full ISO 19770 accreditation. Why is this? Is it corporate reluctance to let others know about their business practices or is it rather that business is struggling to get to grips with the standard; especially given the current economic climate?
“In marked contrast, we were impressed by the strength of support for ISO/IEC: 38500. Against the unfolding economic panorama, could it be that this is a more suitable measure of corporate IT governance and a catalyst for sound asset management? Certainly, cost savings and efficient usage seem now to be the primary drivers as organisations place a greater emphasis on controlling software and hardware usage rather than managing inventory and licensing. ISO/IEC 38500 seems to be geared more to address this current trend.
“Whilst one has to commend the BSA, in many ways, for launching the “SAM Advantage” programme, we think it is valid to ask all stakeholders whether ISO 19770 represents a valuable investment or is it just a bridge too far? Whatever the answer, could one also say of ISO/IEC 38500 that cometh the moment, cometh the standard?
“However, the lack of existing certification bodies for ISO/IEC 38500, could hold back its progress, so the need to understand how significant the demand for it is becomes far more important, as typically it can take at least a year for the infrastructure of accreditation to appear. To this end then we felt compelled to extend the survey to a broader audience and to invite IT management, FD’s and compliance executives, at large, to have their say. So over the next 6 weeks we shall be seeking to drive those with a view to our online survey form and then publish the full results in the New Year.”
