IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization.

The 2008 Annual Report, assembled from benchmark research conducted with more than 2,600 organizations around the World, reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for influencing and impacting business rewards and risks.

IT GRC encompasses the practices for delivering:

• Greater business value from IT strategy, investment and alignment,
• Significantly reduced business and financial risk from the use of IT, and
• Conformance with policies of the organization and its external legal and regulatory compliance mandates.

What is striking from the benchmarks is the organizations with best business results are the same firms with the most mature practices. The converse is also true: the organizations with the worst business results are the same firms with the least mature practices.

Business Results and IT GRC Maturity

To determine the IT GRC maturity and business outcomes of your own organization, and the practices and capabilities needed to improve results: