Most IT directors do not know the full business risks associated with delivering IT services, according to a survey of 178 UK companies.
The research found high levels of ignorance and low levels of confidence among IT managers in a critical part of their job. Some 60% said they were unsure how accidents or failures resulting from changes such as IT upgrades or office moves would affect the business.
And less than 50% of respondents were confident that their staff knew which components of IT were involved in providing each IT service, according to the YouGov survey commissioned by business software supplier Managed Objects.
The findings come at a time when IT directors are under pressure to assess the risks faced by their business, including those from IT systems, to help their companies comply with corporate governance regulations.
"Change is inevitable and continuous," said Jim White, business technologist at Managed Objects. "If you introduce new users or technology, increase the size of databases, or undergo a merger and acquisition, the dependence of business on IT means that any change can bring the business down."
The problem is further compounded because IT departments are contracted to provide services comprising several components. For example, an enterprise resource planning system is composed of a network, a system server application and database connections.
"Without understanding the relationships between these components, it is impossible to tell what impact any individual change will have," said White.
Thomas Mendel, principal analyst at Forrester Research, said the scale of change occurring across most organisations makes such ignorance a serious problem. "The average £1bn-plus company deals with 5,000 to 8,000 planned [IT] changes every month," he said. "When you factor in the unplanned changes too, that is more like 10,000 changes."
An increasing number of organisations are using the ITIL (IT Infrastructure Library) best-practice methodology to reduce IT risk and run their departments more efficiently. Companies using ITIL include Procter & Gamble, Boeing and Barclays.
In a report published earlier this year, Forrester said ITIL, originally developed by the government 20 years ago, could help to reduce the number of problems IT directors encounter when changing IT systems.
ITIL has also been embraced by small to medium-sized offshore providers as a means to drive down costs. Because the relationships between components that make up IT services are better understood, it is possible to avoid downtime, which is costly for the business.
"The drivers [for using ITIL] are the offshore people who offer to 'do your mess for less'," said Mendel.
Key findings of the YouGov survey
Only 20% of IT directors were certain that current IT management systems helped evaluate business risk, yet more than 53% saw IT outages as one of the biggest risks a company faces.
When implementing change, only 39% of IT managers were completely confident they knew the business risks.
Following change, 72% of IT managers were not completely confident that their business had a good understanding of the new technology assets installed.
Less than 29% of IT managers were confident that management systems gave staff the knowledge required to maintain new technology effectively.