Organizations who do not adopt an information and technology governance and management framework such as COBIT 5 will find that they face multiple challenges.
Firstly, there is a risk of non-compliance to relevant regulation or legislation, which is required by external agencies such as regulators, or corporate policy and standards which is typically set internally and required by the organization itself.
Non-compliance results in damaging penalties, and loss of potential business.
Secondly, there are likely to be few or ineffective IT governance processes in place.
These governance processes such as evaluate, direct, monitor or related management processes such as policy management, assessment, and service set management.
These are vital for the IT division to deliver on business requirements.
Thirdly, a high chance of an ineffective or non-existent IT governance organization. This can mean little or no executive sponsorship for IT, and no accountability for failed IT initiatives.
And finally, there is a real danger of misaligned IT and Business strategies.
This typically leads to poor and uninformed IT-related decisions which leads to uncontrolled or misdirected IT expenditure.
Furthermore, misalignment contributes to the failure of IT initiatives to innovate or deliver the desired business benefits.
So without the governance and management practices provided by COBIT 5, organizations face a significantly higher risk that IT, assets and costs are poorly managed, proper accountability is compromised, and IT fails to deliver on the requirement of the business.