"If [IT] were in the construction business, it is almost like one in five buildings fall over each year and just crush people on the street."
For Hayes, this figure of speech is apt to describe the magnitude and impact of failed IT projects.
"That is inexcusable, but it still happens in 2013," says Hayes, who recently visited New Zealand in his role as the international president of ISACA, the association of risk management professionals.
IT has enabled the business in many aspects of the way we are today, he says. But there is still that fair share of incidents annually that are causing businesses and not-for-profit organisations a significant amount of money.
At the ISACA forum in Auckland and in a separate interview with CIO New Zealand, Hayes shares a variety of slides underscoring this gap.
Gartner, he says, has reported more than US$600 billion that's thrown away annually on ill-conceived or executed projects. The Standish Group reports 19 percent of IT projects fail outright, 46 percent are challenged, and only 35 percent are successful.
He cites the Harvard Business Review 2011 article stating that one in six project-cost overruns are 200 percent.
The Standards Australia, meanwhile, highlights that 15 to 28 percent of IT projects are abandoned before completion, and 30 to 40 percent of projects have some form of escalation costs.
"They are disturbing numbers, whether they are taxpayer dollars, shareholder, or personal dollars."
Related: KPMG Project Management Survey in NZ: Project activity on the rise compared to three years ago, but so are failure rates.
As a result of the global financial crisis, rise of bring-your-own-device (BYOD), cybersecurity incidents, and tightening of fiscal belts, there is a heightened focus on ensuring that the appropriate risk management and business case development are present, he says.
"There is more scrutiny of that now than we have ever seen," he says. "IT risk professionals are in high demand, because they are involved very much in the front end and during the life of the project."
He would like, however, to see a greater uptake of students attending university who will have the technology and business IT background necessary for this type of work.
Related: Most ANZ organisations unprepared for 'Big Data': Lack of analytics capabilities a prime concern to 28 percent of IT professionals, reports ISACA.
A message he wants out in the industry and to students is: "The IT industry has such a diverse range of opportunities. You are not locked into a keyboard; you are not locked into screens; you are not locked into just playing with data.
"There is a whole stack of opportunities as part of the user interface, as part of the systems design project management, change management, and indeed leading to all the dimensions of implementation and bringing about reforming the organisation."
Having that understanding of business and IT and having that mixture of skills is what is needed going forward, he says.
Related: ISACA study: Cancelled IT projects on the rise in Asia Pacific
What would be a great foundation for this?
A degree in business or commerce is a good starting point, he says, complemented with some specialisation in higher order IT. This can be followed by a postgraduate study or master level work in courses around business reform, change management, project management, project delivery, and data management. All of these aspects will come together to complement the undergraduate degree.
"As a consequence, that combination of skills and experience will bring about a person, who by the age of 30 or 35, will be well-equipped to be part of teams that are in high demand across the world."
Related:The view from the trenches: ISACA ForumFour New Zealand CIOs talk about key issues their teams are facing, and the new areas ICT is working on.
Next: 'Cybersecurity has now become everyone's business'