IT Risk effectiveness
The number, scale and complexity of IT risks facing organisations continues to grow underscoring the importance of managing IT risk effectively. Failing to manage these risks can lead to embarrassing and costly incidents such as the loss of sensitive data, failed software upgrades or revenue misstatement where computer applications fail to operate correctly. As a result of these types of incidents, executive management are increasingly aware that IT related risks can result in very large costs to an organisation‟s bottom line and reputation.
Within the financial sector it is often the role of IT Risk functions in combination with Operational Risk, Security and other Compliance functions to report, manage and mitigate these risks, whilst setting policy and ensuring/monitoring appropriate governance and control over technology.
Why is it an issue?
Many organisations already have existing and significant spend on activities to manage selected IT risks - information security programmes, regulatory compliance, business continuity, SOX, incident management solutions, project risk, IT internal audit and IT governance committees for example. However, the effectiveness of this expenditure is often challenged when mistakes are still made.
IT risks continue to evolve with threats becoming ever more sophisticated and difficult to mitigate against. This, in addition to the ever increasing regulatory focus means the role of IT Risk functions within organisations is evolving rapidly, with ever more expectation on the assurances and services they provide.
Our services
We assist our clients by:
- Benchmarking of technology risk management functions and processes against recognised good practice and industry peers
- Establishing and refreshing technology risk management frameworks, including control rationalisation, design and implementation
- Implementing process improvements to technology risk functions, ranging from incremental enhancements to existing processes through to large scale change
- Utilising tools to manage delivery of technology risk management and demonstrate compliance requirements from a single source.
Heads of IT Risk Survey
 |
As IT Risk functions emerge, evolve and mature, what are the common practices? This survey seeks to produce a snapshot of IT Risk.
Key contacts
David Bettesworth
Enterprise Risk Services
Partner
Andrew Johnson
Enterprise Risk Services
Director
Share this page
© 2013 Deloitte LLP. All rights reserved. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity.
Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its Member Firms. View our accessibility statement.
