Heads of IT Risk Survey
Over the past three to four years, the business world has witnessed a slow but sure development of IT Risk functions and Heads of IT Risk role. While these predominantly sit within the Financial Services industry, the Technology, Media and Telecoms (TMT) sector is also starting to invest in building this capacity.
We believe the development of IT Risk functions and roles is driven by a focus on improving overall risk management within most businesses. Organisations are continuing to build a broader and deeper understanding of the risks they face. This in turn calls for an increased focus on technology risk beyond high profile information security topics.
Many high profile regulatory requirements, particularly in financial services, such a Client Money, Solvency II, Transaction Reporting and Liquidity Risk Reporting have technology risk implications. Of particular relevance here are data flows, data quality and data governance all of which reinforce the need for a broader IT risk management capability.
As IT Risk functions emerge, evolve and mature – what are the common practices? And how do individual functions compare with their peers? This survey on IT Risk functions seeks to produce a snapshot of IT Risk as it now stands and provide answers to these and other questions.
During the course of our survey, our respondents cited a large and varied number of risks. By far the most common of these were data leakage or breaches and third party outsourcing. Technology obsolescence was an unexpected common feature in our top five technology risks, supported by the “usual suspects” such as concerns around access management and business continuity/Data Recovery.
- Increasing cyber threats
- Alignment of risk activities with risks
- Responsibility for managing risk
- System transformation and IT Risks's role
- Making more use of tools for controls testing
- Off-shoring - More hype than reality
Heads of IT Risk Survey (PDF, 594 KB)