This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Heads of IT Risk Survey

Heads of IT Risk survey

Key contacts
Chris Recchia Audit Advisory, Partner
Andrew Johnson, Audit Advisory, Director


Over the past three to four years, the business world has witnessed a slow but sure development of IT Risk functions and Heads of IT Risk role. While these predominantly sit within the Financial Services industry, the Technology, Media and Telecoms (TMT) sector is also starting to invest in building this capacity.

We believe the development of IT Risk functions and roles is driven by a focus on improving overall risk management within most businesses. Organisations are continuing to build a broader and deeper understanding of the risks they face. This in turn calls for an increased focus on technology risk beyond high profile information security topics.

Many high profile regulatory requirements, particularly in financial services, such a Client Money, Solvency II, Transaction Reporting and Liquidity Risk Reporting have technology risk implications. Of particular relevance here are data flows, data quality and data governance all of which reinforce the need for a broader IT risk management capability.

As IT Risk functions emerge, evolve and mature - hat are the common practices? And how do individual functions compare with their peers? This survey on IT Risk functions seeks to produce a snapshot of IT Risk as it now stands and provide answers to these and other questions.

Key findings

Top risks
During the course of our survey, our respondents cited a large and varied number of risks. By far the most common of these were data leakage or breaches and third party outsourcing. Technology obsolescence was an unexpected common feature in our top five technology risks, supported by the “usual suspects” such as concerns around access management and business continuity/Data Recovery.

  • Increasing cyber threats
  • Alignment of risk activities with risks
  • Responsibility for managing risk
  • System transformation and IT Risks's role
  • Making more use of tools for controls testing
  • Off-shoring - More hype than reality



Download  Heads of IT Risk Survey (PDF, 594 KB)

Related links

Share this page

Email this Send to LinkedIn Send to Facebook Tweet this More sharing options

Get in touch

More on Deloitte