Globally, financial institutions are identifying the management of IT risks as one of the critical areas of business operations today.
This is according to Ernst & Young, and is based on a survey, Managing Information Technology Risk, done on its behalf by the Economist Intelligent Unit.
The survey indicates 77% of the global financial institutions surveyed have a formal IT risk management function in place.
"Many financial services organisations are recognising the need to broaden the scope of risk governance and management to include information technology," says Marius van den Berg, director of technology and security risk services at Ernst & Young.
"This awareness is growing in the wake of highly publicised identity theft incidents and other security breaches, as well as legislation aimed at better managing financial, market and operational risk exposures."
The financial institutions are now, however, focusing on the need to better integrate IT risk management with their other risk management programmes and processes.
This is as most IT risk management initiatives are still operating in silos, says Van den Berg.
"35.8% of the respondents stated their programmes had no common control library or were not sure if one existed, and 37.2% said there was no common risk language that was broadly accepted and understood throughout their organisation, or were unable to state if one was present.
"This leads us to the conclusion that, although there may be frameworks in place, they are missing a common risk language that is a critical programme component to improve the efficiencies and effectiveness needed to achieve a consistent risk framework," he concludes.
Related stories:
Info security 'should be more than AV`
Think like an attacker
Share
