Welcome to Ernst & Young’s inaugural global survey or the fnancial services industry
—Managing Information Technology Risk
. This survey was conducted by the Economist Intelligence Unit, aleading, global, independent research organization, on behal o Ernst & Young, across a number o leading global fnancial services institutions. Ernst & Young conducted the analysis and wrotethe report, which presents the responses o senior executives at more than 100 o these institutions.The questions we asked were designed to ocus their attention on the ramework, processes, and drivers o inormation technology risk management (ITRM), in particular, their impact on decision-making and the role inormation technology risk management plays in an organization’s overall risk management processes and posture. The survey results spotlight fve key topics: program maturity and eectiveness; convergence; inormation technology risk management processes; tools and technology;and reporting and metrics.This report provides industry data, trends, leading practices, and Ernst & Young’s inormed pointo view on the components o an eective inormation technology risk management methodology,ramework, and process. It is our intentthat organizations use this inormation toevaluate thoughtullytheir own internal processes in light o thesefndings and identiy areasor improvement in the coming year.The year 2008 promises to be one o continued change or the fnancial servicesindustry. As global institutions seek tolink Enterprise Risk Management (ERM),Operational Risk Management (ORM), and audit and compliance unctions, inormation technologyrisk management will play a critical role. Ernst & Young believes that while direct, bottom-line costsavings can be signifcant, it is the top-line benefts that result rom actionable risk reporting, morestrategic investments, and enhanced organizational perormance that will be signifcantly morevaluable over the long term to the individual organization and the fnancial services industry as awhole. We expect regulatory bodies around the globe to ocus on the inormation technology risk management unctions o fnancial services institutions as governance and compliance continue to bestrictly enorced. Those organizations whose internal processes lack defnition may fnd themselvesunder the regulators’ watchul eyes.The results o Ernst & Young’s
Managing Information Technology Risk — A Global Survey for the Financial Services Industry
are available to our clients and riends. We welcome the opportunity tomeet with you to discuss the survey fndings as well as any aspect o your inormation technologyrisk management program. For urther inormation on inormation technology risk management or Ernst & Young’s approach to a variety o business issues, please contact your local Ernst & Youngofce. In addition, we invite you to visit www.ey.com.We would very much like to thank all o the respondents to our survey or their time and insights.
The results o this survey represent fndingsrom 145 senior inormation technology andrisk executives rom 100+ diversifed fnan-cial services institutions in six major regions around the globe.