More work needed on risk management

A new survey by Ernst & Young LLP, entitled "Managing Information Technology Risk," found that an effective ITRM program is still missing from many companies at a time when it is important to have these programs in place. Nearly 60 percent of 150 respondents indicated that their programs were not aligned with the organization's Enterprise Risk Management (ERM) strategies and framework. Forty percent of respondents indicated that they did not have effective coordination of risk and compliance activities.

"While cost savings can be significant, it's the top-line benefits that result from actionable risk reporting, strategic investments, and enhanced organizational performance that will be significantly more valuable over the long term to the individual organization and the financial services industry as a whole," said Bill Barrett, practice leader of Ernst & Young's Technology and Information Practice in Ernst & Young's Financial Services Office in New York.

For more on this survey:
- See this SOX Compliance Journal article

More tech stories from the FierceCIO network:
> Live coverage of CTIA Wireless 2008. Article
> Google Docs go offline. Article
> A conversation with Larry Ellison. Article