A new survey by Ernst & Young has found that the majority of global banks are failing to align IT risk management practices within more general enterprise and operational risk frameworks.
The research, which surveyed nearly 150 risk management and senior IT executives at global banks, examines the framework, processes, and drivers of IT risk management and the role it plays in an organisation's overall risk management.
According to the survey, nearly 60% of IT risk programmes are "not aligned" or are just "partially aligned" with their organisation's enterprise risk management (ERM) strategies and framework.
But the survey showed that many organisations are focusing on the need to better integrate IT risk management with their overall risk management programme and processes. More than half of those questioned - 54% - said they do recognise the benefits of risk convergence.
Ernst & Young says banks are set to increase expenditure in IT risk management during the next 12-18 months. Over half (54.5%) of respondents said their organisations would increase spending by between five and 25% or more during this period.
Nearly 80% of respondents expect an increase in investments, with the largest portion of that increase spent on new technology and process automation.
Ernst & Young says bank investments in technology should go hand-in-hand with the implementation of a formal IT risk management programme.
"While cost savings can be significant, it's the top-line benefits that result from actionable risk reporting, strategic investments, and enhanced organisational performance that will be significantly more valuable over the long term to the individual organisation and the financial services industry as a whole," says Bill Barrett, practice leader, Ernst & Young Technology and Information Practice.
The research also found that over 40% of respondents said their organisations did not have effective coordination of risk and compliance activities.
A separate study from Datamonitor released earlier this year suggests that the sub-prime crisis will spur banks to increase spending on operational risk technology from $754 million in 2007 to over $1 billion in 2010 - an average annual increase of almost 12%.