Freely subscribe to our NEWSLETTER

According to ISACA’s survey, the IT Risk/Reward Barometer, EMEA, with regard to future use of cloud computing:

• 9.4% of respondents (8.9% in the UK) plan to use cloud computing for mission-critical IT services;

• 8.8 % (9.6% UK) will only use the cloud for low-risk, non-mission-critical IT services;

• 35.6% (31.8% UK) do not plan to use the cloud for any IT services;

• 17.9% (23.6%) have not formalised their plans;

• 28.2% (26.1%) were not aware of any plans for cloud computing.

The survey found that nearly two thirds (63%) of organisations claimed they are willing to take IT-related business risks in anticipation of a return for the business (64.3% UK) and 12.1% would take large risks to maximise business return.

When asked about integrating IT risk management with the organisation’s overall approach to risk management:

• 4.8% admitted they do so without a formal approach to business risk management (3.2% UK);

• 22.2% said they did not effectively integrate IT risk management with their overall approach to risk management (22% UK);

• 24% said they are very effective at managing risk (20% UK);

• 48.7% reported being somewhat effective (54% UK);

ISACA acknowledges that to get ahead in business, there must be an element of risk, but warns it mustn’t be at any price.

Paul Williams, ISACA Strategy Chair and IT governance adviser to Protiviti advised, “Every day we take calculated risks. Organisations need an integrated risk management approach to identify, assess and prioritise risks, so that they only take appropriate gambles with acceptable consequences or level of reward. Enterprises must never crash and burn because the risk was ignored or misjudged.”

In additional findings from the study, 61% of UK organisations reported that they believe the biggest risk employees pose to their organisations is failing to protect confidential data – although this is slightly lower elsewhere in EMEA, at 58%. In addition, the UK and EMEA both rate an employee’s use of non-approved software or online services second at 32% and 36%, respectively. Considered low risk by 46% of UK IT professionals (42% in EMEA) is an employee checking personal e-mail or visiting social networking sites from a work device. More than half the organisations questioned (56%) across EMEA believe that investments in IT services are not utilised to their full benefit.

Budget limits are an organisation’s greatest hurdle when addressing IT-related business risk, say 34.2% (31.2% in the UK), followed by business lines that are not willing to fully engage in risk management – 28% in the UK and 24.2% in EMEA. Where the UK and EMEA disagree is on what is the most important action an organisation can take to improve IT risk management –UK organisations place emphasis on improved coordination between IT risk management and overall enterprise risk management at 32.5% (29.4% in EMEA), whereas 31.5% in EMEA recommend an increase in risk awareness among employees (28% in the UK).

At ISACA’s EuroCACS Conference held 21-24 March 2010 at the Kempinski Hotel Corvinus, Budapest, Hungary risk management and cloud computing were just two of the many topics covered. Speakers included Rolf von Roessing, Vice President of ISACA, who identified key technical and organisational challenges associated with cloud computing and Urs Fischer, CISA, chair of ISACA’s Risk IT Task Force, explained how ISACA’s Risk IT framework can help organisations align IT risk management with business risk management.