In their efforts to implement an effective IT-governance framework, many companies have acquired IS-Audit staff to provide executive management with information on IS-risks. For the purpose of effective communication, it would be helpful to understand how IS-Auditors, ISmanagement and executive management shape their perception of IS-risks, since this forms the basis for their judgement and decision making.

In this study we focus on IS-Managers’ Risk Perception. More precise we investigated the relative contribution of Probability-information and Impact-information to the Perceived Risk of 32 ISmanagers of a financial institution. We conclude that Impact is the more dominant factor determining their perceived risk. We discuss explanations and consequences of the results.