Bridging IT Risk Governance in Bangladesh: A Comparative Gap Analysis of Bangladesh Bank’s Guideline on ICT Security v4.0 and ISACA’s Risk IT Framework

IT risk governance describes the overall oversight of strategies, policies, controls, and accountability structures that aim to ensure security, resilience, and regulatory compliance related to system and technology assets in an organization. IT risk is an integral part of financial risk. Considering the growing cyber risk and systemic risk, Bangladesh Bank released Guideline on ICT Security – Version 4.0, 2023 to mitigate escalating cyber threats and systemic vulnerabilities of the financial sector. This paper conducts a cross-reference gap analysis between ICT Security Guideline, 2023 issued by Bangladesh Bank and ISACA’s Risk IT Framework, identifying governance gaps, strengths, and opportunities for alignment. Based on a gap and maturity assessment structured around the 14 ISO/IEC 27001 controls and relevant international standards, this study highlights shortcomings in risk quantification, qualitative and quantitative assessments, integrating IT governance into corporate governance, and strategic alignment with enterprise and regulatory entities. Suggestions for enhancing governance maturity, compliance, and organizational resilience are presented.