Although the industrialization of financial products and services has been on top of the agenda in the financial service domain for many years now, there is still considerable pressure to lower the cost income ratio. This continuing trend stimulates restructuring of the IT environments (ECB 2004) and thus leads to new types of risk. From the corporate perspective, a major challenge lies in coping with rapid technological change and the increasing complexity of the IT landscape (BCBS 2003). At the same time, the restructuring of business processes and application systems is externally triggered by international regulations, such as the International Accounting Standards (IASB 2004) and the Sarbanes-Oxley act (Sarbanes- Oxley Act 2002). These significant changes are further accompanied by the required integration of IT management activities into the operational risk management process with the advent of Basel II (BCBS 2005a)