The objective of the study was to identify the ways in which information assurance can be embedded into corporate risk management processes in the changing UK corporate governance environment. Corporate governance now calls for effective management of risks but board-level awareness is not yet being translated into effective controls.