The risks depend on whether you are public or not. If you are public and it is the same firm then you and your accounting firm are in volation of section 201 of Sarbanes Oxley. It states:
"...it shall be unlawful for a registered public accounting firm (and any associated person of the firm, to extent determined appropriate by the Commission)that performs for any issuer any audit required by this title of the rules of the Commission under this title or, beginning 180 days after the dte of commencement of the operations of the Public Company Accounting Oversight Board established under section 101 of the Sarbanes-Oxley Act of 2002 (in this section referred to as the "Board"), the rules of the Board, to provide to that issuer, contemporaneously with the audit, any non-audit service, including -
(1) bookkeeping or other services related to the accounting records or financial statement fo the audit client;
(2) financial information systems design and implemenation;
(3) appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
(4) actuarial services;
(5) internal audit outsourcing services;
(6) managment functions or human resources;
(7) broker or dealer, investment adviser, or investment banking services;
(8) legal services and expert services unrelated to the audit; and
(9) any other service that the Board determines, bu regulation is impermissible.
You also open yourself up for regulatory criticism.
If you are not public, you may also get criticized, but you need to determine what position your institution has taken on S/O. For example, we are not public but have adopted many of the provisions of S/O as best practices including the one cited above. Therefore, you could end up in violation of your own audit charter or bank policies.
I'd go get another firm. Most of the big 3 have audit outsourcing that can perform IT audit. Also, there may be botique firms that may be able to accomodate your needs.
Hope this helped.
_________________________
The opinions are mine and do not necessarily reflect those of my employer.