Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

IT Governance and the Maturity of IT Risk Management Practices

2015 ◽  
Vol 31 (1) ◽  
pp. 59-77 ◽  
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Boards Of Directors ◽  
Management Practices ◽  
It Governance ◽  
Operational Risk ◽  
Operational Risk Management ◽  
It Risk Management ◽  
Customer Information ◽  
Reporting Structure ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's enhanced disclosure rule on risk oversight, state laws requiring public disclosure of compromised customer information, and high-profile customer information breaches have caused Information Technology (IT) risk management practices to be a major concern for boards of directors and management. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management (ERM) framework emphasizes the importance of the board's oversight role while also bringing attention to the firm's reporting structure. Consequently, our study examines whether the maturity of IT risk management practices depends on Chief Information Officer (CIO) reporting structure and Chief Executive Officer (CEO)/Chairman duality. We develop a scale to measure strategic and operational maturity under the larger auspice of IT risk management and distribute a survey to high-level IT professionals. Our survey also captures the reporting structure of their firms. Consistent with our hypothesis, we find that the maturity of strategic IT risk management practices are higher when the CIO reports directly to the CEO. However, contrary to expectations, we do not find that operational risk management is more mature when the CIO reports to the Chief Financial Officer (CFO). Instead, operational risk management is higher when the CIO reports to the CEO. For public firms, the maturity of IT risk management practices are higher when the CEO is also the chairman of the board of directors. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed and factors that affect IT governance.

scholarly journals Measurement of IT Risk Management Maturity Level in CEC Using IT Domain Risk Governance Framework

2021 ◽  
Vol 6 (1) ◽  
pp. 42-48
Author(s):  
Annas Iswahyudi
Keyword(s):  
Risk Management ◽  
Risk Governance ◽  
Maturity Model ◽  
It Risk Management ◽  
Risk Management Framework ◽  
Information Technology Services ◽  
Technology Services ◽  
Risk Framework ◽  
The Impact ◽  
It Risk

IT Risk Management has long been adopted and implemented in CEC. This is inseparable from the high need for reliable and trusted information technology services at CEC as a government institution that has primary task for eradicating corruption. With a good IT risk management is expected to reduce the impact if the IT risk occurs and impacted to overall business process in CEC. However, up to 15 years after the implementation of IT risk management has never been measured how the level of IT maturity risk management. In this research, Author will use the IT Risk Framework with the risk governance domain approach as a standard IT risk management framework to evaluate the implementation of IT risk management in CEC. The process of evaluating the level of IT maturity is based on the maturity model that has been defined in the IT risk framework.

scholarly journals Analisis IT Risk Management di Universitas Bina Darma Menggunakan ISO31000

2020 ◽  
Vol 11 (1) ◽  
Author(s):  
Yeni Erlika ◽  
Muhammad Izman Herdiansyah ◽  
A. Haidar Mirza
Keyword(s):  
Risk Management ◽  
Disaster Recovery ◽  
Management Practices ◽  
Current System ◽  
It Management ◽  
It Risk Management ◽  
Risk Management Process ◽  
Iso 31000 ◽  
The University ◽  
It Risk

<p class="SammaryHeader" align="center"><strong>Abstract</strong></p><p><em>The application of IT management needs to be evaluated to measure the level of IT risk management that occurs. This study aims to analyze and know the IT risk management process adopted at the University of Bina Darma Palembang using the ISO 31000 approach, and focus on evaluating IT management practices which include three stages; identification, analysis, and risk treatment. Bina Darma University is a university that has applied the use of information technology to support its business processes and in accordance with its vision and mission. The implementation of the entire system can be used to support the performance of employees, lecturers and to provide services to students, system managers namely the Directorate of Technology Systems, hereinafter referred to as DSTI. Risks that have occurred at the University of Bina Darma in terms of security standards for security, disaster recovery, to previously be able to cope with problems that occur, but there is no standard, manual, for example data backup using a hard disk. By using the risk assessment stage within the ISO 31000 framework, researchers found that Bina Darma University currently has not implemented ISO standards in dealing with their IT risk management. University management is in the process of designing to implement ISO. From interviews with IT staff and observations, researchers found that Bina Darma University had the ability to apply ISO 31000 in managing their risk. This research produces IT risk reports on current system applications.</em></p><p><strong><em>Keywords</em></strong><strong><em> </em></strong><strong><em>: </em></strong><em>IT Risk Management, ISO 31000, Assessment, Mitigation</em></p><p class="SammaryHeader" align="center"><strong>Abstrak</strong></p><p><em>Penerapan manajemen IT perlu dilakukan evaluasi untuk mengukur tingkat penanganan risiko IT yang terjadi. Penelitian ini bertujuan untuk menganalisis dan mengetahui proses manajemen risiko IT yang diadopsi di Universitas Bina Darma Palembang menggunakan pendekatan ISO 31000, dan berfokus pada evaluasi praktik manajemen IT yang mencakup tiga tahapan; identifikasi, analisis, dan perlakuan risiko. Universitas Bina Darma merupakan perguruan tinggi yang telah mengaplikasikan penggunaan teknologi informasi sebagai pendukung proses bisnisnya dan sesuai dengan visi dan misi nya. Penerapan seluruh sistem yang ada dapat digunakan untuk mendukung kinerja pegawai, dosen maupun untuk layanan kepada mahasiswa/i, pengelola sistem yaitu Direktorat sistem teknologi selanjutnya di sebut dengan DSTI. Risiko yang pernah terjadi pada Universitas Bina Darma dari segi keamanan standart untuk keamanan, disaster recovery, untuk sebelumnya bisa menanggulangi masalah yang terjadi, tetapi tidak ada standarnya, manual, misal backup data dengan menggunakan hardisk. Dengan menggunakan tahap penilaian risiko dalam kerangka kerja ISO 31000, peneliti menemukan bahwa Universitas Bina Darma saat ini masih belum menerapkan standar ISO dalam menangani manajemen risiko IT mereka. Manajemen universitas sedang dalam proses perancangan untuk mengimplementasikan ISO. Hasil wawancara dengan staf IT dan pengamatan, peneliti menemukan bahwa Universitas Bina Darma memiliki kemampuan untuk menerapkan ISO 31000 dalam mengelola risiko mereka. Penelitian ini menghasilkan laporan risiko TI pada aplikasi sistem saat ini.</em></p><strong><em>Kata kunci : </em></strong><em>IT Risk Management, ISO 31000, Penilaian, Mitigasi</em>

The Impact of Shariah Governance and Corporate Governance on the Risk Management Practices: Evidence from Local and Foreign Islamic Banks in Malaysia

2018 ◽  
Vol 15 (2) ◽  
pp. 1-20
Author(s):  
Sabri Embi ◽  
Zurina Shafii
Keyword(s):  
Risk Management ◽  
Corporate Governance ◽  
Management Practices ◽  
Principal Component ◽  
T Test ◽  
The Body ◽  
Primary Data ◽  
Islamic Banks ◽  
Shariah Governance ◽  
The Impact

The purpose of this study is to examine the impact of Shariah governance and corporate governance (CG) on the risk management practices (RMPs) of local Islamic banks and foreign Islamic banks operating in Malaysia. The Shariah governance comprises the Shariah review (SR) and Shariah audit (SA) variables. The study also evaluates the level of RMPs, CG, SR, and SA between these two type of banks. With the aid of SPSS version 20, the items for RMPs, CG, SR, and SA were subjected to principal component analysis (PCA). From the PCA, one component or factor was extracted each for the CG, SR, and RMPs while another two factors were extracted for the SA. Primary data was collected using a self-administered survey questionnaire. The questionnaire covers four aspects ; CG, SR, SA, and RMPs. The data received from the 300 usable questionnaires were subjected to correlation and regression analyses as well as an independent t-test. The result of correlation analysis shows that all the four variables have large positive correlations with each other indicating a strong and significant relationship between them. From the regression analysis undertaken, CG, SR, and SA together explained 52.3 percent of the RMPs and CG emerged as the most influential variable that impacts the RMPs. The independent t-test carried out shows that there were significant differences in the CG and SA between the local and foreign Islamic banks. However, there were no significant differences between the two types of the bank in relation to SR and RMPs. The study has contributed to the body of knowledge and is beneficial to academicians, industry players, regulators, and other stakeholders.

scholarly journals Analyzing Factors Affecting the Sustainability of Land Management Practices in Mecha Woreda, Northwestern Ethiopia

2021 ◽  
Vol 13 (13) ◽  
pp. 7007
Author(s):  
Habtamu Nebere ◽  
Degefa Tolossa ◽  
Amare Bantider
Keyword(s):  
Decision Making ◽  
Land Management ◽  
Land Degradation ◽  
Quantitative Data ◽  
Management Practices ◽  
Short Term ◽  
Factors Affecting ◽  
Decision Making Processes ◽  
Household Heads ◽  
The Impact

In Ethiopia, the practice of land management started three decades ago in order to address the problem of land degradation and to further boost agricultural production. However, the impact of land management practices in curbing land degradation problems and improving the productivity of the agricultural sector is insignificant. Various empirical works have previously identified the determinants of the adoption rate of land management practices. However, the sustainability of land management practices after adoption, and the various factors that control the sustainability of implemented land management practices, are not well addressed. This study analyzed the factors affecting the sustainability of land management practices after implementation in Mecha Woreda, northwestern Ethiopia. The study used 378 sample respondents, selected by a systematic random sampling technique. Binary logistic regression was used to analyze the quantitative data, while the qualitative data were qualitatively and concurrently analyzed with the quantitative data. The sustained supply of fodder from the implemented land management practices, as well as improved cattle breed, increases the sustainability of the implemented land management practices. While lack of agreement in the community, lack of enforcing community bylaws, open cattle grazing, lack of benefits of implemented land management practices, acting as barrier for farming practices, poor participation of household heads during planning and decision-making processes, as well as the lack of short-term benefits, reduce the sustainability of the implemented land management practices. Thus, it is better to allow for the full participation of household heads in planning and decision-making processes to bring practical and visible results in land management practices. In addition, recognizing short-term benefits to compensate the land lost in constructing land management structures must be the strategy in land management practices. Finally, reducing the number of cattle and practicing stall feeding is helpful both for the sustainability of land management practices and the productivity of cattle. In line with this, fast-growing fodder grass species have to be introduced for household heads to grow on land management structures and communal grazing fields for stall feeding.

Understanding the impact of mandatory accrual accounting on management practices: interpretation of Japanese local governments’ behavior

2021 ◽  
pp. 002085232198895
Author(s):  
Makoto Kuroki ◽  
Keiko Ishikawa ◽  
Kiyoshi Yamamoto
Keyword(s):  
Internal Control ◽  
Local Governments ◽  
Public Management ◽  
Management Practices ◽  
New Public Management ◽  
Central Government ◽  
Institutional Pressures ◽  
Accrual Accounting ◽  
Logistic Analysis ◽  
The Impact

Accompanying the spread of “new public management” since the 1980s, accrual accounting and results-based management has become a global standard. However, whether accrual accounting results in successful outcomes and which drivers lead to the intended impacts of the reform have been contested. Given the mixed arguments in the literature, we set out two research questions: (1) “Have public sector organizations realized any positive impacts on management practices by adopting mandatory accrual accounting?”; and (2) “What are the primary drivers of such impacts?” To answer these questions, we examine the impact on management practices by analyzing a survey to ascertain how financial department officers in Japanese local governments perceive the benefits of adopting mandatory accrual accounting on management practices. The results indicate that they have so far not recognized the intended benefits, though they had expected higher benefits in internal control. Then, we use technical-rational, socio-political, and institutional isomorphic perspectives in a comprehensive approach to understand the impacts on management practices. The logistic analysis shows that financial managers in local governments that do not have a majority party in the assembly, but consist of several parties in power, as well as in those with greater financial dependence on the central government, perceive higher benefits. Further, we find that financial managers that imitate other local governments as a form of mimetic pressure perceive fewer benefits. The results show that some technical-rational tools, socio-political conditions, and institutional pressures change the perceived benefits for public managers of adopting mandatory accrual accounting. Points for practitioners We find that some technical-rational, socio-political, and institutional factors explain the intended internal benefits of the mandatory adoption of accrual accounting. In practice, financial managers in local government feel the merits of accrual accounting in less autonomy in not only politics, but also finance, and few mimetic conditions. It might be understood that difficult situations would drive practitioners to use mandatory information.

Impact of Ownership and Size on Operational Risk Management Practices: A Study of Banks in India

2017 ◽  
Vol 18 (3) ◽  
pp. 795-810 ◽  
Author(s):  
Deepak Tandon ◽  
Yogieta S. Mehra
Keyword(s):  
Risk Management ◽  
Factor Analysis ◽  
Data Collection ◽  
Management Practices ◽  
Operational Risk ◽  
Test Reliability ◽  
Operational Risk Management ◽  
Data Collection And Analysis ◽  
Loss Data ◽  
The Impact

The financial crisis and resulting failure of large banks worldwide has shaken the entire world. Improper management of operational risk has been touted as one of the reasons for this failure. In light of the rising importance of operational risk management (ORM) in banks, the study explores the range of ORM practices followed by a cross section of Indian banks and compares them with the banks worldwide. The study also analyses the impact of size and ownership of banks on these practices. Reliability analysis using Cronbach alpha model, Kaiser–Meyer–Olkin (KMO) measure of sampling adequacy and Bartlett’s test of sphericity was used to test reliability of questionnaire and justifies the use of factor analysis. Factor analysis was performed to extract the most important variables in ORM. The small size of bank was observed to be a deterrent to deep involvement of operational risk functionaries, collection and usage of external loss data and data collection and analysis. Further, the performance/preparedness of public sector and old private sector banks lagged behind peers in usage of key reporting components, such as risk and control self-assessment (RCSA), key risk indicators (KRI), scenarios, collection and usage of external loss data, data collection and analysis and quantification and modelling of operational risk.

Sign in / Sign up

Export Citation Format

Share Document