scholarly journals Designing an IT Risk Management Ontology grounded on Systematic Literature Review

2021 ◽  
Author(s):  
Mariana Rosa ◽  
Sérgio Guerreiro ◽  
Rúben Pereira
Keyword(s):  
Risk Management ◽  
Literature Review ◽  
Systematic Literature Review ◽  
It Risk Management ◽  
It Risk

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

2018 ◽  
pp. 236-257
Author(s):  
Shanmugapriya Loganathan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Vital Role ◽  
Transfer System ◽  
Business Systems ◽  
It Risk Management ◽  
It Organization ◽  
Security Network ◽  
Business Cost ◽  
It Risk

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.

Global IT Risk Management Strategies

2008 ◽  
pp. 285-298 ◽  
Author(s):  
Chrisan Herrod
Keyword(s):  
Risk Management ◽  
Financial Risk ◽  
Best Practice ◽  
New Technologies ◽  
Management Strategies ◽  
Regulatory Compliance ◽  
It Risk Management ◽  
Reputational Risk ◽  
Risk Management Strategies ◽  
It Risk

This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk assessment methodologies that provide a standard to measure and assess risk within organizations. Information technology risk management is a significant new function that can help companies achieve world class IT service. IT risk management includes regulatory compliance, information security, disaster recovery, and project risks. IT risk management should be part of a company’s risk management strategy on an equal footing with financial risk management and reputational risk management. As the complexity of IT infrastructures increases and as businesses continue to rely upon the Internet as the communication backbone for e-business, the associated risks increase. For these reasons, deciding upon and implementing a risk management process and a standard methodology will greatly reduce the risks associated with the introduction of new technologies that support the mission of the business.

Collaborative risk management: a systematic literature review

2018 ◽  
Vol 48 (3) ◽  
pp. 231-253 ◽  
Author(s):  
Derek Friday ◽  
Suzanne Ryan ◽  
Ramaswami Sridharan ◽  
David Collins
Keyword(s):  
Risk Management ◽  
Literature Review ◽  
Systematic Literature Review ◽  
Process Integration ◽  
Holistic Approach ◽  
Benefit Sharing ◽  
Future Research ◽  
Supply Chain Risk Management ◽  
Joint Decision ◽  
Content Type

Purpose The purpose of this paper is to identify and analyse collaborative risk management (CRM) literature to establish its current position in supply chain risk management (SCRM) and propose an agenda for future research. Design/methodology/approach A systematic literature review of 101 peer-reviewed articles over a 21-year period was employed to analyse literature and synthesise findings to clarify terminology, definitions, CRM capabilities, and underlying theory. Findings CRM as a field of research is in its infancy and suffers from imprecise definitions, fragmented application of capabilities, and diverse theoretical foundations. The term CRM is identified as a more representative description of relational risk management arrangements. Six capabilities relevant to CRM are identified: risk information sharing, standardisation of procedures, joint decision making, risk and benefit sharing, process integration, and collaborative performance systems. Originality/value The paper provides a new definition for CRM; proposes a holistic approach in extending collaboration to SCRM; identifies a new capability; and provides a range of theories to broaden the theoretical scope for future research on CRM.

Risk of adopting mission-critical OSS applications: an interpretive case study

2014 ◽  
Vol 34 (4) ◽  
pp. 477-512 ◽  
Author(s):  
Placide Poba-Nzaou ◽  
Louis Raymond ◽  
Bruno Fabi
Keyword(s):  
Risk Management ◽  
Open Source ◽  
Resource Planning ◽  
Adoption Process ◽  
Content Type ◽  
It Risk Management ◽  
Interpretive Case Study ◽  
Mission Critical ◽  
It Risk

Purpose – This study aims to explore the process of open source software (OSS) adoption in small- and medium-sized enterprises (SMEs), and more specifically open source enterprise resource planning (ERP) as a “mission critical” OSS application in manufacturing. It also addresses the fundamental issue of ERP risk management that shapes this process. Design/methodology/approach – The approach is done through an interpretive case study of a small Canadian manufacturer that has adopted an open source ERP system. Findings – Interpreted in the light of the IT risk management, OSS and packaged application adoption literatures, results indicate that the small manufacturer successfully managed the adoption process in a rather intuitive manner, based on one guiding principle and nine practices. In analyzing the data, diffusion of innovation theory appeared to fit rather well with the situation observed and to offer rich insights to explain the mission-critical OSS adoption process. Research limitations/implications – A single case study of successful IT adoption should be eventually counterbalanced by future cases considered to be partial or total failures, using a wider multiple case study approach for comparative purposes. And this should include alternative theoretical interpretations and more detailed empirical work on the extent to which the distinctive features of OSS make its adoption more or less risk-laden. This initial effort should also be followed by further research on mission-critical OSS adoption in contexts other than SMEs (e.g. healthcare organizations) and other than ERP (e.g. customer-relationship management). Practical implications – This research confirms that open source is a credible alternative for SMEs that decide willingly or under external pressure to adopt a mission-critical system such as ERP. Moreover, it suggests that a high level of formalization is not always necessary. Originality/value – The authors argue that rich insights into the dynamics of the mission-critical OSS adoption process can be obtained by framing this process within an IT risk management context.

scholarly journals JURNAL IT RISK MANAGEMENT ANALISIS RESIKO TEKNOLOGI INFORMASI PADA TOKO PUNTADEWA OUTDOOR

2021 ◽  
Vol 1 (03) ◽  
pp. 54-64
Author(s):  
Usman ◽  
Andika A. Yudhistira
Keyword(s):  
Risk Management ◽  
It Risk Management ◽  
Iso 31000 ◽  
It Risk

Puntadewa outdoor merupakan sebuah perusahaan yang bergerak dalam bidang penyediaan dan penjualan perlengkapan luar ruangan, toko tersebut sudah menggunakan penerapan SI/TI dalam menunjang aktivitas bisnis yang dijalankan. Toko tersebut menggunakan aplikasi SmartConsole yang digunakan untuk menunjang penjualan, mendata stok barang, serta mendata pengeluaran sehari-hari yang dibutuhkan. Namun dalam dunia manajemen pasti selalu ada kemungkinan risiko yang mungkin dapat terjadi dan dapat mengganggu aktivitas bisnis dalam penggunaan sistem tersebut. Dengan begitu analisis risiko sangat diperlukan terhadap sumber daya SI/TI yang terdapat pada toko tersebut. Dengan menggunakan ISO 31000 diharapkan dapat meminimalisir risiko yang terdapat pada aplikasi SmartConsole. Hasil dari analisis risiko ini berupa analisis kemungkinan risiko, mengelompokkan kemungkinan – kemungkinan risiko berdasarkan dampak nya sehingga menghasilkan usulan tindakan risiko terhadap kemungkinan risiko yang terdapat pada aplikasi SmartConsole, dengan begitu toko tersebut dapat memperlakukan kemungkinan risiko yang ada sesuai dengan prioritas level risikonya dan dapat mencegah serta meminimalisir sehinga tidak mengganggu aktivitas bisnis.

Sign in / Sign up

Export Citation Format

Share Document