Risk Management In Protecting Banking Sensitive Information at XYZ Bank Using COBIT5 Framework

POJK No.18 / POJK.03 / 2016 concerning the Implementation of Risk Management for Commercial Banks is addressed to the management and board of directors of Banks to improve provisions regarding compromised customer information disclosure to the public, and breaches of customer information have led to the need for risk management practices in the use of Information Technology (IT). Risk Control Assessment (RCA) is based on the COBIT 5 framework to assess risks associated with the use of Information Technology Asset in XYZ Bank. By mapping the RCA and the provisions of POJK No.18 / POJK.03 / 2016, it can help management obtain information on the level of compliance of the Bank with provisions relating to Banking sensitive information.

Download Full-text

IT Governance and the Maturity of IT Risk Management Practices

Journal of Information Systems ◽

10.2308/isys-51365 ◽

2015 ◽

Vol 31 (1) ◽

pp. 59-77 ◽

Cited By ~ 7

Author(s):

Nishani Edirisinghe Vincent ◽

Julia L. Higgs ◽

Robert E. Pinsker

Keyword(s):

Risk Management ◽

Boards Of Directors ◽

Management Practices ◽

It Governance ◽

Operational Risk ◽

Operational Risk Management ◽

It Risk Management ◽

Customer Information ◽

Reporting Structure ◽

It Risk

ABSTRACT The Securities and Exchange Commission's enhanced disclosure rule on risk oversight, state laws requiring public disclosure of compromised customer information, and high-profile customer information breaches have caused Information Technology (IT) risk management practices to be a major concern for boards of directors and management. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management (ERM) framework emphasizes the importance of the board's oversight role while also bringing attention to the firm's reporting structure. Consequently, our study examines whether the maturity of IT risk management practices depends on Chief Information Officer (CIO) reporting structure and Chief Executive Officer (CEO)/Chairman duality. We develop a scale to measure strategic and operational maturity under the larger auspice of IT risk management and distribute a survey to high-level IT professionals. Our survey also captures the reporting structure of their firms. Consistent with our hypothesis, we find that the maturity of strategic IT risk management practices are higher when the CIO reports directly to the CEO. However, contrary to expectations, we do not find that operational risk management is more mature when the CIO reports to the Chief Financial Officer (CFO). Instead, operational risk management is higher when the CIO reports to the CEO. For public firms, the maturity of IT risk management practices are higher when the CEO is also the chairman of the board of directors. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed and factors that affect IT governance.

Download Full-text

Corporate Governance and Risk Management on Listed Banks, The Tanzania Perspective

Research in Business and Management ◽

10.5296/rbm.v8i1.18800 ◽

2021 ◽

Vol 8 (1) ◽

pp. 27

Author(s):

Erick Lusekelo Mwambuli ◽

Avitus Mwebembezi Dominick

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Board Of Directors ◽

Ownership Structure ◽

Management Practices ◽

Stock Exchange ◽

Management Approach ◽

Financial Risks ◽

The Board Of Directors

The study was to assess on corporate governance and risk management in Tanzania. The study was guided by three objectives which were to assess if transparency, disclosure and audit have significant effect on risk management of the firm, to assess if the board of directors have significant effect on risk management of the firm and evaluate if the ownership structure have significant effect on risk management of the firm. Furthermore, we assess how corporate governance and particularly board of directors, ownership structure, transparency disclosure and audit can affect risk management practices in the context of Dar es Salaam stock exchange listed banks. By the use of a content in analysis approach, the level of exposing the risks in terms of likelihood, consequences of such risk and the strategies used for managing that risk were identified for each kind of risk by using attributes. The results show that corporate governance is related to board of directors, ownership structure, transparency, disclosure and audit play a positive significant and crucial role in establishing an integrative risk management approach. The results from data collected demonstrate that corporate governance has positive significant effect in determining the the good quality of risk management through the level of risk-taking in decisions, especially in terms of financial risks management.

Download Full-text

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

Journal of Information Systems ◽

10.2308/isys-52229 ◽

2018 ◽

Vol 33 (3) ◽

pp. 117-135

Author(s):

Nishani Edirisinghe Vincent ◽

Julia L. Higgs ◽

Robert E. Pinsker

Keyword(s):

Risk Management ◽

Internal Control ◽

Management Practices ◽

Factors Affecting ◽

Management Level ◽

It Risk Management ◽

Top Managers ◽

Risk Oversight ◽

The Impact ◽

It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

Download Full-text

IS Project Management Contemporary Research Challenges

Encyclopedia of Information Science and Technology, First Edition ◽

10.4018/978-1-59140-553-5.ch295 ◽

2005 ◽

pp. 1673-1678

Author(s):

Maggie McPherson

Keyword(s):

Information Technology ◽

Project Management ◽

Management Practices ◽

Service Improvement ◽

Development Projects ◽

Public And Private ◽

The Public ◽

Modern Project ◽

Modern Business ◽

Traditional Fields

Although project management is often said to have its roots in other traditional fields, such as construction, Morris (2002) asserts that modern project management practices have their origins in the 1950s US aerospace agencies. Much has been written about Information System (IS) / Information Technology (IT) project initiatives in both the public and private sectors. In fact, many information systems frequently fall short of their requirements, and are, more often than not, costlier and arrive later than anticipated, if indeed they are completed at all. For instance, according to a report for the Organization for Economic Co-operation and Development (2001), failures of major IT investments and key systems development projects have raised concerns for the achievement of service improvement through information technology. Additionally, it has been argued that failures in IT projects are more common than failures in any other aspect of modern business (Nulden, 1996).

Download Full-text

Assessment of Risk Management Practices in the Public Sector of Malaysia

International Journal of Business and Emerging Markets ◽

10.1504/ijbem.2020.10032965 ◽

2020 ◽

Vol 12 (1) ◽

pp. 1

Author(s):

Razana Juhaida Johari ◽

Jamaliah Said ◽

Md. Mahmudul Alam

Keyword(s):

Risk Management ◽

Public Sector ◽

Management Practices ◽

The Public

Download Full-text

Governance and Risk Management: Empirical Evidence from Malaysia and

International Journal of Finance & Banking Studies (2147-4486) ◽

10.20525/.v2i3.152 ◽

2016 ◽

Vol 2 (3) ◽

pp. 21

Author(s):

Siti Balqis Noor ◽

Rashidah Abdul Rahman ◽

Tariq Ismai

Keyword(s):

Risk Management ◽

Board Of Directors ◽

Management Practices ◽

Islamic Banking ◽

Management Process ◽

Islamic Banks ◽

Management Culture ◽

Risk Management Process ◽

The Board Of Directors ◽

Supervisory Boards

The perceptions of Islamic banking professionals are surveyed through a questionnaire to explore whether the process of risk management mediates board involvement in risk management and risk management practices of Islamic banks in Malaysia and Egypt. The findings of this study identified that the Islamic banks in the selected countries are somewhat efficient in their risk management process. It was noticed that board involvement in risk management, process of risk management and risk management among Islamic banks in Malaysia are significantly higher than their counterparts in Egypt. Furthermore, high involvement of boards in risk management significantly increases the risk management process, and in turn, leads to significantly higher risk management practices in Islamic banks. Hence, boards should take formal responsibility for setting, managing and periodically assessing the risk management culture of the banks. It is expected that the outcomes of this study would help policy setters in the selected countries to develop a well-structured and harmonized risk management process that enhance risk management practices, with emphasis on the effective involvements of the board of directors and Shari’ah supervisory boards in risk management practices.

Download Full-text

Analisis Manajemen Risiko Startup pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019

Jurnal Teknologi Informasi dan Ilmu Komputer ◽

10.25126/jtiik.2021834914 ◽

2021 ◽

Vol 8 (3) ◽

pp. 635

Author(s):

Dio Febrilian Tanjung ◽

Aulia Oktaviana ◽

Aris Puji Widodo

Keyword(s):

Information Technology ◽

Risk Management ◽

Qualitative Method ◽

Business Processes ◽

Business Continuity ◽

Business Success ◽

It Risk Management ◽

Corporate Business ◽

A Company ◽

It Risk

Perkembangan startup berbasis teknologi informasi (TI) semakin meningkat dewasa ini. Sebagai penunjang keberhasilan bisnis perusahaan, TI memiliki risiko yang timbul di berbagai keadaan terutama di era pandemi COVID-19. Salah satu alternatif yang dapat dimanfaatkan untuk mengelola dan menjamin usaha yang lebih kondusif dan kredibel yaitu manajemen risiko yang tepat. Hal ini karena manejemen risiko menjadi hal yang penting pada bisnis dalam meningkatkan keuntungan dan mempertahankan kontinuitas bisnis, terutama dalam kondisi pandemi COVID-19. Pembahasan manajemen risiko TI secara umum sudah cukup banyak, namun penelitian manajemen risiko dalam menghadapi masa pandemi perlu dipertimbangkan. Hal ini dikarenakan pada masa pandemi ini, TI menjadi salah satu kunci agar bisnis dapat bertahan dan memenangkan kompetisi. Selain itu, pandemi COVID-19 termasuk dalam kasus luar biasa yang belum pernah terjadi dalam kurun waktu ratusan tahun, sehingga secara teknis risiko dari pandemi ini termasuk dalam risiko yang tidak terpikirkan sebelumnya oleh perusahaan. Tujuan penelitian ini untuk mengidentifikasi kondisi implementasi manajamen dan ancaman risiko terhadap proses bisnis pada sebuah perusahaan startup terutama di masa pandemi. Penelitian ini menggunakan metode kualitatif dengan mengacu pada COBIT® 2019 fokus domain DSS04 Manage Continuity dengan melakukan observasi awal terhadap kondisi perusahaan dan wawancara terhadap pemangku kepentingan perusahaan. Hasil penelitian menunjukkan bahwa perusahaan telah melakukan penyesuaian terhadap kebutuhan bisnis selama masa pandemi COVID-19 untuk memastikan keberlangsungan bisnis. Namun dalam pelaksanaannya belum ada pengukuran risk management untuk mengontrol apakah manajemen risiko yang dijalankan sudah tepat, sehingga diperlukan penerapan COBIT® 2019 dalam tata kelola bisnis perusahaan. AbstractThe development of information technology (IT) based startups is increasing nowadays. To support the company's business success, IT has risks arising from various circumstances, especially in the era of the COVID-19 pandemic. One alternative that can be used to manage and ensure a conducive and credible business is proper risk management. This is because risk management is important for businesses in increasing profits and maintaining business continuity, especially in the conditions of the COVID-19 pandemic. There is a lot of discussion about IT risk management in general, but research on risk management in dealing with the pandemic needs to be considered. This is because during this pandemic, IT is one of the keys for businesses to survive and win the competition. In addition, the COVID-19 pandemic is included in an extraordinary case that has not occurred in hundreds of years, so that technically the risks from this pandemic are included in risks that were not thought of before by the company. The purpose of this study is to identify the conditions of management implementation and risk threats to business processes at a company startup, especially during the pandemic. This study uses a qualitative method with reference to COBIT® 2019 focused on the DSS04 Manage Continuity domain by conducting initial observations of the company's condition and interviews with company stakeholders. The results show that the company has made adjustments to business needs during the COVID-19 pandemic to ensure business continuity. However, in practice there is no risk management measurement to control whether the risk management is carried out properly, so it is necessary to implement COBIT® 2019 in corporate business governance.

Download Full-text

Risk management practices and trade facilitation as influenced by public sector reforms: institutional isomorphism

Journal of Accounting & Organizational Change ◽

10.1108/jaoc-11-2018-0117 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Nizar Mohammad Alsharari

Keyword(s):

Risk Management ◽

Public Sector ◽

Budget Deficit ◽

Management Practices ◽

Institutional Isomorphism ◽

Institutional Pressures ◽

Trade Facilitation ◽

Content Type ◽

The Public ◽

State Revenues

Purpose This paper aims to explain the implementation process of risk management (RM) practices as a trade facilitation initiative in a public organization undergoing public sector reform and modernization processes in Jordan. Design/methodology/approach The paper draws on the institutional theory and presents a qualitative case study of Jordan Customs (JC). It synthesizes an institutional isomorphism framework to interpret the interplay between the JC institutional environment and the JC RM practices. The data were collected and analyzed by using the triangulation of interviews, observations and documents. Findings The study findings reveal that JC has experienced institutional pressures that mobilize the emerging of RM as a managerial tool that contributes to facilitating international trade, improving state revenues and reducing the public budget deficit. To be internationally recognized, JC benchmark its RM practices with international practices recommended by International Agencies such as World Customs Organizations (WCO). The study concludes that RM practices have been tailored and aligned with the JC’s external and internal context and role and RM has been embedded as an integral part of all organizational processes including strategic and business planning, as well as all accounting change and management activities. The study finds that coercive, normative and mimetic pressures are the driving forces with coercive mechanisms being the most influential. Research limitations/implications This paper has important implications for practitioners, academics and students, as well as international donors especially U.S. Agency for International Development. It mainly depends on the analysis of documents and records to elucidate the development of RM, yet corroborated by interviews. It also uses a retrospective approach with interviewees being asked to describe, explain and reflect upon the events they had experienced during the JC change processes. Practical implications This paper significantly contributes to the scarce of knowledge that currently exists about RM in the public sector of developing countries and in particular “customs administrations.” It recognizes how the public sector in Jordan responded to the international community and WCO’s recommendation in implementing RM. Originality/value This study shows that JC’s experience of institutional pressures mobilized by the enactment of RM as a managerial tool that enabled a higher quality of custom services, trade facilitation, improvement of state revenues and a reduction of the state’s budget deficit.

Download Full-text

Evaluation of Risk Management Practices in Information Systems Project in the Public Sector

Jurnal Pengurusan ◽

10.17576/pengurusan-2018-52-03 ◽

2018 ◽

Vol 53 ◽

pp. 23-36 ◽

Cited By ~ 2

Author(s):

Badrulhisham Baharuddin ◽

Maryati Mohd Yusof

Keyword(s):

Risk Management ◽

Information Systems ◽

Public Sector ◽

Management Practices ◽

The Public

Download Full-text

Corporate Governance, Risk Management and Ethical Investment: Evidence From Banking Industries

International Journal of Financial Research ◽

10.5430/ijfr.v10n5p126 ◽

2019 ◽

Vol 10 (5) ◽

pp. 126

Author(s):

Amzad Hossain ◽

Farid A. Sobhani ◽

Normah Omar ◽

Norazida Mohamad ◽

Jamaliah Said

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Board Of Directors ◽

Management Practices ◽

Banking Sector ◽

Internal Audit ◽

Ethical Investment ◽

Responsible Investment ◽

Good Corporate Governance ◽

Governance Risk

Considering the importance of good corporate governance in the banking industry, the study has been designed to investigate the managerial perceptions on interrelationship among good corporate governance, risk management, and ethical investment of the commercial banks of Bangladesh. Bangladesh has been selected as a field of study for three reasons. Firstly, banking is the leading sector in Bangladesh. Secondly, banking sector has been highly criticized in the recent times due to Bangladesh Bank scandal. Thirdly, banking is gradually being challenging services in Bangladesh. As a financial intermediary, bank has to ensure good corporate governance for smooth operations and reducing agency problem. As a trustee, bank deals with the money of others through various schemes of investment. Ethical investment known as social responsible investment is an indicator of good corporate governance. A structured questionnaire has been used to gather perceptions of managers of the sample banks. The results suggest that the most important factors for effective CG were the board of directors, auditors and managers of the various departments. The study also finds that risk taking behavior of the bank is influenced by the direction of board of directors. In this study corporate governance variables have been categorized with some sub-indices. Board’s structure with independent directors and well communication with supervisors ensure the efficient risk management practices in the banks where internal audit system and transparent disclosures of the board ensure the ethical investment practices.

Download Full-text