scholarly journals IT RISK IDENTIFICATION PROCESS ANALYSIS / IT RIZIKOS IDENTIFIKAVIMO PROCESO ANALIZĖ

2013 ◽  
Vol 5 (1) ◽  
pp. 46-52
Author(s):  
Rasma Janeliūnienė ◽  
Vida Davidavičienė
Keyword(s):  
Risk Management ◽  
Business Processes ◽  
Process Analysis ◽  
Risk Identification ◽  
Business Success ◽  
Success Factor ◽  
It Risk Management ◽  
Risk Management Process ◽  
Process Risk ◽  
It Risk

Business processes and business success that depends on information technology (IT) is now closely associated with IT risks, which is influenced by growing IT risk management and control needs. It is vitally important to identify, analyse and reduce systemic risk in order to avoid undesirable consequences, such as information loss, data leaks or damage. A critical success factor in this situation is the systematic and continuous IT risk management. This paper aims to analyse one part of the IT risk management process –risk identification. The article invoked the methods of literature analysis, synthesis, comparison, and generalization.Article in Lithuanian Santrauka Išaugusi verslo procesų, kartu ir verslo sėkmės, priklausomybė nuo informacinių technologijų (IT) šiuo metu yra glaudžiai susijusi su IT rizika. Tai daro įtaką augančiam IT rizikos valdymo ir kontrolės poreikiui. Nepaneigtina tai, kad identifikuota, išanalizuota ir sumažinta sistemos rizika leidžia išvengti nepageidaujamų pasekmių, tokių kaip informacijos praradimas, nutekėjimas ar duomenų sugadinimas. Pagrindinis sėkmės veiksnys siekiant užtikrinti organizacijos sėkmę valdant IT yra sistemingas ir tęstinis IT rizikos valdymas. Straipsnyje keliamas tikslas išanalizuoti vieną iš IT rizikos valdymo proceso etapų – rizikų identifikavimą. Straipsnyje pasitelkiami tokie metodai, kaip mokslinės literatūros analizė, sisteminimas, apibendrinimas.

scholarly journals Analisis Manajemen Risiko Startup pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019

2021 ◽  
Vol 8 (3) ◽  
pp. 635
Author(s):  
Dio Febrilian Tanjung ◽  
Aulia Oktaviana ◽  
Aris Puji Widodo
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Qualitative Method ◽  
Business Processes ◽  
Business Continuity ◽  
Business Success ◽  
It Risk Management ◽  
Corporate Business ◽  
A Company ◽  
It Risk

<p>Perkembangan <em>startup </em>berbasis teknologi informasi (TI) semakin meningkat dewasa ini. Sebagai penunjang keberhasilan bisnis perusahaan, TI memiliki risiko yang timbul di berbagai keadaan terutama di era pandemi COVID-19. Salah satu alternatif yang dapat dimanfaatkan untuk mengelola dan menjamin usaha yang lebih kondusif dan kredibel yaitu manajemen risiko yang tepat. Hal ini karena manejemen risiko menjadi hal yang penting pada bisnis dalam meningkatkan keuntungan dan mempertahankan kontinuitas bisnis, terutama dalam kondisi pandemi COVID-19. Pembahasan manajemen risiko TI secara umum sudah cukup banyak, namun penelitian manajemen risiko dalam menghadapi masa pandemi perlu dipertimbangkan. Hal ini dikarenakan pada masa pandemi ini, TI menjadi salah satu kunci agar bisnis dapat bertahan dan memenangkan kompetisi. Selain itu, pandemi COVID-19 termasuk dalam kasus luar biasa yang belum pernah terjadi dalam kurun waktu ratusan tahun, sehingga secara teknis risiko dari pandemi ini termasuk dalam risiko yang tidak terpikirkan sebelumnya oleh perusahaan. Tujuan penelitian ini untuk mengidentifikasi kondisi implementasi manajamen dan ancaman risiko terhadap proses bisnis pada sebuah perusahaan <em>startup </em>terutama di masa pandemi. Penelitian ini menggunakan metode kualitatif dengan mengacu pada COBIT® 2019 fokus domain DSS04 <em>Manage Continuity </em>dengan melakukan observasi awal terhadap kondisi perusahaan dan wawancara terhadap pemangku kepentingan perusahaan. Hasil penelitian menunjukkan bahwa perusahaan telah melakukan penyesuaian terhadap kebutuhan bisnis selama masa pandemi COVID-19 untuk memastikan keberlangsungan bisnis. Namun dalam pelaksanaannya belum ada pengukuran <em>risk management</em> untuk mengontrol apakah manajemen risiko yang dijalankan sudah tepat, sehingga diperlukan penerapan COBIT® 2019 dalam tata kelola bisnis perusahaan.</p><p> </p><p><em><strong>Abstract</strong></em></p><p><em>The development of information technology (IT) based startups is increasing nowadays. To support the company's business success, IT has risks arising from various circumstances, especially in the era of the COVID-19 pandemic. One alternative that can be used to manage and ensure a conducive and credible business is proper risk management. This is because risk management is important for businesses in increasing profits and maintaining business continuity, especially in the conditions of the COVID-19 pandemic. There is a lot of discussion about IT risk management in general, but research on risk management in dealing with the pandemic needs to be considered. This is because during this pandemic, IT is one of the keys for businesses to survive and win the competition. In addition, the COVID-19 pandemic is included in an extraordinary case that has not occurred in hundreds of years, so that technically the risks from this pandemic are included in risks that were not thought of before by the company. The purpose of this study is to identify the conditions of management implementation and risk threats to business processes at a company startup, especially during the pandemic. This study uses a qualitative method with reference to COBIT® 2019 focused on the DSS04 Manage Continuity domain by conducting initial observations of the company's condition and interviews with company stakeholders. The results show that the company has made adjustments to business needs during the COVID-19 pandemic to ensure business continuity. However, in practice there is no risk management measurement to control whether the risk management is carried out properly, so it is necessary to implement COBIT® 2019 in corporate business governance.</em></p><p><em><strong><br /></strong></em></p>

IT Governance and IT Risk Management Principles and Methods for Supporting 'Always-On' Enterprise Information Systems

2010 ◽  
pp. 1-16 ◽  
Author(s):  
Mario Spremic
Keyword(s):  
Risk Management ◽  
Information Systems ◽  
Business Processes ◽  
It Governance ◽  
Enterprise Information ◽  
Enterprise Information Systems ◽  
It Risk Management ◽  
It Audit ◽  
Business Requirements ◽  
It Risk

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

scholarly journals Human Rights Due Diligence as Risk Management: Social Risk Versus Human Rights Risk

2016 ◽  
Vol 2 (2) ◽  
pp. 225-247 ◽  
Author(s):  
Björn FASTERLING
Keyword(s):  
Risk Management ◽  
Human Rights ◽  
Corporate Strategy ◽  
Risk Identification ◽  
Social Risk ◽  
Due Diligence ◽  
Business And Human Rights ◽  
Risk Management Process ◽  
Process Risk ◽  
Human Rights Due Diligence

AbstractThe UN Guiding Principles on Business and Human Rights endorse a risk management perspective of human rights due diligence, which may create ambiguities with regard to the nature of risk and the objectives of risk management. By ‘human rights risk’ we understand a business enterprise’s potential adverse human rights impacts. Human rights risk can be contrasted to an enterprise’s ‘social risk’ which refers to the actual and potential leverage that people or groups of people with a negative perception of corporate activity have on the business enterprise’s value.This article puts forward the argument that due diligence in respect of human rights risk is conceptually incompatible with the management of social risk, because social risk management and human rights due diligence vary at each step of the risk management process (risk identification, risk measurement and assessment, risk reduction measures). To resolve this incompatibility, an effective integration of human rights due diligence processes into corporate risk management systems would require an elevation of human rights respect to a corporate goal that determines corporate strategy.

scholarly journals Analisis IT Risk Management di Universitas Bina Darma Menggunakan ISO31000

2020 ◽  
Vol 11 (1) ◽  
Author(s):  
Yeni Erlika ◽  
Muhammad Izman Herdiansyah ◽  
A. Haidar Mirza
Keyword(s):  
Risk Management ◽  
Disaster Recovery ◽  
Management Practices ◽  
Current System ◽  
It Management ◽  
It Risk Management ◽  
Risk Management Process ◽  
Iso 31000 ◽  
The University ◽  
It Risk

<p class="SammaryHeader" align="center"><strong>Abstract</strong></p><p><em>The application of IT management needs to be evaluated to measure the level of IT risk management that occurs. This study aims to analyze and know the IT risk management process adopted at the University of Bina Darma Palembang using the ISO 31000 approach, and focus on evaluating IT management practices which include three stages; identification, analysis, and risk treatment. Bina Darma University is a university that has applied the use of information technology to support its business processes and in accordance with its vision and mission. The implementation of the entire system can be used to support the performance of employees, lecturers and to provide services to students, system managers namely the Directorate of Technology Systems, hereinafter referred to as DSTI. Risks that have occurred at the University of Bina Darma in terms of security standards for security, disaster recovery, to previously be able to cope with problems that occur, but there is no standard, manual, for example data backup using a hard disk. By using the risk assessment stage within the ISO 31000 framework, researchers found that Bina Darma University currently has not implemented ISO standards in dealing with their IT risk management. University management is in the process of designing to implement ISO. From interviews with IT staff and observations, researchers found that Bina Darma University had the ability to apply ISO 31000 in managing their risk. This research produces IT risk reports on current system applications.</em></p><p><strong><em>Keywords</em></strong><strong><em> </em></strong><strong><em>: </em></strong><em>IT Risk Management, ISO 31000, Assessment, Mitigation</em></p><p class="SammaryHeader" align="center"><strong>Abstrak</strong></p><p><em>Penerapan manajemen IT perlu dilakukan evaluasi untuk mengukur tingkat penanganan risiko IT yang terjadi. Penelitian ini bertujuan untuk menganalisis dan mengetahui proses manajemen risiko IT yang diadopsi di Universitas Bina Darma Palembang menggunakan pendekatan ISO 31000, dan berfokus pada evaluasi praktik manajemen IT yang mencakup tiga tahapan; identifikasi, analisis, dan perlakuan risiko. Universitas Bina Darma merupakan perguruan tinggi yang telah mengaplikasikan penggunaan teknologi informasi sebagai pendukung proses bisnisnya dan sesuai dengan visi dan misi nya. Penerapan seluruh sistem yang ada dapat digunakan untuk mendukung kinerja pegawai, dosen maupun untuk layanan kepada mahasiswa/i, pengelola sistem yaitu Direktorat sistem teknologi selanjutnya di sebut dengan DSTI. Risiko yang pernah terjadi pada Universitas Bina Darma dari segi keamanan standart untuk keamanan, disaster recovery, untuk sebelumnya bisa menanggulangi masalah yang terjadi, tetapi tidak ada standarnya, manual, misal backup data dengan menggunakan hardisk. Dengan menggunakan tahap penilaian risiko dalam kerangka kerja ISO 31000, peneliti menemukan bahwa Universitas Bina Darma saat ini masih belum menerapkan standar ISO dalam menangani manajemen risiko IT mereka. Manajemen universitas sedang dalam proses perancangan untuk mengimplementasikan ISO. Hasil wawancara dengan staf IT dan pengamatan, peneliti menemukan bahwa Universitas Bina Darma memiliki kemampuan untuk menerapkan ISO 31000 dalam mengelola risiko mereka. Penelitian ini menghasilkan laporan risiko TI pada aplikasi sistem saat ini.</em></p><strong><em>Kata kunci : </em></strong><em>IT Risk Management, ISO 31000, Penilaian, Mitigasi</em>

An Overview of the IT Risk Management Methodologies for Securing Information Assets

2022 ◽  
pp. 30-47
Author(s):  
Sayan Mercan Dursun ◽  
Meltem Mutluturk ◽  
Nazim Taskin ◽  
Bilgin Metin
Keyword(s):  
Risk Management ◽  
Asset Management ◽  
Risk Assessments ◽  
Management Approach ◽  
It Risk Management ◽  
Risk Management Process ◽  
Asset Values ◽  
Information Assets ◽  
Executive Managers ◽  
It Risk

Effective information asset management is the basis of information security as well as many other issues. IT risk assessments work well with the proper handling of asset values, and also it is for effectively securing information assets. There is also a wide variety of risk assessment methodologies. This chapter presents information about the overall IT risk management process and methodologies. Best practices are mentioned and occasionally compared based on the requirements of the information technology (IT) sector in practice. This chapter will provide deep knowledge about the IT risk management approach and construction to implementers, risk owners, IT auditors, executive managers, and other IT staff.

scholarly journals Meminimasi Risiko pada Rantai Pasok Menggunakan Kerangka Kerja Suplly Chain Risk Management di PT. Adhi Chandra Dwiutama

2019 ◽  
Vol 3 (1) ◽  
Author(s):  
Arief Irfan Syah Tjaja ◽  
Dio Rizcki Sekartyasto ◽  
Arif Imran
Keyword(s):  
Risk Management ◽  
Supply Chain ◽  
Supply Chain Management ◽  
Business Processes ◽  
Risk Mitigation ◽  
Risk Identification ◽  
Supply Chain Risk Management ◽  
Supply Chain Risk ◽  
Chain Management ◽  
Risk Management Process

ABSTRAKRantai Pasok merupakan jaringan dari perusahaan- perusahaan yang bekerja secara bersama untuk menciptakan dan mengantarkan suatu produk ke konsumen akhir. Perusahaan - perusahaan tersebut bergerak di bidang supplier, manufaktur, distributor, ritel/toko dan perusahaan jasa logistik. Didalam rantai pasok terdiri dari berbagai aliran informasi yang harus dikelola oleh perusahaan. Oleh karena itu, untuk menciptakan rantai pasok yang terintegritas dan unggul perusahaan perlu mengelola rantai pasok dengan menggunakan supply chain management. Dalam proses rantai pasok, manajemen risiko rantai pasok dibutuhkan untuk mengendalikan risiko-risiko yang mungkin muncul agar tidak menggangu berjalannya rantai pasok. Proses manajemen risiko rantai pasok dimulai dengan identifikasi proses bisnis dalam rantai pasok, lalu mengidentifikasi risiko dalam proses bisnis. Kemudian dilakukan penilaian nilai konsekuensi dan probabilitas melalui kuesioner. Identifikasi risiko menghasilkan 64 risiko, 33 risiko dengan tingkat rendah, 21 dengan tingkat menengah, dan 10 tingkat tinggi. Setelah mendapatkan risiko berdasarkan tingkatannya, dilakukan perancangan mitigasi terhadap risiko yang paling tinggi.Kata kunci: Rantai Pasok, Manajemen Risiko Rantai Pasok, MitigasiABSTRACTSupply Chain is a network of companies that work together to create and deliver a product into the hands of the end user. These companies usually include suppliers, manufactur, distributors, retail / stores and logistic service companies. In the supply chain consists of various streams of information that must be managed by the company. Therefore, to create an integrated and superior supply chain, companies need to manage supply chains using supply chain management. In the supply chain, supply chain risk management is needed to control the risks that may happen in order not to disrupt supply chain. Supply chain risk management process begins with the identification of business processes in the supply chain, then identify risks in the business process. After that, a risk assessment is performed to assess the risk probability and consequences through the questionnaires. Risk identification brings out 64 risks, 33 lowrisk, 21 to medium-risk, and 10-high risk. After obtaining the risk based on its level,then do some design risk mitigation to the high-risk.Keywords: Supply chain, supply chain risk management, mitigation

scholarly journals Manajemen Risiko: Insiden Kritis Akibat COVID-19 pada Kedai Makanan di Sekitar Kampus Universitas Kristen Petra Surabaya

2021 ◽  
Vol 5 (2) ◽  
pp. 7-16
Author(s):  
Graciella Valentina ◽  
Pwee Leng
Keyword(s):  
Risk Management ◽  
Business Process ◽  
Critical Incident ◽  
Business Processes ◽  
Risk Identification ◽  
Christian University ◽  
Business Operations ◽  
Risk Appetite ◽  
Risk Management Process ◽  
Food And Beverage

This study aims to determine risk management in the food and beverage business around Petra Christian University (PCU) Surabaya. There was a critical incident of COVID-19 so this research was conducted with the aim of producing reports for business owners related to risk management in business operations. The risk management process consists of stages of risk identification, risk analysis, risk evaluation, and risk management. The population used in this study is food and beverage shop that are easily accessible around PCU with the main target of consumers are students, and PCU employees that is still open the business in the midst of the COVID-19 pandemic. There are only 3 shops out of dozens of food and beverage shops that experienced critical incidents due to PCU implementing online learning which still lasted until this research was conducted. Those risks are spread across 3 different business categories, namely main business process, essential business process, and supporting business process. The majority of risks are in the category of supporting business processes. The same risk can be spread across different risk categories in each foods and beverage shop, this is due to the different risk appetite of each shop.Penelitian ini bertujuan untuk mengetahui manajemen risiko pada bisnis makanan dan minuman di sekitar Universitas Kristen Petra (UKP) Surabaya. Adanya kejadian kritis COVID-19 sehingga penelitian ini dilakukan dengan tujuan untuk menghasilkan laporan bagi pemilik usahaterkait dengan manajemen risiko pada operasional bisnis. Proses manajemen risiko terdiri dari tahapan identifikasi risiko, analisis risiko, evaluasi risiko, dan penanganan risiko. Populasi yang digunakan dalam penelitian ini adalah kedai makanan yang mudah dijangkau di sekitar UKP dengan mayoritas konsumennya mahasiswa, dan karyawan UKP yang masih membuka usaha di tengah pandemi COVID-19. Hanya terdapat 3 kedaimakanan dari beberapa kedai makanan yang mengalami kejadian kritis akibat UKP menerapkan kuliah secara online yang masih bertahan hingga penelitian ini dilakukan. Risiko-risiko tersebut tersebar di 3 kategori bisnis yang berbeda yaitu proses bisnis utama, proses bisnis penunjang, dan proses bisnis pendukung. Mayoritas risiko berada pada kategori proses bisnis pendukung. Risiko yang sama dapat tersebar pada kategori risiko yang berbeda di setiap kedai makanan, hal ini disebabkan oleh selera risiko yang berbeda dari setiap kedai makanan.

Sign in / Sign up

Export Citation Format

Share Document