IT Governance and IT Risk Management Principles and Methods for Supporting 'Always-On' Enterprise Information Systems

2010 ◽  
pp. 1-16 ◽  
Author(s):  
Mario Spremic
Keyword(s):  
Risk Management ◽  
Information Systems ◽  
Business Processes ◽  
It Governance ◽  
Enterprise Information ◽  
Enterprise Information Systems ◽  
It Risk Management ◽  
It Audit ◽  
Business Requirements ◽  
It Risk

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

IT Governance and IT Risk Management Principles and Methods for Supporting ’Always-On’ Enterprise Information Systems

2010 ◽  
pp. 1849-1864
Author(s):  
Mario Spremic
Keyword(s):  
Risk Management ◽  
Information Systems ◽  
Business Processes ◽  
It Governance ◽  
Enterprise Information ◽  
Enterprise Information Systems ◽  
It Risk Management ◽  
It Audit ◽  
Business Requirements ◽  
It Risk

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

scholarly journals Relation between process and service logics

2013 ◽  
Vol 61 (2) ◽  
pp. 411-416
Author(s):  
Milan Mišovič ◽  
Jan Turčínek
Keyword(s):  
Information Systems ◽  
Business Process ◽  
Business Processes ◽  
Process Analysis ◽  
Information Modeling ◽  
General Context ◽  
Enterprise Information ◽  
Business Services ◽  
Enterprise Information Systems ◽  
Information Engineering

It is generally accepted that the process control of a small and medium-sized manufacturing business enterprise is the foundation of high quality care of firm’s business processes. Any business process is seen as an indivisible sequence of activity steps designed to perform complex business activities. In its statutory documents the company should have concise descriptions of at least the main processes, along with their contexts in a given department of the company and the employee position.The main business processes, of course many others, are not immutable, on the contrary, they are very often changing. Many processes occur, others are modified others disappear as antiquated and useless to support strategic business objectives. All this is a consequence of the firms’ effort needed to maintain competitiveness in the harsh and dynamic consumer market.Business processes are not isolated, many of them are part of a relatively large process chains, so-called enterprise services, see (Erl, 2005). The discipline of Software Engineering responded to the possibility of consolidating enterprise functionality with enterprise services with the method SOA (Service Oriented Architecture) leading to new applications for enterprise information systems.In contrast to business processes, business services are still not sufficiently recognized in the statutory documents of enterprises. Informaticians, producing software applications for enterprise information systems, must draw on company management knowledge relating to the general context and processes together with management to prepare business services. There are therefore more relevant questions based on the emergence of corporate services and information modeling in the discipline of Information Engineering. Acceptable responses are not included in a lot of publications or in publications of the doyen of SOA Thomas Erl, see (Erl, 2006) and thus the proposed SOA paradigm suffers from the same problem.The present article tries to give an answer to those questions and show the relevant theoretical basis for finding service solutions of business process logic. Furthermore, this article wants to show possible conversions of known methods of process analysis of Information Engineering disciplines, such as the method Eriksson – Penker Business Extensions, or the method ARIS by prof. Scheer, into the platform of enterprise services.

Continuous Assurance and Business Compliance in Enterprise Information Systems

2017 ◽  
pp. 99-119 ◽  
Author(s):  
Rui Pedro Marques
Keyword(s):  
Information Systems ◽  
Business Processes ◽  
Corporate Image ◽  
System Support ◽  
Enterprise Information ◽  
Enterprise Information Systems ◽  
Abstraction Level ◽  
Assurance Services ◽  
Innovative Solution

The increase of reliability and compliance of business processes is currently a major concern of organizations which simultaneously intend to achieve their organizational objectives and be compliant with external regulations. Thus, organizations are frequently looking for methods, tools and solutions which enable them to improve business compliance, and reduce the likelihood of situations that may jeopardize their operational performance and corporate image. This chapter aims to bring together a set of results and conclusions from a research project whose purpose was to conceptualize and validate an innovative solution which simultaneously monitors and audits organizational transactions executed in Enterprise Information Systems. A prototype was developed and deployed in a near-real environment. From the results, we conclude that the prototype offers Continuous Assurance services and is applicable to any organizational transaction, regardless of its type, dimension, business area or even its information system support technology. This independence is guaranteed by the abstraction level of an ontological model which is used to represent the organizational transaction we intend to monitor and audit. A case study enabled us to confirm the feasibility and effectiveness of the proposal in business compliance.

scholarly journals Analisis Manajemen Risiko Startup pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019

2021 ◽  
Vol 8 (3) ◽  
pp. 635
Author(s):  
Dio Febrilian Tanjung ◽  
Aulia Oktaviana ◽  
Aris Puji Widodo
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Qualitative Method ◽  
Business Processes ◽  
Business Continuity ◽  
Business Success ◽  
It Risk Management ◽  
Corporate Business ◽  
A Company ◽  
It Risk

<p>Perkembangan <em>startup </em>berbasis teknologi informasi (TI) semakin meningkat dewasa ini. Sebagai penunjang keberhasilan bisnis perusahaan, TI memiliki risiko yang timbul di berbagai keadaan terutama di era pandemi COVID-19. Salah satu alternatif yang dapat dimanfaatkan untuk mengelola dan menjamin usaha yang lebih kondusif dan kredibel yaitu manajemen risiko yang tepat. Hal ini karena manejemen risiko menjadi hal yang penting pada bisnis dalam meningkatkan keuntungan dan mempertahankan kontinuitas bisnis, terutama dalam kondisi pandemi COVID-19. Pembahasan manajemen risiko TI secara umum sudah cukup banyak, namun penelitian manajemen risiko dalam menghadapi masa pandemi perlu dipertimbangkan. Hal ini dikarenakan pada masa pandemi ini, TI menjadi salah satu kunci agar bisnis dapat bertahan dan memenangkan kompetisi. Selain itu, pandemi COVID-19 termasuk dalam kasus luar biasa yang belum pernah terjadi dalam kurun waktu ratusan tahun, sehingga secara teknis risiko dari pandemi ini termasuk dalam risiko yang tidak terpikirkan sebelumnya oleh perusahaan. Tujuan penelitian ini untuk mengidentifikasi kondisi implementasi manajamen dan ancaman risiko terhadap proses bisnis pada sebuah perusahaan <em>startup </em>terutama di masa pandemi. Penelitian ini menggunakan metode kualitatif dengan mengacu pada COBIT® 2019 fokus domain DSS04 <em>Manage Continuity </em>dengan melakukan observasi awal terhadap kondisi perusahaan dan wawancara terhadap pemangku kepentingan perusahaan. Hasil penelitian menunjukkan bahwa perusahaan telah melakukan penyesuaian terhadap kebutuhan bisnis selama masa pandemi COVID-19 untuk memastikan keberlangsungan bisnis. Namun dalam pelaksanaannya belum ada pengukuran <em>risk management</em> untuk mengontrol apakah manajemen risiko yang dijalankan sudah tepat, sehingga diperlukan penerapan COBIT® 2019 dalam tata kelola bisnis perusahaan.</p><p> </p><p><em><strong>Abstract</strong></em></p><p><em>The development of information technology (IT) based startups is increasing nowadays. To support the company's business success, IT has risks arising from various circumstances, especially in the era of the COVID-19 pandemic. One alternative that can be used to manage and ensure a conducive and credible business is proper risk management. This is because risk management is important for businesses in increasing profits and maintaining business continuity, especially in the conditions of the COVID-19 pandemic. There is a lot of discussion about IT risk management in general, but research on risk management in dealing with the pandemic needs to be considered. This is because during this pandemic, IT is one of the keys for businesses to survive and win the competition. In addition, the COVID-19 pandemic is included in an extraordinary case that has not occurred in hundreds of years, so that technically the risks from this pandemic are included in risks that were not thought of before by the company. The purpose of this study is to identify the conditions of management implementation and risk threats to business processes at a company startup, especially during the pandemic. This study uses a qualitative method with reference to COBIT® 2019 focused on the DSS04 Manage Continuity domain by conducting initial observations of the company's condition and interviews with company stakeholders. The results show that the company has made adjustments to business needs during the COVID-19 pandemic to ensure business continuity. However, in practice there is no risk management measurement to control whether the risk management is carried out properly, so it is necessary to implement COBIT® 2019 in corporate business governance.</em></p><p><em><strong><br /></strong></em></p>

IT Governance and the Maturity of IT Risk Management Practices

2015 ◽  
Vol 31 (1) ◽  
pp. 59-77 ◽  
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Boards Of Directors ◽  
Management Practices ◽  
It Governance ◽  
Operational Risk ◽  
Operational Risk Management ◽  
It Risk Management ◽  
Customer Information ◽  
Reporting Structure ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's enhanced disclosure rule on risk oversight, state laws requiring public disclosure of compromised customer information, and high-profile customer information breaches have caused Information Technology (IT) risk management practices to be a major concern for boards of directors and management. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management (ERM) framework emphasizes the importance of the board's oversight role while also bringing attention to the firm's reporting structure. Consequently, our study examines whether the maturity of IT risk management practices depends on Chief Information Officer (CIO) reporting structure and Chief Executive Officer (CEO)/Chairman duality. We develop a scale to measure strategic and operational maturity under the larger auspice of IT risk management and distribute a survey to high-level IT professionals. Our survey also captures the reporting structure of their firms. Consistent with our hypothesis, we find that the maturity of strategic IT risk management practices are higher when the CIO reports directly to the CEO. However, contrary to expectations, we do not find that operational risk management is more mature when the CIO reports to the Chief Financial Officer (CFO). Instead, operational risk management is higher when the CIO reports to the CEO. For public firms, the maturity of IT risk management practices are higher when the CEO is also the chairman of the board of directors. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed and factors that affect IT governance.

Features of application of erp-systems in management accounting

Auditor ◽  
2015 ◽  
Vol 1 (3) ◽  
pp. 71-76 ◽  
Author(s):  
Харакоз ◽  
Yu. Kharakoz
Keyword(s):  
Decision Making ◽  
Information Systems ◽  
Data Analysis ◽  
Business Processes ◽  
Management Accounting ◽  
Automated Systems ◽  
Erp Systems ◽  
Enterprise Information ◽  
Enterprise Information Systems

The article is devoted to problems of application in the account field of automated systems to support management activities, which provide standardized business processes, different algorithms for data analysis and decision-making in order to improve management of the organization. Based on the research was made a reasoned conclusion about the need to unite the theory of management accounting methodology formalization and optimization of business processes, technology development and implementation of enterprise information systems taking into account the specifics of the company.

scholarly journals IT RISK IDENTIFICATION PROCESS ANALYSIS / IT RIZIKOS IDENTIFIKAVIMO PROCESO ANALIZĖ

2013 ◽  
Vol 5 (1) ◽  
pp. 46-52
Author(s):  
Rasma Janeliūnienė ◽  
Vida Davidavičienė
Keyword(s):  
Risk Management ◽  
Business Processes ◽  
Process Analysis ◽  
Risk Identification ◽  
Business Success ◽  
Success Factor ◽  
It Risk Management ◽  
Risk Management Process ◽  
Process Risk ◽  
It Risk

Business processes and business success that depends on information technology (IT) is now closely associated with IT risks, which is influenced by growing IT risk management and control needs. It is vitally important to identify, analyse and reduce systemic risk in order to avoid undesirable consequences, such as information loss, data leaks or damage. A critical success factor in this situation is the systematic and continuous IT risk management. This paper aims to analyse one part of the IT risk management process –risk identification. The article invoked the methods of literature analysis, synthesis, comparison, and generalization.Article in Lithuanian Santrauka Išaugusi verslo procesų, kartu ir verslo sėkmės, priklausomybė nuo informacinių technologijų (IT) šiuo metu yra glaudžiai susijusi su IT rizika. Tai daro įtaką augančiam IT rizikos valdymo ir kontrolės poreikiui. Nepaneigtina tai, kad identifikuota, išanalizuota ir sumažinta sistemos rizika leidžia išvengti nepageidaujamų pasekmių, tokių kaip informacijos praradimas, nutekėjimas ar duomenų sugadinimas. Pagrindinis sėkmės veiksnys siekiant užtikrinti organizacijos sėkmę valdant IT yra sistemingas ir tęstinis IT rizikos valdymas. Straipsnyje keliamas tikslas išanalizuoti vieną iš IT rizikos valdymo proceso etapų – rizikų identifikavimą. Straipsnyje pasitelkiami tokie metodai, kaip mokslinės literatūros analizė, sisteminimas, apibendrinimas.

Sign in / Sign up

Export Citation Format

Share Document