A Study of Success Factors of Principle and Practice in Information Technology Risk Management
Urairat Maneerattanasak () and
Nitaya Wongpinunwatana ()
Additional contact information
Urairat Maneerattanasak: Thammasat University
Nitaya Wongpinunwatana: Thammasat University
No 5407887, Proceedings of International Academic Conferences from International Institute of Social and Economic Sciences
Abstract:
The purpose of studying the success factors of principle and practice in Information Technology Risk Management (ITRM) is initiated from the proposition that appropriate ITRM principle and practice can mitigate IT risks and losses which is a result of security threats. The literature showed that various general principles and frameworks are widely published but the established principle cannot be put into the practice. Additionally, there is a research study regarding the difficulty to maintain independent in identifying, reviewing and reporting tasks of IT risk and internal audit functions. The methodology consisted of the review of general principles and frameworks? documents and the interview from case studies. The general principles and frameworks in this research collected from the question ?Which principles and frameworks are applied to ITRM in your organization??. The question was asked to people in IT risk and IT internal audit functions from banking organizations and other industries which advanced information technologies are critical to the organizations. The content from first five applied principles and frameworks from the survey are Basel, COBIT 5 framework, COSO Enterprise Risk Management, ISO 31000 and ISO/IEC 27005 were reviewed. In addition, the interviews were conducted to the people in both functions from banking organizations regarding the success factors of principle and practice in ITRM in their opinions without guiding from the interviewer. The findings from the review of documents are eleven success factors that are general principle and framework selection, principle establishment, process design, structure of risk team, team?s expertise, complex level of task, interdependent level, risk culture, communication in organization, training and risk management?s tools and techniques. Meanwhile, the in-depth interviews? results showed that nine success factors that are adoption of ITRM principle, appropriate Process from ITRM Principle, task, interaction, adaptability, outsourcing, management support, conflict management and culture transformation. In conclusion, the success factors from both resources were compared and discussed as triangulation.The practical contribution of the research is that the success factors can be used as a primary check for the appropriation of current principle and practice, the exploration an intrinsic problem in both principle and practice on ITRM or the development stage. For the theoretical contribution, the researcher recommends studying various success case studies applying the principle and practices from various industries and classified the patterns by organization types which the information technologies are significant to their operation.
Keywords: Information Technology Risk Management; Principle and Practice; Success Factors (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Pages: 15 pages
Date: 2017-07
New Economics Papers: this item is included in nep-acc, nep-ict and nep-rmg
References: Add references at CitEc
Citations:
Published in Proceedings of the Proceedings of the 32nd International Academic Conference, Geneva, Jul 2017, pages 162-176
Downloads: (external link)
https://iises.net/proceedings/32nd-international-a ... =54&iid=027&rid=7887 First version, 2017
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:sek:iacpro:5407887
Access Statistics for this paper
More papers in Proceedings of International Academic Conferences from International Institute of Social and Economic Sciences
Bibliographic data for series maintained by Klara Cermakova ().