IDEAS home Printed from https://ideas.repec.org/p/sek/iacpro/5407887.html
   My bibliography  Save this paper

A Study of Success Factors of Principle and Practice in Information Technology Risk Management

Author

Listed:
  • Urairat Maneerattanasak

    (Thammasat University)

  • Nitaya Wongpinunwatana

    (Thammasat University)

Abstract

The purpose of studying the success factors of principle and practice in Information Technology Risk Management (ITRM) is initiated from the proposition that appropriate ITRM principle and practice can mitigate IT risks and losses which is a result of security threats. The literature showed that various general principles and frameworks are widely published but the established principle cannot be put into the practice. Additionally, there is a research study regarding the difficulty to maintain independent in identifying, reviewing and reporting tasks of IT risk and internal audit functions. The methodology consisted of the review of general principles and frameworks? documents and the interview from case studies. The general principles and frameworks in this research collected from the question ?Which principles and frameworks are applied to ITRM in your organization??. The question was asked to people in IT risk and IT internal audit functions from banking organizations and other industries which advanced information technologies are critical to the organizations. The content from first five applied principles and frameworks from the survey are Basel, COBIT 5 framework, COSO Enterprise Risk Management, ISO 31000 and ISO/IEC 27005 were reviewed. In addition, the interviews were conducted to the people in both functions from banking organizations regarding the success factors of principle and practice in ITRM in their opinions without guiding from the interviewer. The findings from the review of documents are eleven success factors that are general principle and framework selection, principle establishment, process design, structure of risk team, team?s expertise, complex level of task, interdependent level, risk culture, communication in organization, training and risk management?s tools and techniques. Meanwhile, the in-depth interviews? results showed that nine success factors that are adoption of ITRM principle, appropriate Process from ITRM Principle, task, interaction, adaptability, outsourcing, management support, conflict management and culture transformation. In conclusion, the success factors from both resources were compared and discussed as triangulation.The practical contribution of the research is that the success factors can be used as a primary check for the appropriation of current principle and practice, the exploration an intrinsic problem in both principle and practice on ITRM or the development stage. For the theoretical contribution, the researcher recommends studying various success case studies applying the principle and practices from various industries and classified the patterns by organization types which the information technologies are significant to their operation.

Suggested Citation

  • Urairat Maneerattanasak & Nitaya Wongpinunwatana, 2017. "A Study of Success Factors of Principle and Practice in Information Technology Risk Management," Proceedings of International Academic Conferences 5407887, International Institute of Social and Economic Sciences.
  • Handle: RePEc:sek:iacpro:5407887
    as

    Download full text from publisher

    File URL: https://iises.net/proceedings/32nd-international-academic-conference-geneva/table-of-content/detail?cid=54&iid=027&rid=7887
    File Function: First version, 2017
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    Information Technology Risk Management; Principle and Practice; Success Factors;
    All these keywords.

    JEL classification:

    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:sek:iacpro:5407887. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Klara Cermakova (email available below). General contact details of provider: https://iises.net/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.