An Integrated it Risk Model
13 Pages Posted: 25 Aug 2005
Date Written: July 8, 2005
Abstract
The worldwide concern with corporate governance concerns itself, inter alia, with the risks that an organization faces; for many, IT is significant among those risks. This paper examines the audit approach, and others, to dealing with risks in IT-based systems. This paper summarizes the findings of research in IT-related areas of risk and then draws together a charter for IT governance that meets the wider needs of corporate governance. IT risks are collated in the form of a portfolio so that risk is dealt with in a positive, systematic manner. The portfolio sets out to be exhaustive so that all risk can be brought together under a single managerial role. The IT governance model balances risks with strategic goals and the specific benefits that are intended through the implementation of IT. A case study illustrates the application of the model.
Keywords: IT risk, IT governance, risk portfolio
JEL Classification: M10
Suggested Citation: Suggested Citation