What is it about?
Top management attention is necessary to establish better IT risk management practices. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed.
Featured Image
Why is it important?
With the increased dependence on Information Technology (IT) for business operations, firms’ IT risks management has become a major component of enterprise risk management. Apart from the SEC’s disclosure requirement, state laws requiring public disclosure of compromised customer information, and high profile customer information breaches have caused IT risk management practices to be a major concern for boards of directors and management. Ongoing internal control assessments in firms based on best practice frameworks, such as The Committee of Sponsoring Organizations’ (COSO) Enterprise Risk Management (ERM) framework, emphasize the importance of the board’s oversight role while also bringing attention to the firm’s reporting structure. Therefore, the firm's internal environment is an important aspect to consider in understanding why certain firms have mature IT risk management practices in certain IT risk categories.
Perspectives
The maturity of IT risk management practices is important given that IT is pervasive in almost all organizations. Similar arguments relate to good IT governance resulting in mature IT risk management practices.
Robert Pinsker
Florida Atlantic University
Read the Original
This page is a summary of: IT Governance and the Maturity of IT Risk Management Practices, Journal of Information Systems, March 2017, American Accounting Association,
DOI: 10.2308/isys-51365.
You can read the full text:
Contributors
The following have contributed to this page
