CAUSES OF INEFFECTIVE IMPLEMENTATION OF IT GOVERNANCE IN RISK MANAGEMENT: A SYSTEMATIC LITERATURE REVIEW

Ananda E S Setyadji,Tegar A Masyhuda,Eva Hariyanti,Arief R R Putrananda,Rais I Nustara,Daffa H Permadi,Reyhan B Pratama

doi:10.33387/jiko.v6i2.6182

Ananda E S Setyadji, Tegar A Masyhuda + Show 5 more

Open Access

https://doi.org/10.33387/jiko.v6i2.6182

Copy DOI

Abstract

Information Technology Governance is currently widely implemented in companies. One of the domains that can be of concern is risk management. The application of TKTI in this domain can help companies identify, evaluate, reduce, and manage risks related to their business to achieve company goals better. In this case, three frameworks can be considered, including NIST, ISO 27001, and Octave, but implementing these frameworks only sometimes goes as planned. This study aims to identify the factors that cause the ineffectiveness of implementing Information Technology Governance (ITG) in the risk management domain using the NIST, ISO 27001, and Octave frameworks. Through an analysis of existing literature and data processing, this study found that factors such as lack of understanding of the framework, lack of adequate resources, and implementation challenges play an essential role in ineffectiveness. This study concludes by providing valuable insights for organizations seeking to strengthen their risk management capabilities.

Full Text