Gestión de riesgos y controles en sistemas de información: del aprendizaje a la transformación organizacional

Abstract

Risk management and controls for information systems (RMCIS) is commonly seen as a technical function used by experts in information technology, software engineers, or information systems programmers. However, this task requires a much broader perspective that helps the learner have better comprehension of its meaning and the processes of organizational change that it requires. This article shows the results of a research process, approached from the perspective of soft systems thinking, to support RMCIS in organizations, showing the human activity system of the strategic management of information technology, the organizational changes necessary, and a description of the activities and methods proposed.