Information system governance, FinTech maturity, and business continuity: A panel data study from EU Firms emerging economies

In recent years, the role of risk management has emerged as a key success factor in ensuring the growth on the one hand and the survival on the other hand of any organization. Moreover, dependence on IT has become systematic within any organization. This dependence therefore, implies the importance of implementation of an IT risk management system in order to well manage IT risks. There are several standards that deal with enterprise risk management in general or information security in particular. However, few standards deal with IT risk management. Noting, for example, COBIT 5 (Control Objectives for Information and related Technology) which deals with IT risk management but is complicated to deploy. The purpose of this article is to describe a simplified IT risk management maturity audit system in an organization based on “COBIT 5 for risk”. This system aims to evaluate the maturity of IT risk management before proceeding to the implementation or update of an IT risk management system within an organisation.

The purpose of this literature research is to help hypotheses for future authors in determining research related to risk management. Research articles on the role of organizational culture, market competition, mitigation strategies and information systems on risk management are scientific literature articles within the scope of risk management. The approach used in this literature review research is descriptive qualitative. The data collection technique is to use literature studies or review relevant previous articles. The data used in this descriptive qualitative approach comes from previous research relevant to this research and sourced from academic online media such as Thomson Reuters Journals, Springer, Taylor & Francis, Scopus Emerald, Elsevier, Sage, Springer, Web of Science, Sinta Journals, DOAJ, EBSCO, Google Scholar and digital reference books. In previous studies, 1 relevant previous article was used to review each independent variable. The results of this literature review article are: 1) Organizational Culture plays a role in Risk Management; 2) Market Competition plays a role in Risk Management; 3) Mitigation Strategies play a role in Risk Management; and 4) Information Systems play a role in Risk Management.

Keywords: risk management framework; risk assessment; cloud migration; security; analytic hierarchy process (AHP); business value

This research aims to investigate the factors that influence the effectiveness of Information Systems (IS) Governance in Higher Education Institutions (IPT) using the Partial Least Squares Structural Equation Modeling (PLS-SEM) approach. The background of this research reflects the importance of IS in supporting operations, management and decision making in a higher education environment that is increasingly complex and dependent on technology.The PLS-SEM method analyzes the relationship between key variables that influence the effectiveness of IS governance at IPT. It is a powerful multivariate statistical approach that allows factor analysis and regression in a single framework, allowing researchers to holistically understand how factors relate to each other. The results of this research will likely provide valuable insight for decision-makers at IPT in improving IS management and utilization. Practical implications include the development of more effective policies, better management strategies, and improved IS infrastructure. In addition, this research is also expected to provide an essential contribution to academic literature in understanding the factors that influence the effectiveness of IS governance in the higher education context. By better understanding the factors that influence the effectiveness of IS governance, IPT can increase its competitiveness, improve the quality of educational services, and support the achievement of its strategic goals. This research is expected to significantly contribute to understanding how IS governance can be implemented and managed more effectively in higher education environments through the PLS-SEM approach.

Managing the Risks in Information Systems and Technology

About Our Authors

Questions pertaining to the locus of information systems (IS) governance have been extensively examined in existing research. However, questions pertaining to the decision rationale applied for IS portfolio prioritization (why are certain initiatives approved, and why are certain others rejected), noted to be a critical component of IS governance, need further investigation. We submit that the IS strategy of a firm is likely to explain the decision rationale it applies to IS portfolio prioritization and maintain that it is critical to ensure this decision rationale is in congruence with the firm’s IS strategy. By extending prior theoretical work on IS strategy types, we develop theoretical profiles of the decision rationale applied to IS portfolio prioritization using three attributes: communicability of decision rationale, consistency in applying decision rationale, and risk appropriateness of decision rationale. Since the decision rationale applied for IS portfolio prioritization is often tacit, unknown even to the decision makers themselves, we employ the decision tree induction methodology to discover this tacit decision rationale. We analyze over 150 IS portfolio prioritization decisions on a multimillion dollar IS portfolio of a multibusiness, Fortune 50 firm and our findings, which support our propositions, indicate that firms that adopt different IS strategies rely on systematically different profiles of decision rationale for IS portfolio prioritization. Implications for IS governance practices are developed.

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

Chapter 5 - Mitigation Strategy Development

Business continuity management (BCM) and risk management (RM) processes are very important to current organizations. The former ensures that organizations can limit losses after severe contingencies or disasters. The latter helps organizations identify potential security incidents and adopt the most cost-effective countermeasures. However, current risk management approaches or methodologies do not reflect the important differences between RM and BCM processes. Therefore, even an organization that has established RM processes may need to re-assess the risks for BCM processes. In light of this, this study proposes RiskPatrol, a risk management system that provides an integrated view of risks associated with RM and BCM processes. RiskPatrol provides an easy way for users to retain enough information for BCM while they perform risk assessment in RM processes, and vice versa. The proposed approach can improve the efficiency of establishing information security management systems by minimizing redundancies in RM and BCM processes.

Micro, Small, and Medium Enterprises (MSMEs) become the most important pillar of the Indonesian economy. However, MSMEs face more risks in business continuity due to a lack of resources, especially in developing countries. MSMEs are better able to carry out internal control and risk management to survive in a volatile market. As a risk management tool, internal control does contribute to the sustainability of MSMEs. The purpose of the study is to test and analyze internal control and risk management for ongoing concerns of MSMEs. This research is quantitative research. The population of this study is MSME business actors in Magelang Regency. The sampling technique uses convenience sampling with the number of samples used in this research being 135 MSMEs in Magelang Regency. Hypothesis testing uses the SEM-PLS analysis tool. The results of this study show that internal control and risk management are not significant in achieving MSMEs' business continuity. This study expands the literature by providing empirical evidence on the role of internal control and risk management in the growth of going concern of MSMEs.

The purpose of this paper is to investigate the information systems (IS) assimilation level of an enterprise system in the post-implementation phase, through the lens of IS governance mechanisms and IS support structures, impacted by the socio-cognitive processes. The research follows a qualitative approach and builds on semi-structured interviews with enterprise system stakeholders in large public sector organizations in India. The study posits that high levels of IS governance mechanisms and high levels of IS support structures lead to a high level of IS assimilation only in the presence of higher level socio-cognitive processes. A not-so-higher level of socio-cognitive fabric results in low or moderate IS assimilation levels in spite of high levels of IS governance and/or IS support structures. Despite close to a couple of decades of IS research on enterprise systems, IS assimilation is still an enigma for practitioners and academicians. The generalizability of the results of this study may be applicable to any public organization in a developing country, like India, which are using enterprise system solutions but are yet to reap the potential benefits. The results present a way forward for practitioners to ensure optimal resources and focus for the triad- IS governance, IS support structures and socio-cognitive processes.

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk assessment methodologies that provide a standard to measure and assess risk within organizations. Information technology risk management is a significant new function that can help companies achieve world class IT service. IT risk management includes regulatory compliance, information security, disaster recovery, and project risks. IT risk management should be part of a company’s risk management strategy on an equal footing with financial risk management and reputational risk management. As the complexity of IT infrastructures increases and as businesses continue to rely upon the Internet as the communication backbone for e-business, the associated risks increase. For these reasons, deciding upon and implementing a risk management process and a standard methodology will greatly reduce the risks associated with the introduction of new technologies that support the mission of the business.

This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk assessment methodologies that provide a standard to measure and assess risk within organizations. Information technology risk management is a significant new function that can help companies achieve world class IT service. IT risk management includes regulatory compliance, information security, disaster recovery, and project risks. IT risk management should be part of a company’s risk management strategy on an equal footing with financial risk management and reputational risk management. As the complexity of IT infrastructures increases and as businesses continue to rely upon the Internet as the communication backbone for e-business, the associated risks increase. For these reasons, deciding upon and implementing a risk management process and a standard methodology will greatly reduce the risks associated with the introduction of new technologies that support the mission of the business.