What Factors Influence Companies’ Successful Implementations of Technology Risk Management Systems?

Abstract

During the initial literature review on this research question, areas of focus included the following: • Current qualitative and quantitative methodologies for technology risk analysis. • Business applications for expanding the use of qualitative and quantitative technology and security risk models. • Implementation of qualitative and quantitative technology and security risk analysis methodologies models by practitioners. Information Technology (IT) risk analysis has become be an integral part of the enterprise risk management systems in many organizations. However, many companies have struggled to effectively implement these systems. This has become a serious problem in many cases where governmental regulations, industry requirements, and even contractual language for doing business have increasingly included technology risk management obligations that companies must meet. Currently, technology risk management is not as mature a field as those like IT Audit or Information Security, which have had professional certification processes for over 23 years. Technology risk management, on the other hand, has had similar certifications for less than 10 years. As such, many of the current technology risk management practitioners have come from other fields, which has made it difficult to construct a common body of knowledge on which technology risk management systems can be built. In many cases, such factors, as well as others, are making it difficult to implement technology risk management systems. This research will seek to evaluate those factors in more detail to determine common ones that have the most impact on the success of technology risk management projects and make recommendations for overcoming the factors that limit the success of these projects.