scholarly journals IT risk management disclosure in the integrated reports of the top 40 listed companies on the JSE limited

2017 ◽  
Vol 7 (3) ◽  
pp. 27-34
Author(s):  
Ben Marx ◽  
Covanni Du Preez
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Stock Exchange ◽  
Listed Companies ◽  
It Risk Management ◽  
Annual Basis ◽  
Johannesburg Stock Exchange ◽  
Increase Productivity ◽  
Top 40 ◽  
It Risk

Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this paper is to determine to what extent IT Risk and IT Risk Management are disclosed in the IR’s of the Top 40 Listed Companies on the JSE. It further aims to determine whether IT Risks are included as material risk in the entity’s risk statements of the Integrated Report, and whether proper explanations are provided on how the materiality of the risks are determined and dealt with. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicates that more than half of the companies included IT risk as part of their material risks and outlined appropriate and detailed processes that were followed by the company to manage those IT risks. The findings of the study accordingly support the need for communicating significant risks and the management thereof to stakeholders as part of the integrated nature of governance of entities. However, it is disconcerting that some companies are not doing this, and accordingly are not realising the need for communicating significant matters to their stakeholders and the value that informative and credible reporting will bring to an entity’s Integrated Report.

scholarly journals The Day Of The Week Effect: An Analysis Of The Johannesburg Stock Exchange Top 40 Firms

2013 ◽  
Vol 12 (3) ◽  
pp. 319
Author(s):  
James Plimsoll ◽  
Ben Saban ◽  
Andreas Spheris ◽  
Kanshukan Rajaratnam
Keyword(s):  
Stock Exchange ◽  
Listed Companies ◽  
Previous Literature ◽  
Specific Level ◽  
Johannesburg Stock Exchange ◽  
Specific Focus ◽  
Day Of The Week ◽  
Top 40 ◽  
Micro Analysis ◽  
Estimation Models

This study investigates the existence of the Day of the Week (DoW) effect on returns and volatility on the Johannesburg Stock Exchange (JSE), with a specific focus on the markets Top 40 firms (Top40). It is the most micro analysis of the DoW effect conducted to date, as previous literature has only explored the effect on market and index levels. While this paper focuses on a firm-specific level, it also makes a comparison with the DoW effect on the All-Share Index (ALSI) and Top40 Index (TOPI). Drawing on Borges (2009) study, this paper investigates whether a DoW effect exists on a specific day compared with the rest of the week. This is achieved by regressing returns on each day of the week separately. GARCH estimation models are used to test for a DoW effect with regards to variance in share returns. The initial findings show that neither the ALSI nor the TOPI have any significant DoW effects. However, a more micro examination reveals that ten of the Top40 firms have significant DoW effects on at least one day of the week. The investigation reveals no significant DoW effects with regards to volatility, which highlights that the constituents of the Top40 typically achieve consistent returns compared to other listed companies.

scholarly journals Analisis Manajemen Risiko Startup pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019

2021 ◽  
Vol 8 (3) ◽  
pp. 635
Author(s):  
Dio Febrilian Tanjung ◽  
Aulia Oktaviana ◽  
Aris Puji Widodo
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Qualitative Method ◽  
Business Processes ◽  
Business Continuity ◽  
Business Success ◽  
It Risk Management ◽  
Corporate Business ◽  
A Company ◽  
It Risk

<p>Perkembangan <em>startup </em>berbasis teknologi informasi (TI) semakin meningkat dewasa ini. Sebagai penunjang keberhasilan bisnis perusahaan, TI memiliki risiko yang timbul di berbagai keadaan terutama di era pandemi COVID-19. Salah satu alternatif yang dapat dimanfaatkan untuk mengelola dan menjamin usaha yang lebih kondusif dan kredibel yaitu manajemen risiko yang tepat. Hal ini karena manejemen risiko menjadi hal yang penting pada bisnis dalam meningkatkan keuntungan dan mempertahankan kontinuitas bisnis, terutama dalam kondisi pandemi COVID-19. Pembahasan manajemen risiko TI secara umum sudah cukup banyak, namun penelitian manajemen risiko dalam menghadapi masa pandemi perlu dipertimbangkan. Hal ini dikarenakan pada masa pandemi ini, TI menjadi salah satu kunci agar bisnis dapat bertahan dan memenangkan kompetisi. Selain itu, pandemi COVID-19 termasuk dalam kasus luar biasa yang belum pernah terjadi dalam kurun waktu ratusan tahun, sehingga secara teknis risiko dari pandemi ini termasuk dalam risiko yang tidak terpikirkan sebelumnya oleh perusahaan. Tujuan penelitian ini untuk mengidentifikasi kondisi implementasi manajamen dan ancaman risiko terhadap proses bisnis pada sebuah perusahaan <em>startup </em>terutama di masa pandemi. Penelitian ini menggunakan metode kualitatif dengan mengacu pada COBIT® 2019 fokus domain DSS04 <em>Manage Continuity </em>dengan melakukan observasi awal terhadap kondisi perusahaan dan wawancara terhadap pemangku kepentingan perusahaan. Hasil penelitian menunjukkan bahwa perusahaan telah melakukan penyesuaian terhadap kebutuhan bisnis selama masa pandemi COVID-19 untuk memastikan keberlangsungan bisnis. Namun dalam pelaksanaannya belum ada pengukuran <em>risk management</em> untuk mengontrol apakah manajemen risiko yang dijalankan sudah tepat, sehingga diperlukan penerapan COBIT® 2019 dalam tata kelola bisnis perusahaan.</p><p> </p><p><em><strong>Abstract</strong></em></p><p><em>The development of information technology (IT) based startups is increasing nowadays. To support the company's business success, IT has risks arising from various circumstances, especially in the era of the COVID-19 pandemic. One alternative that can be used to manage and ensure a conducive and credible business is proper risk management. This is because risk management is important for businesses in increasing profits and maintaining business continuity, especially in the conditions of the COVID-19 pandemic. There is a lot of discussion about IT risk management in general, but research on risk management in dealing with the pandemic needs to be considered. This is because during this pandemic, IT is one of the keys for businesses to survive and win the competition. In addition, the COVID-19 pandemic is included in an extraordinary case that has not occurred in hundreds of years, so that technically the risks from this pandemic are included in risks that were not thought of before by the company. The purpose of this study is to identify the conditions of management implementation and risk threats to business processes at a company startup, especially during the pandemic. This study uses a qualitative method with reference to COBIT® 2019 focused on the DSS04 Manage Continuity domain by conducting initial observations of the company's condition and interviews with company stakeholders. The results show that the company has made adjustments to business needs during the COVID-19 pandemic to ensure business continuity. However, in practice there is no risk management measurement to control whether the risk management is carried out properly, so it is necessary to implement COBIT® 2019 in corporate business governance.</em></p><p><em><strong><br /></strong></em></p>

RISK MANAGEMENT ANALYSIS OF BUS TRANSPORTATION APPLICATION USING COBIT 4.1

JURTEKSI ◽  
2021 ◽  
Vol 7 (2) ◽  
pp. 203-212
Author(s):  
Resad Setyadi ◽  
Handy Nur Prabowo
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Management Approach ◽  
Transportation Services ◽  
It Risk Management ◽  
Application Service ◽  
Control Objective ◽  
Level 2 ◽  
It Risk ◽  
Bus Transportation

Abstract: The role of information technology in transportation increases, namely in enjoying transportation services. One way to provide the best service for a transportation company to customers is to provide a bus booking application service. One of the companies that offer service applications is a bus transportation application located in Yogyakarta. Because the application system is considered necessary, stakeholders need IT risk management for the bus booking application. The purpose of this research is to analyze the risk management of the bus transportation application. In measuring IT risk management, the author uses the Control Objective for information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO) framework, especially PO9 (Assess and Manage IT risk). The analysis results show that if the bus transportation application is at level 2 in maturity level. It means that the company knows that there are problems that need resolving. Standard risk management in bus transportation applications tends to provide failed access in the progress of its service. The problem is solving individually and not yet at the integrated completion stage. In general, the application management approach needs to improve better management in the field of information technology.            Keywords: COBIT; plan and organize; risk management  Abstrak: Peran teknologi informasi dalam meningkatnya angkutan yaitu dalam menikmati layanan angkutan. Salah satu cara untuk memberikan layanan terbaik bagi perusahaan angkutan kepada pelanggan adalah dengan menyediakan layanan aplikasi pemesanan bus. Salah satu perusahaan yang menawarkan aplikasi jasa adalah aplikasi angkutan bus yang berlokasi di Yogyakarta. Karena sistem aplikasi dirasa perlu, maka stakeholders membutuhkan manajemen risiko TI untuk aplikasi pemesanan bus tersebut. Tujuan dari penelitian ini adalah menganalisis manajemen risiko pada aplikasi angkutan bus. Dalam mengukur manajemen risiko TI, penulis menggunakan framework Control Objective for Information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO), khususnya PO9 (Assessment and Manage IT risk). Hasil analisis menunjukkan bahwa penerapan angkutan bus berada pada level 2 pada tingkat kematangan. Artinya perusahaan mengetahui bahwa ada masalah yang perlu diselesaikan. Manajemen resiko standar dalam aplikasi transportasi bus cenderung memberikan akses yang gagal dalam kemajuan layanannya. Masalahnya diselesaikan secara individu dan belum pada tahap penyelesaian terintegrasi. Secara umum, pendekatan manajemen aplikasi perlu meningkatkan manajemen yang lebih baik di bidang teknologi informasi. Kata kunci: COBIT; plan and organize; risk management

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

2018 ◽  
pp. 236-257
Author(s):  
Shanmugapriya Loganathan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Vital Role ◽  
Transfer System ◽  
Business Systems ◽  
It Risk Management ◽  
It Organization ◽  
Security Network ◽  
Business Cost ◽  
It Risk

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.

Global IT Risk Management Strategies

2008 ◽  
pp. 285-298 ◽  
Author(s):  
Chrisan Herrod
Keyword(s):  
Risk Management ◽  
Financial Risk ◽  
Best Practice ◽  
New Technologies ◽  
Management Strategies ◽  
Regulatory Compliance ◽  
It Risk Management ◽  
Reputational Risk ◽  
Risk Management Strategies ◽  
It Risk

This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk assessment methodologies that provide a standard to measure and assess risk within organizations. Information technology risk management is a significant new function that can help companies achieve world class IT service. IT risk management includes regulatory compliance, information security, disaster recovery, and project risks. IT risk management should be part of a company’s risk management strategy on an equal footing with financial risk management and reputational risk management. As the complexity of IT infrastructures increases and as businesses continue to rely upon the Internet as the communication backbone for e-business, the associated risks increase. For these reasons, deciding upon and implementing a risk management process and a standard methodology will greatly reduce the risks associated with the introduction of new technologies that support the mission of the business.

Risk of adopting mission-critical OSS applications: an interpretive case study

2014 ◽  
Vol 34 (4) ◽  
pp. 477-512 ◽  
Author(s):  
Placide Poba-Nzaou ◽  
Louis Raymond ◽  
Bruno Fabi
Keyword(s):  
Risk Management ◽  
Open Source ◽  
Resource Planning ◽  
Adoption Process ◽  
Content Type ◽  
It Risk Management ◽  
Interpretive Case Study ◽  
Mission Critical ◽  
It Risk

Purpose – This study aims to explore the process of open source software (OSS) adoption in small- and medium-sized enterprises (SMEs), and more specifically open source enterprise resource planning (ERP) as a “mission critical” OSS application in manufacturing. It also addresses the fundamental issue of ERP risk management that shapes this process. Design/methodology/approach – The approach is done through an interpretive case study of a small Canadian manufacturer that has adopted an open source ERP system. Findings – Interpreted in the light of the IT risk management, OSS and packaged application adoption literatures, results indicate that the small manufacturer successfully managed the adoption process in a rather intuitive manner, based on one guiding principle and nine practices. In analyzing the data, diffusion of innovation theory appeared to fit rather well with the situation observed and to offer rich insights to explain the mission-critical OSS adoption process. Research limitations/implications – A single case study of successful IT adoption should be eventually counterbalanced by future cases considered to be partial or total failures, using a wider multiple case study approach for comparative purposes. And this should include alternative theoretical interpretations and more detailed empirical work on the extent to which the distinctive features of OSS make its adoption more or less risk-laden. This initial effort should also be followed by further research on mission-critical OSS adoption in contexts other than SMEs (e.g. healthcare organizations) and other than ERP (e.g. customer-relationship management). Practical implications – This research confirms that open source is a credible alternative for SMEs that decide willingly or under external pressure to adopt a mission-critical system such as ERP. Moreover, it suggests that a high level of formalization is not always necessary. Originality/value – The authors argue that rich insights into the dynamics of the mission-critical OSS adoption process can be obtained by framing this process within an IT risk management context.

Sign in / Sign up

Export Citation Format

Share Document