Antecedents of IT Governance Effectiveness: An Empirical Examination in Brazilian Firms

2016 ◽  
Vol 31 (1) ◽  
pp. 41-57 ◽  
Author(s):  
Guilherme Lerch Lunardi ◽  
Antonio Carlos Gastaud Maçada ◽  
João Luiz Becker ◽  
Wim Van Grembergen
Keyword(s):  
Risk Management ◽  
Performance Management ◽  
Strategic Alignment ◽  
It Governance ◽  
Equation Modeling ◽  
It Risk Management ◽  
It Value ◽  
Governance Effectiveness ◽  
It Performance ◽  
It Risk

ABSTRACT Although some authors have stated that effective IT governance is crucial for any organization to achieve its corporate goals, little empirical research is available supporting the assumptions regarding the factors that determine the effectiveness of IT governance. This paper analyzes the main IT governance domains (i.e., IT strategic alignment, IT risk management, IT value delivery, IT resource management, and IT performance management) and the presence of several IT governance mechanisms that constitute antecedents of IT governance effectiveness. We used partial least squares (PLS) structural equation modeling to test our hypotheses based on survey data from 87 large Brazilian companies. Our results show IT strategic alignment, IT value delivery, IT risk management, and IT performance management have a positive and significant impact on the effectiveness of IT governance. Further, we found associations of structural, procedural, and relational mechanisms with the main IT governance domains suggesting their adoption can improve IT governance within organizations.

IT Governance and the Maturity of IT Risk Management Practices

2015 ◽  
Vol 31 (1) ◽  
pp. 59-77 ◽  
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Boards Of Directors ◽  
Management Practices ◽  
It Governance ◽  
Operational Risk ◽  
Operational Risk Management ◽  
It Risk Management ◽  
Customer Information ◽  
Reporting Structure ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's enhanced disclosure rule on risk oversight, state laws requiring public disclosure of compromised customer information, and high-profile customer information breaches have caused Information Technology (IT) risk management practices to be a major concern for boards of directors and management. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management (ERM) framework emphasizes the importance of the board's oversight role while also bringing attention to the firm's reporting structure. Consequently, our study examines whether the maturity of IT risk management practices depends on Chief Information Officer (CIO) reporting structure and Chief Executive Officer (CEO)/Chairman duality. We develop a scale to measure strategic and operational maturity under the larger auspice of IT risk management and distribute a survey to high-level IT professionals. Our survey also captures the reporting structure of their firms. Consistent with our hypothesis, we find that the maturity of strategic IT risk management practices are higher when the CIO reports directly to the CEO. However, contrary to expectations, we do not find that operational risk management is more mature when the CIO reports to the Chief Financial Officer (CFO). Instead, operational risk management is higher when the CIO reports to the CEO. For public firms, the maturity of IT risk management practices are higher when the CEO is also the chairman of the board of directors. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed and factors that affect IT governance.

IT Governance and IT Risk Management Principles and Methods for Supporting 'Always-On' Enterprise Information Systems

2010 ◽  
pp. 1-16 ◽  
Author(s):  
Mario Spremic
Keyword(s):  
Risk Management ◽  
Information Systems ◽  
Business Processes ◽  
It Governance ◽  
Enterprise Information ◽  
Enterprise Information Systems ◽  
It Risk Management ◽  
It Audit ◽  
Business Requirements ◽  
It Risk

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

scholarly journals Understanding value characteristics toward a robust IT governance application in private organizations using COBIT framework

2017 ◽  
Vol 9 ◽  
pp. 184797901770377 ◽  
Author(s):  
Firas M Alkhaldi ◽  
Samir Marwan Hammami ◽  
Mohammed Ahmar Uddin
Keyword(s):  
Risk Management ◽  
It Governance ◽  
Confirmatory Factor Analyses ◽  
It Risk Management ◽  
It Alignment ◽  
Private Organizations ◽  
Business Alignment ◽  
High Level ◽  
And Control ◽  
It Risk

This research is an inquiry of Control Objectives for Information and Related Technologies (COBIT) as a high-level governance and control framework which was proposed by ITGI by providing incite and statistical evidence investigating whether ITGI pillars can be accounted for the same IT governance dimension. The data were collected via a questionnaire distributed to 40 private organizations in the Middle East, comprising a sample size of 179 respondents of strategic- and tactical-level managers. To investigate the research questions, the researchers apply an exploratory and confirmatory factor analyses using EQS 6.3 and SPSS 21. The findings of the research indicate that there is an awareness of the nature of the relationship that IT governance has with its various factors as suggested by the COBIT framework: business/IT alignment, IT value delivery, IT resource management, IT risk management and IT performance. The findings also revealed that “IT risk management” is the leading indicator in explaining the IT governance application behavior. The validated model of ITGOV shows that “IT business alignment” has the least significant impact on the study sample. The overall results illustrate the needs and the imperatives of the model factors in achieving a better understanding of the characteristic value of the ITGOV applications using the COBIT framework as suggested by ITGI.

scholarly journals The Influence IT Governance Mechanism on Effectiveness ITG and IT Performance: A Partial Least Squares Structural Equation Modeling Approach (PLS-SEM)

2021 ◽  
Vol 2 (3) ◽  
pp. 568-581
Author(s):  
Anwar Fattah ◽  
Hoga Saragih ◽  
Titik Khawa Abdul Rahman ◽  
Resad Setyadi
Keyword(s):  
Higher Education ◽  
Structural Equation Modeling ◽  
Structural Equation ◽  
Positive Relationship ◽  
It Governance ◽  
Education Institution ◽  
Equation Modeling ◽  
Higher Education Institution ◽  
Governance Effectiveness ◽  
It Performance

This article presents raw inferential statistical data that determine the IT Governance effectiveness on the IT Performance.To identify influence mechanism Information Technology Governance (ITG) on Effectiveness ITG and IT Performance.Data were collected from respondents in all regions of Indonesia. Quantitative research methods are used to analyze data. The structured questionnaire was distributed to respondents in all regions of Indonesia who understood the field of IT Governance in Higher University whose reliability and validity were confirmed. Structural equation modeling (SEM) using Smart PLS software, version 3, is used to present data. SEM path analysis shows an estimate of the relationship of the main constructs in the data The results obtained from this dataset shows positive relationship between mechanism Structure, Process and Relation to IT Governance effectiveness, consciousness also has a significant influence on the IT Performance and positive relationship between IT Governance effectiveness and IT Performance. However, mechanism structure and process has proven to have a negative and insignificant influence on the IT Performance Effective IT governance related to mechanism ITG and IT Performance level of unit analysis. One of the more significant findings to emerge from this study is that evaluate the mechanism ITG impact to effective IT governance that focus on higher education institution (HEI). This study already examines a validation of evaluation model and collecting data in particular higher education institution (HEI) as a single case study.

IT Governance and IT Risk Management Principles and Methods for Supporting ’Always-On’ Enterprise Information Systems

2010 ◽  
pp. 1849-1864
Author(s):  
Mario Spremic
Keyword(s):  
Risk Management ◽  
Information Systems ◽  
Business Processes ◽  
It Governance ◽  
Enterprise Information ◽  
Enterprise Information Systems ◽  
It Risk Management ◽  
It Audit ◽  
Business Requirements ◽  
It Risk

Most organizations in all sectors of industry, commerce, and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology–IT) that underpins their activities ever come to halt. The development and governance of proper IT infrastructure may have enormous implications for the operation, structure, and strategy of organizations. IT and IS may contribute towards efficiency, productivity, and competitiveness improvements of both interorganizational and intraorganizational systems. On the other hand, successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This, in particular, means that they understand and manage risks associated with growing IT opportunities, as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only marginal or ‘technical’ problems but become more and more a ‘business problem.’ Therefore, in this chapter, a corporate IT risk management model is proposed and contemporary frameworks of IT governance and IT audit explained. Also, it is depicted how to model information systems and supporting IT procedures to meet ‘always-on’ requirements that comes from the business. In fact, a number of IT metrics proposed in the chapter support the alignment of IT Governance activities with business requirements towards IT.

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

2018 ◽  
pp. 236-257
Author(s):  
Shanmugapriya Loganathan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Vital Role ◽  
Transfer System ◽  
Business Systems ◽  
It Risk Management ◽  
It Organization ◽  
Security Network ◽  
Business Cost ◽  
It Risk

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.

Sign in / Sign up

Export Citation Format

Share Document