期刊名称:Electronic Journal of Information Systems Evaluation
电子版ISSN:1566-6379
出版年度:2013
卷号:16
期号:1
页码:3-13
出版社:Academic Conferences Limited
摘要:Understanding the value derived from IT investments and IT enabled operational improvements is difficult, and has been a subject of research and debate among ICT practitioners and academics for many years. This is particularly so because innovat ive technological developments have supported transformative changes in organizational operational activities. Research continues to investigate approaches to not only understanding the value derived by IT but also to optimizing this value. One of the key aspects of optimizing IT‑driven value is the requirement to effectively manage risk. The continual evolution of the IT risk landscape requires effective Risk Management (RM) practices for all IT risk areas, such as, but not limited to security, investm ents, service contracts, data protection and information privacy. Effectively managing these risk areas pose specific concerns from the perspective of Chief Information Officers (CIOs) and Chief Risk Officers (CROs). Hence, significant considerations should be given to not only the processes involved in assessing, prioritizing, handling and monitoring these risks but also to ensuring the development of an appropriate risk culture and the establishment of effective RM governance structures, to support effective RM. This paper examines the maturity model/framework approach to improving an organizations IT capabilities, with specific reference to effectively managing IT‑related risks, and increasing value derived over time. A new IT Risk Management mat urity model is presented; this framework is part of the IT Capability Maturity Framework (IT CMF) which supports value‑driven IT management practices. It was developed by the Innovation Value Institute at the National University of Ireland Maynooth, fol lowing a design science and open innovation research approach. The IT CMF, consisting of 33 Critical Capabilities, focuses on maturing key activities of the IT organization. The Risk Management Critical Capability presented in this paper enables organizat ions to determine their IT RM maturity and identify key recommendations in specific areas to improve maturity overtime. Thereafter the paper presents an analysis of the maturity model approach to managing risk, to improving an organizations IT capabiliti es, and to deriving enterprise‑wide value from more mature IT practices.
关键词:IT risks ; IT risk management ; maturity model ; IT CMF ; critical capability ; RM practices ; outcomes and metrics