...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal of information systems >IT Governance and the Maturity of IT Risk Management Practices
【24h】

IT Governance and the Maturity of IT Risk Management Practices

机译:IT治理与IT风险管理实践的成熟度

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Securities and Exchange Commission's enhanced disclosure rule on risk oversight, state laws requiring public disclosure of compromised customer information, and high-profile customer information breaches have caused Information Technology (IT) risk management practices to be a major concern for boards of directors and management. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management (ERM) framework emphasizes the importance of the board's oversight role while also bringing attention to the firm's reporting structure. Consequently, our study examines whether the maturity of IT risk management practices depends on Chief Information Officer (CIO) reporting structure and Chief Executive Officer (CEO)/Chairman duality. We develop a scale to measure strategic and operational maturity under the larger auspice of IT risk management and distribute a survey to high-level IT professionals. Our survey also captures the reporting structure of their firms. Consistent with our hypothesis, we find that the maturity of strategic IT risk management practices are higher when the CIO reports directly to the CEO. However, contrary to expectations, we do not find that operational risk management is more mature when the CIO reports to the Chief Financial Officer (CFO). Instead, operational risk management is higher when the CIO reports to the CEO. For public firms, the maturity of IT risk management practices are higher when the CEO is also the chairman of the board of directors. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed and factors that affect IT governance.
机译:美国证券交易委员会(Securities and Exchange Commission)加强了对风险监督的披露规则,要求公开披露受侵害的客户信息的州法律以及引人注目的客户信息泄露,已使信息技术(IT)风险管理实践成为董事会和管理层的主要关注点。特雷德韦委员会(COSO)企业风险管理(ERM)框架的发起组织委员会强调了董事会监督作用的重要性,同时也提请注意公司的报告结构。因此,我们的研究检查了IT风险管理实践的成熟度是否取决于首席信息官(CIO)的报告结构和首席执行官(CEO)/主席的双重性。我们制定了一个规模,用于在更大的IT风险管理主持下衡量战略和运营成熟度,并将调查问卷分发给高级IT专业人员。我们的调查还捕获了其公司的报告结构。根据我们的假设,我们发现,当首席信息官直接向首席执行官报告时,战略性IT风险管理实践的成熟度更高。但是,与预期相反,当首席信息官向首席财务官(CFO)报告时,我们发现运营风险管理还不成熟。相反,当首席信息官向首席执行官报告时,运营风险管理会更高。对于公共公司而言,当首席执行官兼董事会主席时,IT风险管理实践的成熟度也更高。由于C级官员可能对董事会具有不对称的访问权限,因此了解报告结构可以使公司,监管机构和感兴趣的利益相关者了解如何更好地管理IT风险以及影响IT治理的因素。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号