Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Jamey Worrell, CPA, CISA, CIA. Managing Organizational Risk Associated with IT Managing Risks in Arms-length Transactions Governing collaboration.

Published byRichard Robinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Jamey Worrell, CPA, CISA, CIA. Managing Organizational Risk Associated with IT Managing Risks in Arms-length Transactions Governing collaboration."— Presentation transcript:

1 Dr. Jamey Worrell, CPA, CISA, CIA

2 Managing Organizational Risk Associated with IT Managing Risks in Arms-length Transactions Governing collaboration and exchanges in electronically-mediated transactions Managing Risks in Organization & System Design Aligning people, processes and technologies to enable organizational agility Managing Risks in ERP Post- implementation Aligning ERP functionality and business needs in post- implementation phase Identifying Sources of Risk Teaching cases on IT risk identification and IT audits Understanding perceptual differences in IT risk

3  What is the problem?  Why is this important?  What do we know about IT risk?  How did we investigate this problem?  What do we now know about IT risk?  What do you think?

4 IT ManagersBusiness Managers How do different stakeholder groups within organizations conceptualize IT risk? IT Audit & Security

5  IT risk defined as “the risk that an organization’s information systems will not adequately support the organization in achieving its business objectives, sufficiently safeguard its information resources, or deliver accurate and complete information to its users.

6

7  Event identification is all about identifying those events that have a potentially harmful impact on the organization…i.e., risks  When we begin talking about IT risks, the picture gets a little cloudy…how do we resolve (potentially) differing perspectives?

8  Composition and importance of technology- related risk is a long running debate, with limited resolution  Past 20 years of scholarly research on IT risk has had limited success in identifying a consistent conceptualization  Scholarly research on IT risk tends to focus on a single stakeholder’s perspective (project manager, executive management, “user”)  Business and technical personnel have demonstrated difficulties speaking the same language and understanding each other’s needs

9  Delphi study  Appropriate for identifying and ranking issues for managerial action  Uses a “panel of experts” to resolve complex questions and problems

10  IT Audit / Security Panel (n=17)  All manager level and above  Big 5 experience  Business Panel (n=15)  Mostly Fortune 1000 mid and senior managers  IT Panel (n=12)  All Fortune 1000 companies  Wide variety of responsibilities

11

12  Phase 1  Each panel receives identical list of risk factors  Asked to select “Top 10” IT risks  For each panel, items receiving a simple majority (50% or more of panelists selected) moved forward to next phase  Phase 2  Each panel receives panel-specific list of risk factors  Asked to rank in order of importance  Justify #1 ranking  Subsequent rounds present risk factors in order of mean ranking  Iterate until consensus on rankings or plateau

13 WInterpretation 0.1Very Weak Agreement 0.3Weak Agreement 0.5Moderate Agreement Source: Schmidt 1997

14 Risk ItemIT AS BITComments R8 Lack of organizational alignment between business and IT 142 “Not having IT ‘at the table’ leads to…irrelevant investments, wasted efforts and lost opportunities” R6 Interdependencies between systems 461 “…we have numerous systems cobbled together…like Frankenstein’s monster…error recovery is excruciating…” R19Technical complexity899 “…it’s often difficult to find the human resources with knowledge across systems to maintain these (complex, cross platform systems)”

15  Why do YOU think that 1. there wasn’t more overlap between the three panels? 2. the Business Professionals panel and IT Professionals panel were unable to reach consensus on IT risk rankings?

16  Heterogeneity within panels  wide and varied representation  IT Professional panel  BCP/DRP, enterprise architecture, database management, application development, computer operations, technology product life cycle management  Business Professional panel  financial reporting, human resources, marketing, business controllership, procurement  Individual biases in decision-making  Recency bias  Anchoring and adjustment  Disconnects between IT and business professionals in decision making and risk identification

17 THANK YOU! Dr. Jamey Worrell worrellj@uab.edu 205.514.1045

Download ppt "Dr. Jamey Worrell, CPA, CISA, CIA. Managing Organizational Risk Associated with IT Managing Risks in Arms-length Transactions Governing collaboration."

Similar presentations

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)
Global Congress Global Leadership Vision for Project Management.

Global Congress Global Leadership Vision for Project Management.
12 August 2004 Strategic Alignment By Maria Rojas.

12 August 2004 Strategic Alignment By Maria Rojas.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Guidebook for Risk Analysis Tools and Management Practices to Control Transportation Project Costs Keith R. Molenaar, PhD Stuart D. Anderson, PhD, PE Transportation.

Guidebook for Risk Analysis Tools and Management Practices to Control Transportation Project Costs Keith R. Molenaar, PhD Stuart D. Anderson, PhD, PE Transportation.
Information Systems in Business

Information Systems in Business
Building a SOA roadmap for your enterprise Presented by Sanjeev Batta Architect, Cayzen Technologies.

Building a SOA roadmap for your enterprise Presented by Sanjeev Batta Architect, Cayzen Technologies.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
W5HH Principle As applied to Software Projects

W5HH Principle As applied to Software Projects
Who is in control? Technical Committees ? Business Investment and IT Vendor Community ? Interdisciplinary Scholarship ? The public discussion space ?

Who is in control? Technical Committees ? Business Investment and IT Vendor Community ? Interdisciplinary Scholarship ? The public discussion space ?
University of Minho School of Engineering R&D Centre ALGORITMI / Department of Information Systems Uma Escola a Reinventar o Futuro – Semana da Escola.

University of Minho School of Engineering R&D Centre ALGORITMI / Department of Information Systems Uma Escola a Reinventar o Futuro – Semana da Escola.
1. Quick Review Case Study in Textbook  Research Methodology  Objectives and Benefits of SISP  “Concerns” or Unsuccessful Features of SISP  Shift.

1. Quick Review Case Study in Textbook  Research Methodology  Objectives and Benefits of SISP  “Concerns” or Unsuccessful Features of SISP  Shift.
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.

Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
University of Sunderland CSEM04 ROSCO Unit 13 Unit 13: Risk Methods CSEM04: Risk and Opportunities of Systems Change in Organisations Dr Lynne Humphries.

University of Sunderland CSEM04 ROSCO Unit 13 Unit 13: Risk Methods CSEM04: Risk and Opportunities of Systems Change in Organisations Dr Lynne Humphries.
The Information Systems Audit Process

The Information Systems Audit Process
Executive Dashboard Systems Secure CITI Adam Zagorecki April 30, 2004.

Executive Dashboard Systems Secure CITI Adam Zagorecki April 30, 2004.
Procurement Strategic Planning Process Transformation Procurement Risks and Opportunities Procurement Process Capabilities & Interdependencies Key Strategic.

Procurement Strategic Planning Process Transformation Procurement Risks and Opportunities Procurement Process Capabilities & Interdependencies Key Strategic.
Supply Chain Management (SCM) Forecasting 3

Supply Chain Management (SCM) Forecasting 3
Strategic evaluation and control. 2 Strategy Review The firm’s internal and external environments are dynamic. Therefore, the best conceived and implemented.

Strategic evaluation and control. 2 Strategy Review The firm’s internal and external environments are dynamic. Therefore, the best conceived and implemented.
2014 Workshop and Plenary Sandra Hoskins, I.S.P, ITCP, PMP, MBA CIPS – Canada’s IT Professional Organization IIBA – International Institute of Business.

2014 Workshop and Plenary Sandra Hoskins, I.S.P, ITCP, PMP, MBA CIPS – Canada’s IT Professional Organization IIBA – International Institute of Business.

Similar presentations

Ads by Google