Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices.

Nishani Edirisinghe Vincent; Julia L. Higgs; Robert Pinsker

Ayuda

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices.

Vincent, Nishani Edirisinghe ^[1] ; Higgs, Julia L. ^[2] ; Pinsker, Robert E. ^[2]
1. [1] University of Tennessee at Chattanooga
  
  University of Tennessee at Chattanooga
  
  Estados Unidos
2. [2] Florida Atlantic University
  
  Florida Atlantic University
  
  Estados Unidos
Localización: Journal of information systems, ISSN 0888-7985, Vol. 33, Nº. 3, 2019, págs. 117-135
Idioma: inglés
Texto completo no disponible (Saber más ...)
Resumen
- The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance. [ABSTRACT FROM AUTHOR]