The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Journal Article

IT Risk Management: A Capability Maturity Model Perspective  pp3-13

Val Hooper anMarian Carcaryd Tarika Kalidas

© Jun 2013 Volume 16 Issue 1, ECIME 2012, Editor: Dr. David Sammon and Dr. Tadhg Nagle, pp1 - 84

Look inside Download PDF (free)


Abstract: Understanding the value derived from IT investments and IT enabled operational improvements is difficult, and has been a subject of research and debate among ICT practitioners and academics for many years. This is particularly so because innovat ive technological developments have supported transformative changes in organizational operational activities. Research continues to investigate approaches to not only understanding the value derived by IT but also to optimizing this value. One of the key aspects of optimizing IT‑driven value is the requirement to effectively manage risk. The continual evolution of the IT risk landscape requires effective Risk Management (RM) practices for all IT risk areas, such as, but not limited to security, investm ents, service contracts, data protection and information privacy. Effectively managing these risk areas pose specific concerns from the perspective of Chief Information Officers (CIOs) and Chief Risk Officers (CROs). Hence, significant considerations should be given to not only the processes involved in assessing, prioritizing, handling and monitoring these risks but also to ensuring the development of an appropriate risk culture and the establishment of effective RM governance structures, to support effective RM. This paper examines the maturity model/framework approach to improving an organizationĀs IT capabilities, with specific reference to effectively managing IT‑related risks, and increasing value derived over time. A new IT Risk Management mat urity model is presented; this framework is part of the IT Capability Maturity Framework (IT CMF) which supports value‑driven IT management practices. It was developed by the Innovation Value Institute at the National University of Ireland Maynooth, fol lowing a design science and open innovation research approach. The IT CMF, consisting of 33 Critical Capabilities, focuses on maturing key activities of the IT organization. The Risk Management Critical Capability presented in this paper enables organizat ions to determine their IT RM maturity and identify key recommendations in specific areas to improve maturity overtime. Thereafter the paper presents an analysis of the maturity model approach to managing risk, to improving an organizationĀs IT capabiliti es, and to deriving enterprise‑wide value from more mature IT practices.


Keywords: Keywords: IT risks, IT risk management, maturity model, IT CMF, critical capability, RM practices, outcomes and metrics


Share |