Understanding IT risk management design in large organizations

Although managing information technology (IT) is widely regarded as a critical responsibility, organizations are often challenged when designing IT risk management (IT-RM). Literature so far provides inconsistent guidance by suggesting empowering and compliance-based solutions. The purpose of this paper was to investigate how to design successful IT-risk-management (IT-RM) in large organizations. In particular, we concentrated on complications in the design of IT-RM strategies for the organizational level of instantiation and the potential of combining enabling services with coercive control mechanisms. We used a qualitative research approach by conducting expert interviews in one sample organization. Our results indicate that only a combination of coercive and enabling process components and a strong intertwining of all corporate organizational layers with central risk management will sustainably support the objectives of IT-RM.     «

Although managing information technology (IT) is widely regarded as a critical responsibility, organizations are often challenged when designing IT risk management (IT-RM). Literature so far provides inconsistent guidance by suggesting empowering and compliance-based solutions. The purpose of this paper was to investigate how to design successful IT-risk-management (IT-RM) in large organizations. In particular, we concentrated on complications in the design of IT-RM strategies for the organizati...     »