Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices-Reference-Cited by-同舟云学术

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

Published:2018-08-01 Issue:3 Volume:33 Page:117-135
ISSN:0888-7985
Container-title:Journal of Information Systems
language:en
Short-container-title:

Author:

Vincent Nishani Edirisinghe¹^ORCID,Higgs Julia L.²^ORCID,Pinsker Robert E.²^ORCID

Affiliation:

1. The University of Tennessee at Chattanooga

2. Florida Atlantic University

Abstract

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

Publisher

American Accounting Association

Subject

Management of Technology and Innovation,Information Systems and Management,Human-Computer Interaction,Accounting,Information Systems,Software,Management Information Systems

Link

http://meridian.allenpress.com/jis/article-pdf/33/3/117/2711904/isys-52229.pdf

Reference62 articles.

1. The personality factor: How top management teams make decisions. A literature review;Abatecola;The Journal of Management and Governance,2013

2. Audit committee characteristics and restatements;Abbott;Auditing: A Journal of Practice & Theory,2004

3. A theory of friendly boards;Adams;The Journal of Finance,2007

4. Boards of directors and technology governance: The surprising state of the practice;Andriole;Communications of the Association for Information Systems,2009

5. Top management team international risk management factor and firm performance;Auden;Team Performance Management,2006

Cited by 20 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Board roles required for IT governance to become an integral component of corporate governance;International Journal of Accounting Information Systems;2024-09

2. What Do We Need to Know about the Chief Information Security Officer? A Literature Review and Research Agenda;Computers & Security;2024-08

3. Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis;Journal of Information Systems;2024-02-20

4. A pathway model to five lines of accountability in cybersecurity governance;International Journal of Accounting Information Systems;2023-12

5. Developing a Numerical Method of Risk Management Taking into Account the Decision-Maker’s Subjective Attitude Towards Multifactorial Risks;Computation;2023-07-05