Developing an IT Risk Management Culture Framework

Azizi, Neda; Rowlands, Bruce

doi:10.1007/978-3-030-34269-2_33

Neda Azizi¹¹ &
Bruce Rowlands¹¹

Part of the book series: Lecture Notes in Information Systems and Organisation ((LNISO,volume 35))

1082 Accesses
1 Citations

Abstract

The concept of IT risk management culture is an important topic in IS research because culture helps facilitate the successful implementation/adoption of ITRM frameworks. In this paper we develop an IT risk management (IT-RM) framework based on Cameron and Quinn’s model involving four dimensions of culture. Each cultural dimension is described in terms of how they relate to the implementation of IT-RM initiatives. Our contribution is to illustrate the utility of the framework by linking the four general cultural dimensions to propose a conceptual model of IT-RM values and beliefs. By doing so we present a necessary step in developing the concept of IT-RM culture and moving frameworks such as COBIT5 towards a more comprehensive framework based on systemic empirical research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Aven, T.: Risk assessment and risk management: review of recent advances on their foundation. Eur. J. Oper. Res. 253(1), 1–13 (2016)
Article Google Scholar
ISACA.: COBIT 5, an ISACA Framework, Rolling Meadows (2012)
Google Scholar
Wilkin, C.L., Chenhall, R.H.: A review of IT governance: a taxonomy to inform accounting information systems. J. Inf. Syst. 24(2), 107–146 (2010)
Google Scholar
Wiesche, M., Schermann, M., Krcmar, H.: Understanding the enabling design of IT risk management processes. In: 36th International Conference on Information Systems, Fort Worth, TX, USA (2015)
Google Scholar
Van Grembergen, W., De Haes, S.: Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer, N.Y., New York (2009)
Google Scholar
Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Business Review School Press, Boston, MA (2004)
Google Scholar
Jahner, S., Krcmar, H.: Beyond technical aspects of information security: risk culture as a success factor for IT risk management. In: Proceedings of the 11th Americas Conference on Information Systems, Omaha, NE, 11–14 Aug 2005
Google Scholar
Darwish, S.Z.: Risk and knowledge in the context of organizational risk management. Risk 7(15) (2015)
Google Scholar
Cameron, K., Quinn, R.: Diagnosing and Changing Organizational Culture: Based on the Competing Values Framework. Jossey-Bass, San Francisco, CA (2005)
Google Scholar
Alhawari, S., Karadsheh, L., Talet, A.N., Mansour, E.: Knowledge-based risk management framework for information technology project. Int. J. Inf. Manag. 32(1), 50–65 (2012)
Article Google Scholar
Wu, S., Straub, D., Liang, T.: How information technology, governance mechanisms and strategic alignment influence organizational performance: insights from a matched survey of business and IT managers. MIS Q. 39(2), 497–518 (2015)
Article Google Scholar
Schein, E.: Organisational Culture and Leadership. Jossey-Bass (1997)
Google Scholar
Corriss, L.: Information Security Governance: Integrating Security into the Organizational Culture. In: Workshop on Governance of Technology, Information and Policies, ACM, New York, pp. 35–41 (2010)
Google Scholar
Rowlands, B., De Haes, S. D., Grembergen, W.V.: Exploring and developing an IT governance culture framework. In: 35th International Conference on Information Systems, Auckland, NZ (2014)
Google Scholar
Leidner, D., Kayworth, T.: A review of culture in information systems research: toward a theory of information technology culture conflict. MIS Q. 30(2), 357–399 (2006)
Article Google Scholar
Wiewiora, A., Trigunarsyah, B., Murphy, G., Coffey, V.: Organizational culture and willingness to share knowledge: a competing values perspective in Australian context. Int. J. Project Manag. 31(8), 1163–1174 (2013)
Article Google Scholar

Download references

Author information

Authors and Affiliations

School of ICT, Griffith University, Brisbane, 4111, Australia
Neda Azizi & Bruce Rowlands

Authors

Neda Azizi
View author publications
You can also search for this author in PubMed Google Scholar
Bruce Rowlands
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Neda Azizi .

Editor information

Editors and Affiliations

Department of Computer Science, Sultan Qaboos University, Muscat, Oman
Youcef Baghdadi
Business Department, University Paris Nanterre, Nanterre, France
Antoine Harfouche
Department of Economics and Business Science, University of Cagliari, Cagliari, Italy
Marta Musso

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Azizi, N., Rowlands, B. (2020). Developing an IT Risk Management Culture Framework. In: Baghdadi, Y., Harfouche, A., Musso, M. (eds) ICT for an Inclusive World. Lecture Notes in Information Systems and Organisation, vol 35. Springer, Cham. https://doi.org/10.1007/978-3-030-34269-2_33

Download citation

DOI: https://doi.org/10.1007/978-3-030-34269-2_33
Published: 31 January 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34268-5
Online ISBN: 978-3-030-34269-2
eBook Packages: Business and ManagementBusiness and Management (R0)

Publish with us

Policies and ethics