Abstract
The concept of IT risk management culture is an important topic in IS research because culture helps facilitate the successful implementation/adoption of ITRM frameworks. In this paper we develop an IT risk management (IT-RM) framework based on Cameron and Quinn’s model involving four dimensions of culture. Each cultural dimension is described in terms of how they relate to the implementation of IT-RM initiatives. Our contribution is to illustrate the utility of the framework by linking the four general cultural dimensions to propose a conceptual model of IT-RM values and beliefs. By doing so we present a necessary step in developing the concept of IT-RM culture and moving frameworks such as COBIT5 towards a more comprehensive framework based on systemic empirical research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aven, T.: Risk assessment and risk management: review of recent advances on their foundation. Eur. J. Oper. Res. 253(1), 1–13 (2016)
ISACA.: COBIT 5, an ISACA Framework, Rolling Meadows (2012)
Wilkin, C.L., Chenhall, R.H.: A review of IT governance: a taxonomy to inform accounting information systems. J. Inf. Syst. 24(2), 107–146 (2010)
Wiesche, M., Schermann, M., Krcmar, H.: Understanding the enabling design of IT risk management processes. In: 36th International Conference on Information Systems, Fort Worth, TX, USA (2015)
Van Grembergen, W., De Haes, S.: Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer, N.Y., New York (2009)
Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Business Review School Press, Boston, MA (2004)
Jahner, S., Krcmar, H.: Beyond technical aspects of information security: risk culture as a success factor for IT risk management. In: Proceedings of the 11th Americas Conference on Information Systems, Omaha, NE, 11–14 Aug 2005
Darwish, S.Z.: Risk and knowledge in the context of organizational risk management. Risk 7(15) (2015)
Cameron, K., Quinn, R.: Diagnosing and Changing Organizational Culture: Based on the Competing Values Framework. Jossey-Bass, San Francisco, CA (2005)
Alhawari, S., Karadsheh, L., Talet, A.N., Mansour, E.: Knowledge-based risk management framework for information technology project. Int. J. Inf. Manag. 32(1), 50–65 (2012)
Wu, S., Straub, D., Liang, T.: How information technology, governance mechanisms and strategic alignment influence organizational performance: insights from a matched survey of business and IT managers. MIS Q. 39(2), 497–518 (2015)
Schein, E.: Organisational Culture and Leadership. Jossey-Bass (1997)
Corriss, L.: Information Security Governance: Integrating Security into the Organizational Culture. In: Workshop on Governance of Technology, Information and Policies, ACM, New York, pp. 35–41 (2010)
Rowlands, B., De Haes, S. D., Grembergen, W.V.: Exploring and developing an IT governance culture framework. In: 35th International Conference on Information Systems, Auckland, NZ (2014)
Leidner, D., Kayworth, T.: A review of culture in information systems research: toward a theory of information technology culture conflict. MIS Q. 30(2), 357–399 (2006)
Wiewiora, A., Trigunarsyah, B., Murphy, G., Coffey, V.: Organizational culture and willingness to share knowledge: a competing values perspective in Australian context. Int. J. Project Manag. 31(8), 1163–1174 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Azizi, N., Rowlands, B. (2020). Developing an IT Risk Management Culture Framework. In: Baghdadi, Y., Harfouche, A., Musso, M. (eds) ICT for an Inclusive World. Lecture Notes in Information Systems and Organisation, vol 35. Springer, Cham. https://doi.org/10.1007/978-3-030-34269-2_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-34269-2_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34268-5
Online ISBN: 978-3-030-34269-2
eBook Packages: Business and ManagementBusiness and Management (R0)