A risk mitigation model of information technology governance in selected Malaysian Universities

Information Technology (IT) Governance faces various risks such as strategic,operational and technical risks. These risks should be identified, measured and mitigated. After risks are identified, appropriate actions should be devoted to mitigate these risks. However, risk mitigation is a complicated process especially in IT Governance. It leads to difficulty in choosing and executing mitigation actions. The mitigation of risks aids practitioners to identify the cause and effect among the components of risks mitigation and it provides a suitable metric to measure these risks. In mitigating risk, accurate decision making is based on the identified and measured risks. Risk mitigation in IT Governance provides a multidisciplinary environment for proactive decision making to measure and treat potential risk continuously. However, the existing standards for risk mitigation show limitations when mitigating operational and technical risks. Besides, the existing model provides inadequate support to practitioners in making risk decision pertaining to risk mitigation especially in IT governance. This is due to the fact that existing models lacks the capabilities to support practitioners in making decision relating to risk mitigation. The mitigation risks were identified by previous researchers, academicians and practitioners use various techniques such as prioritizing, evaluating and ranking the risks. This research develops a risk mitigation model for risk mitigation of IT Governance. In order to develop the model, this research identifies the processes and operational and technical risk components in mitigating risk of IT Governance. The risk mitigation system (RMS) is developed based on proposed model using software agents and knowledge mapping. The research scope is mainly on several Malaysian universities that specifically mainly decision in risk mitigation process. Qualitative research using Case study was adopted using only interview mainly in this research. Pilot study was carried out in 2 Malaysian universities with 5 expert informants to verify the instrument and the data of risk mitigation based on IT Governance. The case study was carried out in 2 Malaysian Universities which involved 7 expert informants to verify the risk mitigation process and components derived from the literature review. The risk decisions process was verified by adopting Iterative triangulation. The risk mitigation model can assists in measuring the probabilities and impact of risks, provides risk reduction advice using risk data, provide suggestions for monitoring activities, supporting collaborative decision-making process among risk mitigation practitioners in their organisation.

Preview PDF FSKTM 2015 2RR.pdf Download (1MB) | Preview

Actions (login required)

View Item