2-s2.0-84871174044

[vc_empty_space][vc_empty_space]

[vc_row][vc_column][vc_row_inner][vc_column_inner][vc_separator css=”.vc_custom_1624529070653{padding-top: 30px !important;padding-bottom: 30px !important;}”][/vc_column_inner][/vc_row_inner][vc_row_inner layout=”boxed”][vc_column_inner width=”3/4″ css=”.vc_custom_1624695412187{border-right-width: 1px !important;border-right-color: #dddddd !important;border-right-style: solid !important;border-radius: 1px !important;}”][vc_empty_space][megatron_heading title=”Abstract” size=”size-sm” text_align=”text-left”][vc_column_text]Utilization of Information Technology (IT) in an enterprise, in addition to achieve benefit from the implementation of IT should come along with the risks (Information Technology Risk) that may affect the achievement of corporate goals. IT risk management will always involving the company’s overall risk management for IT risk will impact enterprise itself, thus a framework is required as a tool to integrate the IT risks with ERM. This paper present a case study research on IT risk management framework based on ISO 31000. The research methodology used in this study is Design Science Research Methodology (DSRM). The designed architecture includes three components, they are the principles of IT risk management, risk identification and analysis of IT. The method used to examine the framework was a Focus Group Methodology while sampling technique that used was purposive sampling. The Focus Group Discussion (FGD), conducted based on expert judgment in the PT. Telekomunikasi Indonesia, Tbk. The examination of IT risk management framework resulting in accordance with the needs of companies that engaged in the telecommunications industry and has been integrating IT risk with ERM. In this case the company need is a security related financial statements to support compliance with Sarbanes-Oxley Act agreement (SOA). The main thing in the development of IT risk management framework is the presence of internal control as a key role in the Enterprise Risk Management. © 2012 IEEE.[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Author keywords” size=”size-sm” text_align=”text-left”][vc_column_text]Case study research,Enterprise risk management,ERM,Expert judgment,Financial statements,FMEA,Focus group methodology,Focus groups,Indonesia,Information technology risks,Internal controls,IS design,ISO 31000:2009,Main thing,Research methodologies,Risk Identification,Risk management framework,Sampling technique,Sarbanes-Oxley Act,SOA Section 404,Telecommunications industry,Three component[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Indexed keywords” size=”size-sm” text_align=”text-left”][vc_column_text]ERM,FMEA,ISO 31000:2009,IT Risk,SOA Section 404[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Funding details” size=”size-sm” text_align=”text-left”][vc_column_text][/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”DOI” size=”size-sm” text_align=”text-left”][vc_column_text]https://doi.org/10.1109/ICSEngT.2012.6339352[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/4″][vc_column_text]Widget Plumx[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row][vc_column][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][/vc_column][/vc_row]