Simplified IT Risk Management Maturity Audit System based on “COBIT 5 for Risk”

Berrada, Hasnaa; Boutahar, Jaouad; Houssaïni, Souhaïl El Ghazi El

doi:10.14569/ijacsa.2021.0120875

Cited by 7 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For further information about the proposed approach please refer to the article cited in the study of Berrada et al [19].…”

Section: Figurementioning

confidence: 99%

“…Research works are in progress to contribute in filling this gap and propose a holistic system to ITRM maturity audit. Actually, we have already published an article, cited in the study of Berrada et al [19], that describes a methodological approach to audit the maturity of ITRM. In the continuity of these research works, we propose, in this article, to present an operational tool to audit the maturity of ITRM.…”

Section: Introductionmentioning

confidence: 99%

“…In the continuity of these research works, we propose, in this article, to present an operational tool to audit the maturity of ITRM. The tool was developed based on an integrated methodological approach to audit the ripeness of ITRM previously detailed in another article [19].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

MART 23: A Tool to Audit Information Technology Risk Management Maturity

Berrada,

Boutahar,

El Houssaïni

2024

IJSSE

View full text Add to dashboard Cite

In recent years and due to different crises (financial crises, epidemic crises, politic crise), organizations have turned their attention to searching best practices in order to better manage inherent risks. Actually, every organization is now obliged to take risks so as to grow and even to survive. Under these conditions, it is vital to correctly manage potential risks to the business, otherwise, if these risks occur, organizations may not be able to reach their objectives. From another side, all businesses rely on information technology so its related risks should be well managed. Consequently, and to audit the maturity of information technology risk management (ITRM), we developed a system named MART 23, built on using best practices of COBIT 5. In fact, COBIT 5 like other standards presents some guidelines for risk management / information technology risk management, but none of them offer an operational approach and tool for auditing, assessing and improving ITRM maturity in organizations. In the following article, the MART 23 system is presented to audit ITRM maturity, through UML design and some layouts.

show abstract

“…For further information about the proposed approach please refer to the article cited in the study of Berrada et al [19].…”

Section: Figurementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MART 23: A Tool to Audit Information Technology Risk Management Maturity

Berrada,

Boutahar,

El Houssaïni

2024

IJSSE

View full text Add to dashboard Cite

show abstract

“…This research contributes to the field of ITRM by proposing an integrated approach and comprehensive system. Previously, in 2021, a methodological framework and system were detailed for auditing the maturity of ITRM practices within organizations [24]. Building on this foundation, the current article introduces a roadmap and corresponding system designed for the implementation of ITRM.…”

Section: Introductionmentioning

confidence: 99%

Roadmap and Information System to Implement Information Technology Risk Management

Berrada,

Boutahar,

El Ghazi El Houssaïni

2023

IJSSE

View full text Add to dashboard Cite

In the pursuit of strategic and economic goals, risk management has become indispensable for organizations. Information technologies hold a central position in organizational operations, necessitating adaptable information systems that can effectively navigate associated risks. While numerous standards and frameworks are dedicated to Enterprise Risk Management (ERM), Information Technology Risk Management (ITRM) is addressed less frequently. Within this domain, COBIT 5 emerges as a notable guide, offering audit and governance principles tailored to ITRM. Nevertheless, COBIT 5, alongside other benchmarks, is observed to lack comprehensive, structured guidelines that support an integrated approach. This paper introduces a proposed roadmap and its supporting information system, drawing upon the foundations laid by ISO 31000, COSO ERM, and COBIT 5. The roadmap is designed to address the dearth of detailed frameworks in ITRM, presenting a holistic strategy that elucidates and simplifies the sequential steps and expected deliverables. The principal aim is to provide a structured methodology for the implementation of ITRM in organizations. Looking to the future, the potential application of Artificial Intelligence (AI) to further automate and refine this approach represents an intriguing avenue for research and development. The roadmap thus sets the stage for a transformative leap in ITRM, promising enhanced efficacy and strategic alignment.

show abstract

“…To address the identified limitations in existing ITRM research, ongoing work by Berrada et al (2021) aims to develop a holistic and simplified framework for ITRM. This work, encompassing publications such as Simplified IT Risk Management Maturity Audit System Based on COBIT 5 for Risk, RITM 23: A System to an IT Risk Management Implementation (Berrada et al, 2023), and Roadmap and System to Implement Information Technology Risk Management: RITM 23 (process of publication in progress, focuses on a novel approach called RITM 23.…”

Section: Introductionmentioning

confidence: 99%

Implementing Information Technology Risk Management: A Case Study in the African Airline Industry

Berrada,

El Ghazi El Houssaïni,

Boutahar

2023

JOTE

View full text Add to dashboard Cite

Recent financial scandals and crises have underscored the criticality of robust risk management practices, particularly in the realm of information technology (IT). This study explores the implementation of an Information Technology Risk Management (ITRM) system within an African airline, utilizing the RITM 23 methodological approach. RITM 23, a comprehensive framework, integrates standards from enterprise risk management (ISO 31000 and COSO ERM) and ITRM (COBIT 5), guiding organizations through framing the project, data collection, development of the ITRM system, and its subsequent communication and monitoring. The case study demonstrates the effective implementation of the RITM 23 framework, which led to the establishment of a complete environment for ITRM, inclusive of templates, tools, procedures, and governance processes. This implementation significantly enhanced the management of IT risks, mitigating potential catastrophic outcomes associated with unmanaged IT threats in the airline sector. The study concludes with a contemplation of future advancements, particularly the integration of artificial intelligence to further streamline and automate the ITRM process. This case study not only illustrates the successful application of RITM 23 but also sets a precedent for future ITRM implementations in similar sectors.

show abstract

Simplified IT Risk Management Maturity Audit System based on “COBIT 5 for Risk”

Cited by 7 publications

References 6 publications

MART 23: A Tool to Audit Information Technology Risk Management Maturity

MART 23: A Tool to Audit Information Technology Risk Management Maturity

Roadmap and Information System to Implement Information Technology Risk Management

Implementing Information Technology Risk Management: A Case Study in the African Airline Industry

Contact Info

Product

Resources

About