A risk mitigation decision framework for an information technology organizations

Information technology (IT) organizations are faced with various risks such as strategic, operational and technical risks. These risks should be identified, measured and mitigated. Risk mitigation gives an opportunity to IT practitioners and management to compute risks and develop suitable strategies to treat the risk.Risk mitigation in organizations provides a disciplinary environment for decision making to measure and treat potential risk continuously. Existing model and frameworks provides inadequate support to practitioners in making risk decision pertaining risk mitigation. This is due to the fact that existing models or frameworks lacks the capabilities to support practitioners. In order to address this challenge, this research identifies the processes and components of risk mitigation in organization’s and proposes a framework of risk decision for mitigating both technical and operational risk using software agents and knowledge mapping as techniques. Qualitative research was adopted using interview to collect data. A pilot study was carried out to validate the instrument. The case study was later carried out to verify the risk mitigation process and components. Lastly the framework was evaluated using iterative triangulation.

[1]  Rene Saint-Germain,et al.  Information Security Management Best Practice Based on ISO/IEC 17799 , 2005 .

[2]  Azween Abdullah,et al.  Trivial model for mitigation of risks in software development life cycle , 2011 .

[3]  Tai-Myung Chung,et al.  Qualitative Method-Based the Effective Risk Mitigation Method in the Risk Management , 2006, ICCSA.

[4]  Stuart Robbins,et al.  THE GOVERNANCE , 2021, Research Handbook on Sports and Society.

[5]  Mingwei Zhou,et al.  IRMAS – development of a risk management tool for collaborative multi‐site, multi‐partner new product development projects , 2007 .

[6]  M. Giannakis,et al.  A multi-agent based framework for supply chain risk management , 2011 .

[7]  Marianne W. Lewis Iterative triangulation: a theory development process using existing case studies , 1998 .

[8]  Pratim Datta,et al.  Software and human agents in Knowledge Codification , 2010 .

[9]  Cezar Vasilescu EFFECTIVE STRATEGIC DECISION MAKING , 2011 .

[10]  Noraini Che Pa,et al.  A review on risk mitigation of IT governance , 2015 .

[11]  Adrian Tantau,et al.  A risk mitigation model in SME’s open innovation projects , 2013 .

[12]  Imed Boughzala,et al.  Critical knowledge map as a decision tool for knowledge transfer actions , 2006 .

[13]  Shahida Sulaiman,et al.  Project Management Using Risk Identification Architecture Pattern (RIAP) Model: A Case Study on a Web-Based Application , 2009, 2009 16th Asia-Pacific Software Engineering Conference.

[14]  Xin Yue,et al.  An architecture of knowledge management system based on agent and ontology , 2008 .

[15]  Noraini Che Pa,et al.  A review on decision making of risk mitigation for software management , 2015 .

[16]  John Dhlamini,et al.  Intelligent risk management tools for software development , 2009 .

[17]  Charles Egbu,et al.  Knowledge mapping : concepts and benefits for a sustainable urban environment , 2004 .

[18]  Dr.Sc. Mihane Berisha Namani,et al.  Improving Decision Making with Information Systems Technology – A Theoretical Approach , 2013 .

[19]  J. Lainhart,et al.  Why IT Governance Is a Top Management Issue , 2000 .

[20]  Noraini Che Pa,et al.  Measuring communication gap in software requirements elicitation process , 2009, ICSE 2009.

[21]  Ddembe Williams,et al.  Towards a Model of Decision-Making for Systems Requirements Engineering Process Management , 2022 .

[22]  Siew Hock Ow,et al.  An Innovative Model for Optimizing Software Risk Mitigation Plan: A Case Study , 2012, 2012 Sixth Asia Modelling Symposium.

[23]  Mingwei Zhou,et al.  An approach to rapid prototyping for a web-based risk management system , 2009 .

[24]  Noraini Che Pa,et al.  Proposing a model on risk mitigation in IT governance , 2015 .

[25]  Huan-Ming Chuang,et al.  A Study on Applying Mind Mapping to Build a Knowledge Map of the Project Risk Management of Research and Development , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[26]  Pravin Bendre,et al.  Management Information System , 2017 .

[27]  C. Obara,et al.  Management Information Systems And Corporate Decision- Making: A Literature Review , 2013 .

[28]  L. Whitman,et al.  Methodology to mitigate supplier risk in an aerospace supply chain , 2004 .

[29]  Shan Liu,et al.  Evaluating and Mitigating Information Systems Development Risk through Balanced Score Card , 2009, 2009 International Symposium on Information Engineering and Electronic Commerce.

[30]  Siew Hock Ow A Novel Model for Software Risk Mitigation Plan to Improve the Fault Tolerance Process (ISI-Indexed Proceedings) , 2012 .