Skip to main content
SpringerLink
Log in
Book cover

IFIP Working Conference on The Practice of Enterprise Modeling

PoEM 2020: The Practice of Enterprise Modeling pp 307–322Cite as

Integrating Risk Representation at Strategic Level for IT Service Governance: A Comprehensive Framework

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 400))

Abstract

Organizations tend to set and pursuit objectives against an environment which faces levels of uncertainty. The effect of these uncertainties on objectives can be positive (opportunity risk) or/and negative (hazard risk). With every decision made by people within a company, risks are created, modified, updated or deleted. Therefore, the way these decisions are made in terms of change management strategy as well as the information they are based on, influence how objectives are achieved and requirements fulfilled. Despite the importance of risk definition and risk taking at all organizational levels, organizations mostly consider risk at the management and operational levels. Risks nevertheless also need to be considered at the strategic (governance) level because they constitute what hampers an organization to achieve its strategy. This paper focuses on risk at the strategic level and for this purpose it enriches the Model Driven IT Governance (MoDrIGo) framework; the enriched framework allows to evaluate the alignment of business IT services with strategic objectives while balancing this alignment/support with the potential risk at governance level. All in all, the framework is applicable in broader governance scenarios. The relevance of MoDrIGo as starting point to build a risk-aware governance framework (compared to other similar methods) is mainly because of its service-orientation and its focus on software development issues. The enhanced framework thus provides a high-level risk overview that helps organizations to successfully perceive, detect and treat risks when pursuing their objectives.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Al-Ahmad, W., Mohammed, B.: A code of practice for effective information security risk management using cobit 5. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). pp. 145–151. IEEE (2015)

    Google Scholar 

  2. Asnar, Y., Giorgini, P.: Modelling risk and identifying countermeasure in organizations. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 55–66. Springer, Heidelberg (2006). https://doi.org/10.1007/11962977_5

    Chapter  Google Scholar 

  3. Band, I., Engelsman, W., Feltus, C., Paredes, S.G., Diligens, D.: Modeling enterprise risk management and security with the archimate®. Language, The Open Group (2015)

    Google Scholar 

  4. Bankewitz, M., Aberg, C., Teuchert, C.: Digitalization and boards of directors: a new era of corporate governance? Bus. Manag. Res. 5(2), 58–69 (2016)

    Article  Google Scholar 

  5. Beasley, M.S., Branson, B.C., Hancock, B.V.: Developing key risk indicators to strengthen enterprise risk management-how key risk indicators can sharpen focus on emerging risks. Research commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2010)

    Google Scholar 

  6. Bleistein, S.J., Aurum, A., Cox, K., Ray, P.K., et al.: Strategy-oriented alignment in requirements engineering: linking business strategy to requirements of e-business systems using the soare approach. J. Res. Pract. Inf. Tech. 36(4), 259 (2004)

    Google Scholar 

  7. Bleistein, S.J., Cox, K., Verner, J., Phalp, K.T.: B-scp: a requirements analysis framework for validating strategic alignment of organizational it based on strategy, context, and process. Inf. Software Technol. 48(9), 846–868 (2006)

    Article  Google Scholar 

  8. Book, U.T.O.: Management of risk principles and concepts. HM Treasury, Crown, London (2004)

    Google Scholar 

  9. Cagliano, A.C., Grimaldi, S., Rafele, C.: A systemic methodology for risk management in healthcare sector. Safety Sci. 49(5), 695–708 (2011)

    Article  Google Scholar 

  10. Charan, R.: Owning Up: The 14 Questions Every Board Member Needs to Ask. John Wiley & Sons, New Jersey (2009)

    Google Scholar 

  11. Cherbakov, L., Galambos, G., Harishankar, R., Kalyana, S., Rackham, G.: Impact of service orientation at the business level. IBM Syst. J. 44(4), 653–668 (2005)

    Article  Google Scholar 

  12. Choi, I.: When do companies need a board-level risk management committee? (2013)

    Google Scholar 

  13. Coleman, L.: Risk Strategies: Dialling Up Optimum Firm Risk. Routledge, Abingdon (2009)

    Google Scholar 

  14. Council, C.G.: Risk governance guidance for listed boards (2012)

    Google Scholar 

  15. Coyle, B.: Risk Awareness and Corporate Governance. Global Professional Publishing, London (2004)

    Google Scholar 

  16. Duncan, B., Zhao, Y., Whittington, M.: Corporate governance, risk appetite and cloud security risk: a little known paradox. how do we square the circle? In: 8th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2017). IARIA (2017)

    Google Scholar 

  17. Frigo, M.L., Anderson, R.J.: Strategic risk management: a foundation for improving erm and governance. J. Corp. Account. Finance 22(3), 81–88 (2011)

    Article  Google Scholar 

  18. Frigo, M.L., Anderson, R.J.: What is strategic risk management? Strategic Finance 92(10), 21 (2011)

    Google Scholar 

  19. Fugini, M., Ramoni, F., Raibulet, C.: Service-oriented architecture for risk management. In: 2011 11th Annual International Conference on New Technologies of Distributed Systems. pp. 1–8. IEEE (2011)

    Google Scholar 

  20. Gbadeyan, A., Butakov, S., Aghili, S.: It governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider. Ann. Telecommun. 72(5–6), 347–357 (2017)

    Article  Google Scholar 

  21. Giannoulis, C., Zdravkovic, J.: Exploring risk-awareness in i* models. In: iStar 2010-Proceedings of the 4th International i* Workshop. p. 103 (2010)

    Google Scholar 

  22. Hopkin, P.: Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. Kogan Page Publishers, London (2018)

    Google Scholar 

  23. IIA, T.: The role of internal auditing in enterprise-wide risk management (2009)

    Google Scholar 

  24. IRM, A.: Risk management standard. The Institute of Risk Management, London (2002)

    Google Scholar 

  25. Isaca: The Risk IT Framework. ISACA (2009)

    Google Scholar 

  26. ISACA: Cobit 5: for Information Security. ISACA (2012)

    Google Scholar 

  27. Kuo, M.H.: Opportunities and challenges of cloud computing to improve health care services. Journal Med. Internet Res. 13(3), e67 (2011)

    Article  Google Scholar 

  28. Mayer, N., Feltus, C.: Evaluation of the risk and security overlay of archimate to model information system security risks. In: 2017 IEEE 21st International Enterprise Distributed Object Computing Workshop (EDOCW). pp. 106–116. IEEE (2017)

    Google Scholar 

  29. Peček, B., Kovačič, A.: Methodology of monitoring key risk indicators. Economic Research-Ekonomska Istraživanja 32(1), 3485–3501 (2019)

    Article  Google Scholar 

  30. Porter, M.: Competitive Advantage: Creating and Sustaining Superior Performance, Chapter 1, pp. 3–52 (1985)

    Google Scholar 

  31. Purdy, G.: Iso 31000: 2009-setting a new standard for risk management. Risk Anal. Int. J. 30(6), 881–886 (2010)

    Article  Google Scholar 

  32. Sales, T.P., Almeida, J.P.A., Santini, S., Baião, F., Guizzardi, G.: Ontological analysis and redesign of risk modeling in archimate. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC). pp. 154–163. IEEE (2018)

    Google Scholar 

  33. Serafin, T.: Exploring strategic risk: 300 executives around the world say their view of strategic risk is changing (2013)

    Google Scholar 

  34. Sobel, P.J., Reding, K.F.: Aligning corporate governance with enterprise risk management. Manag. Account. Quart. 5(2), 29 (2004)

    Google Scholar 

  35. International Organization for Standardization: Risk Management: Principles and Guidelines. ISO, Geneva (2009)

    Google Scholar 

  36. Teoh, S.Y., Cheong, C.: Implicit enterprise risk management: an it healthcare adoption case study. In: ACIS 2008 Proceedings p. 8 (2008)

    Google Scholar 

  37. Wautelet, Y.: A model-driven it governance process based on the strategic impact evaluation of services. J. Syst. Software 149, 462–475 (2019)

    Article  Google Scholar 

  38. Wautelet, Y.: Using the rup/uml business use case model for service development governance: A business and it alignment based approach. In: 2020 IEEE 22nd Conference on Business Informatics (CBI). vol. 2, pp. 121–130. IEEE (2020)

    Google Scholar 

  39. Wautelet, Y., Kolp, M.: Business and model-driven development of bdi multi-agent systems. Neurocomputing 182, 304–321 (2016)

    Article  Google Scholar 

  40. Wautelet, Y., Kolp, M., Heng, S., Poelmans, S.: Developing a multi-agent platform supporting patient hospital stays following a socio-technical approach: management and governance benefits. Telematics Inform. 35(4), 854–882 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UCLouvain, Louvain-La-Neuve, Belgium

    Aghakhani Ghazaleh & Manuel Kolp

  2. KU Leuven, Leuven, Belgium

    Yves Wautelet

  3. HEC Liège, Université de Liège, Liège, Belgium

    Samedi Heng

Authors
  1. Aghakhani Ghazaleh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yves Wautelet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manuel Kolp
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Samedi Heng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Aghakhani Ghazaleh , Yves Wautelet , Manuel Kolp or Samedi Heng .

Editor information

Editors and Affiliations

  1. Riga Technical University, Riga, Latvia

    Jānis Grabis

  2. TU Wien, Vienna, Wien, Austria

    Dominik Bork

Rights and permissions

Reprints and permissions

Copyright information

© 2020 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ghazaleh, A., Wautelet, Y., Kolp, M., Heng, S. (2020). Integrating Risk Representation at Strategic Level for IT Service Governance: A Comprehensive Framework. In: Grabis, J., Bork, D. (eds) The Practice of Enterprise Modeling. PoEM 2020. Lecture Notes in Business Information Processing, vol 400. Springer, Cham. https://doi.org/10.1007/978-3-030-63479-7_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63479-7_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63478-0

  • Online ISBN: 978-3-030-63479-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation