Abstract
Organizations tend to set and pursuit objectives against an environment which faces levels of uncertainty. The effect of these uncertainties on objectives can be positive (opportunity risk) or/and negative (hazard risk). With every decision made by people within a company, risks are created, modified, updated or deleted. Therefore, the way these decisions are made in terms of change management strategy as well as the information they are based on, influence how objectives are achieved and requirements fulfilled. Despite the importance of risk definition and risk taking at all organizational levels, organizations mostly consider risk at the management and operational levels. Risks nevertheless also need to be considered at the strategic (governance) level because they constitute what hampers an organization to achieve its strategy. This paper focuses on risk at the strategic level and for this purpose it enriches the Model Driven IT Governance (MoDrIGo) framework; the enriched framework allows to evaluate the alignment of business IT services with strategic objectives while balancing this alignment/support with the potential risk at governance level. All in all, the framework is applicable in broader governance scenarios. The relevance of MoDrIGo as starting point to build a risk-aware governance framework (compared to other similar methods) is mainly because of its service-orientation and its focus on software development issues. The enhanced framework thus provides a high-level risk overview that helps organizations to successfully perceive, detect and treat risks when pursuing their objectives.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Al-Ahmad, W., Mohammed, B.: A code of practice for effective information security risk management using cobit 5. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). pp. 145–151. IEEE (2015)
Asnar, Y., Giorgini, P.: Modelling risk and identifying countermeasure in organizations. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 55–66. Springer, Heidelberg (2006). https://doi.org/10.1007/11962977_5
Band, I., Engelsman, W., Feltus, C., Paredes, S.G., Diligens, D.: Modeling enterprise risk management and security with the archimate®. Language, The Open Group (2015)
Bankewitz, M., Aberg, C., Teuchert, C.: Digitalization and boards of directors: a new era of corporate governance? Bus. Manag. Res. 5(2), 58–69 (2016)
Beasley, M.S., Branson, B.C., Hancock, B.V.: Developing key risk indicators to strengthen enterprise risk management-how key risk indicators can sharpen focus on emerging risks. Research commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2010)
Bleistein, S.J., Aurum, A., Cox, K., Ray, P.K., et al.: Strategy-oriented alignment in requirements engineering: linking business strategy to requirements of e-business systems using the soare approach. J. Res. Pract. Inf. Tech. 36(4), 259 (2004)
Bleistein, S.J., Cox, K., Verner, J., Phalp, K.T.: B-scp: a requirements analysis framework for validating strategic alignment of organizational it based on strategy, context, and process. Inf. Software Technol. 48(9), 846–868 (2006)
Book, U.T.O.: Management of risk principles and concepts. HM Treasury, Crown, London (2004)
Cagliano, A.C., Grimaldi, S., Rafele, C.: A systemic methodology for risk management in healthcare sector. Safety Sci. 49(5), 695–708 (2011)
Charan, R.: Owning Up: The 14 Questions Every Board Member Needs to Ask. John Wiley & Sons, New Jersey (2009)
Cherbakov, L., Galambos, G., Harishankar, R., Kalyana, S., Rackham, G.: Impact of service orientation at the business level. IBM Syst. J. 44(4), 653–668 (2005)
Choi, I.: When do companies need a board-level risk management committee? (2013)
Coleman, L.: Risk Strategies: Dialling Up Optimum Firm Risk. Routledge, Abingdon (2009)
Council, C.G.: Risk governance guidance for listed boards (2012)
Coyle, B.: Risk Awareness and Corporate Governance. Global Professional Publishing, London (2004)
Duncan, B., Zhao, Y., Whittington, M.: Corporate governance, risk appetite and cloud security risk: a little known paradox. how do we square the circle? In: 8th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2017). IARIA (2017)
Frigo, M.L., Anderson, R.J.: Strategic risk management: a foundation for improving erm and governance. J. Corp. Account. Finance 22(3), 81–88 (2011)
Frigo, M.L., Anderson, R.J.: What is strategic risk management? Strategic Finance 92(10), 21 (2011)
Fugini, M., Ramoni, F., Raibulet, C.: Service-oriented architecture for risk management. In: 2011 11th Annual International Conference on New Technologies of Distributed Systems. pp. 1–8. IEEE (2011)
Gbadeyan, A., Butakov, S., Aghili, S.: It governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider. Ann. Telecommun. 72(5–6), 347–357 (2017)
Giannoulis, C., Zdravkovic, J.: Exploring risk-awareness in i* models. In: iStar 2010-Proceedings of the 4th International i* Workshop. p. 103 (2010)
Hopkin, P.: Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. Kogan Page Publishers, London (2018)
IIA, T.: The role of internal auditing in enterprise-wide risk management (2009)
IRM, A.: Risk management standard. The Institute of Risk Management, London (2002)
Isaca: The Risk IT Framework. ISACA (2009)
ISACA: Cobit 5: for Information Security. ISACA (2012)
Kuo, M.H.: Opportunities and challenges of cloud computing to improve health care services. Journal Med. Internet Res. 13(3), e67 (2011)
Mayer, N., Feltus, C.: Evaluation of the risk and security overlay of archimate to model information system security risks. In: 2017 IEEE 21st International Enterprise Distributed Object Computing Workshop (EDOCW). pp. 106–116. IEEE (2017)
Peček, B., Kovačič, A.: Methodology of monitoring key risk indicators. Economic Research-Ekonomska Istraživanja 32(1), 3485–3501 (2019)
Porter, M.: Competitive Advantage: Creating and Sustaining Superior Performance, Chapter 1, pp. 3–52 (1985)
Purdy, G.: Iso 31000: 2009-setting a new standard for risk management. Risk Anal. Int. J. 30(6), 881–886 (2010)
Sales, T.P., Almeida, J.P.A., Santini, S., Baião, F., Guizzardi, G.: Ontological analysis and redesign of risk modeling in archimate. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC). pp. 154–163. IEEE (2018)
Serafin, T.: Exploring strategic risk: 300 executives around the world say their view of strategic risk is changing (2013)
Sobel, P.J., Reding, K.F.: Aligning corporate governance with enterprise risk management. Manag. Account. Quart. 5(2), 29 (2004)
International Organization for Standardization: Risk Management: Principles and Guidelines. ISO, Geneva (2009)
Teoh, S.Y., Cheong, C.: Implicit enterprise risk management: an it healthcare adoption case study. In: ACIS 2008 Proceedings p. 8 (2008)
Wautelet, Y.: A model-driven it governance process based on the strategic impact evaluation of services. J. Syst. Software 149, 462–475 (2019)
Wautelet, Y.: Using the rup/uml business use case model for service development governance: A business and it alignment based approach. In: 2020 IEEE 22nd Conference on Business Informatics (CBI). vol. 2, pp. 121–130. IEEE (2020)
Wautelet, Y., Kolp, M.: Business and model-driven development of bdi multi-agent systems. Neurocomputing 182, 304–321 (2016)
Wautelet, Y., Kolp, M., Heng, S., Poelmans, S.: Developing a multi-agent platform supporting patient hospital stays following a socio-technical approach: management and governance benefits. Telematics Inform. 35(4), 854–882 (2018)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ghazaleh, A., Wautelet, Y., Kolp, M., Heng, S. (2020). Integrating Risk Representation at Strategic Level for IT Service Governance: A Comprehensive Framework. In: Grabis, J., Bork, D. (eds) The Practice of Enterprise Modeling. PoEM 2020. Lecture Notes in Business Information Processing, vol 400. Springer, Cham. https://doi.org/10.1007/978-3-030-63479-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-63479-7_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63478-0
Online ISBN: 978-3-030-63479-7
eBook Packages: Computer ScienceComputer Science (R0)