About
Publication Information
Subscriptions
Permissions
Advertising
Journal Rankings
Best Article Award
Press Releases
Resources
Access Options
Submission Guidelines
Reviewer Guidelines
Sample Articles
Paper Calls
Contact Us
Submit & Review
Browse
Current Issue
All Issues
Featured
Latest
Topics
Videos
Cases
Subscribe
California Management Review
California Management Review is a premier academic management journal published at UC Berkeley
Search
Article Information
Governing Information Technology Risk
Parent, Michael , and Blaize Horner Reich
51
/
3
(
Spring
2009
):
134
-
152
Regulatory changes have affected the composition, role, and responsibilities of Boards of Directors worldwide. While stronger frameworks for directors’ fiduciary responsibilities have resulted, considerably less attention has been devoted to understanding the nature of, and concomitant duty-of-care towards, the information systems and technology assets in the organization, or IT Governance. As a result, Boards have not demonstrated the competence or attention that good IT governance demands. IT Governance takes two forms: a defensive form, IT Risk Governance, that seeks to safeguard the organization from the consequences of IT-related disasters; and a strategic form, IT Value Governance, which creates lasting shareholder value. This article focuses on IT Risk Governance. Based on an academic and trade literature review, and interviews with Board members from six international firms, it presents a model, the IT Risk Governance Chain, and a dashboard that outlines the critical areas of IT risk and the key questions directors should ask to properly safeguard the information and technology assets of their firms.