Change search
ReferencesLink to record
Permanent link

Direct link
IS/IT Risk Assessment in the Implementation of a Business Continuity Plan: An integrated approach based on Enterprise Risk Management and Governance of Enterprise IT
Jönköping University, Jönköping International Business School, JIBS, Business Informatics. (MSc. IT, Management and Innovation 2013-2015)
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Business continuity is an area of research that ensure continuity of enterprise operations. Business continuity requires knowledge and input from business and IT leaders to assess and manage risks associated with critical business processes to develop a plan that can allow the organization to resume operations. Organizations that have a holistic enterprise risk management approach can better manage business and technology risks. The increasing dependency on technological resources asserts the need to assess business and technology risks to develop business continuity. Nevertheless, governance and enterprise leaders find difficult to determine the scope and impact of risks associated with enterprise operations. In organizational contexts, business continuity planning is perceived as an element of contingency instead of an opportunity for improvement. In addition, there is a lack of academic literature related to the organizational implementation of a business continuity plan. For this reason, there is a need to merge enterprise risk management and governance of enterprise IT views to provide an integrated perspective of business and technological risk in the im-plementation of a business continuity plan.The objective of the study relies on assessing how the implementation of a business continuity plan is conducted, together with its challenges and benefits, to provide insights on the elements that facilitates a business continuity plan implementation. The study focuses on the preparation phase of a business continuity plan, where enterprise risks are identified, evalu-ated and mitigated. The study results are based on a case study performed at a multination retail and manufacturing enterprise in Spain. The results indicates that awareness from the higher governance body and senior management on the dependency that enterprises have developed on IS/IT key resources is a factor that influence how risk management and technology risk is perceived in organizations. This influence how the higher governance body views the need to implement enterprise risk management, governance of enterprise IT and business continuity initiatives. Likewise, the elements facilitating a business continuity imple-mentation are associated with the sponsorship and leadership from organizational actors, the involvement of an external organizational agent that can bring expertise and methodology related to business continuity planning, identification of enterprise critical areas and processes and the creation of business and IT risk scenarios to depict threats to the organization operations and processes. This internal reflection brings challenges and benefits to the or-ganization and both are addressed in the study.The study concludes with the presentation of two high level frameworks that can aid enter-prise leaders to visualize and understand the influence that enterprise risk management and governance of enterprise IT has on the implementation of a business continuity plan and the underlying elements that facilitate a business continuity plan implementation in organizations.

Place, publisher, year, edition, pages
2015. , 87 p.
Keyword [en]
Enterprise Risk Management, Governance of Enterprise IT, Business Continuity Plan, Risk Assessment, IS Risk, IT Risk.
National Category
Information Systems, Social aspects
URN: urn:nbn:se:hj:diva-27618ISRN: JU-IHH-IKA-2-20150012OAI: diva2:842709
Subject / course
IHH, Informatics
2015-05-27, B3051, Gjuterigatan 5, Jonkoping, 13:00 (English)
Available from: 2015-07-22 Created: 2015-07-21 Last updated: 2015-07-22Bibliographically approved

Open Access in DiVA

Cristina Hidalgo JIBS Informatics Master Thesis 2015(1732 kB)349 downloads
File information
File name FULLTEXT01.pdfFile size 1732 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hidalgo Valdez, Cristina Cecilia
By organisation
JIBS, Business Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 349 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 484 hits
ReferencesLink to record
Permanent link

Direct link