Abstract
M.Com.
Information Technology (hereafter IT) is an ever changing discipline and has dramatically changed the way in which businesses operate today. The IT systems that organisations use within their business operations give rise to IT risks that can affect the organisation. Because of these IT risks, organisations now have to make certain that IT is incorporated into the risk management process within an organisation to ensure that there are mitigation strategies in place to mitigate these risks. Organisations should fully understand the role that IT will play in the risk management process to make sure the benefits linked to incorporating IT into this process are enjoyed.
The study investigated the role of IT in the risk management process of businesses in South Africa by conducting a comprehensive literature study on the risk management process of businesses and establishing how IT is incorporated into the organisations risk management process. The literature study focused on the type of IT risks and threats affecting organisations, the principles of IT governance and the governance of risk in terms of the King III Code on Corporate Governance. The literature study was performed by researching and reading relevant sources to obtain evidence on risk, IT and risk management to support the objectives of the study. The study used content analysis to comprise an empirical study on the Top 40 Johannesburg Securities Exchange (hereafter JSE) listed companies' integrated reports. The content analysis specifically focused on the disclosure of IT in the risk management process. The content analysis was performed by using a control sheet that contained specific questions regarding what the company had disclosed regarding IT, risks and risk management.
The study found that the companies are mitigating IT related risks and have included IT into the risk management process. The results also found that the awareness around IT risks might be industry driven, as companies operating in an IT driven industry are more likely to be exposed to IT risk than non-industrial companies are. The integrated reports disclosed that the governance of risk and IT governance are two principles that the majority of the companies take seriously and are therefore implementing.