Abstract
Information Technology is a dynamic and constantly evolving field which has
dramatically changed the way in which businesses operate. Organisations now have
to ensure that information technology is incorporated into their risk management
processes and the strategies to mitigate those risks.
This study investigated the role of information technology in risk management
processes, focusing on the type of information technology risks and threats that affect
organisations. An empirical study of the integrated reports of the top 40 companies
listed on the Johannesburg Securities Exchange was conducted to investigate the
information technology risk management disclosure practices. The study was
completed in 2016, before the King IV Code of Corporate Governance for South Africa
became effective and accordingly, focused only on the King III principles of information
technology governance and risk management.
The study found that companies are mitigating information technology risks and have
included information technology into their risk management processes. The results
also revealed that awareness of information technology risk may be industry-driven,
as companies operating in information technology environments were more likely to
be exposed to information technology risk.