IT risk management disclosure in the integrated reports of the Top 40 listed companies on the JSE Limited
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
The impact of IT risk on external audit reports
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
The importance of project risk management process in Information Technology projects
- Authors: Mtshali, Sophie Nomusa
- Date: 2018
- Subjects: Project management , Risk management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/272610 , uj:29028
- Description: M.Com. (Business Management) , Abstract: Risk management has increasingly become a crucial aspect of project success in the Information Technology industry. Risks are no longer seen from the narrow perspective of physical harm; but the narrative has evolved to include unforeseen circumstances and effects on all stakeholders and planned outputs of the project. In financial terms, it was reported that 13.8 billion SA Rands were lost to failed projects in 2011. In light of the aforementioned, this research focuses on Project Risk Management (PRM) and how it can help reduce and better manage risks inherent in all project works. Since it is expected that effective project risk management (PRM) seeks to minimize the risks inherent to projects in order for the project manager to make better-informed decisions, which will contribute to overall project success, this research asks the fundamental question: ‘is there any positive relationship between PRM and project success in the IT industry?’ To answer the research question, this study takes a pragmatic approach using the quantitative method of data collection. Surveys were distributed among 100 project managers and coordinators within the IT environment in South Africa, 65 valid responses were received. Descriptive analysis was conducted on the findings and the results are presented in themes according to the objectives of the study. One of the research conclusion is that the most significant factors limiting the use of PRM methodologies with the respondents is not organisational culture as expected, rather ‘lack of subject matter expertise in project management’ on the part of the project managers. It was ultimately concluded that there is a strong relationship between PRM and project success. If risks can be reduced in a project, the chances of success increases. Lastly, it was seen that within the scope of the research, PRM has a positive impact with project being completed on schedule (or earlier) and within or below budget. The research is however not without its own inherent limitations; one of which is the fact that the study is a once-off experience and cannot envisage changes in the IT project success while using different project management strategies. A longitudinal study would have helped prevent against this.
- Full Text: