Risk Management Framework That Meets the Implementation Challenges in IT-Centric Micro and Small Companies

Risk Management Framework That Meets the Implementation Challenges in IT-Centric Micro and Small Companies

Jasmina Trajkovski, Ljupcho Antovski
DOI: 10.4018/jhcitp.2013040102
(Individual Articles)
No Current Special Offers


This paper presents an overview of the proposed risk management framework and how it is designed to meet the challenges usually faced by IT-centric micro and small companies when implementing risk management. The issues and challenges identified for the IT-centric micro and small companies are centered around the exposure to various risks and necessity to have a risk management approach which covers these various risks, as well as to limited resources for risk management and necessity for usable and comprehensive framework. The new framework is based on the analysis of the best practices in risk management concepts as well as direct experience from dealing with over 20 companies in South-east Europe. The segments covered by the framework include people, policy, methodology and process, and tools.
Article Preview

2. Overview Of Risk And Risk Management Frameworks And Standards

Gerber in the publication “Management of risk in the information age” (Gerber & von Solms, 2005) explains various aspects of risks and risk management. From the article, one can conclude that the main concepts of risks management can be divided into 2 groups: (i) definition of risk, types of risks and risk management, and (ii) risk management frameworks and standards.

Based on the International standard for Risk Management – ISO31000, risk is defined as: “effect of uncertainty on objectives”(ISO, 2009), where the uncertainties include events (which may or not happen) and uncertainties caused by ambiguity or a lack of information, while the objectives can have different aspects (health and safety, financial, IT, environmental) and can apply at different levels (such as strategic, organizational, project, process). It also includes both negative and positive impacts on objectives. The risk is often expresses as a combination of the consequences of an event and the associated likelihood of occurrence. As we discuss risks management frameworks for IT-centric micro and small companies, the main focus is on the organizational risks. There are various types of organizational risks such as program management risk, investment risk, budgetary risk, legal liability risk, safety risk, inventory risk, supply chain risk, and security risk. (NIST, 2011)

For the needs of the management of the IT-centric micro and small companies, all these risks could not be approached independently, and an integrated approach is necessary. This approach should be focused on the main drivers in the company, like the continual operations thru IT operation and known business processes so that the employees can understand what they should do. The reliance on IT as well puts the information security risks among the top as well. For the purposes of the research questions, we make the assumption that the management of these IT-centric micro and small companies deals with the legal and financial risks intuitively, and that they are not necessary to be included in the integrated risk management framework and approach of the company.

Complete Article List

Search this Journal:
Volume 14: 1 Issue (2023): Forthcoming, Available for Pre-Order
Volume 13: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 12: 4 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing