Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.668142
Title: The management of risk awareness in relation to information technology (MERIT)
Author: Bin Ishaq Alseiari, Khalid
ISNI:       0000 0004 5365 5369
Awarding Body: University of Gloucestershire
Current Institution: University of Gloucestershire
Date of Award: 2015
Availability of Full Text:
Access through EThOS:
Access through Institution:
Abstract:
Current business environments are characterised by a wide range of factors and issues which combine to create an unprecedented level of uncertainty and exposure to risks in IT management and all areas of strategic and operational activities. However IT risk awareness presents both a problem and an opportunity to achieve effective IT risk management. This context creates an imperative for conceptualising risk awareness to account for the intensity, diversity and complexity of IT risks ensuring a heightened level of awareness. The central focus of this study is founded on the premise that IT risk awareness among individuals in all levels of the organisation is critical and involves consideration of human and social factors. The research aimed to evaluate current practice in IT risk awareness in police forces and explore what police forces in the UAE can learn from the best practices of other UAE public and private enterprises. The study further aimed to develop a new holistic conceptual model of IT risk awareness supporting IT risk management. Quantitative and qualitative data was collected to achieve the research objectives utilising three main techniques of structured survey, a Delphi method and in-depth interviews. The findings underline that IT risk awareness is not being maximised or embedded in UAE organisations and there is a lack of formalisation of risk management processes. Although the ADP particularly demonstrated these weaknesses this was also reflected to a lesser extent in other UAE organisations. The results show that a diverse level of knowledge in relation to risk awareness and management is evidenced and detailed knowledge of risk management was weak in addition to low awareness of policies and guidelines. Moreover IT risk awareness and management was perceived as solely the domain of IT departments and not as a collective responsibility. A further key finding is validation of all five components of Governance, Compliance, Enterprise, IT GRC and Risk management within the MERIT IT systems risk awareness model, affirming that it is appropriate and important to examine risk awareness in relation to these elements. Model components were further found to be iterative and interdependent and findings highlighted the critical role of governance in facilitating risk awareness and other elements in the model. Finally, risk awareness is found to be critically underpinned and influenced by a complex range of different elements involving cognitive, social, cultural, emotional and psychological aspects in addition to the extent to which people understand a range of different types of risk. The MERIT model provides significant opportunity to identify, assess and address these elements.
Supervisor: Hapeshi, Kevin ; Wakeling, David Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.668142  DOI: Not available
Keywords: HD61 Risk in industry. Risk management ; QA75 Electronic computers. Computer science
Share: