Enterprise Risks, Rewards, and Regulation
Journal of Applied Business Research, 28(4), 563-580 (2012)
Posted: 15 Oct 2014
Date Written: 2012
Abstract
Risk management is critical to the success of contemporary firms and while new technologies present opportunities for innovation and growth, they present new risks. Risk management of information systems and technology (IS/IT) is particularly critical because firms in almost all sectors of the economy are so dependent on it. We explore firms' response to IS/IT risk management by analyzing their SEC-mandated regulation S-K risk disclosures. We find a lower than expected incidence of risk disclosures related to IS/IT and surmise that this result may be symptomatic of tension between firms' need to comply and their need to appear to comply with the regulation, while at the same time presenting data that are valid, but which do not jeopardize potential investment. We explore three propositions related to IS/IT risk disclosures and discuss implications for research and practice.
Keywords: ERM, Risk Management, Rewards, Regulation, IT
Suggested Citation: Suggested Citation