The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector
Information system (IS) risk management is an important area of study in the banking sector. Banks are service-oriented businesses that deal with the multitudes of customers and other stakeholders’ information on a daily basis. This information is, however, subjected to a number of uncertainty, th...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | eng eng |
| Published: |
2015
|
| Subjects: | |
| Online Access: | https://etd.uum.edu.my/5583/1/s817479_01.pdf https://etd.uum.edu.my/5583/2/s817479_02.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-uum-etd.5583 |
|---|---|
| record_format |
uketd_dc |
| institution |
Universiti Utara Malaysia |
| collection |
UUM ETD |
| language |
eng eng |
| advisor |
Hassan, Haslinda |
| topic |
HD61 Risk Management |
| spellingShingle |
HD61 Risk Management Fasilat, Sanusi The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector |
| description |
Information system (IS) risk management is an important area of study in the banking sector.
Banks are service-oriented businesses that deal with the multitudes of customers and other
stakeholders’ information on a daily basis. This information is, however, subjected to a number of uncertainty, threat, and risk. Hence, IS risk management implementation becomes a necessity. The objectives of this study are to identify the critical success factors for IS risk management implementation and to examine the effect of IS risk management implementation on bank performance. The critical success factors for IS risk management implementation covers both internal (i.e., top management commitment and support, organization structure, organization culture, trust, strategy, and resources) and external (i.e., competitive pressure) factors. Survey questionnaire is employed for data collection. The respondents involve 30 senior managers of the Nigerian banks. SPSS is used for data analysis. The findings show that top management commitment and
support, organization structure, and resources significantly influence IS risk management
implementation. Organization culture, trust, strategy, and competitive pressure, however, do not influence the IS risk management implementation. In addition, IS risk management
implementation influences bank performance. The study’s findings contribute to the body of
literature on the critical success factors for IS risk management implementation in the banking
sector |
| format |
Thesis |
| qualification_name |
masters |
| qualification_level |
Master's degree |
| author |
Fasilat, Sanusi |
| author_facet |
Fasilat, Sanusi |
| author_sort |
Fasilat, Sanusi |
| title |
The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector |
| title_short |
The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector |
| title_full |
The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector |
| title_fullStr |
The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector |
| title_full_unstemmed |
The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector |
| title_sort |
critical success factors for information system (is) risk management implementation in the nigerian banking sector |
| granting_institution |
Universiti Utara Malaysia |
| granting_department |
Othman Yeop Abdullah Graduate School of Business |
| publishDate |
2015 |
| url |
https://etd.uum.edu.my/5583/1/s817479_01.pdf https://etd.uum.edu.my/5583/2/s817479_02.pdf |
| _version_ |
1747827954860163072 |
| spelling |
my-uum-etd.55832021-03-18T06:56:07Z The critical success factors for information system (IS) risk management implementation in the Nigerian banking sector 2015 Fasilat, Sanusi Hassan, Haslinda Othman Yeop Abdullah Graduate School of Business Othman Yeop Abdullah Graduate School of Business HD61 Risk Management Information system (IS) risk management is an important area of study in the banking sector. Banks are service-oriented businesses that deal with the multitudes of customers and other stakeholders’ information on a daily basis. This information is, however, subjected to a number of uncertainty, threat, and risk. Hence, IS risk management implementation becomes a necessity. The objectives of this study are to identify the critical success factors for IS risk management implementation and to examine the effect of IS risk management implementation on bank performance. The critical success factors for IS risk management implementation covers both internal (i.e., top management commitment and support, organization structure, organization culture, trust, strategy, and resources) and external (i.e., competitive pressure) factors. Survey questionnaire is employed for data collection. The respondents involve 30 senior managers of the Nigerian banks. SPSS is used for data analysis. The findings show that top management commitment and support, organization structure, and resources significantly influence IS risk management implementation. Organization culture, trust, strategy, and competitive pressure, however, do not influence the IS risk management implementation. In addition, IS risk management implementation influences bank performance. The study’s findings contribute to the body of literature on the critical success factors for IS risk management implementation in the banking sector 2015 Thesis https://etd.uum.edu.my/5583/ https://etd.uum.edu.my/5583/1/s817479_01.pdf text eng public https://etd.uum.edu.my/5583/2/s817479_02.pdf text eng public masters masters Universiti Utara Malaysia Abideen, Z. U., & Saleem, S. (2011). Effective advertising and its influence on consumer buying behavior. European Journal of Business and Management, 3(3), 55-65. Abotsi, A. K., Dake, G. Y., & Agyepong, R. A. (2014). Factors Influencing Risk Management Decision of Small and Medium Scale Enterprises in Ghana. Contemporary Economics, 8(4), 397-414. Abushaiba, I.A. & Zainuddin, Y. (2012). Performance measurement system design, competitive capability, and performances - A conceptual like. International Journal of International Journal of Business and Social Science, 3(11), 184-193. Acharyya, M., & Johnson, J. E. V. (2006). Investigating the development of enterprise risk management in the insurance industry: an empirical study on four major European insurers. The Geneva Papers on Risk and Insurance: Issues and Practice, 55-80. Ahmad, N. H., & Ahmad, S. N. (2004). Key factors influencing credit risk of Islamic bank: A Malaysian case. The Journal of Muamalat and Islamic Finance Research, 1(1), 65-80. Ahmed, A. (2009). Liquidity risk and performance of banking system Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology, Islamabad, Pakistan. Al-Tamimi, H. A., & Al-Mazrooei, F. (2007). Banks' risk management: a comparison study of UAE national and foreign banks. The Journal of Risk Finance, 8(4), 394-409. Al-Wohaibi, M. A., Masoud, F. A., & Edwards, H. M. (2004). Fundamental risk factors in deploying IT/IS Projects in Omani government organisations. Advanced Topics in Global Information Management, 3, 179. Avison, D., & Torkzadeh, G. (2009). Information systems project management. New York: Sage Publications, Inc. Augustine, I. E., Ajayi, J. R., Ade, B. A., & Adakole, A. (2013). Assessment of Risk Management Practices in Nigerian Construction Industry: Toward Establishing Risk Management Index. Int. J. Pure Appl. Sci. Technol, 16(2), 20-31. Baba, Deros, M., Mohd Yusof, S. R., Azhari, & Salleh, M. (2006). A benchmarking implementation framework for automotive manufacturing SMEs. Benchmarking: An International Journal, 13(4), 396-430. Belassi, W., & Tukel, O. I. (1996). A new framework for determining critical success/failure factors in projects. International Journal of Project Management, 14(3), 141-151. Bennett, R., & Gabriel, H. (1999). Organisational factors and knowledge management within large marketing departments: an empirical study. Journal of knowledge management, 3(3), 212-225. Biehl, M. (2007). Success factors for implementing global information systems. Communications of the ACM, 50(1), 52-58. Butt, H. A., Nazir, M. S., & Daniel, A. (2012). Are Foreign Banks more Vigilant than Domestic Banks Regarding Risk Management?. American Journal of Scientific Research, (83), 109-117. Carey, A. (2001). Effective risk management in financial institutions: The Turnbull approach. Chenhall, R. H. (2003). Management control systems design within its organizational context: findings from contingency-based research and directions for the future. Accounting, organizations and society, 28(2), 127-168. COSO. (2004). Enterprise risk management –Integrated framework (AICPA, Trans.). New York, NY: Committee of Sponsoring Organizations of the Tread way Commission. Courson, W. M. (2008). Liability-driven investing: an enterprise risk management strategy. Healthcare financial management: Journal of the Healthcare Financial Management Association, 62(8), 58-62. Dada, J. O., & Jagboro, G. O. (2007). An evaluation of the impact of risk on project cost overrun in the Nigerian construction industry. Journal of Financial Management of Property and Construction, 12(1), 37-44. Dameri, R. P. (2008). Using an enterprise information management system to enhance IT compliance and information value. In Proceedings of the 2nd European Conference on Information Management and Evaluation (pp. 111-121). Academic Conferences Limited. DeLoach, J. (2004). The new risk imperative-an enterprise-wide approach. Handbook of business strategy, 5(1), 29-34. Dembo, R.S., & Freeman, A. (1998). Seeing tomorrow: Rewriting the rules of risk. John Wiley and Sons, INC: New York. Didraga, O. (2013). The Role and the Effects of Risk Management in IT Projects Success. Informatica Economica, 17(1), 86-98. Dong, L. (2001). Modeling top management influence on ES implementation. Business Process Management Journal, 7(3), 243-250. EIU. (2002). Managing risk in perilous times: Practical steps to accelerate recovery. Written by the Economist Intelligence Unit and Sponsored by ACE, Kpmg, SAP and Towers Perrin, Retrieved form: http://www.aceeuropeangroup versionofmanagementrisk.pdf. Ernst & Young. (2008). Moving beyond compliance. Global Information Security. Survey. Retrieved from http://www.ey.com/AU/en/About-us/ Ouralumni/ Moving-beyondcompliance. Feurer, R., & Chaharbaghi, K. (1995). Dynamic strategy formulation and alignment. Journal of General Management, 20, 76-76. Flamholtz, E. (1974). Human Resource Accounting (Encino California: Dickenson Publishing). Hardy, G. (2005). “E-serials Collection Management: Transitions, Trends and Technicalities." Library Management 26, no. 8/9 (2005): 541-542. Galorath, D. (2006). Risk management success factors. PM World Today, 8(11). Gleason, J. T. (2000). Risk: The new management imperative in finance (Vol. 16). UNC Press Books. Gosain, S. (2004). Enterprise information systems as objects and carriers of institutional forces: the new iron cage?. Journal of the Association for Information Systems, 5(4), 6. Grabowski, M., & Roberts, K. H. (1998). Risk mitigation in virtual organizations. Journal of Computer‐Mediated Communication, 3(4), 0-0. Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2010). Multivariate data analysis: A global perspective. Pearson Education. Halliday, S., Badenhorst, K., & von Solms, R. (1996). A business approach to effective information technology risk analysis and management. Information Management & Computer Security, 4(1), 19-31. Harris, J. (2005). Hybrid Vehicles, Consumer Choice, and the Ethical Obligation of Business. Business and Professional Ethics Journal, 24(1/2), 163-170. Hasanali, F. (2002). Critical success factors of knowledge management. Retrieved from www.kmadvantage.com/docs/km_articles/Critical_ Success_Factors_of_KM.pdf Hassan, A. (2009). Risk management practices of Islamic banks of Brunei Darussalam. The Journal of Risk Finance, 10(1), 23-37. Henriksen, P., & Uhlenfeldt, T. (2006). Contemporary enterprise-wide risk management frameworks: a comparative analysis in a strategic perspective. Perspectives on Strategic Risk Management, 107-29. Hoyt, R. E., & Liebenberg, A. P. (2008). The value of enterprise risk management: Evidence from the US insurance industry. In unpublished paper, accessed at: http://www.aria.org/meetings /2006papers/Hoyt_Liebenberg_ERM_070606. pdf. Huang, H., & Trauth, E.M. (2007). Cultural influences and globally distributed ISs development: Experiences from Chinese IT professionals. In SIGMIS-(PR 07, 19-21 April 2007 (PP.36-45). St. Louis, Missouri, USA. Huber, C. (2012). Operational Risk Management in Practice: Implementation, Success Factors and Pitfalls. Risk and Finance, (34), 56-71. Hunter, J. (2002). Improving organizational performance through the use of effective elements of organizational structure. Leadership in Health Services, 15(3), 12-21. Hwang, S. N., Chen, C., Chen, Y., Lee, H. S., & Shen, P. D. (2013). Sustainable design performance evaluation with applications in the automobile industry: Focusing on inefficiency by undesirable factors. Omega, 41(3), 553-558. Ifinedo, P. (2008). Impacts of business vision, top management support, and external expertise on ERP success. Business Process Management Journal, 14(4), 551-568. Ingram, H., Biermann, K., Cannon, J., Neil, J., & Waddle, C. (2000). Internalizing action learning: a company perspective. Establishing critical success factors for action learning courses. International Journal of Contemporary Hospitality Management, 12(2), 107-114. International Standard Organization (2008). Quality management system requirement. Report, TC/SC:ISO/TC 176/SC2. IRM (2002). A Risk management standard. The Institute of Risk management. Jennex, M. E., & Adelakun, O. (2003). Success factors for offshore information system development. Journal of Information Technology Case and Application Research, 5(3), 12-31. Jorion, P., & Khoury, S. J. (1995). Financial risk management: Domestic and international dimensions. Blackwell Publishers. Kakabadse, A. P., Alderson, S., Randlesome, C., & Myers, A. (1993). Austrian boardroom success: a European comparative analysis of top management. Journal of managerial psychology, 8(4), 2-32. Kaplan, R. S., & Norton, D. P. (2008). Mastering the management system. Harvard business review, 86(1), 62. Keller, A. Z., & Huwaishel, A. M. (1993). Top-management attitude towards safety in the western European chemical and petrochemical industries. Disaster Prevention and Management: An International Journal, 2(3). Kim, N. Y., Robles, R. J., Cho, S. E., Lee, Y. S., & Kim, T. H. (2008, October). SOX act and IT security governance. In Ubiquitous Multimedia Computing, 2008. UMC'08. International Symposium on (pp. 218-221). IEEE. Krishnamoorthy, G. (2002). A multistage approach to external auditors' evaluation of the internal audit function. Auditing: A Journal of Practice & Theory, 21(1), 95-121. Lee, S., & Kim, K. J. (2007). Factors affecting the implementation success of Internet-based information systems. Computers in Human Behavior, 23(4), 1853-1880. Leidecker, J. K., & Bruno, A. V. (1984). Identifying and using critical success factors. Long range planning, 17(1), 23-32. Liebenberg, A. P., & Hoyt, R. E. (2003). The determinants of enterprise risk management: Evidence from the appointment of chief risk officers. Risk Management and Insurance Review, 6(1), 37-52. Ma, H. (2000). Competitive advantage and firm performance. Competitiveness Review: An International Business Journal, 10(2), 15-32. Martensson, M. (2000). A critical review of knowledge management as a management tool. Journal of Knowledge Management. Mahilum-Tapay, L., Laitila, V., Wawrzyniak, J. J., Lee, H. H., Alexander, S., Ison, C., ... & Goh, B. T. (2007). New point of care Chlamydia Rapid Test—bridging the gap between diagnosis and treatment: performance evaluation study. Bmj, 335(7631), 1190-1194. Mason, R. O., McKenney, J. L., & Copeland, D. G. (1997). An historical method for MIS research: Steps and assumptions. MIS Quarterly, 307-320. Mathrani, S., & Viehland, D. (2010). Critical Success Factors for the Transformation Process in Enterprise System Implementation. In PACIS (p. 13). Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of organizational trust. Academy of management review, 20(3), 709-734. McLeod, L., & MacDonell, S. G. (2011). Factors that affect software systems development project outcomes: A survey of research. ACM Computing Surveys (CSUR), 43(4), 24. Mighri, Z., Mokni, K., & Mansouri, F. (2010). Empirical analysis of asymmetric long memory volatility models in value-at-risk estimation. Journal of Risk, 13(1), 55. Mu, J., Peng, G., & MacLachlan, D. L. (2009). Effect of risk management strategy on NPD performance. Technovation, 29(3), 170-180. Muehlen, M., & Rosemann, M. (2005, November). Integrating risks in business process models. In 16th Australasian Conference on Information Systems (Vol. 29). Mutsaers, E. J., Van der Zee, H., & Giertz, H. (1998). The evolution of information technology. Information Management & Computer Security, 6(3), 115-126. Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of organizational trust. Academy of management review, 20(3), 709-734. Nah, F., Lau, J., & Kuang, J. (2001). Critical factors for successful implementation of enterprise systems. Business process management journal, 7(3), 285-296. National Treasury (2002). Treasury regulations for departments, trading entities, constitutional institutions and public entities. Issue in terms of the public finance Act, 1999. NSW Department of State and Regional Development (2005). Risk management guide for small business. Retrieved from www.partnershipsbc.ca Nunnally, J.C., & Bernstein, I.H. (1994). Psychometric Theory (3 ed.). NY: McGraw Hill. Okolo, N., Ifeoma, O. R., & Amakor, I. (2013). Effective Risk Management In Organizations: The Nigerian Experience. INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY, 10(8), 1878-1883. Olson, D. L., & Wu, D. (2011). Risk management models for supply chain: a scenario analysis of outsourcing to China. Supply Chain Management: An International Journal, 16(6), 401-408. Ordóñez de Pablos, P. (2006). Transnational corporations and strategic challenges: An analysis of knowledge flows and competitive advantage. The Learning Organization, 13(6), 544-559. Poon, P., & Wagner, C. (2001). Critical success factors revisited: success and failure cases of information systems for senior executives. Decision Support Systems, 30(4), 393-418. Rai, A., Maruping, L. M., & Venkatesh, V. (2009). Offshore information systems project success: the role of social embeddedness and cultural characteristics. MIS quarterly, 617-641. Raisinghani, M. S., Starr, B., Hickerson, B., Morrison, M., & Howard, M. (2008). Information technology/systems offshore outsourcing: key risks and success factors. Journal of information technology research, 1(1), 72. Ramamoorti, S., & Weidenmier, M. (2004). The pervasive impact of information technology on internal auditing. Supplemental chapter for Research Opportunities in Internal Auditing, edited by A. Bailey, A. Gramling, and S. Ramamoorti. Altamonte Springs, FL: IIA Research Foundation. Ranong, P., & Phuenngam, W. (2009). Critical Success Factors for effective risk management procedures in financial industries: A study from the perspectives of the financial institutions in Thailand. Reid, G. C., & Smith, J. A. (2000). The impact of contingencies on management accounting system development. Management Accounting Research, 11(4), 427-450. Remus, U., & Wiener, M. (2009). Critical success factors for managing offshore software development projects. Journal of Global Information Technology Management, 12(1), 6-29. Rikhardsson, P., & Kræmmergaard, P. (2006). Identifying the impacts of enterprise system implementation and use: Examples from Denmark. International Journal of Accounting Information Systems, 7(1), 36-49. Rockart, J. F. (1982). The changing role of the information systems executive: a critical success factors perspective. Boston: Massachusetts Institute of Technology. Rockart, J. F. (1978). Chief executives define their own data needs. Harvard business review, 57(2), 81-93. Roland, H. (2008). Using IT to drive effective risk management. Risk Management, 55(1), 43-44. Ryba, M. (2005). Analysis and management of Information Systems risk (In Polish), Ernst & Young. http://www.mimuw.edu.pl/~sroka/archiwalne/2005ey/materialy/ Salawu, R. A., & Abdullah, F. (2015). Assessing Risk Management Maturity of Construction Organisations on Infrastructural Project Delivery in Nigeria. Procedia-Social and Behavioral Sciences, 172, 643-650. Salmeron, J. L., & Herrero, I. (2005). An AHP-based methodology to rank critical success factors of executive information systems. Computer Standards & Interfaces, 28(1), 1-12. Schechter, S. E. (2004). Computer security strength & risk: A quantitative approach (Doctoral dissertation, Harvard University Cambridge, Massachusetts). Scott, J. E., & Vessey, I. (2002). Managing risks in enterprise systems implementations. Communications of the ACM, 45(4), 74-81. Sekaran, U. (2001). Research methods for business: A skill-building approach. NYC: John Willey and Sons, INC. Sekaran, U., & Bougie, R. (2010). Research methods for business: A skill-building approach. 5th (ed). NYC: John Willey and Sons, publication INC. Selma, M. R. B., Abdelghani, E., & Rajhi, M. T. (2013). Risk management tools practiced in Tunisian commercial banks. Studies in Business and Economics, 8(1), 55-78. Shafiq, A., & Nasr, M. (2010). Risk management practices followed by the commercial banks in Pakistan. Sherer, S. A., & Alter, S. (2004). Information systems risks and risk factors: Are they mostly about information systems?. Communications of the Association for Information Systems, 14(1), 2. Silver, N. (2010). Critical success factors in complex projects. Retrieved from www.niksilver.com Stedman, R. C. (1999). Sense of place as an indicator of community sustainability. The Forestry Chronicle, 75(5), 765-770. Stoneburner, R. L., & Low-Beer, D. (2004). Population-level HIV declines and behavioral risk avoidance in Uganda. Science, 304(5671), 714-718. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology, retrieved November 25, 2009. Sudhakar, G. (2012). A model of critical success factors for software projects. Journal of Enterprise Information Management, 25(6), 537-558. Sudsomboon, S., & Ussahawanitchakit, P. (2009). Professional audit competencies: the effects On Thai’s CPAS audit quality, reputation, and success. Review of Business Research, 9(3), 66-85. Sundberg, H.P., & Sandberg, K.W. (2004). Critical success factors from a social insurance IT-project in Sweden. In IADIS International conference e-society 2004, 16-19 July 2004 (pp.87-94). Avila, Spain. Tyler, T. R. (2003). Trust within organisations. Personnel review, 32(5), 556-568. Umanath, N. S. (2003). The concept of contingency beyond “It depends”: illustrations from IS research stream. Information & Management, 40(6), 551-562. Uwadia, C. O., Ifinedo, P. E., Nwamarah, G. M., Eseyin, E. G., & Sawyerr, A. (2006). Risk factors in the collaborative development of management information systems for Nigerian universities. Information Technology for Development, 12(2), 91-111. Valanciene, L., & Gimzauskiene, E. (2015). Dimensions of performance measurement system in changes research. Engineering Economics, 64(4). Van de Ven, A. H., & Drazin, R. (1984). The Concept of Fit in Contingency Theory (No. SMRC-DP-19). MINNESOTA UNIV MINNEAPOLIS STRATEGIC MANAGEMENT RESEARCH CENTER. Westerveld, E. (2003). The Project Excellence Model®: linking success criteria and critical success factors. International Journal of Project Management, 21(6), 411-418. Westner, M., & Strahringer, S. (2010). Determinants of success in IS offshoring projects: Results from an empirical study of German companies. Information & management, 47(5), 291-299. Wong, K. (2005). Critical success factors for implementing knowledge management in small and medium enterprises. Industrial Management & Data Systems, 105(3), 261-279. Yeo, A. C., Rahim, M. M., & Miri, L. (2007). Understanding factors affecting success of information security risk assessment: the case of an Australian higher educational institution. PACIS 2007 Proceedings, 74. Young, R. C. (2003). The role of the board, senior management and IT governance in IT success and failure. Adelaide: PACIS doctoral consortium. Young, R., & Jordan, E. (2008). Top management support: Mantra or necessity?. International Journal of Project Management, 26(7), 713-725. Zafar, H., & Clark, J. G. (2009). Current state of information security research in IS. Communications of the Association for Information Systems, 24(1), 34. Zhang, Q., Irfan, M., Zhu, X., & Khattak, M. A. O. (2013). Six Sigma in Synergy with Risk Management. European Journal of Business and Management, 5(12), 184-188. Zuofa, T., & Ochieng, E. G. (2012). Towards The Advancement of Project Management Practice in Developing Countries: The Case of Nigeria. PMI Research and Education Conference Limerick Ireland, 15-18 July 2012, Limerick, Ireland. |