Title: A slack analysis framework for IT risk processes management through risk IT framework

Authors: Seyed Morteza Hatefi; Abdorrahman Haeri; Mehdi Fasanghari

Addresses: Faculty of Engineering, Shahrekord University, P.O. Box 115, Shahekord, Iran ' School of Industrial Engineering, Iran University of Science and Technology (IUST), Tehran, Iran ' Iran Telecommunication Research Center (ITRC), North Karegar St., P.O. Box 14155-3961, Tehran, Iran

Abstract: It has been recognised that effective risk management is one of the requirements for the success of information technology (IT) projects. This paper proposes a slack analysis framework taken from data envelopment analysis for improving IT-related scenarios through the IT risk management processes mentioned in the most-recent framework for managing IT risks. The proposed framework enables managers to decide on which sub-indicators of an inefficient or weakly efficient scenario should be augmented to improve its CI and how much they should be increased. The proposed improvement framework is a two-stage process in which the suggested scenarios are first evaluated by a linear optimisation model, and then the improvement stage is performed on those scenarios that can increase their CI. The proposed model is applied on Iran Telecommunication Research Center (ITRC) to assess and improve several suggested scenarios that have positively impacts on the maturity level on IT governance.

Keywords: DEA; data envelopment analysis; risk management; improvement model; slack analysis; composite indicators; information technology; IT risks; IT projects; linear optimisation; Iran; maturity level; IT governance.

DOI: 10.1504/IJISE.2017.083183

International Journal of Industrial and Systems Engineering, 2017 Vol.26 No.1, pp.1 - 15

Received: 30 Sep 2014
Accepted: 06 May 2015

Published online: 22 Mar 2017 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article