管理信息技术风险以实现企业目标:以制药公司为例

Q3 Decision Sciences

JOIV International Journal on Informatics Visualization Pub Date : 2023-05-08 DOI:10.30630/joiv.7.2.1816

Luthfi Ramadani, Berlian Maulidya Izzati, Yosephine Mayagita Tarigan, Rosanicha Rosanicha

{"title":"管理信息技术风险以实现企业目标:以制药公司为例","authors":"Luthfi Ramadani, Berlian Maulidya Izzati, Yosephine Mayagita Tarigan, Rosanicha Rosanicha","doi":"10.30630/joiv.7.2.1816","DOIUrl":null,"url":null,"abstract":"Extant literature has shown that sectoral characteristics play a critical role in business value creation through information technology (IT). Therefore, managing IT and its associated risks needs to consider specific industrial traits to understand the distinct business nature and regulations that shape IT-enabled business value creation. This study presents an in-depth analysis of business goals, IT processes, and IT risks in the case of a pharmaceutical company through which appropriate controls are designed to ensure business value creation through IT. Drawing on a case study of a pharmaceutical company in Indonesia, we found that managing IT risks in the pharmaceutical industry entails two main objectives: 1) ensuring compliance with external laws and regulations as well as internal policies, 2) supporting the optimization of business functions, processes, and costs. Throughout one year of engagement during the project, this study identified ten risks associated with the operation of business processes. Risks are dominated by moderate levels given the current state of controls and appetite, most of which emerge from the company’s existing internal processes. Internal actors are involved in all risks, with most events occurring due to laws and regulations. Further, the study designs and elaborates IT risk controls by drawing from COBIT 5 Seven Enablers. Overall, IT risk management through cascading processes of analysis ensures the alignment of IT risk controls with achieving business goals in the pharmaceutical industry.","PeriodicalId":32468,"journal":{"name":"JOIV International Journal on Informatics Visualization","volume":"48 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Managing Information Technology Risks to Achieve Business Goals: A Case of Pharmaceutical Company\",\"authors\":\"Luthfi Ramadani, Berlian Maulidya Izzati, Yosephine Mayagita Tarigan, Rosanicha Rosanicha\",\"doi\":\"10.30630/joiv.7.2.1816\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Extant literature has shown that sectoral characteristics play a critical role in business value creation through information technology (IT). Therefore, managing IT and its associated risks needs to consider specific industrial traits to understand the distinct business nature and regulations that shape IT-enabled business value creation. This study presents an in-depth analysis of business goals, IT processes, and IT risks in the case of a pharmaceutical company through which appropriate controls are designed to ensure business value creation through IT. Drawing on a case study of a pharmaceutical company in Indonesia, we found that managing IT risks in the pharmaceutical industry entails two main objectives: 1) ensuring compliance with external laws and regulations as well as internal policies, 2) supporting the optimization of business functions, processes, and costs. Throughout one year of engagement during the project, this study identified ten risks associated with the operation of business processes. Risks are dominated by moderate levels given the current state of controls and appetite, most of which emerge from the company’s existing internal processes. Internal actors are involved in all risks, with most events occurring due to laws and regulations. Further, the study designs and elaborates IT risk controls by drawing from COBIT 5 Seven Enablers. Overall, IT risk management through cascading processes of analysis ensures the alignment of IT risk controls with achieving business goals in the pharmaceutical industry.\",\"PeriodicalId\":32468,\"journal\":{\"name\":\"JOIV International Journal on Informatics Visualization\",\"volume\":\"48 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"JOIV International Journal on Informatics Visualization\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30630/joiv.7.2.1816\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Decision Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"JOIV International Journal on Informatics Visualization","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30630/joiv.7.2.1816","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Decision Sciences","Score":null,"Total":0}

引用次数: 0

摘要

现有文献表明，部门特征在通过信息技术(IT)创造商业价值方面发挥着关键作用。因此，管理IT及其相关风险需要考虑特定的行业特征，以了解塑造IT支持的业务价值创造的不同业务性质和规则。本研究对一家制药公司的业务目标、IT流程和IT风险进行了深入分析，通过这些分析，设计了适当的控制措施，以确保通过IT创造业务价值。通过对印度尼西亚一家制药公司的案例研究，我们发现管理制药行业的IT风险需要两个主要目标:1)确保遵守外部法律和法规以及内部政策;2)支持业务功能、流程和成本的优化。在项目参与的一年中，本研究确定了与业务流程操作相关的十个风险。考虑到目前的控制状态和需求，风险主要处于中等水平，其中大部分来自公司现有的内部流程。所有风险都涉及内部行为者，大多数事件的发生都是由于法律法规。此外，该研究通过绘制COBIT 5七个使能因素来设计和阐述IT风险控制。总体而言，通过级联分析流程进行的IT风险管理确保了IT风险控制与制药行业实现业务目标的一致性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Managing Information Technology Risks to Achieve Business Goals: A Case of Pharmaceutical Company

Extant literature has shown that sectoral characteristics play a critical role in business value creation through information technology (IT). Therefore, managing IT and its associated risks needs to consider specific industrial traits to understand the distinct business nature and regulations that shape IT-enabled business value creation. This study presents an in-depth analysis of business goals, IT processes, and IT risks in the case of a pharmaceutical company through which appropriate controls are designed to ensure business value creation through IT. Drawing on a case study of a pharmaceutical company in Indonesia, we found that managing IT risks in the pharmaceutical industry entails two main objectives: 1) ensuring compliance with external laws and regulations as well as internal policies, 2) supporting the optimization of business functions, processes, and costs. Throughout one year of engagement during the project, this study identified ten risks associated with the operation of business processes. Risks are dominated by moderate levels given the current state of controls and appetite, most of which emerge from the company’s existing internal processes. Internal actors are involved in all risks, with most events occurring due to laws and regulations. Further, the study designs and elaborates IT risk controls by drawing from COBIT 5 Seven Enablers. Overall, IT risk management through cascading processes of analysis ensures the alignment of IT risk controls with achieving business goals in the pharmaceutical industry.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊