Abstract:
Information Technology is a dynamic and constantly evolving field which has
dramatically changed the way in which businesses operate. Organisations
now have to ensure that information technology is incorporated into their risk
management processes and the strategies to mitigate those risks.
This study investigated the role of information technology in risk management
processes, focusing on the type of information technology risks and threats
that affect organisations. An empirical study of the integrated reports of the top
40 companies listed on the Johannesburg Securities Exchange was
conducted to investigate the information technology risk management
disclosure practices. The study was completed in 2016, before the King IV
Code of Corporate Governance for South Africa became effective and
accordingly, focused only on the King III principles of information technology
governance and risk management.
The study found that companies are mitigating information technology risks
and have included information technology into their risk management
processes. The results also revealed that awareness of information
technology risk may be industry-driven, as companies operating in
information technology environments were more likely to be exposed to
information technology risk.
