eTOM risk management. A comparative analysis with the standards of corporative risk
DOI:
https://doi.org/10.22335/rlct.v9i1.334Keywords:
eTOM, risk management, ISO/IEC 27005:2011, ISO/IEC 27002:2013, COSO-ERM, ISO 31000:2009Abstract
Risk management is an essential process in any business management model. This article analyzes this process within the model eTOM, main reference in the telecommunications sector, comparing it with three of the main international standards of risk management, going to do to the literature and the use of schemes harmonization used in similar purposes review. In conclusion, a low alignment is observed between the processes of risk management eTOM and international standards of risk management and must attend norms tighter with the approach developed by the model, its orientation towards control and not towards a methodology specific risk management. In this sense it goes to the ISO / IEC 27002: 2013, primary benchmark for information technology controls and communications, finding a level of alignment only 29%.
Downloads
References
Airmic, Alarm, & Irm. (2010). A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000. Risk Management, 7(1), 20. doi:10.1016/j.solmat.2010.12.013
Al-ahmad, W., & Mohammad, B. (2013). Addressing Information Security Risks by Adopting Standards. International Journal of Information Security Science, 2(2), 28–43. Retrieved from http://eds.a.ebscohost.com.libezproxy.open.ac.uk/eds/pdfviewer/pdfviewer?sid=e1bf8be9-84ad-4d50-91fa-f9414e22825c@sessionmgr4003&vid=0&hid=4210
Beasley, Branson, B., & Hancock, B. (2010). COSO’s 2010 report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO's ERM Framework. COSO’s 2010 Report on ERM | Thought Leadership in ERM.
Bellafkih, M., Raouyane, B., Ranc, D., Errais, M., & Ramdani, M. (2012). eTOM-Conformant IMS Assurance Management. (Dr. Jesús Ortiz, Ed.)Telecommunications Networks - Current Status and Future Trends.
Bosetti, L. (2015). Risk management standards in global markets. Quaesti Management and Marketing, 81–86. Retrieved from https://www.theirm.org/knowledge-and-resources/risk-management-standards.aspx
Buhr, R., Nel, a., & Santos, M. Dos. (2006). Enterprise Risk Management: A New Philosophy. 2006 IEEE International Engineering Management Conference. doi:10.1109/IEMC.2006.4279884
Carrillo Alvarez, A. del P., & Medina Ramirez, R. (2006). Construcción del modelo gerencial de operación y mantenimiento para la zona larga distancia de la vicepresidencia infraestructura de la empresa Colombia telecomunicaciones S.A. ESP. Tesis de maestría. Universidad Industrial de Santander.
Chakir, A., Chergui, M., Medromi, H., & Sayouti, A. (2015). An approach to select effectively the best framework IT according to the axes of the governance IT , to handle and to set up an objective IT. IEEE, 1–8.
Di Serio, L. C., de Oliveira, L. H., & Schuch, L. M. S. (2011). Organizational risk management - A case study in companies that have won the Brazilian quatity award prize. Journal of Technology Management and Innovation, 6(2), 230–243. doi:10.4067/S0718-27242011000200016
Ernawati, T., Suhardi, & Nugroho, D. R. (2012). IT risk management framework based on ISO 31000:2009. System Engineering and Technology (ICSET) 2012 International Conference on Bandung, 1–8. doi:10.1109/ICSEngT.2012.6339352
Ferchichi, A., Bigand, M., & Lefebvre, H. (2008). An Ontology for Quality Standards Integration. In First International Workshop on Model Driven Interoperability for Sustainable Information Systems. MDISIS 2008. Montpellier (France), 17–30.
Frigo, B. M. L., & Anderson, R. J. (2014). RISK MANAGEMENT FRAMEWORKS : Adapt, Don’t Adopt. Strategic Finance, 96(January), 49–53.
Gjerdrum, D., & Peter, M. (2011). The New International Standard on the Practice of Risk Management – A Comparison of ISO 31000:2009 and the COSO ERM Framework. Risk Management, (21), 8–12. Retrieved from http://www.soa.org/library/newsletters/risk-management-newsletter/2011/march/jrm-2011-iss21-gjerdrum.aspx
Kelemen, Z. D. (2009). A process based unification of process-oriented software quality approaches. In 2009 4th IEEE International Conference on Global Software Engineering, ICGSE 2009, 285–288. doi:10.1109/ICGSE.2009.39
Kganakga, T. (2014). The impact of Enterprise Risk Management ( ERM ) on the internal control system of organisations in the mining industry.
Krstić, J., & Đorđević, M. (2012). Internal control and enterprise risk management – From traditional to revised COSO model. Economic Themes, 50(2), 151–166. Retrieved from http://web.a.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=b2b66c9f-8c69-41b7-8f63-cd93831d670e@sessionmgr4004&vid=2&hid=4101
Lalanne, V., Munier, M., & Gabillon, A. (2013). Information Security Risk Management in a World of Services. 2013 International Conference on Social Computing, 586–593. doi:10.1109/SocialCom.2013.88
Latifi, F., & Nasiri, R. (2013). Enhancement of eTOM Assurance Domain by Integration with COBIT5 Framework. The Society of Digital Information and Wireless Communications (SDIWC), 44–49.
Luko, S. N. (2013). Risk Management Terminology. Quality Engineering, 25(3), 292–297. doi:10.1080/08982112.2013.786336
Lustosa, T. C., Iano, Y., Loschi, H. J., & Moretti, A. (2015). The importance of Integrated Network Management and Telecom Service Through Time. IEEE, 1–5.
Márquez, M. P. A. (2016). Estudio comparativo de las metodologías COBIT 5 y COSO III para la gestión del riesgo de TI. Tesis. Universidad de Azuay.
Ospina, M. del P. S., & Gallego, I. V. (2008). Estructuración del proceso para la habilitación del aprovisionamiento de equipos EDA en la empresa de telecomunicaciones de Bogotá. Proyecto de grado. Tesis de maestría. Universidad de San Buenaventura Bogotá.
Pardo, C., Pino, F. J., Garcia, F., Baldassarre, M. T., & Piattini, M. (2013). From chaos to the systematic harmonization of multiple reference models: A harmonization framework applied in two case studies. Journal of Systems and Software, 86(1), 125–143. doi:10.1016/j.jss.2012.07.072
Purdy, G. (2010). ISO 31000:2009 - Setting a new standard for risk management: Perspective. Risk Analysis, 30(6), 881–886. doi:10.1111/j.1539-6924.2010.01442.x
Racz, N., Weippl, E., & Seufert, A. (2010). Questioning the need for separate IT risk management frameworks frameworks. Informatik 2010, 245–252.
TeleManagement Forum. (2012). Business Process Framework (eTOM) Addendum D: Process Decompositions and Descriptions. Retrieved from http://www.tmforum.org/BusinessProcessFramework/1647/home.html
TMforum. (2016). Business Process Framework eTOM. Retrieved May 2, 2016, from https://www.tmforum.org/tm-forum-frameworx/browse-clickable-model/
Valencia Duque, F. J. (2015). La Auditoría Continua, una herramienta para la modernización de la función de auditoría en las organizaciones y su aplicación en el Control Fiscal Colombiano. Tesis de doctorado. Universidad Nacional de Colombia. Retrieved from http://www.bdigital.unal.edu.co/50332/1/10280374.2015.pdfnhttp://www.bdigital.unal.edu.co/50332/
Vandijck, I. (2014). The ISO_31000 Standard: a different perspective on Risk and Risk Management An analysis from a security perspective. Optimit, 1–6.
Vanegas, D. G. A., & Pardo, C. J. (2014). Hacia un modelo para la gestión de riesgos de TI en MiPyMEs : MOGRIT. Revista S&T, 12(30), 35–48. Retrieved from http://www.redalyc.org/articulo.oa?id=411534000003
Downloads
Published
Issue
Section
License
This journal provides free and immediate access to its content (https://creativecommons.org/licenses/by/4.0/legalcode#languages), under the principle that making research available to the public free of charge supports greater global knowledge exchange. This means that the authors transfer the Copyrights to the journal, so that the material can be copied and distributed by any means, as long as the authors’ recognition is maintained, and the articles are not commercially used or modified in any way.
