Enterprise Risks, Rewards, and Regulation

Abstract

Risk management is critical to the success of contemporary firms and while new technologies present opportunities for innovation and growth, they present new risks. Risk management of information systems and technology (IS/IT) is particularly critical because firms in almost all sectors of the economy are so dependent on it. We explore firms' response to IS/IT risk management by analyzing their SEC-mandated regulation S-K risk disclosures. We find a lower than expected incidence of risk disclosures related to IS/IT and surmise that this result may be symptomatic of tension between firms' need to comply and their need to appear to comply with the regulation, while at the same time presenting data that are valid, but which do not jeopardize potential investment. We explore three propositions related to IS/IT risk disclosures and discuss implications for research and practice. © 2012 The Clute Institute.