An analysis of enterprise risk management and IT effectiveness construct

One major problem many organizations are facing is balancing the risk-management practices of the organization with overall information technology (IT) effectiveness. The purpose of this non-experimental quantitative correlational study was to assess the constructs and correlations associated with enterprise risk management and IT effectiveness. The researcher used simple-random sampling and a Web-based cross-sectional survey to collect data from Fortune 1000 companies in 12 different industry sectors. The researcher used multiple and simple regression analysis to assess the extent of the relationship between risk management and IT effectiveness constructs. The researcher conducted an independent sample t-test on each independent construct and IT effectiveness based on high and low levels to explore group comparisons associations between groups. The researcher used analyses of variance (ANOVA) to gauge industry sector IT effectiveness levels. Overall, the multiple regression model produced R2 = .615, indicating that 61.5% of the variance in IT effectiveness was explained by risk management constructs. The results also highlighted the significance of (a) response to risk (RTR), (b) monitoring risk (MR), and (c) assessed risk (AR) as predictors of IT effectiveness, while frame risk (FR) only contributed marginally. The linear regression results emphasized the significance of RTR (R 2 = .587) as a predictor of IT effectiveness. The analysis data also revealed the significant influence of MR to ITE (R 2 = .574), AR to ITE (R2 = .562), and FR to ITE (R2 = .494). The t- test results revealed that both high and low groupings were significant (p < .05), meaning that IT effectiveness levels differ between groups, and that organizations with high levels of risk management have greater levels of IT effectiveness. The ANOVA results revealed there was no statistical significant difference in IT effectiveness amongst industries and highlighted how many organizations believed the response to a risk should be addressed first. The study provides researchers a starting point to conduct comparative studies and enables organizations to gain a better understanding of the risk-management constructs that contribute the most to IT effectiveness.