ISO 31000 in Digital Public Governance
DOI:
https://doi.org/10.52123/1994-2370-2025-1631Keywords:
risk management, digital government, E-Government, Literature Review, ISO 31000, digital public projectsAbstract
Digital transformation in public administration has generated complex risks that require systematic approaches. This review analyzes the application of ISO 31000 in digital governance, focusing on e-government and electronic human resource management (E-HRM) systems. Following PRISMA guidelines, 54 studies published between 2009 and 2024 were examined from an initial pool of 228 publications.
Findings indicate that ISO 31000 provides a flexible, principle-based framework for identifying, assessing, and mitigating risks, enhancing service reliability and accountability. However, adoption in the public sector is limited by political turnover and fragmented resources. Complementary frameworks such as ISO 27005 and COBIT strengthen ISO 31000, yet research on emerging technologies (AI, blockchain, predictive HR analytics) remains insufficient.
References
[1] Anindya, S. R. (2023). Potential risk management design based on ISO 31000:2018: A case study of RSUD BLUD X. InCAF, 1(1). https://doi.org/10.20885/InCAF.vol1.art1
[2] Akinrolabu, O., Nurse, J. R. C., Martin, A., & New, S. (2019). Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security, 87, 101600. https://doi.org/10.1016/j.cose.2019.101600
[3] Alves, G. F., Martins, M. A. F., Brito, R. L., & Santos, W. O. (2020). Enterprise Risk Management Agile Canvas: A framework for risk management on public administration. Revista do Serviço Público, 71(4), 245–268. https://doi.org/10.21874/RSP.V71IC.4363
[4] Arif, G. S., Erliani, Y., & Ratnasari, A. (2024). Analysis of risk management using E-Office application with ISO 31000:2018 in National Public Procurement Agency (NPPA/LKPP). Airlangga Journal of Innovation Management, 5(2), 260–277. https://doi.org/10.20473/ajim.v5i2.56656
[5] Barafort, B., Mesquida, A.-L., & Mas, A. (2018). Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context. Computer Standards & Interfaces, 60, 57–66. https://doi.org/10.1016/j.csi.2018.04.010
[6] Barraza, J., Rodríguez-Picón, L., Morales-Rocha, V., & Torres, V. (2023). A systematic review of risk management methodologies for complex organizations in Industry 4.0 and 5.0. Systems, 11(5), 218. https://doi.org/10.3390/systems11050218
[7] Bostrom, R. P., & Heinen, J. S. (1977). MIS problems and failures: A socio-technical perspective. Part I: The causes. MIS Quarterly, 1(3), 17–32. https://doi.org/10.2307/248710
[8] Donaldson, L. (2001). The contingency theory of organizations. Sage Publications. https://doi.org/10.4135/9781452229249
[9] Elly, R., Chen, K., Hanes, D., & Joosten, S. (2022). ISO 31000:2018-based IT infrastructure risk management study (case study: Universitas Mikroskil). Jurnal Riset Informatika, 5(1), 469–480. https://doi.org/10.34288/jri.v5i1.448
[10] Ernawati, T., Suhardi, & Nugroho, D. R. (2012). IT risk management framework based on ISO 31000:2009. In Proceedings of the International Conference on System Engineering and Technology (pp. 233–238). IEEE. https://doi.org/10.1109/ICSENGT.2012.6339352
[11] Kempeneer, S., & Heylen, F. (2023). Virtual state, where are you? A literature review, framework and agenda for failed digital transformation. Big Data & Society. https://doi.org/10.1177/20539517231160528
[12] Lubis, F. S. (2023). IT risk analysis based on risk management using ISO 31000: Case study registration application at University XYZ. In Proceedings of the International Conference on Informatics, Multimedia, [13] Cyber and Information System (ICIMCIS’23). ACM. https://doi.org/10.1145/3629378.3629464
Mamuaja, H. B., & Cahyono, A. (2024). SIOLGA information technology risk management analysis using ISO 31000. Journal of Information Systems and Informatics, 6(1), 57–67. https://doi.org/10.51519/journalisi.v6i1.641
[14] Morozova, I. A., & Yatsechko, S. S. (2022). The risks of smart cities and the perspectives of their management based on corporate social responsibility in the interests of sustainable development. Risks, 10(2), 34. https://doi.org/10.3390/risks10020034
[15] Moynihan, D. P. (2008). The dynamics of performance management: Constructing information and reform. Georgetown University Press.
[16] Nugraha, U. (2019). Implementation of ISO 31000 for information technology risk management in the government environment. International Journal of Advanced Science and Technology, 28(19).
[17] Nurdin, I. (2024). Development of an integrated IT risk management framework for electronic-based government systems: A case study of the XYZ ministry. Indonesian Interdisciplinary Journal of Sharia Economics, 7(1), 1331–1353. https://doi.org/10.31538/iijse.v7i1.4322
[18] Olechowski, A., Oehmen, J., Seering, W., & Ben-Daya, M. (2016). The professionalization of risk management: What role can the ISO 31000 risk management principles play? International Journal of Project Management, 34(8), 1568–1578. https://doi.org/10.1016/j.ijproman.2016.08.002
[19] Oliveira, U. R. de, Marins, F. A. S., Rocha, H. M., & Salomon, V. A. P. (2017). The ISO 31000 standard in supply chain risk management. Journal of Cleaner Production, 151, 616–633. https://doi.org/10.1016/j.jclepro.2017.03.054
[20] Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., et al. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, 372, n71. https://doi.org/10.1136/bmj.n71
[21] Park, K. J. (2018). A risk management model for sustainable smart city. International Journal of Advanced Science and Technology, 110, 23–32. https://doi.org/10.14257/ijast.2018.110.03
[22] Putra, A. P., & Soewito, B. (2023). Integrated methodology for information security risk management using ISO 27005:2018 and NIST SP 800-30 for insurance sector. International Journal of Advanced Computer Science and Applications, 14(4). https://doi.org/10.14569/IJACSA.2023.0140468
[23] Rahman, M. M., Kshetri, N., Sayeed, S. A., & Rana, M. M. (2024). Assess ITS: Integrating procedural guidelines and practical evaluation metrics for organizational IT and cybersecurity risk assessment. arXiv. https://doi.org/10.48550/arXiv.2410.01750
[24] Rumba, M. F., Mirsel, R., & Sabu, F. X. (2022). Risk management information technology based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero. American Journal of Computer Science and Technology, 5(3), 170–177. https://doi.org/10.11648/j.ajcst.20220503.13
[25] Sattlegger, A., & Bharosa, N. (2024). Beyond principles: Embedding ethical AI risks in public sector risk management practice. In Proceedings of the ACM Conference on Fairness, Accountability, and Transparency (FAccT) (pp. 657–663). https://doi.org/10.1145/3657054.3657063
[26] Sinulingga, R., Raharjo, T., & Trisnawaty, N. W. (2024). Risk management design and analysis on agile development project using ISO 31000 integrated with ISO 27005: A case study of SiREV application. Jurnal Informatika Ekonomi Bisnis, 6(4), 815–821. https://doi.org/10.37034/infeb.v6i4.1053
[27] Souza, F. S. R. N., Braga, M. V. A., & Cunha, A. S. M. (2023). Incorporation of international risk management standards into federal regulations. Revista de Administração Pública, 57(3), 245–262. https://doi.org/10.1590/0034-761220180117x
[28] Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards: A review and comprehensive overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181
[29] Twizeyimana, J. D., & Andersson, A. (2019). The public value of e-government: A literature review. Government Information Quarterly, 36(2). https://doi.org/10.1016/j.giq.2019.01.001
[30] Weerakkody, V., Irani, Z., Lee, H., Osman, I. H., & Hindi, N. (2015). E-government deployment: A bird’s eye view of issues relating to costs, opportunities, benefits and risks. Information Systems Frontiers, 17(4), 889–915. https://doi.org/10.1007/s10796-013-9472-3
[31] Xie, Z. (2022). ICT governance and management macroprocesses of a Brazilian federal government agency. Information, 13(5), 231. https://doi.org/10.3390/info13050231
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Marzhan Sembinova, Leila Salykova, Nadeem Khalid
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
