ISO 31000 in Digital Public Governance

Маржан СЕМБИНОВА; Leila Salykova; Nadeem Khalid

doi:10.52123/1994-2370-2025-1631

Авторлар

Маржан СЕМБИНОВА Astana IT University
Leila Salykova https://astanait.edu.kz/personnel/салыкова-лейла-нуртлеуовна/
Nadeem Khalid Anglia Ruskin University, Cambridge, GB

DOI:

https://doi.org/10.52123/1994-2370-2025-1631

Кілт сөздер:

risk management, digital government, E-Government, Literature Review, ISO 31000, digital public projects

Аңдатпа

Мемлекеттік басқарудағы цифрлық трансформация күрделі тәуекелдердің туындауына себеп болып, оларды жүйелі басқару қажеттігін арттырды. Бұл шолу ISO 31000 қағидаттарының электрондық үкімет пен электрондық адами ресурстарды басқару (E-HRM) жүйелерінде қолданылуын қарастырады. PRISMA әдіснамасына сәйкес 2009–2024 жылдар аралығындағы 228 жарияланымның ішінен 54 зерттеу таңдалып, талдау жүргізілді.

Нәтижелер ISO 31000-ның тәуекелдерді айқындауға, бағалауға және азайтуға мүмкіндік беретін бейімделгіш құрылым екенін көрсетті. Ол мемлекеттік қызметтердің сенімділігі мен есеп берушілігін арттыра алады. Алайда саяси тұрақсыздық пен ресурстардың жеткіліксіздігі енгізу тиімділігін шектейді. ISO 27005 пен COBIT сияқты қосымша стандарттар тиімділікті күшейте алады, бірақ жаңа технологияларға қатысты (жасанды интеллект, блокчейн, болжамалы HR-талдау) деректер жеткіліксіз.

Сілтемелер

[1] Anindya, S. R. (2023). Potential risk management design based on ISO 31000:2018: A case study of RSUD BLUD X. InCAF, 1(1). https://doi.org/10.20885/InCAF.vol1.art1

[2] Akinrolabu, O., Nurse, J. R. C., Martin, A., & New, S. (2019). Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security, 87, 101600. https://doi.org/10.1016/j.cose.2019.101600

[3] Alves, G. F., Martins, M. A. F., Brito, R. L., & Santos, W. O. (2020). Enterprise Risk Management Agile Canvas: A framework for risk management on public administration. Revista do Serviço Público, 71(4), 245–268. https://doi.org/10.21874/RSP.V71IC.4363

[4] Arif, G. S., Erliani, Y., & Ratnasari, A. (2024). Analysis of risk management using E-Office application with ISO 31000:2018 in National Public Procurement Agency (NPPA/LKPP). Airlangga Journal of Innovation Management, 5(2), 260–277. https://doi.org/10.20473/ajim.v5i2.56656

[5] Barafort, B., Mesquida, A.-L., & Mas, A. (2018). Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context. Computer Standards & Interfaces, 60, 57–66. https://doi.org/10.1016/j.csi.2018.04.010

[6] Barraza, J., Rodríguez-Picón, L., Morales-Rocha, V., & Torres, V. (2023). A systematic review of risk management methodologies for complex organizations in Industry 4.0 and 5.0. Systems, 11(5), 218. https://doi.org/10.3390/systems11050218

[7] Bostrom, R. P., & Heinen, J. S. (1977). MIS problems and failures: A socio-technical perspective. Part I: The causes. MIS Quarterly, 1(3), 17–32. https://doi.org/10.2307/248710

[8] Donaldson, L. (2001). The contingency theory of organizations. Sage Publications. https://doi.org/10.4135/9781452229249

[9] Elly, R., Chen, K., Hanes, D., & Joosten, S. (2022). ISO 31000:2018-based IT infrastructure risk management study (case study: Universitas Mikroskil). Jurnal Riset Informatika, 5(1), 469–480. https://doi.org/10.34288/jri.v5i1.448

[10] Ernawati, T., Suhardi, & Nugroho, D. R. (2012). IT risk management framework based on ISO 31000:2009. In Proceedings of the International Conference on System Engineering and Technology (pp. 233–238). IEEE. https://doi.org/10.1109/ICSENGT.2012.6339352

[11] Kempeneer, S., & Heylen, F. (2023). Virtual state, where are you? A literature review, framework and agenda for failed digital transformation. Big Data & Society. https://doi.org/10.1177/20539517231160528

[12] Lubis, F. S. (2023). IT risk analysis based on risk management using ISO 31000: Case study registration application at University XYZ. In Proceedings of the International Conference on Informatics, Multimedia, [13] Cyber and Information System (ICIMCIS’23). ACM. https://doi.org/10.1145/3629378.3629464

Mamuaja, H. B., & Cahyono, A. (2024). SIOLGA information technology risk management analysis using ISO 31000. Journal of Information Systems and Informatics, 6(1), 57–67. https://doi.org/10.51519/journalisi.v6i1.641

[14] Morozova, I. A., & Yatsechko, S. S. (2022). The risks of smart cities and the perspectives of their management based on corporate social responsibility in the interests of sustainable development. Risks, 10(2), 34. https://doi.org/10.3390/risks10020034

[15] Moynihan, D. P. (2008). The dynamics of performance management: Constructing information and reform. Georgetown University Press.

[16] Nugraha, U. (2019). Implementation of ISO 31000 for information technology risk management in the government environment. International Journal of Advanced Science and Technology, 28(19).

[17] Nurdin, I. (2024). Development of an integrated IT risk management framework for electronic-based government systems: A case study of the XYZ ministry. Indonesian Interdisciplinary Journal of Sharia Economics, 7(1), 1331–1353. https://doi.org/10.31538/iijse.v7i1.4322

[18] Olechowski, A., Oehmen, J., Seering, W., & Ben-Daya, M. (2016). The professionalization of risk management: What role can the ISO 31000 risk management principles play? International Journal of Project Management, 34(8), 1568–1578. https://doi.org/10.1016/j.ijproman.2016.08.002

[19] Oliveira, U. R. de, Marins, F. A. S., Rocha, H. M., & Salomon, V. A. P. (2017). The ISO 31000 standard in supply chain risk management. Journal of Cleaner Production, 151, 616–633. https://doi.org/10.1016/j.jclepro.2017.03.054

[20] Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., et al. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, 372, n71. https://doi.org/10.1136/bmj.n71

[21] Park, K. J. (2018). A risk management model for sustainable smart city. International Journal of Advanced Science and Technology, 110, 23–32. https://doi.org/10.14257/ijast.2018.110.03

[22] Putra, A. P., & Soewito, B. (2023). Integrated methodology for information security risk management using ISO 27005:2018 and NIST SP 800-30 for insurance sector. International Journal of Advanced Computer Science and Applications, 14(4). https://doi.org/10.14569/IJACSA.2023.0140468

[23] Rahman, M. M., Kshetri, N., Sayeed, S. A., & Rana, M. M. (2024). Assess ITS: Integrating procedural guidelines and practical evaluation metrics for organizational IT and cybersecurity risk assessment. arXiv. https://doi.org/10.48550/arXiv.2410.01750

[24] Rumba, M. F., Mirsel, R., & Sabu, F. X. (2022). Risk management information technology based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero. American Journal of Computer Science and Technology, 5(3), 170–177. https://doi.org/10.11648/j.ajcst.20220503.13

[25] Sattlegger, A., & Bharosa, N. (2024). Beyond principles: Embedding ethical AI risks in public sector risk management practice. In Proceedings of the ACM Conference on Fairness, Accountability, and Transparency (FAccT) (pp. 657–663). https://doi.org/10.1145/3657054.3657063

[26] Sinulingga, R., Raharjo, T., & Trisnawaty, N. W. (2024). Risk management design and analysis on agile development project using ISO 31000 integrated with ISO 27005: A case study of SiREV application. Jurnal Informatika Ekonomi Bisnis, 6(4), 815–821. https://doi.org/10.37034/infeb.v6i4.1053

[27] Souza, F. S. R. N., Braga, M. V. A., & Cunha, A. S. M. (2023). Incorporation of international risk management standards into federal regulations. Revista de Administração Pública, 57(3), 245–262. https://doi.org/10.1590/0034-761220180117x

[28] Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards: A review and comprehensive overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181

[29] Twizeyimana, J. D., & Andersson, A. (2019). The public value of e-government: A literature review. Government Information Quarterly, 36(2). https://doi.org/10.1016/j.giq.2019.01.001

[30] Weerakkody, V., Irani, Z., Lee, H., Osman, I. H., & Hindi, N. (2015). E-government deployment: A bird’s eye view of issues relating to costs, opportunities, benefits and risks. Information Systems Frontiers, 17(4), 889–915. https://doi.org/10.1007/s10796-013-9472-3

[31] Xie, Z. (2022). ICT governance and management macroprocesses of a Brazilian federal government agency. Information, 13(5), 231. https://doi.org/10.3390/info13050231