ISO 31000 in Digital Public Governance

Marzhan Sembinova; Leila Salykova; Nadeem Khalid

doi:10.52123/1994-2370-2025-1631

Авторы

Marzhan Sembinova Astana IT University
Leila Salykova https://astanait.edu.kz/personnel/салыкова-лейла-нуртлеуовна/
Nadeem Khalid Anglia Ruskin University, Cambridge, GB

DOI:

https://doi.org/10.52123/1994-2370-2025-1631

Ключевые слова:

risk management, digital government, E-Government, Literature Review, ISO 31000, digital public projects

Аннотация

Цифровая трансформация в государственном управлении сопровождается появлением новых рисков, требующих системных методов управления. В обзоре анализируется применение ISO 31000 в цифровом государственном управлении, в том числе в электронном правительстве и системах управления персоналом (E-HRM). В соответствии с PRISMA было рассмотрено 54 исследования, отобранные из 228 публикаций за 2009–2024 гг.

Результаты показывают, что ISO 31000 является гибкой структурой для идентификации, оценки и снижения рисков, повышающей надёжность услуг и подотчётность организаций. Однако внедрение ограничивается политической сменяемостью и фрагментированным распределением ресурсов. Дополнительные стандарты, такие как ISO 27005 и COBIT, усиливают эффективность применения, но исследований по новым технологиям (ИИ, блокчейн, предиктивная HR-аналитика) недостаточно.

Библиографические ссылки

[1] Anindya, S. R. (2023). Potential risk management design based on ISO 31000:2018: A case study of RSUD BLUD X. InCAF, 1(1). https://doi.org/10.20885/InCAF.vol1.art1

[2] Akinrolabu, O., Nurse, J. R. C., Martin, A., & New, S. (2019). Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security, 87, 101600. https://doi.org/10.1016/j.cose.2019.101600

[3] Alves, G. F., Martins, M. A. F., Brito, R. L., & Santos, W. O. (2020). Enterprise Risk Management Agile Canvas: A framework for risk management on public administration. Revista do Serviço Público, 71(4), 245–268. https://doi.org/10.21874/RSP.V71IC.4363

[4] Arif, G. S., Erliani, Y., & Ratnasari, A. (2024). Analysis of risk management using E-Office application with ISO 31000:2018 in National Public Procurement Agency (NPPA/LKPP). Airlangga Journal of Innovation Management, 5(2), 260–277. https://doi.org/10.20473/ajim.v5i2.56656

[5] Barafort, B., Mesquida, A.-L., & Mas, A. (2018). Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context. Computer Standards & Interfaces, 60, 57–66. https://doi.org/10.1016/j.csi.2018.04.010

[6] Barraza, J., Rodríguez-Picón, L., Morales-Rocha, V., & Torres, V. (2023). A systematic review of risk management methodologies for complex organizations in Industry 4.0 and 5.0. Systems, 11(5), 218. https://doi.org/10.3390/systems11050218

[7] Bostrom, R. P., & Heinen, J. S. (1977). MIS problems and failures: A socio-technical perspective. Part I: The causes. MIS Quarterly, 1(3), 17–32. https://doi.org/10.2307/248710

[8] Donaldson, L. (2001). The contingency theory of organizations. Sage Publications. https://doi.org/10.4135/9781452229249

[9] Elly, R., Chen, K., Hanes, D., & Joosten, S. (2022). ISO 31000:2018-based IT infrastructure risk management study (case study: Universitas Mikroskil). Jurnal Riset Informatika, 5(1), 469–480. https://doi.org/10.34288/jri.v5i1.448

[10] Ernawati, T., Suhardi, & Nugroho, D. R. (2012). IT risk management framework based on ISO 31000:2009. In Proceedings of the International Conference on System Engineering and Technology (pp. 233–238). IEEE. https://doi.org/10.1109/ICSENGT.2012.6339352

[11] Kempeneer, S., & Heylen, F. (2023). Virtual state, where are you? A literature review, framework and agenda for failed digital transformation. Big Data & Society. https://doi.org/10.1177/20539517231160528

[12] Lubis, F. S. (2023). IT risk analysis based on risk management using ISO 31000: Case study registration application at University XYZ. In Proceedings of the International Conference on Informatics, Multimedia, [13] Cyber and Information System (ICIMCIS’23). ACM. https://doi.org/10.1145/3629378.3629464

Mamuaja, H. B., & Cahyono, A. (2024). SIOLGA information technology risk management analysis using ISO 31000. Journal of Information Systems and Informatics, 6(1), 57–67. https://doi.org/10.51519/journalisi.v6i1.641

[14] Morozova, I. A., & Yatsechko, S. S. (2022). The risks of smart cities and the perspectives of their management based on corporate social responsibility in the interests of sustainable development. Risks, 10(2), 34. https://doi.org/10.3390/risks10020034

[15] Moynihan, D. P. (2008). The dynamics of performance management: Constructing information and reform. Georgetown University Press.

[16] Nugraha, U. (2019). Implementation of ISO 31000 for information technology risk management in the government environment. International Journal of Advanced Science and Technology, 28(19).

[17] Nurdin, I. (2024). Development of an integrated IT risk management framework for electronic-based government systems: A case study of the XYZ ministry. Indonesian Interdisciplinary Journal of Sharia Economics, 7(1), 1331–1353. https://doi.org/10.31538/iijse.v7i1.4322

[18] Olechowski, A., Oehmen, J., Seering, W., & Ben-Daya, M. (2016). The professionalization of risk management: What role can the ISO 31000 risk management principles play? International Journal of Project Management, 34(8), 1568–1578. https://doi.org/10.1016/j.ijproman.2016.08.002

[19] Oliveira, U. R. de, Marins, F. A. S., Rocha, H. M., & Salomon, V. A. P. (2017). The ISO 31000 standard in supply chain risk management. Journal of Cleaner Production, 151, 616–633. https://doi.org/10.1016/j.jclepro.2017.03.054

[20] Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., et al. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, 372, n71. https://doi.org/10.1136/bmj.n71

[21] Park, K. J. (2018). A risk management model for sustainable smart city. International Journal of Advanced Science and Technology, 110, 23–32. https://doi.org/10.14257/ijast.2018.110.03

[22] Putra, A. P., & Soewito, B. (2023). Integrated methodology for information security risk management using ISO 27005:2018 and NIST SP 800-30 for insurance sector. International Journal of Advanced Computer Science and Applications, 14(4). https://doi.org/10.14569/IJACSA.2023.0140468

[23] Rahman, M. M., Kshetri, N., Sayeed, S. A., & Rana, M. M. (2024). Assess ITS: Integrating procedural guidelines and practical evaluation metrics for organizational IT and cybersecurity risk assessment. arXiv. https://doi.org/10.48550/arXiv.2410.01750

[24] Rumba, M. F., Mirsel, R., & Sabu, F. X. (2022). Risk management information technology based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero. American Journal of Computer Science and Technology, 5(3), 170–177. https://doi.org/10.11648/j.ajcst.20220503.13

[25] Sattlegger, A., & Bharosa, N. (2024). Beyond principles: Embedding ethical AI risks in public sector risk management practice. In Proceedings of the ACM Conference on Fairness, Accountability, and Transparency (FAccT) (pp. 657–663). https://doi.org/10.1145/3657054.3657063

[26] Sinulingga, R., Raharjo, T., & Trisnawaty, N. W. (2024). Risk management design and analysis on agile development project using ISO 31000 integrated with ISO 27005: A case study of SiREV application. Jurnal Informatika Ekonomi Bisnis, 6(4), 815–821. https://doi.org/10.37034/infeb.v6i4.1053

[27] Souza, F. S. R. N., Braga, M. V. A., & Cunha, A. S. M. (2023). Incorporation of international risk management standards into federal regulations. Revista de Administração Pública, 57(3), 245–262. https://doi.org/10.1590/0034-761220180117x

[28] Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards: A review and comprehensive overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181

[29] Twizeyimana, J. D., & Andersson, A. (2019). The public value of e-government: A literature review. Government Information Quarterly, 36(2). https://doi.org/10.1016/j.giq.2019.01.001

[30] Weerakkody, V., Irani, Z., Lee, H., Osman, I. H., & Hindi, N. (2015). E-government deployment: A bird’s eye view of issues relating to costs, opportunities, benefits and risks. Information Systems Frontiers, 17(4), 889–915. https://doi.org/10.1007/s10796-013-9472-3

[31] Xie, Z. (2022). ICT governance and management macroprocesses of a Brazilian federal government agency. Information, 13(5), 231. https://doi.org/10.3390/info13050231