Managing Information Risks

Rate This: 
Fivestar rating field for readers to rate the content.

At the moment I am looking for gaps in my reading up to now and I found that I have not read much about information risks. It also seems that those risks are not (yet?) in focus, neither in research nor business. So I was happy to find “Information risks management in supply chains: an assessment and mitigation framework” by Faisal, Banwet and Shankar.

Topic / Methodology

The purpose of the paper is to provide a framework for the management of information risks, and to device a way to measure them. The authors therefore use graph theory and interpretive structural modeling to model the interrelations between risks and their drivers and develop a framework for mitigating the risks. They start categorizing information risks as follows:

  • Information security / breakdown risks (I1)
  • forecast risks (I2)
  • intellectual property rights risks (I3)
  • IT/IS outsourcing risks (I4)
Risk Mitigation Model for Information Risks
Figure 1: Model for Information Risk Mitigation in a Supply Chain (Faisal et al. 2007)


The authors next developed the variables which help to reduce information risks using brainstorming sessions. This resulted in 12 variables which where then analyzed using above mentioned methods.

Figure 1 shows the resulting framework. I found it especially interesting that a “soft factor” like management commitment had such an integral role in this framework, pointing the finger on something that business often neglects when managing risks.

Risk Measurement

The framework implies a focal role of measuring the impacts of different risks. The authors conclude:

Measurement of information risks is important to understand their contribution to overall risk susceptibility of the supply chain, and also to determine the impact of the efforts to mitigate them.

With this in mind the authors first determine the interrelationships between the above mentioned risks and then suggest the formula of their “information risk index”.

Interrelations between Information Risks
Figure 2: Representation of the four Information Risk Variables (Faisal et al. 2007)
Risk Index for Information Risks
Figure 3: Information Risk Index of the Supply Chain (Faisal et al. 2007)

I liked reading this article and I agree with the conclusions. When analyzing the results, you also have to keep in mind that this work has not been based on a widespread consensus or even tested empirically.


Faisal, M., Banwet, D., & Shankar, R. (2007). Information risks management in supply chains: an assessment and mitigation framework Journal of Enterprise Information Management, 20 (6), 677-699 DOI: 10.1108/17410390710830727

Add new comment