Journal of Information and Management Volume 34, Issue 1

Risk Management in Changing Society : The Significance of Risk Management Education(<Special Issue>Risk Management)

In modern society, every organization is exposed to various types of risks. An organization is required to deal with risks in the present changing business environment. For managing risk to be effective, an organization should comply with the requirements necessary for achieving its objectives. Here the requirements mean internationally recognized standards. If an organization is to put them into practice, global transactions must be in mutually reliable. Under this paradigm, the ISO has published its ISO family of standards. The risk management standard termed ISO 31000 is one of these. In accordance with this standard, a committee within JIPDEC developed JRMS 2010 in 2010. The author refers to the framework of risk management of the ISO 31000, and the structure of JRMS 2010 that includes the maturity model and gap analysis. Finally, he emphasizes the significance of risk management education in business society.

A Visible Threat, an Invisible Threat : The Effective Risk Management Begins with the Recognition of the Threat(<Special Issue>Risk Management)

Risk management is increasing in scope and complexity. In particular, in recent years the new threat of cyber-attacks has appeared and is in an upward trend. The threat of cyber-attack differs from classic threats such as earthquakes and fires, and because there are few examples to study, risk management techniques have not yet been established. In order to keep the risks brought about by increasingly skillful cyber-attacks down to a tolerable level, sophisticated technical expertise is demanded, and taking generally appropriate measures is considered difficult. In this study, we analyze the large-scale cyber-attack that occurred in South Korea on March 20th 2013, and make it clear that the source of the threat was not a high level technical issue, but rather a management issue.

ICT-Related Manufactured Risk(<Special Issue>Risk Management)

Whereas ICT-based services provide people and organisations with huge benefits in the current socio-economic and technological environment, it is concerned that the widespread use and social penetration of them would exert negative impacts on human existence and society in invisible and irretrievable fashion. Such manufactured risk includes alienation through the embodiment of personal information and disembodiment of individuals, dehumanisation brought about by the externalisation of human memory, and the collective development of the schizophrenic society. This study attempts to examine the nature of the manufactured risk and to propose policies to obviate social problems caused by the risk, based on the studies on computer/information ethics and sociology of risk.

Potential to Improve Risk Management Capability through Education of International Financial Reporting Standards(<Special Issue>Risk Management)

Disclosure and accounting in Japan so far, was the idea of post-processing the performance information mainly, but for proper financial reporting based on IFRS, thinking of pre-management is important. In that situation, the integration of accounting and financial reporting process and enterprise risk management in business management process is required. In Accounting Education of Japan, is not to be considered as a matter of financial reporting and accounting the introduction of IFRS. By leveraging education for integrating and accounting management to IFRS, it is possible to develop a perspective of to enhance enterprise risk management.

Social Risk Management System towards Natural Disasters(<Special Issue>Risk Management)

In this paper, a way of social risk management towards natural disasters is considered by referring the East Japan Great Earthquake happened on 11 March, 2011. Whenever we have a serious disaster including natural one in this country, lack of leadership of the government and the prime minister is heavily criticized by domestic as well as overseas medias. However, there is no idea of leadership, a typical Western idea, in Japanese tradition. Leadership is actually not necessary for risk management. The most important factors for recovery from natural disaster are stability of the stricken society and the people's strong unity, which is one of features in Japanese society as well. Our purpose here is to investigate a risk management system built in the normal administrative one in which Japanese way of life, consciousness and ideas are utilized to the maximum. Since decentralization of authority is supposed as a prerequisite in this idea, autonomous decentralized system is strongly recommended as administrative one. It is impossible to know the best performance of risk management by autonomous decentralized administrative system because the system is always changing. Therefore, it is neither possible to strictly measure efficiency nor to compare with other systems. If however, the damage of a disaster is recognized to be less than those of the past ones by many people, the risk management system may be evaluated to have worked effectively.

Risk Analysis of System Integration on Merger of Companies : Case Study of Three banks(<Special Issue>Risk Management)

Because of the merger of companies, both of two information systems must be combine into one system. Many risks arise during the integration process, and the risks may bring out the system failure. Mizuho Bank established by the merger of 3 banks produced serious system failure two times. I have concluded that the system failure is relevant to the risks by the merger. Also I have mentioned the integration process of North Pacific Bank and the Bank of Tokyo-Mitsubishi UFJ.

Assumption of Risk in Risk Management Studies(<Special Issue>Risk Management)

This paper has clarified the process of "assumption of risk", and factors of its difficulties under the premise that assumption of risk is difficult. Specifically, as the process of assumption of risk, it is examined how "risk identification", "risk estimation", "risk evaluation" and "selection of risk treatment" are indicated in risk management studies. And as difficulties of assumption of risk, it is considered whether it falls into "unexpected" which is the situation exceeded a prior assumption in each process in what kind of case. By doing so, the state of the risk management on condition of the difficulty of risk assumption is oriented.

An Decision-Making Model for Supply Chain Resilience(<Special Issue>Risk Management)

The study of Supply Chain Resilience (SCR) has become a focus in recent years, and most of them are remaining on the arguments of the conceptual validity and lack of practical measures. In this paper, with the review and understanding on the related concepts of SCR, we conclude a suite of fundamental and common key points in order to establish Resilient Supply Chain. By means of analysis on the differences of the vulnerabilities and capabilities, we summarized two typical supply chains in terms of their sourcing and producing operations and deduced contrary suites of operation strategies. At last, we proposed a comprehensive decision-making model in order to guide a suite of more explicit methodologies for achieving SCR.