Risk assessment and mitigation at the information technology companies

Ben Marx, Deon Oosthuizen

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


Developing computer software that is free from material defects is the ultimate goal for software developers; however, due to the cost and complexity of software development, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decision-making factors. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important.

Original languageEnglish
Pages (from-to)44-51
Number of pages8
JournalRisk Governance and Control: Financial Markets and Institutions
Issue number2
Publication statusPublished - 1 Mar 2016


  • Availability
  • Confidentiality
  • Downtime
  • Information security
  • Integrity
  • Risk assessment
  • Risk mitigation
  • Software flaws
  • Software patch management
  • Software patches

ASJC Scopus subject areas

  • Finance
  • Economics and Econometrics
  • Strategy and Management


Dive into the research topics of 'Risk assessment and mitigation at the information technology companies'. Together they form a unique fingerprint.

Cite this