Examining the Role of Information Technology Governance in Enhancing Risk Management Performance and Regulatory Compliance in Multinational Digital Enterprises
Keywords:
IT governance, risk management, regulatory compliance, digital enterprises, multinational organizationsAbstract
This study investigates the role of Information Technology (IT) governance in enhancing risk management performance and ensuring regulatory compliance within multinational digital enterprises. As digital transformation continues to reshape the global business landscape, organizations face increasing challenges in managing technological risks and complying with complex regulatory requirements across various jurisdictions. The study adopts a quantitative approach, using a survey methodology to collect data from senior IT and compliance managers in multinational digital enterprises. The survey focuses on how IT governance frameworks, such as COBIT 2019 and ISO 27000, are utilized to align IT strategies with business objectives, mitigate risks, and maintain regulatory compliance. The findings indicate that organizations with well-established IT governance structures are better positioned to proactively identify and mitigate risks, ensuring greater consistency in meeting regulatory requirements. These organizations demonstrate improved risk management effectiveness, especially concerning cybersecurity, data privacy, and compliance with global regulations like GDPR. In contrast, organizations with ad hoc or decentralized governance structures struggle with fragmented risk management and compliance efforts. The study further highlights the importance of integrating IT governance frameworks with internal audit functions, specifically the Chief Audit Executive (CAE), to enhance cybersecurity resilience and ensure compliance with global standards. This research contributes to the literature by providing empirical evidence on the integration of IT governance, risk management, and regulatory compliance in multinational enterprises. It also highlights the need for a structured and systematic approach to IT governance to improve organizational performance in managing risks and ensuring consistent regulatory adherence. The study offers practical insights for organizations looking to optimize their IT governance structures in the face of rapid digital transformation.
References
[1] Y. Luo, “A general framework of digitization risks in international business,” J. Int. Bus. Stud., vol. 53, no. 2, pp. 344 – 361, 2022, doi: 10.1057/s41267-021-00448-9.
[2] F. J. Contractor, J. Cantwell, G. Gereffi, and K. P. Sauvant, “The shift to a more turbulent IB environment, and how MNEs respond to this shift,” Int. Bus. Rev., vol. 35, no. 2, 2026, doi: 10.1016/j.ibusrev.2025.102538.
[3] A. Carlo and F. Casamassima, “‘Going Digital, Staying Secure: Cyber ERM Activities in a Post-Pandemic Setup,’” in Proceedings of the International Astronautical Congress, IAC, 2022.
[4] W. Wang, “Challenges and Strategies for Cross-Border Data Compliance in Enterprise Digital Management,” in Proceedings of 2024 5th International Conference on Computer Science and Management Technology, ICCSMT 2024, 2025, pp. 972 – 976. doi: 10.1145/3708036.3708196.
[5] E. S. Mandrakov, D. A. Dudina, V. A. Vasiliev, and M. N. Aleksandrov, “Risk Management Process in the Digital Environment,” in Proceedings of the 2022 International Conference “Quality Management, Transport and Information Security, Information Technologies”, IT and QM and IS 2022, 2022, pp. 108 – 111. doi: 10.1109/ITQMIS56172.2022.9976622.
[6] M. S. M. Silva, “At the digital crossroads: The attention economy, freedom of expression, and platform regulation — Challenges and prospects for solutions in the European Union,” Comun. e Soc., vol. 137, no. 150, 2025, doi: https://doi.org/10.17231/volesp(2025).5496.
[7] E. García-Canal and M. F. Guillén, “The International Expansion of Digital Platforms: A Dynamic Setting for Challenging and Advancing Theories of the Multinational Enterprise,” BRQ Bus. Res. Q., 2025, doi: 10.1177/23409444251382952.
[8] C. D. Djakman and S. V. Siregar, “The effect of maturity learn element in Enterprise risk management and corporate social responsibility on the level of digital transformation,” Bus. Strateg. Dev., vol. 7, no. 1, 2024, doi: 10.1002/bsd2.346.
[9] J. Zhong, X. Wang, and T. Zhang, “Network Security Governance Policy and Risk Management: Research on Challenges and Coping Strategies,” J. Mach. Comput., vol. 4, no. 1, pp. 153 – 169, 2024, doi: 10.53759/7669/jmc202404015.
[10] M. Chergui, A. Chakir, and H. Medromi, “Smart IT governance, risk and compliance semantic model: Business Driven architecture,” in Proceedings of the 3rd World Conference on Smart Trends in Systems, Security and Sustainability, WorldS4 2019, 2019, pp. 297 – 301. doi: 10.1109/WorldS4.2019.8903997.
[11] S. Nai, A. Rifai, and A. Sadiq, Data governance, key insights, strategic challenges, and future imperatives. 2025. doi: 10.4018/979-8-3373-0365-9.ch001.
[12] H. Abdullah, “Analyzing the technological challenges of Governance, Risk and Compliance (GRC),” in 4th International Conference on Electrical, Electronics, Communication, Computer Technologies and Optimization Techniques, ICEECCOT 2019, 2019, pp. 274 – 282. doi: 10.1109/ICEECCOT46775.2019.9114642.
[13] F. S. Lubis, V. S. Praditha, M. Lubis, H. Fakhrurroja, M. F. Safitra, and A. R. Lubis, “Corporate ICT Governance of Indonesian State-Owned Companies: Governance Structure and Decision Making Archetype,” in 2023 IEEE International Conference on Computing, ICOCO 2023, 2023, pp. 277 – 282. doi: 10.1109/ICOCO59262.2023.10397787.
[14] A. Byrne, “NAVIGATING THE DIGITAL EVOLUTION: UNCOVERING GOVERNANCE CHALLENGES AND STRATEGIES FOR SUCCESSFUL TRANSFORMATION,” EDPACS, vol. 69, no. 3, pp. 40 – 46, 2024, doi: 10.1080/07366981.2024.2325010.
[15] E. Iveroth, J. Lindvall, and J. Magnusson, Final words – looking back and ahead. 2025. doi: 10.4324/9781003540472-24.
[16] X. Wang, N. Wang, W. Sun, A. Xu, and Z. Zhang, “Digital transformation and enterprise violation risk: A ‘motivation-opportunity-attitude’ framework,” Heliyon, vol. 10, no. 20, 2024, doi: 10.1016/j.heliyon.2024.e39125.
[17] D. Danang, M. U. Dewi, and W. Aryani, “Systematic Literature Review on the Application of Blockchain in Enhancing Server Security: Research Methods for Mitigating Ransomware and Malware Attacks,” Int. J. Comput. Technol. Sci., vol. 1, no. 4, pp. 27–51, 2024.
[18] E. Muhadi, S. Sulartopo, D. Danang, D. Sasmoko, and N. D. Setiawan, “Rancang bangun sistem keamanan ruang persandian menggunakan RFID dan sensor PIR berbasis IoT,” Router J. Tek. Inform. dan Terap., vol. 2, no. 1, pp. 8–20, 2024.
[19] H. Wu and Y. Wang, “Digital transformation and corporate risk taking: Evidence from China,” Glob. Financ. J., vol. 62, 2024, doi: 10.1016/j.gfj.2024.101012.
[20] R. Mulyana, L. Rusu, and E. Perjons, “IT governance mechanisms influence on digital transformation: A systematic literature review,” in 27th Annual Americas Conference on Information Systems, AMCIS 2021, 2021.
[21] C. Espinoza-Aguirre and D. Pillo-Guanoluisa, “IT governance model for public institutions with a focus on higher education; [Modelo de Gobierno de TI para Instituciones Públicas con enfoque en la Educación Superior],” in Iberian Conference on Information Systems and Technologies, CISTI, 2018, pp. 1 – 14. doi: 10.23919/CISTI.2018.8399248.
[22] V. Hotti and H. Meriläinen, “Framework-based ICT governance and survey in Northern Savonia,” Commun. Comput. Inf. Sci., vol. 636, pp. 193 – 206, 2016, doi: 10.1007/978-3-319-44672-1_16.
[23] N. Kazemargi and P. Spagnoletti, “Cloud Sourcing and Paradigm Shift in IT Governance: Evidence from the Financial Sector,” in Lecture Notes in Information Systems and Organisation, 2020, pp. 47 – 61. doi: 10.1007/978-3-030-47355-6_4.
[24] J. H. Ortiz and S. Bayona-Oré, “Framework for it governance in a financial institution; [Implementación de un Marco para el Gobierno TI en una Entidad Financiera],” RISTI - Rev. Iber. Sist. e Tecnol. Inf., vol. 2019, no. E23, pp. 220 – 232, 2019.
[25] N. Xu, W. Lv, and J. Wang, “The impact of digital transformation on firm performance: a perspective from enterprise risk management,” Eurasian Bus. Rev., vol. 14, no. 2, pp. 369 – 400, 2024, doi: 10.1007/s40821-024-00264-9.
[26] D. Danang, N. D. Setiawan, and E. Siswanto, “Pemanfaatan Teknologi Internet of Things untuk Monitoring Kualitas Air Sungai di Wilayah Perkotaan,” J. New Trends Sci., vol. 2, no. 1, pp. 23–34, 2024.
[27] T. Wulyatiningsih and J. Y. Mambu, “IT Governance Maturity and Business Alignment: A COBIT 2019 Evaluation at RSUD ODSK,” Int. J. Eng. Sci. Inf. Technol., vol. 5, no. 2, pp. 248 – 255, 2025, doi: 10.52088/ijesty.v5i2.822.
[28] G. Benneh Mensah et al., “Assessing the role Ghana’s Public Health Act, 2012 (Act 851) can play in oversight of artificial intelligence healthcare systems to prevent medical errors and improve patient safety,” Babylonian J. Artif. Intell., pp. 24–32, 2023, doi: https://doi.org/10.58496/BJAI/2023/006.
[29] A. Alzeban, K. Al-Hajaya, N. Sawan, H. Chammaa, and S. Foster, “The quality of cybersecurity audits: do synergies among the chief audit executive, IT governance and internal audit functions matter?,” Manag. Audit. J., pp. 1 – 27, 2025, doi: 10.1108/MAJ-05-2025-4825.
[30] F. U. Begum, O. M. J. Popoola, and M. Z. Ghazali, “Unveiling the Determinants of Effective IT Governance: A Conceptual Framework for India’s Public Listed Companies,” Pap. Asia, vol. 40, no. 6b, pp. 415 – 428, 2024, doi: 10.59953/paperasia.v40i6b.297.
[31] A. A. Odejide, A. E. van der Poll, and J. A. van der Poll, “Towards a Conceptual IT Governance Framework for Developing Countries,” Stud. Big Data, vol. 170, pp. 439 – 449, 2025, doi: 10.1007/978-3-031-83915-3_35.
[32] F. A. Almaqtari, “The Role of IT Governance in the Integration of AI in Accounting and Auditing Operations,” Economies, vol. 12, no. 8, 2024, doi: 10.3390/economies12080199.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Integrated System and Management Technology
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
