A probabilistic approach to IT risk management in the Basel regulatory framework

Purpose This paper aims to examine the connection between information system (IS) availability and operational risk losses and the capital requirements. As most businesses today become increasingly dependent on information technology (IT) services for continuous operations, IS availability is becoming more important for most industries. However, the banking sector has particular sector-specific concerns that go beyond the direct and indirect losses resulting from unavailability. According to the first pillar of the Basel II accord, IT outages in the banking sector lead to increased capital requirements and thus create an additional regulatory cost, over and above the direct and indirect costs of an outage. Design/methodology/approach A Bayesian belief network (BBN) with nodes representing causal factors has been used for identification of the factors with the greatest influence on IS availability, thus helping in investment decisions. Findings Using the BBN model for making IS availability-related decisions action (e.g. bringing a causal factor up to the best practice level), organization, according to the presented mapping table, would have less operational risk events related to IS availability. This would have direct impact by decreasing losses, related to those events, as well as to decrease the capital requirements, prescribed by the Basel II accord, for covering operational risk losses. Practical implications An institution using the proposed framework can use the mapping table to see which measures for improving IS availability will have a direct impact on operational risk events, thus improving operational risk management. Originality/value The authors mapped the factors causing unavailability of IS system to the rudimentary IT risk management framework implied by the Basel II regulations and, thus, established an otherwise absent link from the IT availability management to operational risk management according to the Basel II framework.

Download Full-text

IT Governance and the Maturity of IT Risk Management Practices

Journal of Information Systems ◽

10.2308/isys-51365 ◽

2015 ◽

Vol 31 (1) ◽

pp. 59-77 ◽

Cited By ~ 7

Author(s):

Nishani Edirisinghe Vincent ◽

Julia L. Higgs ◽

Robert E. Pinsker

Keyword(s):

Risk Management ◽

Boards Of Directors ◽

Management Practices ◽

It Governance ◽

Operational Risk ◽

Operational Risk Management ◽

It Risk Management ◽

Customer Information ◽

Reporting Structure ◽

It Risk

ABSTRACT The Securities and Exchange Commission's enhanced disclosure rule on risk oversight, state laws requiring public disclosure of compromised customer information, and high-profile customer information breaches have caused Information Technology (IT) risk management practices to be a major concern for boards of directors and management. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management (ERM) framework emphasizes the importance of the board's oversight role while also bringing attention to the firm's reporting structure. Consequently, our study examines whether the maturity of IT risk management practices depends on Chief Information Officer (CIO) reporting structure and Chief Executive Officer (CEO)/Chairman duality. We develop a scale to measure strategic and operational maturity under the larger auspice of IT risk management and distribute a survey to high-level IT professionals. Our survey also captures the reporting structure of their firms. Consistent with our hypothesis, we find that the maturity of strategic IT risk management practices are higher when the CIO reports directly to the CEO. However, contrary to expectations, we do not find that operational risk management is more mature when the CIO reports to the Chief Financial Officer (CFO). Instead, operational risk management is higher when the CIO reports to the CEO. For public firms, the maturity of IT risk management practices are higher when the CEO is also the chairman of the board of directors. As C-level officers may have asymmetric access to the board, understanding reporting structures may inform firms, regulators, and interested stakeholders on how well IT risk is managed and factors that affect IT governance.

Download Full-text

Operational risk management in financial institutions: Process assessment in concordance with Basel II

Software Process Improvement and Practice ◽

10.1002/spip.322 ◽

2007 ◽

Vol 12 (4) ◽

pp. 321-330 ◽

Cited By ~ 9

Author(s):

B. Di Renzo ◽

M. Hillairet ◽

M. Picard ◽

A. Rifaut ◽

C. Bernard ◽

...

Keyword(s):

Risk Management ◽

Financial Institutions ◽

Operational Risk ◽

Basel Ii ◽

Process Assessment ◽

Operational Risk Management

Download Full-text

Operational Risk Management Under Basel II: The Case of the Spanish Financial Services

SSRN Electronic Journal ◽

10.2139/ssrn.676829 ◽

2005 ◽

Author(s):

Ana Fernández Laviada ◽

Francisco J. Martinez Garcia ◽

Francisco M. Somohano

Keyword(s):

Risk Management ◽

Financial Services ◽

Operational Risk ◽

Basel Ii ◽

Operational Risk Management

Download Full-text

Risk of adopting mission-critical OSS applications: an interpretive case study

International Journal of Operations & Production Management ◽

10.1108/ijopm-03-2012-0117 ◽

2014 ◽

Vol 34 (4) ◽

pp. 477-512 ◽

Cited By ~ 17

Author(s):

Placide Poba-Nzaou ◽

Louis Raymond ◽

Bruno Fabi

Keyword(s):

Risk Management ◽

Open Source ◽

Resource Planning ◽

Adoption Process ◽

Content Type ◽

It Risk Management ◽

Interpretive Case Study ◽

Mission Critical ◽

It Risk

Purpose – This study aims to explore the process of open source software (OSS) adoption in small- and medium-sized enterprises (SMEs), and more specifically open source enterprise resource planning (ERP) as a “mission critical” OSS application in manufacturing. It also addresses the fundamental issue of ERP risk management that shapes this process. Design/methodology/approach – The approach is done through an interpretive case study of a small Canadian manufacturer that has adopted an open source ERP system. Findings – Interpreted in the light of the IT risk management, OSS and packaged application adoption literatures, results indicate that the small manufacturer successfully managed the adoption process in a rather intuitive manner, based on one guiding principle and nine practices. In analyzing the data, diffusion of innovation theory appeared to fit rather well with the situation observed and to offer rich insights to explain the mission-critical OSS adoption process. Research limitations/implications – A single case study of successful IT adoption should be eventually counterbalanced by future cases considered to be partial or total failures, using a wider multiple case study approach for comparative purposes. And this should include alternative theoretical interpretations and more detailed empirical work on the extent to which the distinctive features of OSS make its adoption more or less risk-laden. This initial effort should also be followed by further research on mission-critical OSS adoption in contexts other than SMEs (e.g. healthcare organizations) and other than ERP (e.g. customer-relationship management). Practical implications – This research confirms that open source is a credible alternative for SMEs that decide willingly or under external pressure to adopt a mission-critical system such as ERP. Moreover, it suggests that a high level of formalization is not always necessary. Originality/value – The authors argue that rich insights into the dynamics of the mission-critical OSS adoption process can be obtained by framing this process within an IT risk management context.

Download Full-text

Operational Risk Management under Basel II - The Case of An Binh Joint Stock Bank

Science and Technology Development Journal ◽

10.32508/stdj.v19i4.775 ◽

2016 ◽

Vol 19 (4) ◽

pp. 108-126

Author(s):

Trung Quoc Trinh ◽

Thuy Thu Pham

Keyword(s):

Risk Management ◽

Financial Services ◽

Commercial Banks ◽

Banking System ◽

Operational Risk ◽

Business Environment ◽

Basel Ii ◽

Global Market ◽

Local Market ◽

Operational Risk Management

In order to enhance commercial banks’ safety in financial services, Basel Committee on Banking Supervision issued a framework on operational risk management under Basel II. In an ever riskier business environment, it is necessary for Vietnam’s commercial banks to increase their competencies in risk management, especially in operational risk management. This is to ensure a sustainable development for banks in the local market and in the global market as well. In recent years, Vietnam’s commercial banks have developed systems for operational risk management. Therefore, the performance assessment is of importance to improve and enlarge applications on operational risk management, from perceptions, corporate’s culture, procedures to other supportive measures on the field of risk management in Vietnam’s banking system.

Download Full-text

Operational Risk Management in Corporate and Banking Sector of Pakistan

SSRN Electronic Journal ◽

10.2139/ssrn.2663415 ◽

2014 ◽

Author(s):

Sitwat Habib ◽

haris masood ◽

Taimoor Hassan ◽

Muhammad Mubin ◽

Umair Baig

Keyword(s):

Risk Management ◽

Banking Sector ◽

Operational Risk ◽

Operational Risk Management

Download Full-text

Operational risk management and customer complaints

Benchmarking An International Journal ◽

10.1108/bij-04-2018-0089 ◽

2019 ◽

Vol 26 (8) ◽

pp. 2486-2513 ◽

Cited By ~ 1

Author(s):

Noor Fareen Abdul Rahim ◽

Essia Ries Ahmed ◽

Mohammad Nizam Sarkawi ◽

Abdul Rahman Jaaffar ◽

Jauriyah Shamsuddin

Keyword(s):

Risk Management ◽

Operational Risk ◽

Hazard Identification ◽

Product Complexity ◽

Content Type ◽

Operational Risk Management ◽

Customer Complaints ◽

Bank Branches ◽

Significant Relationships ◽

The Relationship

PurposeThe purpose of this paper is to examine the relationship between operational risk management and customer complaints. It also determines whether product complexity moderates the relationship between the operational risk management and customer complaints.Design/methodology/approachThis study utilizes a quantitative method: quantitative data were collected using a questionnaire. The population of this study is 1,845 local conventional bank branches based in Malaysia.FindingsThe findings revealed that components of operational risk management, namely practice of hazard identification and formulation of implementation of risk control, have negative and significant relationships with customer complaints. Empirical evidence confirmed the moderating effects of product complexity on the relationship between operational risk management and customer complaints.Originality/valueFrom the perspective of developing countries, the main contribution of this study is the elucidation of the effect of operational risk management on customer complaints in commercial banks in Malaysia. This study confirmed the usability of the resource-based view theory in the banking industry, as well as operational risk management as a bank resource.

Download Full-text

Operational Risk Management in Banking Sector: An overview

Indian Journal Of Applied Research ◽

10.15373/2249555x/jan2013/4 ◽

2011 ◽

Vol 3 (1) ◽

pp. 6-8 ◽

Cited By ~ 1

Author(s):

Rakesh Chutia ◽

Keyword(s):

Risk Management ◽

Banking Sector ◽

Operational Risk ◽

Operational Risk Management

Download Full-text

Operational Risk Management In Banking Activity

Journal of Eastern Europe Research in Business & Economics ◽

10.5171/2021.969612 ◽

2021 ◽

pp. 1-16

Author(s):

Maria-Alexandra CRISTEA

Keyword(s):

Risk Management ◽

Banking Sector ◽

Operational Risk ◽

Operational Risk Management ◽

Operational Risks ◽

Banking Activity ◽

Short Period ◽

Financial Losses

A multitude of factors can create operational risks, and the possible financial losses that can be resulted in are important. The appearance of various prudential regulations for appropriate operational risk management, in a short period of time, contributed to the inclusion of this risk as one of the most significant risks in the banking sector.

Download Full-text

Do operational risk and corporate governance affect the banking industry of Pakistan?

Review of Economics and Political Science ◽

10.1108/reps-12-2019-0156 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Komal Altaf ◽

Huma Ayub ◽

Malik Shahzad Shabbir ◽

Muhammad Usman

Keyword(s):

Risk Management ◽

Corporate Governance ◽

Commercial Banks ◽

Operational Risk ◽

Primary Data ◽

Monitoring And Control ◽

Content Type ◽

Operational Risk Management ◽

And Control ◽

The Impact

PurposeDue to increase in operational risk, banks are facing huge losses. In order to avoid losses, banks need to manage operational risk. This study aims to analyze the impact of operational risk management (ORM) processes, which include identification, assessment, analysis, monitoring and control in the presence of corporate governance (CG) that can also contribute to effective ORM practices.Design/methodology/approachOperational risk management processes are used to manage operational risk along with CG. Primary data are collected through questionnaire from (167) operational risk managers of commercial banks. Multiple linear regressions has been run to analyze the data.FindingsResults indicate significant impact of CG and operational risk identification (ORI), monitoring and control on ORM practices in commercial banks of Pakistan.Originality/valueThe study suggests policy makers to improve the ORM framework by CG. Beside this, in order to lessen operational risk, proper identification, monitoring and control of operational risk could also contribute.

Download Full-text