Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry
As the financial industry has aggressively implemented ICT (Information and Communication Technology) into their operations, the speed, volume and service areas have also increased dramatically. At the same time, the frequency of information system (IS) related failures have increased and vulnerability has been emerging in the financial industry as one of the critical infrastructure of our society. The paper will define IS risks in the financial industry and discuss designing risk management framework with some indicators through some case studies on the past major information systems failures in the Japanese financial industry, such as the system integration failure due to mega-banks merger in 2002 that caused major service disruption in their settlement and retail payments, the nationwide ATM network failure in 2004 that caused a one-month period of intermittent service disruptions, and the largest stock exchange disruption in 2005 that caused a half-day market closure. The framework defines IS risks with primary risk area (system/operational/ management), risk origin (external, internal), risk nature (static, dynamic), indicator criteria (quantitative, qualitative), and monitoring approach (periodic, event-driven, real-time).
KeywordsIS (Information System) risk management business continuity leading indicators
Unable to display preview. Download preview PDF.
- 1.The Board of Governors of the Federal Reserve System: Draft White Paper on Sound Practices To Strengthen the Resilience of the U.S. Financial System (2002)Google Scholar
- 2.The White House: National Plan for Information Systems Protection Version 1.0 (An Invitation to a Dialogue) (2000) Google Scholar
- 3.Watanabe, K.: Economical efficiency of outsourcing at bank operations: consideration with “risk-adjusted” point of view. Hitotsubashi Journal of Commerce and Management 37, 39–55 (2002)Google Scholar
- 4.Earl, M.: The Risk of Outsourcing IT. Sloan Management Review 37(3), 26–32 (1996)Google Scholar
- 5.Watanabe, K.: Emerging System Vulnerability of Important Social Infrastructure and Risk Management. In: Proceedings of the 33rd International Conference on Computer and Industrial Engineering, Session F1.3, Jedu, Korea (2004)Google Scholar
- 9.PricewaterhouseCoopers: Governance, Risk and Compliance - Best Practices and Strategies for Success (2004)Google Scholar
- 10.Davies, D.: WORLD TRADE CENTER LESSONS. Computer Law & Security Report 18(2) (2002)Google Scholar
- 12.Phelps, R.: A New Threat to Add to Your Plan: A Pandemic, Spring World 2004 at Orlando (USA), General Session 5, Disaster Recovery Journal (2004)Google Scholar
- 13.Zimmerman, R.: Decision-Making and the Vulnerability if Interdependent Critical Infrastructure, CREATE REPORT, Report#04-005 (2004)Google Scholar