Skip to main content
SpringerLink
Log in

IT Operational Risk Measurement Model Based on Internal Loss Data of Banks

  • Conference paper
E-business Technology and Strategy (CETS 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 113))

Included in the following conference series:

  • 1347 Accesses

Abstract

Business operation of banks relies increasingly on information technology (IT) and the most important role of IT is to guarantee the operational continuity of business process. Therefore, IT Risk management efforts need to be seen from the perspective of operational continuity. Traditional IT risk studies focused on IT asset-based risk analysis and risk-matrix based qualitative risk evaluation. In practice, IT risk management practices of banking industry are still limited to the IT department and aren’t integrated into business risk management, which causes the two departments to work in isolation. This paper presents an improved methodology for dealing with IT operational risk. It adopts quantitative measurement method, based on the internal business loss data about IT events, and uses Monte Carlo simulation to predict the potential losses. We establish the correlation between the IT resources and business processes to make sure risk management of IT and business can work synergistically.

Supported by National Science Foundation of China: 70971083 and Leading Academic Discipline Program , 211 Project for Shanghai University of Finance and Economics (the 3rd phase).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basel Committee on Banking Supervision. Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Model (2004)

    Google Scholar 

  2. Suh, B., Han, I.: The IS Risk Analysis based on a Business Model. Information & Management 41(2), 149–158 (2003)

    Article  Google Scholar 

  3. Lambrigger, D., Mario, P.V., Wüthrich, V.: The Quantification of Operational Risk Using Internal Data, Relevant External Data and Expert Opinions. J. Journal of Operational Risk 2(3), 3–27 (2007)

    Article  Google Scholar 

  4. Dutta, K., Perry, A.: Tale of Tails: an Empirical Analysis of Loss Distribution Models for Estimating Operational Risk Capital. Working Paper of Federal Reserve Bank of Boston (2006)

    Google Scholar 

  5. Cheng, F., Gamarnik, D., Jengte, N., Min, W., Ramarchandran, B.: Modeling Operational Risk in Business Processes. IBM Research Report (2005)

    Google Scholar 

  6. Post, G.V., Diitz, D.: A Stochastic Dominance Approach to Risk Analysis of Computer Systems. MIS Quarterly 10(4), 363–375 (1986)

    Article  Google Scholar 

  7. Salmela, H.: Analysing Business Losses Caused by Information Systems Risk: a Business Process Analysis Approach. Journal of Information Technology (Palgrave Macmillan) 23(3), 185–202 (2008)

    Article  MathSciNet  Google Scholar 

  8. Worrell, J.L., Bush, A. A.: Perceptions of Information Technology Risk: a Delphi Study. In: Conference of AMCIS (2007)

    Google Scholar 

  9. Muehlen, M.Z., Rosemann, M.: Integrating Risks in Business Process Models. In: 16th Australasian Conference on Information Systems Integrating Risks in Business Process Models (2005)

    Google Scholar 

  10. Shevchenko, P.V., Wüthrich, M.V.: The Structural Modeling of Operational Risk via Bayesian Inference: Combining Loss Data with Expert Opinions. J. The Journal of Operational Risk 1(3), 3–26 (2006)

    Article  Google Scholar 

  11. Peters, G.W., Sisson, S.A.: Bayesian Inference, Monte Carlo Sampling and Operational Risk. Journal of Operational Risk 1(3), 27–50 (2006)

    Article  Google Scholar 

  12. Halliday, S., Badenhorst, K., Solms, R.V.: A Business Approach to Effective Information Technology Risk Analysis and Management. Information Management & Computer Security 4(1), 19–31 (1996)

    Article  Google Scholar 

  13. Sherer, S., Alter, S.: Information System Risks and Risk Factors: Are They Mostly about Information Systems? Communications of the AIS 14(1), 29–64 (2004)

    Google Scholar 

  14. Shevchenko, P.V., Wüthrich, M.V.: The Structural Modeling of Operational Risk via Bayesian Inference: Combining Loss Data with Expert Opinions. Journal of Operational Risk 1(3), 3–26 (2006)

    Article  Google Scholar 

  15. Alter, S., Sherer, S.A.: A General, but Readily Adaptable Model of Information System Risk. Communications of the Association for Information Systems 14(1), 1–28 (2004)

    Google Scholar 

  16. Dimakos, X.K., Aas, K.: Integrated Risk Modeling. Statistical Modeling 4(4), 1–13 (2004)

    Article  MATH  Google Scholar 

  17. Bai, X., Krishnan, R., Padman, R.: On Risk Management in Business Information Flow: A Process-Modeling Approach. In: Proceedings of the 5th Workshop on Secure Knowledge Management (SKM 2008), pp. 20–21 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Management and Engineering, Shanghai University of Finance and Economics, Shanghai, China, 200433

    Xiaoling Hao

Authors
  1. Xiaoling Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Queen’s University, 99 University Avenue, K7L 3N6, Kingston, Ontario, Canada

    Marzia Zaman

  2. Royal Military College of Canada, 13 General Crerar Cres, K7K 7B4, Kingston, ON, Canada

    Yawei Liang

  3. Université du Québec en Outaouais, 283 boul. Alexandre-Taché, C.P. 1250, J8X 3X7, Gatineau, Québec, Canada

    Sohail M Siddiqui

  4. CeBA Canada, 1107-2720 Queensview Drive, K2B 1A5, Ottawa, ON, Canada

    Tim Wang

  5. Sprott School of Business, Carleton University, 1125 Colonel By Drive, K1S 5B6, Ottawa, Ontario, Canada

    Vincent Liu

  6. University of Toronto, 172 St. George Street, M5R 0A3, Toronto, Canada

    Ceecee Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hao, X. (2010). IT Operational Risk Measurement Model Based on Internal Loss Data of Banks. In: Zaman, M., Liang, Y., Siddiqui, S.M., Wang, T., Liu, V., Lu, C. (eds) E-business Technology and Strategy. CETS 2010. Communications in Computer and Information Science, vol 113. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16397-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16397-5_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16396-8

  • Online ISBN: 978-3-642-16397-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation