Abstract
Business operation of banks relies increasingly on information technology (IT) and the most important role of IT is to guarantee the operational continuity of business process. Therefore, IT Risk management efforts need to be seen from the perspective of operational continuity. Traditional IT risk studies focused on IT asset-based risk analysis and risk-matrix based qualitative risk evaluation. In practice, IT risk management practices of banking industry are still limited to the IT department and aren’t integrated into business risk management, which causes the two departments to work in isolation. This paper presents an improved methodology for dealing with IT operational risk. It adopts quantitative measurement method, based on the internal business loss data about IT events, and uses Monte Carlo simulation to predict the potential losses. We establish the correlation between the IT resources and business processes to make sure risk management of IT and business can work synergistically.
Supported by National Science Foundation of China: 70971083 and Leading Academic Discipline Program , 211 Project for Shanghai University of Finance and Economics (the 3rd phase).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basel Committee on Banking Supervision. Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Model (2004)
Suh, B., Han, I.: The IS Risk Analysis based on a Business Model. Information & Management 41(2), 149–158 (2003)
Lambrigger, D., Mario, P.V., Wüthrich, V.: The Quantification of Operational Risk Using Internal Data, Relevant External Data and Expert Opinions. J. Journal of Operational Risk 2(3), 3–27 (2007)
Dutta, K., Perry, A.: Tale of Tails: an Empirical Analysis of Loss Distribution Models for Estimating Operational Risk Capital. Working Paper of Federal Reserve Bank of Boston (2006)
Cheng, F., Gamarnik, D., Jengte, N., Min, W., Ramarchandran, B.: Modeling Operational Risk in Business Processes. IBM Research Report (2005)
Post, G.V., Diitz, D.: A Stochastic Dominance Approach to Risk Analysis of Computer Systems. MIS Quarterly 10(4), 363–375 (1986)
Salmela, H.: Analysing Business Losses Caused by Information Systems Risk: a Business Process Analysis Approach. Journal of Information Technology (Palgrave Macmillan) 23(3), 185–202 (2008)
Worrell, J.L., Bush, A. A.: Perceptions of Information Technology Risk: a Delphi Study. In: Conference of AMCIS (2007)
Muehlen, M.Z., Rosemann, M.: Integrating Risks in Business Process Models. In: 16th Australasian Conference on Information Systems Integrating Risks in Business Process Models (2005)
Shevchenko, P.V., Wüthrich, M.V.: The Structural Modeling of Operational Risk via Bayesian Inference: Combining Loss Data with Expert Opinions. J. The Journal of Operational Risk 1(3), 3–26 (2006)
Peters, G.W., Sisson, S.A.: Bayesian Inference, Monte Carlo Sampling and Operational Risk. Journal of Operational Risk 1(3), 27–50 (2006)
Halliday, S., Badenhorst, K., Solms, R.V.: A Business Approach to Effective Information Technology Risk Analysis and Management. Information Management & Computer Security 4(1), 19–31 (1996)
Sherer, S., Alter, S.: Information System Risks and Risk Factors: Are They Mostly about Information Systems? Communications of the AIS 14(1), 29–64 (2004)
Shevchenko, P.V., Wüthrich, M.V.: The Structural Modeling of Operational Risk via Bayesian Inference: Combining Loss Data with Expert Opinions. Journal of Operational Risk 1(3), 3–26 (2006)
Alter, S., Sherer, S.A.: A General, but Readily Adaptable Model of Information System Risk. Communications of the Association for Information Systems 14(1), 1–28 (2004)
Dimakos, X.K., Aas, K.: Integrated Risk Modeling. Statistical Modeling 4(4), 1–13 (2004)
Bai, X., Krishnan, R., Padman, R.: On Risk Management in Business Information Flow: A Process-Modeling Approach. In: Proceedings of the 5th Workshop on Secure Knowledge Management (SKM 2008), pp. 20–21 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hao, X. (2010). IT Operational Risk Measurement Model Based on Internal Loss Data of Banks. In: Zaman, M., Liang, Y., Siddiqui, S.M., Wang, T., Liu, V., Lu, C. (eds) E-business Technology and Strategy. CETS 2010. Communications in Computer and Information Science, vol 113. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16397-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-16397-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16396-8
Online ISBN: 978-3-642-16397-5
eBook Packages: Computer ScienceComputer Science (R0)