IS Risks and Operational Risk Management in Banks



Similar documents
Erich R. Utz. Modelling and Measurement Methods of Operational Risk in Banking. Herbert Utz Verlag München

HWZ Schriftenreihe für Betriebs- und Bildungsökonomie. Herausgegeben von HWZ Hochschule für Wirtschaft Zürich. Band 9

doing a literature review

Core Fittings C-Core and CD-Core Fittings

SOCIOLOGY 311 RESEARCH METHODS

RESEARCH HIGHER DEGREE STUDENT PROFESSIONAL DEVELOPMENT PORTFOLIO

Requirements and Challenges for the Migration from EDIFACT-Invoices to XML-Based Invoices. Master Thesis

SOCIOLOGY 311 RESEARCH METHODS

Four-Phase-Model for the Implementation of Shared Services

ESKISP Direct security testing

University of Maryland School of Medicine Master of Public Health Program. Evaluation of Public Health Competencies

Module Handbook for the Master Degree Programme "Intercultural Communication and European Studies (ICEUS)

Why Taking This Course? Course Introduction, Descriptive Statistics and Data Visualization. Learning Goals. GENOME 560, Spring 2012

UMEÅ INTERNATIONAL SCHOOL

Position Description. Department: Quantitative Research Direct Reports: Project Manager/Researcher Senior Researcher

DOCTORAL PROGRAM IN ENGINEERING EDUCATION

Appendix B Checklist for the Empirical Cycle

EFFICIENT ELEARNING COURSE DESIGN AND MEDIA PRODUCTION

School of Health in Social Science. Counselling and Psychotherapy. MSc by RESEARCH in COUNSELLING STUDIES INFORMATION BOOKLET,

FRAMEWORK FOR INTRODUCTION OF NEW PRODUCTS...5 SUPERVISORY EXPECTATIONS ON PRODUCT RISK MANAGEMENT AND FAIR TREATMENT OF CONSUMERS...

Total Credits: 30 credits are required for master s program graduates and 51 credits for undergraduate program.

Employing QFD in Supplier Selection: IT -Project ASP-Software Chefplan Online

Kick-off Meeting im Förderschwerpunkt des BMBF: Forschung für die nachhaltige Entwicklung der Megastädte von morgen

TR CMS 101:2011. Standard for Compliance Management Systems (CMS)

Statement of Guidance

MASTER S PROGRAMME (M.A.) INTERCULTURAL COMMUNICATION AND COOPERATION

Development and Training Programme: Sales Training

DOCTOR OF BUSINESS ADMINISTRATION POLICY

- 1 - ENROLMENT REGULATIONS OF KARLSHOCHSCHULE INTERNATIONAL UNIVERSITY FOR THE MASTER S PROGRAM IN MANAGEMENT

Business Intelligence. Data Mining and Optimization for Decision Making

ORIENTATION TO THE DOCTOR OF EDUCATION (EdD) Information Package 2011

Strategic IT Management Fru Akumawah

The Cost of Web Application Attacks

Integrating Jalopy code formatting in CVS repositories

Mangement and Governance for Non-Profit- Organizations

Educational Administration, K-12 Educational Leadership Department of Professional Studies. Ph.D. Program Requirements

IMB Institute of Management Berlin. Master Financial and Managerial Accounting

User Guidance in Business Process Modelling

Semantic Web. Semantic Web: Resource Description Framework (RDF) cont. Resource Description Framework (RDF) W3C Definition:

Introduction to Time Series Analysis and Forecasting. 2nd Edition. Wiley Series in Probability and Statistics

Learning Objectives for Selected Programs Offering Degrees at Two Academic Levels

TAFE TEACHERS AND RELATED EMPLOYEES ENTERPRISE AGREEMENT Statements of duties for proposed new roles

Customer Intimacy Analytics

NeMO - NeDiMAH Methods Ontology. Use Case manual: How to report your case using throughout the Excel template

CONTENTS PREFACE 1 INTRODUCTION 1 2 DATA VISUALIZATION 19

Fairfield Public Schools

Course Description (Master of Human Resource Management) MHRM

Double Degree in Management Engineering & Mechanical Engineering

GLOBAL OUTSOURCING COST MODELS

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

K 066/921. Master Curriculum. Computer Science. (in English)

Effort Estimation of Software Development Projects with Neural Networks

Literature survey: historical and theoretical background. The chapter requires you to have done some library and company research to:

Master s programme Print and Media Technology All facts you have to know!

COURSE APPROVAL GUIDELINES APS COLLEGE OF ORGANISATIONAL PSYCHOLOGISTS

Inferential Statistics. What are they? When would you use them?

Curriculum of the PhD Programme Advanced Theological Studies/Religious Education and the Doctoral Programmes Protestant Theology and Catholic Theology

Your Master Programme to Success!

Application for the recognition of equivalence of a foreign higher education diploma

Modularising Multilingual and Multicultural Academic Communication Competence for BA and MA level

MRes Psychological Research Methods

Certified translation from German into English

Measuring downside risk of stock returns with time-dependent volatility (Downside-Risikomessung für Aktien mit zeitabhängigen Volatilitäten)

Zurich Universities of Applied Sciences and Arts. Master of Science in Facility Management

Advanced Certificate in Market & Social Research Practice NEW - Full Syllabus & Assessment Guidelines

Six Sigma Systems Principles Module 2.1

THE PSYCHOLOGICAL SOCIETY OF IRELAND

SAI GLOBAL LIMITED Risk Management Policy

Institut für Klinische Chemie und Laboratoriumsmedizin. In vitro Diagnostics in the Health Care System of Germany. Karl J. Lackner

NOTTINGHAM TRENT UNIVERSITY - INVESTING IN EXCELLENCE. TWO FULLY-FUNDED PSYCHOLOGY PHD SCHOLARSHIPS (for October 2015 start)*

REGULATIONS AND CURRICULUM FOR THE MASTER S PROGRAMME IN INFORMATION ARCHITECTURE FACULTY OF HUMANITIES AALBORG UNIVERSITY

Adequate Records Management - Implementation Plan

MODERNISING HIGHER EDUCATION

Transcription:

Reihe: Wirtschaftsinformatik Band 47 Herausgegeben von Prof, (em.) Dr. Dietrich Seibt, Koln, Prof. Dr. Hans-Georg Kemper, Stuttgart, Prof. Dr. Georg Herzwurm, Stuttgart, Prof. Dr. Dirk Stelzer, llmenau, und Prof. Dr. Detlef Schoder, Koln Dr. Elke Wolf IS Risks and Operational Risk Management in Banks Mit einem Geleitwort von Prof, (em.) Dr. Dietrich Seibt, Universitat zu Koln

1 The problem of risk management for information systems in the banking industry 1 1.1 Business drivers for operational risk management 2 1.2 Research questions 16 1.3 Objectives 17 1.4 Relevance for the research field of information systems 20 1.5 Structure of the thesis 22 2 Core concepts and review of current research - IS risks in the context of banks' business processes 25 2.1 Business processes of banks under changing conditions 27 2.1.1 Business processes of banks 27 2.2 Risk, IS risks, and operational risk 44 2.2.1 The concept of risk 44 2.2.2 IS risks and operational risks 50 2.3 Risk management 56 2.3.1 Origins and definition of risk management 56 2.3.2 Risk management in the context of bank management... 60 2.3.2.1 Legal foundations of banks' risk management... 60 2.3.2.2 Banks' risk management 64 2.3.3 Risk management in the context of information systems.. 76 2.3.4 The risk management process 80 2.4 Review of current research 84 2.4.1 Project management research 87 2.4.2 Outsourcing research 90 2.4.3 System development research 92 2.4.4 Security research 95 2.4.5 Closer review of a selected approach 96 2.5 Basic research theses 105 3 Three key perspectives of investigation 119 3.1 Exploring the field - Mobile banking 121 3.2 Methodological aspects of key perspective 1 - Risk management profiles of existing approaches 135

3.2.1 Selection of approaches for the analysis 136 3.2.2 Development of a set of analysis criteria 147 3.3 Methodological aspects of key perspective 2 - Current risk management procedures and tools 153 3.3.1 Ontological and epistemological perspective 154 3.3.2 Selection of participants 157 3.3.3 Data types and assessment of data 160 3.3.4 Operationalisation and design of a measurement instrument 164 3.3.4.1 Operationalisation 164 3.3.4.2 Interview design 165 3.3.4.3 Interview guidelines 170 3.3.5 Administration of the research study 172 3.3.5.1 A personal cover letter 174 3.3.5.2 Timeliness and continuity 182 3.3.5.3 Information and expertise 184 3.3.6 Data collection 188 3.4 Methodological aspects of key perspective 3 - Requirements specifications 197 Results of the study - The demand for new developments in the field of IS risk management 203 4.1 Key perspective 1 - Risk management profiles of existing approaches204 4.1.1 Analysis of approaches from the IS discipline 205 4.1.1.1 System development and software improvement. 206 4.1.1.2 Security 224 4.1.1.3 Project management 228 4.1.1.4 Controlling of information systems 231 4.1.2 Deliverables of KP1: Analysis instrument and risk management profiles 233 4.2 Key perspective 2 - Current risk management procedures and tools 238 4.2.1 Data analysis 238 4.2.1.1 Univariate analysis for investigating the research theses 239 4.2.1.2 Bivariate analysis for investigating the research theses 240 4.2.2 Research thesis KP2-T1: IS risks, system risks, and operational risks 241 4.2.3 Research thesis KP2-T2: Outsourcing and IS risk management250 4.2.4 Research thesis KP2-T3: Organisational aspects of operational risk management 251 4.2.5 Research thesis KP2-T4: The risk management process... 253 4.2.6 Research thesis KP2-T5: Current use of software tools... 257 4.2.7 Research thesis KP2-T6: IS risk management and supervisory recommendations 259

4.3 Key perspective 3 - Requirement specifications for future developments 261 4.3.1 Research thesis KP3-T1: IS risks and the changing banking business 262 4.3.2 Research thesis KP3-T2:Difficulties with identifying and assessing operational risks 264 4.3.3 Research thesis KP3-T3: Contribution of existing IS approaches to IS risk management 267 4.3.4 Research thesis KP3-T4: Requirements for IS risk management and changing business conditions 271 4.3.5 Research thesis KP3-T5: Demand for a software tool 275 4.3.6 Research thesis KP3-T6: Preference for software tools to support IS risk management 277 4.3.7 Research thesis KP3-T7: Relationship between different risk categories for expected loss and estimated probability of occurrence (Question 1.3) 279 4.3.8 Research thesis KP3-T8: Relationship between risk categories and system life cycle (Question 1.5) 283 4.3.9 Research thesis KP3-T9: Relationship between expected loss and probability of occurrence, on the one hand, and the importance of a risk category, on the other (Questions 1.3 and 1.5) 286 4.3.10 Research thesis KP3-T10: Relationship between various influence factors on IS risks (Question 1.7) 292 4.3.11 Research thesis KP3-T11: Relationship between difficulties and requirements, on the one hand, and applied methods, on the other (Questions 3.3, 3.4, and 4.4) 293 4.3.12 Research thesis KP3-T12: Relationship between difficulties of identifying and assessing risks, on the one hand, and the evaluation of existing approaches, on the other (Questions 3.4 and 4.1) 300 4.3.13 Deliverables of KP3: Requirements specifications 301 4.4 Revision of the research theses 306 Interpretation of the results - Suggestions for new developments and future research 315 5.1 Suggestions for new developments 317 5.1.1 Suggestion 1: Checking for sufficient comprehensiveness, life cycle coverage, and IS risk sensitivity 317 5.1.2 Suggestion 2: Improving the common understanding of operational risks 320 5.1.3 Suggestion 3: Linking operational risk management as a formal requirement with actual IS risk management activities323

5.1.4 Suggestion 4: Reducing rivalry between business lines and corresponding biases 325 5.1.5 Suggestion 5: Compensating a small amount of available data327 5.1.6 Suggestion 6: Broadening the focus on risk categories... 329 5.1.7 Suggestion 7: Incorporating a business process focus... 331 5.1.8 Suggestion 8: Towards a better consideration of complexity 333 5.1.9 Suggestion 9: Recognising the relevance of communication structures and dynamics 337 5.1.10 Suggestion 10: Addressing the quantification problem of IS risks as operational risks 339 5.1.11 Suggestion 11: Choice of time intervals for assessment and monitoring 342 5.1.12 Suggestion 12: Selection of key indicators 344 5.2 Areas of future research 346 5.3 Conclusions 355 Bibliography 358 Appendix 417 A MSIS 2000 Curriculum 419 B Guidelines for 22 telephone interviews of an exploratory study on mobile banking 425 C Results of the exploratory study on mobile banking 429 D Overview of various process models 435 E PMBOK guide and ISO 10006 449 F Top 100 German banks addressed for the research study 451 G Guidelines for 43 face-to-face interviews of the study 467 H Synopsis of risk management tools 481 I Descriptive statistical results 485 1.1 Question 1.3 485 1.2 Question 1.5 493 1.3 Question 1.7 500 1.4 Question 3.3 520 1.5 Question 3.4 528 1.6 Question4.1 535

1.7 Question 4.4 552 1.8 Question 5.1 558 1.9 Question 5.3 559 J Multivariate analysis 561 K Statistical inference analysis 581 K.I Hypothesis KP3-T9 581 K.2 Hypothesis KP3-T10 596 K.3 Hypothesis KP3-T11 598 K.4 Hypothesis KP3-T12 629 K.5 Multivariate analysis statistics 633

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information