Managing Operational Risk with Balanced Scorecards. Stefan Blumenberg / Daniel Hinz

Similar documents
Operational Risk Management for IT infrastructure

Integrating risk indicators into corporate performance management tool

E-Business-Controlling using the Balanced Scorecard

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

White Paper Operations Research Applications to Support Performance Improvement in Healthcare

Management White Paper What is a modern Balanced Scorecard?

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

IPMS Insurance Performance Management System

REQUEST FOR PROPOSAL (RFP) # HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014

Four Top Emagined Security Services

Estimating Software Reliability In the Absence of Data

The Balanced Scorecard

Balanced Scorecard as a means of Strategic and Operative Planning

PERFORMANCE MEASUREMENT OF INSURANCE COMPANIES BY USING BALANCED SCORECARD AND ANP

Networking Systems (10102)

Cisco Security Optimization Service

Improving management reporting using non-financial KPIs

Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare

Industry. Head of Research Service Desk Institute

The Total Cost of Ownership (TCO) of migrating to SUSE Linux Enterprise Server for System z

Bridged Apps: specialise in the deployment of many well known apps, as well as building customer made apps, websites, and SEO.

Infrastructure Engineer

BALANCED SCORECARD AS A STRATEGIC TOOL FOR MANAGEMENT OF PUBLIC ADMINISTRATION Peter Skotnický 1

C I T Y O F W E S T L I N N

The Digital Enterprise

Assessing Your Information Technology Organization

How To Find Influence Between Two Concepts In A Network

Balanced Scorecard: linking strategic planning to measurement and communication Gulcin Cribb and Chris Hogan Bond University, Australia

PERFORMANCE MEASUREMENT IN A NETWORK CONTEXT

Proactive IT Solutions More Reliable Networks Are Our Business

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

SECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

ViewPoint. Building and leveraging Metrics Framework to drive Supply Chain Performance. Tejas Faldu, Srikanth Krishna. Abstract

Modernisation of the IPR System

An operational risk management framework for managing agencies

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as

How to measure your business resiliency

A monthly online survey and commentary presented by The Managing Partner Forum

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

Requirements Analysis Concepts & Principles. Instructor: Dr. Jerry Gao

Customer requirements. Asset management planning Inspection and assessment Route asset planning Annual work plans Contracting strategy

Managed IT Solutions. Copyright 2007 <Company Name>. All rights reserved.

Discussion of Presentations on Commercial Big Data and Official Economic Statistics

Altaro VM Backup vs. Windows Server Backup 2012 R2

University of Calgary Schulich School of Engineering Department of Electrical and Computer Engineering

Continuation Guidance Budget Year Five Attachment E Focus Area E: Health Alert Network/Communications and Information Technology

COL- CC and ESA Ground Segment. Page 1

Customized Cloud Solution

HHSN W 1 QSSI - Quality Software Services, Inc

IT Security Incident Management Policies and Practices

How To Run A Cloud Computer System

Key Considerations for Libraries

Saskatchewan. Provincial Budget. Performance Plan. Information Technology Office

M 4:30; 7:20 Fall, 2016

The Balanced Scorecard and Corporate Social Responsibility: Aligning Values for Profit

UNT Institutional Effectiveness Database

BALANCED SCORECARD AND CHANGE MANAGEMENT. The Key to Successfully Executing Your Strategic Plan

Measuring The Value of Information Security. Maninder Bharadwaj 23 th July 2011

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

全 新 企 業 網 路 儲 存 應 用 THE STORAGE NETWORK MATTERS FOR EMC IP STORAGE PLATFORMS

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Just as water retains no constant shape, so in business there are no constant conditions

Building Remote Access VPNs

Charting our outcomes

SHAREPOINT CONSIDERATIONS

The Theory of Concept Analysis and Customer Relationship Mining

Chapter Managing Knowledge in the Digital Firm

Integrated Enterprise Resource Planning (ERP) System Page 1 of 1 Appendix 10 Narrative Responses

Thales Service Definition for NOC Services for Cloud

Justifying Business Continuity: How it Impacts Risk Management

The Bayesian Network Methodology for Industrial Control System with Digital Technology

The Balanced Scorecard (BSC)

Performance Evaluation System of Enterprise Knowledge Management Based on Balanced Scorecard

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Australian Government ICT Trends Report

COMFORT IT SOLUTIONS COMPANY PROFILE SYSTEM INTEGRATION IT PRODUCTS AMC SUPPORT FACILITY MANAGEMENT NETWORK SUPPORT WIFI SOLUTIONS

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Symantec Residency and Managed Services

DESIGNING AND IMPLEMENTING AN HR SCORECARD

Chapter 14 Managing Operational Risks with Bayesian Networks

Microsoft Exchange Load Balancing. Unique Applied Patent Technology By XRoads Networks

Logging the Pillar of Compliance

Evaluating Internal and Outsourced Models for Network Monitoring

BTAS Optima. Monitoring, Reporting and Incident Management. btas.com.au

Penn State University IT Assessment. Opportunity Analysis - Advisory Committee March 30, 2011

Agenda. Three License Types Concepts for ThinManager Licensing License Activation Demo

At the Heart of Connected Manufacturing

Eastern Illinois University information technology services. strategic plan. January,

Developing and Implementing a Balanced Scorecard: A Practical Approach

MSCA Introduction to Statistical Concepts

Virtual Servers VIRTUAL DATA CENTER OVERVIEW VIRTUAL DATA CENTER BENEFITS

Simplify Your Windows Server Migration

Think like an MBA not a CISSP

About Injazat Data Systems

Governance and Management of Information Security

IT Governance Regulatory. P.K.Patel AGM, MoF

Cost of Poor Quality:

Location: [North America] [United States] [Home Working, United States]

Service Improvement Plan. DRAFT v.0.1. Harrow IT Services

MEng, BSc Computer Science with Artificial Intelligence

Transcription:

Managing Operational Risk with Balanced Scorecards Stefan Blumenberg / Daniel Hinz

Executive summary Accurate IT risk assessment is becoming increasingly important, but classical IT risk management often lacks statistical rigor Bayesian Networks (BNs) can be combined with Balanced Scorecards (BSCs) to quantify and communicate results of IT risk assessments to top management, respectively, as Bayesian statistics are ideally suited to quantify IT risks, but the approach is difficult to communicate Balanced Scorecards are a well established communication tool and can be derived from Bayesian Networks due to structural similarities As a side effect also for other domains, the "fuzzy" concept of a BSC can be backed up with the mathematical power of Bayesian statistics An example for desktop service providing shows the applicability of both methods and serves as a starting point for an in-depth assessment of IT infrastructure risks

Agenda Motivation Theory: Bayesian Networks Balanced Scorecard Example: Desktop Infrastructure Outlook: Further Research

Motivation Theory: Bayesian Networks Balanced Scorecard Example: Desktop Infrastructure Outlook: Further Research

Motivation Current IT risk management theory and practice IT risk management is becoming increasingly important (esp. for banks) Current theoretical approaches mainly focused on data security, confidentiality and availability, e.g. Trusted Computer System Evaluation Criteria (Orange Book) NIST, 1983 Common Criteria for Information Technology Security Evaluation ISO, 1999 Computer Science and Telecommunications Board of NRC In practice IT risk management is often only implicitely assumed, e.g. Failover systems File backup Gap due to Complex modelling and updating of the network (dealing with complexity) Challenges in communication Mathematical basics Model dynamics Findings Bayesian statistics Bayesian Networks provide strong theoretical toolset for management of operational risks (incl. IT risks), e.g. "Bayesian Methods for Measuring Operational Risk" Alexander, 2000 Application of Bayesian Inference to Operational Risk Management Yasuda, 2003 "Ein Metamodell zur Anwendung Bayesianischer Netzwerke für das Management operationeller Risiken" Kirchheimer, 2003 Not widely adopted by practitioners yet Focus of this presentation

Motivation Theory: Bayesian Networks Balanced Scorecard Example: Desktop Infrastructure Outlook: Further Research

Combination of BNs and BSCs Method Short evaluation Calculates probabilities based on Bayesian Network B A D C - Modeled dependencies of risk factors - Integration of expert knowlege and statistical data Allows for simulations what-if analyses F Difficult to communicate Presentation tool for key indicators with their causal relationships Combination of both approaches could overcome weaknesses of each method Balanced Scorecard C I P Established also in IT controlling and risk management Causal dependencies and hierarchical aggregation not quantitatively modeled

Bayesian networks principles A C B A Bayesian Network models the cause-effect relationships of its nodes Network characteristics: Directed acyclic graph Nodes are variables Edges represent direct relationships Each node is a conditional probability distribution describing the effect of the parent nodes on itself Prob(node parent nodes) "What is the probability of my data, given the parameter?" "What is the probability of the parameter, given what I observe in the data?" Classical inferential statistics Bayesians

Bayesian networks evaluation Widely used in other domains (e.g., medical) as well as in IS (e.g., help systems) Simulation of changes and corresponding effects possible Incorporating historical data Leveraging expert knowledge Creating transparency of dependencies/relationships High complexity Of causes Of dependencies Difficult to keep model up-to-date Difficult to communicate

Balanced Scorecard principles Developed by Kaplan / Norton to overcome shortcoming of traditional performance measurement systems Combines traditionally used financial measures with soft factors like customer satisfaction (Lead vs. lag indicators) Models (cause-and-effect) relationships between entities Communicates corporate strategies top down from management to operational level Generic BSC contains 4 perspectives: Financial Customers Internal Business Processes Innovation and Learning Customers Financial Vision & Strategy Internal Business Processes Innovation and Learning

Balanced Scorecard evaluation Commonly and widespread used management tool Can be used as a presentation tool: easy to understand and to communicate Perspectives can be added or omitted BSC allows double-loop learning Double-loop learning is tedious Modelled cause effect relationships cannot be validated a priori

Motivation Theory: Bayesian Networks Balanced Scorecard Example: Desktop Infrastructure Outlook: Further Research

Modelled Desktop Infrastructure with Bayesian Network PRELIMINARY

Mapping BSC and BN Target Perspective Customer Internal Business Processes External

BSC evolved of desktop infrastructure Target Desktop infrastructure availability Percentage of downtime Internal Business Processes User support calls Number of calls per FTE LAN availability Percentage of downtime Application Servers Percentage of downtime Infrastructure Servers Percentage of downtime Helpdesk calls Number of calls per FTE Customer User skill User experience External WAN availability Percentage of downtime Hardware quality Quality level

Classification of Risk Scorecard within Corporate Scorecard Hierarchy Management Scorecard Financial Customers... Reduction of Operational Risk Increase Market Share... Internal Business Processes... Innovation and Learning... Operational Risk Scorecard Internal Business Processes System Risk Process Risk Internal Fraud... Financial... Customers... Innovation and Learning... Desktop Downtime Costs Financial System Risk Scorecard Internal Business Processes Helpdesk Time to Resolve User support Time to Resolve User Support Calls User Incidents Staff/ Customer User Skill Level Virus Scanning Desktop Infrastructure Stability Innovation and Learning

Motivation Theory: Bayesian Networks Balanced Scorecard Example: Desktop Infrastructure Outlook: Further Research

Outlook: Further Research and next steps Refinement of prototype model by literature Case study validation of model correctness Sensitivity analysis

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information