Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A probabilistic approach to IT risk management in the Basel regulatory framework: A case study
School of Economics and Business in Sarajevo, Bosnia and Herzegovina.
RISE - Research Institutes of Sweden, ICT, SICS. (Software and Systems Engineering Laboratory)ORCID iD: 0000-0003-2017-7914
2017 (English)In: Journal of Financial Regulation and Compliance, ISSN 1358-1988, E-ISSN 1740-0279, Vol. 25, no 2, p. 176-195Article in journal (Refereed) Published
Abstract [en]

Purpose: This paper aims to examine the connection between information system (IS) availability and operational risk losses and the capital requirements. As most businesses today become increasingly dependent on information technology (IT) services for continuous operations, IS availability is becoming more important for most industries. However, the banking sector has particular sector-specific concerns that go beyond the direct and indirect losses resulting from unavailability. According to the first pillar of the Basel II accord, IT outages in the banking sector lead to increased capital requirements and thus create an additional regulatory cost, over and above the direct and indirect costs of an outage. Design/methodology/approach: A Bayesian belief network (BBN) with nodes representing causal factors has been used for identification of the factors with the greatest influence on IS availability, thus helping in investment decisions. Findings: Using the BBN model for making IS availability-related decisions action (e.g. bringing a causal factor up to the best practice level), organization, according to the presented mapping table, would have less operational risk events related to IS availability. This would have direct impact by decreasing losses, related to those events, as well as to decrease the capital requirements, prescribed by the Basel II accord, for covering operational risk losses. Practical implications: An institution using the proposed framework can use the mapping table to see which measures for improving IS availability will have a direct impact on operational risk events, thus improving operational risk management. Originality/value: The authors mapped the factors causing unavailability of IS system to the rudimentary IT risk management framework implied by the Basel II regulations and, thus, established an otherwise absent link from the IT availability management to operational risk management according to the Basel II framework.

Place, publisher, year, edition, pages
2017. Vol. 25, no 2, p. 176-195
Keywords [en]
Availability incidents, Basel regulatory framework, IT risk
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-31139DOI: 10.1108/JFRC-06-2016-0050Scopus ID: 2-s2.0-85017561608OAI: oai:DiVA.org:ri-31139DiVA, id: diva2:1136203
Available from: 2017-08-25 Created: 2017-08-25 Last updated: 2023-06-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Franke, Ulrik

Search in DiVA

By author/editor
Franke, Ulrik
By organisation
SICS
In the same journal
Journal of Financial Regulation and Compliance
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 73 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf