Abstract: Information system risk management helps to reduce
or eliminate risk by implementing appropriate controls. In this paper,
we propose a quantification model of controls impact on information
system risks by automatizing the residual criticality estimation step of
FMECA which is based on a inductive reasoning. For this, we defined
three equations based on type and maturity of controls. For testing,
the values obtained with the model were compared to estimated
values given by interlocutors during different working sessions and
the result is satisfactory. This model allows an optimal assessment of
controls maturity and facilitates risk analysis of information system.
Abstract: Risk management in banking sector is a key issue
linked to financial system stability and its importance has been
elevated by technological developments and emergence of new
financial instruments. In this paper, we improve the model previously
defined for quantifying internal control impact on banking risks by
automatizing the residual criticality estimation step of FMECA. For
this, we defined three equations and a maturity coefficient to obtain
a mathematical model which is tested on all banking processes and
type of risks. The new model allows an optimal assessment of residual
criticality and improves the correlation rate that has become 98%.