A Mixed Approach to Assess Information System Risk, Operational Risk, and Congolese Microfinance Institutions Performance

Well organized digitalization and information systems have been selected as relevant measures to mitigate operational risks within organizations. Unfortunately, information system comes with new threats that can cause severe damage and quick organization lockout. This study aims to measure perceived information system risks and their effects on operational risks within the microfinance institution in D.R. Congo. Also, the factors influencing the operational risk are to be identified, and the link between operational risk with other risks and performance is to be assessed. The study proposes a research model drawn on the combination of Resources-Based-View, dynamic capabilities, the agency theory, the Information System Security Model, and social theories of risk. Therefore, we suggest adopting a mixed methods research with the sole aim of increasing the literature that already exists on perceived operational risk assessment and its link with other risk and performance, with a focus on information system risks.

Banking Risk Management between the Prudential and the Operational Approaches

Since the nineties, all Moroccan banking institutions have to respect an arsenal of prudential ratios. The respect of these prudential measures aims to ensure the financial system stability. In order to do so, regulatory authorities tried to reduce the financial and operational risks incurred by the banking entities. Meanwhile, regulatory authorities demanded a balance sheet management work from banks. They also asked them to establish a management control system to manage operational risk, as well as an effort in terms of incurred risk-based commitments. Therefore, the prudential approach has a macroeconomic nature and it is presented as a determinant of the operational, microeconomic approach. This operational approach takes the form of a strategy that each banking entity must develop to manage the different banking risks. This study seeks to analyze the problem of risk management between the prudential and the operational approaches. It was processed through a literature review followed by an analysis of the Moroccan banking sector’s performance. At first, we will reconcile the inductive logic and then, the analytical one. The first approach consists of analyzing the phenomenon from a normative and conceptual perspective, while the second one will consist of considering the Moroccan banking system and analyzing the behavior of Moroccan banking entities in terms of risk management and performance. The results identified a favorable growth in terms of performance, despite the huge provisioning effort made to meet the international standards and the harmonization of the regulations.

CybeRisk Management in Banks: An Italian Case Study

The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.

The Key Challenges of the New Bank Regulations

The New Basel Capital Accord (Basel II) influences how financial institutions around the world, and especially European Union institutions, determine the amount of capital to reserve. However, as the recent global crisis has shown, the revision of Basel II is needed to reflect current trends, such as increased volatility and correlation, in the world financial markets. The overall objective of Basel II is to increase the safety and soundness of the international financial system. Basel II builds on three main pillars: Pillar I deals with the minimum capital requirements for credit, market and operational risk, Pillar II focuses on the supervisory review process and finally Pillar III promotes market discipline through enhanced disclosure requirements for banks. The aim of this paper is to provide the historical background, key features and impact of Basel II on financial markets. Moreover, we discuss new proposals for international bank regulation (sometimes referred to as Basel III) which include requirements for higher quality, constituency and transparency of banks' capital and risk management, regulation of OTC markets and introduction of new liquidity standards for internationally active banks.

Choice of Efficient Information System with Service-Oriented Architecture using Multiple Criteria Threshold Algorithms (With Practical Example)

Author presents the results of a study conducted to identify criteria of efficient information system (IS) with serviceoriented architecture (SOA) realization and proposes a ranking method to evaluate SOA information systems using a set of architecture quality criteria before the systems are implemented. The method is used to compare 7 SOA projects and ranking result for SOA efficiency of the projects is provided. The choice of SOA realization project depends on following criteria categories: IS internal work and organization, SOA policies, guidelines and change management, processes and business services readiness, risk management and mitigation. The last criteria category was analyzed on the basis of projects statistics.

Operational Risk – Scenario Analysis

This paper focuses on operational risk measurement techniques and on economic capital estimation methods. A data sample of operational losses provided by an anonymous Central European bank is analyzed using several approaches. Loss Distribution Approach and scenario analysis method are considered. Custom plausible loss events defined in a particular scenario are merged with the original data sample and their impact on capital estimates and on the financial institution is evaluated. Two main questions are assessed – What is the most appropriate statistical method to measure and model operational loss data distribution? and What is the impact of hypothetical plausible events on the financial institution? The g&h distribution was evaluated to be the most suitable one for operational risk modeling. The method based on the combination of historical loss events modeling and scenario analysis provides reasonable capital estimates and allows for the measurement of the impact of extreme events on banking operations.

Operational Risks for Highway Projects in Malaysia

The Malaysia Highway Authority (MHA) was established by the Government in 1980 for the purpose of designing, constructing and maintaining toll highways in Malaysia that include the North-South Expressway and the Penang Bridge, which were procured using the publicly-funded traditional procurement. However following a recession in the mid 80-s, the operations of these tolledhighways had been privatized to ensure that their operational services continue through private financing as a result of long-term concession agreement concurred between the Malaysian Government and private operators. The change in the contract strategy for highway projects in Malaysia would have a great tendency to dictate a significant risk exposure towards the key parties involved, particularly the Malaysian Government as project principal, unless operational risks are clearly identified and managed via appropriate mitigation measures prior to a contract signing. This research identifies potential operational risks that have a possibility to occur in highway projects in Malaysia from the perspective of public sector clients. Since this research focuses on the operational risks for highway projects in Malaysia, the initial results acquired from literature review on the operational risks of highway projects in some Asian countries are then justified by a number of key individuals from the MHA through interviews. As a result, among key operational risks that have possibility to occur in the highway projects in Malaysia include initial toll-tariff decided by the Government, traffic congestion, change of road network and overloaded freight transportation, which could cause damage to the road surface and hence affecting the operation of a particular highway.

A Data Mining Model for Detecting Financial and Operational Risk Indicators of SMEs

In this paper, a data mining model to SMEs for detecting financial and operational risk indicators by data mining is presenting. The identification of the risk factors by clarifying the relationship between the variables defines the discovery of knowledge from the financial and operational variables. Automatic and estimation oriented information discovery process coincides the definition of data mining. During the formation of model; an easy to understand, easy to interpret and easy to apply utilitarian model that is far from the requirement of theoretical background is targeted by the discovery of the implicit relationships between the data and the identification of effect level of every factor. In addition, this paper is based on a project which was funded by The Scientific and Technological Research Council of Turkey (TUBITAK).

Insurance Fraud Management as an Integrated Part of Business Intelligence Framework

Frauds in insurance industry are one of the major sources of operational risk of insurance companies and constitute a significant portion of their losses. Every reasonable company on the market aims for improving their processes of uncovering frauds and invests their resources to reduce them. This article is addressing fraud management area from the view of extension of existing Business Intelligence solution. We describe the frame of such solution and would like to share with readers all benefits brought to insurance companies by adopting this approach in their fight against insurance frauds.

Operational risks Classification for Information Systems with Service-Oriented Architecture (Including Loss Calculation Example)

This article presents the results of a study conducted to identify operational risks for information systems (IS) with service-oriented architecture (SOA). Analysis of current approaches to risk and system error classifications revealed that the system error classes were never used for SOA risk estimation. Additionally system error classes are not normallyexperimentally supported with realenterprise error data. Through the study several categories of various existing error classifications systems are applied and three new error categories with sub-categories are identified. As a part of operational risks a new error classification scheme is proposed for SOA applications. It is based on errors of real information systems which are service providers for application with service-oriented architecture. The proposed classification approach has been used to classify SOA system errors for two different enterprises (oil and gas industry, metal and mining industry). In addition we have conducted a research to identify possible losses from operational risks.

Overview of Operational Risk Management Methods

Operational risk has become one of the most discussed topics in the financial industry in the recent years. The reasons for this attention can be attributed to higher investments in information systems and technology, the increasing wave of mergers and acquisitions and emergence of new financial instruments. In addition, the New Basel Capital Accord (known as Basel II) demands a capital requirement for operational risk and further motivates financial institutions to more precisely measure and manage this type of risk. The aim of this paper is to shed light on main characteristics of operational risk management and common applied methods: scenario analysis, key risk indicators, risk control self assessment and loss distribution approach.