Abstract: Well organized digitalization and information systems have been selected as relevant measures to mitigate operational risks within organizations. Unfortunately, information system comes with new threats that can cause severe damage and quick organization lockout. This study aims to measure perceived information system risks and their effects on operational risks within the microfinance institution in D.R. Congo. Also, the factors influencing the operational risk are to be identified, and the link between operational risk with other risks and performance is to be assessed. The study proposes a research model drawn on the combination of Resources-Based-View, dynamic capabilities, the agency theory, the Information System Security Model, and social theories of risk. Therefore, we suggest adopting a mixed methods research with the sole aim of increasing the literature that already exists on perceived operational risk assessment and its link with other risk and performance, with a focus on information system risks.
Abstract: Information system risk management helps to reduce
or eliminate risk by implementing appropriate controls. In this paper,
we propose a quantification model of controls impact on information
system risks by automatizing the residual criticality estimation step of
FMECA which is based on a inductive reasoning. For this, we defined
three equations based on type and maturity of controls. For testing,
the values obtained with the model were compared to estimated
values given by interlocutors during different working sessions and
the result is satisfactory. This model allows an optimal assessment of
controls maturity and facilitates risk analysis of information system.