IDEAS home Printed from https://ideas.repec.org/a/eme/jfrcpp/jfrc-06-2016-0050.html
   My bibliography  Save this article

A probabilistic approach to IT risk management in the Basel regulatory framework

Author

Listed:
  • Semir Ibrahimovic
  • Ulrik Franke

Abstract

Purpose - This paper aims to examine the connection between information system (IS) availability and operational risk losses and the capital requirements. As most businesses today become increasingly dependent on information technology (IT) services for continuous operations, IS availability is becoming more important for most industries. However, the banking sector has particular sector-specific concerns that go beyond the direct and indirect losses resulting from unavailability. According to the first pillar of the Basel II accord, IT outages in the banking sector lead to increased capital requirements and thus create an additional regulatory cost, over and above the direct and indirect costs of an outage. Design/methodology/approach - A Bayesian belief network (BBN) with nodes representing causal factors has been used for identification of the factors with the greatest influence on IS availability, thus helping in investment decisions. Findings - Using the BBN model for making IS availability-related decisions action (e.g. bringing a causal factor up to the best practice level), organization, according to the presented mapping table, would have less operational risk events related to IS availability. This would have direct impact by decreasing losses, related to those events, as well as to decrease the capital requirements, prescribed by the Basel II accord, for covering operational risk losses. Practical implications - An institution using the proposed framework can use the mapping table to see which measures for improving IS availability will have a direct impact on operational risk events, thus improving operational risk management. Originality/value - The authors mapped the factors causing unavailability of IS system to the rudimentary IT risk management framework implied by the Basel II regulations and, thus, established an otherwise absent link from the IT availability management to operational risk management according to the Basel II framework.

Suggested Citation

  • Semir Ibrahimovic & Ulrik Franke, 2017. "A probabilistic approach to IT risk management in the Basel regulatory framework," Journal of Financial Regulation and Compliance, Emerald Group Publishing Limited, vol. 25(2), pages 176-195, May.
    • Handle: RePEc:eme:jfrcpp:jfrc-06-2016-0050
    DOI: 10.1108/JFRC-06-2016-0050
    as

    Download full text from publisher

    File URL: https://www.emerald.com/insight/content/doi/10.1108/JFRC-06-2016-0050/full/html?utm_source=repec&utm_medium=feed&utm_campaign=repec
    Download Restriction: Access to full text is restricted to subscribers
    File URL: https://www.emerald.com/insight/content/doi/10.1108/JFRC-06-2016-0050/full/pdf?utm_source=repec&utm_medium=feed&utm_campaign=repec
    Download Restriction: Access to full text is restricted to subscribers
    File URL: https://libkey.io/10.1108/JFRC-06-2016-0050?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eme:jfrcpp:jfrc-06-2016-0050. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Emerald Support (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.