Acta Oeconomica Pragensia 2011, 19(3):42-60 | DOI: 10.18267/j.aop.334

IS/IT Risk Management in Banking Industry

Vlasta Svatá, Martin Fleischmann
University of Economics, Prague, Faculty of Informatics and Statistics (svata@vse.cz); Martin Fleischmann, Czech National Bank

The paper makes a survey of current trends in business risk management focusing on IS/IT risk management in financial institutions. Special attention is paid to frameworks and regulations available for both financial and non-financial risk management and their relation to IS/IT risk management. The relationship and common and different features between IS/IT risk management and operational risk management are discussed on the basis of a short introduction to the specifics of risk management in financial institutions. The advantages and challenges of those different frameworks are summarized together with the possibility to incorporate some IT/IS risk management tools and methods into operational risk management in practice. Basel II is the main framework covering the area of operational risk management, therefore the paper focuses on the assessment of the impact and integration of the Basel II framework with IS/IT risk management ones.

Keywords: IS/IT risk, operational risk, Basel, COSO, Risk IT
JEL classification: M15

Published: June 1, 2011  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Svatá, V., & Fleischmann, M. (2011). IS/IT Risk Management in Banking Industry. Acta Oeconomica Pragensia19(3), 42-60. doi: 10.18267/j.aop.334
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. ERNST&YOUNG. 2009. Risk Convergence: The Future State of Governance, Risk, and Control.
    2. GARTNER. 2010. The Gartner Magic Quadrant for Operational Risk Management for Financial Services. www.gartner.com/it/products/mq/mq_ms.jsp.
    3. IOR, Institute of Operational Risk. 2010. Operational Risk Sound Practice Guidance Key Risk Indicators. November 2010. www.ior-institute.org.
    4. ISACA. 2007. IT Control Objectives for Basel II - The Importance of Governance and Risk Management for Compliance. ISBN 1893209385.
    5. ISACA. 2009. Risk IT framework. ISBN 978-1-60420-111-6.
    6. ISACA. 2009. Risk IT Overview. www.isaca.org/Knowledge Center/Standards.
    7. ISF, IRAM. 2010 https://www.securityforum.org/?page=DocumentView&itemid=4414.June 2010.
    8. ISO 27005:2008. Information Security - Security Techniques - Information security risk management.
    9. ISO 31000:2009. Risk management - Principles and guidelines.
    10. ITGI. 2009. Enterprise Risk: Identify, Govern and Manage IT Risk, The Risk IT Framework, Exposure Draft.
    11. MCCUAIG, B. 2008. Fundamentals of GRC: Mastering Risk Assessment [White Paper]. Thomson Reuters, 2008.
    12. NĚMEC, M. 2010. Summary of methods used for management and measurement in AMA Banks and validation procedures. Presentation for the Czech Institute of Internal Auditors, October 2010.
    13. STEUPERAERT, D. 2009. Identify, Govern and Manage IT Risk. Cobit Focus. 2009, October. www.isaca.org.

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content